datadog 2.12.0 → 2.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +348 -1
- data/README.md +0 -1
- data/ext/LIBDATADOG_DEVELOPMENT.md +60 -0
- data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +63 -56
- data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +1 -1
- data/ext/datadog_profiling_native_extension/collectors_stack.c +263 -76
- data/ext/datadog_profiling_native_extension/collectors_stack.h +20 -3
- data/ext/datadog_profiling_native_extension/collectors_thread_context.c +78 -26
- data/ext/datadog_profiling_native_extension/collectors_thread_context.h +1 -0
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.c +79 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.h +8 -0
- data/ext/datadog_profiling_native_extension/extconf.rb +10 -0
- data/ext/datadog_profiling_native_extension/heap_recorder.c +247 -364
- data/ext/datadog_profiling_native_extension/heap_recorder.h +4 -6
- data/ext/datadog_profiling_native_extension/http_transport.c +60 -94
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.c +22 -0
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.h +8 -5
- data/ext/datadog_profiling_native_extension/private_vm_api_access.c +41 -21
- data/ext/datadog_profiling_native_extension/private_vm_api_access.h +6 -4
- data/ext/datadog_profiling_native_extension/profiling.c +2 -0
- data/ext/datadog_profiling_native_extension/ruby_helpers.c +1 -13
- data/ext/datadog_profiling_native_extension/ruby_helpers.h +3 -11
- data/ext/datadog_profiling_native_extension/stack_recorder.c +173 -76
- data/ext/libdatadog_api/crashtracker.c +11 -12
- data/ext/libdatadog_api/crashtracker.h +5 -0
- data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
- data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
- data/ext/libdatadog_api/ddsketch.c +106 -0
- data/ext/libdatadog_api/extconf.rb +5 -3
- data/ext/libdatadog_api/init.c +18 -0
- data/ext/libdatadog_api/library_config.c +172 -0
- data/ext/libdatadog_api/library_config.h +25 -0
- data/ext/libdatadog_api/process_discovery.c +118 -0
- data/ext/libdatadog_api/process_discovery.h +5 -0
- data/ext/libdatadog_extconf_helpers.rb +15 -5
- data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb +89 -0
- data/lib/datadog/appsec/actions_handler.rb +24 -2
- data/lib/datadog/appsec/anonymizer.rb +16 -0
- data/lib/datadog/appsec/api_security/endpoint_collection/grape_route_serializer.rb +26 -0
- data/lib/datadog/appsec/api_security/endpoint_collection/rails_collector.rb +59 -0
- data/lib/datadog/appsec/api_security/endpoint_collection/rails_route_serializer.rb +29 -0
- data/lib/datadog/appsec/api_security/endpoint_collection/sinatra_route_serializer.rb +26 -0
- data/lib/datadog/appsec/api_security/endpoint_collection.rb +10 -0
- data/lib/datadog/appsec/api_security/lru_cache.rb +56 -0
- data/lib/datadog/appsec/api_security/route_extractor.rb +75 -0
- data/lib/datadog/appsec/api_security/sampler.rb +59 -0
- data/lib/datadog/appsec/api_security.rb +23 -0
- data/lib/datadog/appsec/assets/waf_rules/README.md +44 -5
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +601 -74
- data/lib/datadog/appsec/assets/waf_rules/strict.json +48 -75
- data/lib/datadog/appsec/autoload.rb +2 -2
- data/lib/datadog/appsec/component.rb +46 -71
- data/lib/datadog/appsec/compressed_json.rb +40 -0
- data/lib/datadog/appsec/configuration/settings.rb +162 -30
- data/lib/datadog/appsec/context.rb +30 -7
- data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +35 -18
- data/lib/datadog/appsec/contrib/active_record/integration.rb +2 -2
- data/lib/datadog/appsec/contrib/active_record/patcher.rb +62 -11
- data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
- data/lib/datadog/appsec/contrib/devise/configuration.rb +7 -31
- data/lib/datadog/appsec/contrib/devise/data_extractor.rb +78 -0
- data/lib/datadog/appsec/contrib/devise/ext.rb +22 -0
- data/lib/datadog/appsec/contrib/devise/integration.rb +1 -2
- data/lib/datadog/appsec/contrib/devise/patcher.rb +34 -23
- data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +103 -0
- data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb +70 -0
- data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} +2 -2
- data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +106 -0
- data/lib/datadog/appsec/contrib/excon/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +11 -12
- data/lib/datadog/appsec/contrib/faraday/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +10 -10
- data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +10 -9
- data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/ext.rb +34 -0
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +53 -31
- data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +52 -44
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +35 -11
- data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/patcher.rb +65 -47
- data/lib/datadog/appsec/contrib/rails/patches/process_action_patch.rb +27 -0
- data/lib/datadog/appsec/contrib/rails/patches/render_to_body_patch.rb +33 -0
- data/lib/datadog/appsec/contrib/rest_client/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +12 -12
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +45 -22
- data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/patcher.rb +8 -18
- data/lib/datadog/appsec/contrib/sinatra/patches/json_patch.rb +31 -0
- data/lib/datadog/appsec/event.rb +91 -147
- data/lib/datadog/appsec/ext.rb +4 -2
- data/lib/datadog/appsec/instrumentation/gateway/argument.rb +23 -2
- data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
- data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
- data/lib/datadog/appsec/metrics/collector.rb +23 -3
- data/lib/datadog/appsec/metrics/telemetry.rb +2 -2
- data/lib/datadog/appsec/metrics/telemetry_exporter.rb +29 -0
- data/lib/datadog/appsec/metrics.rb +1 -0
- data/lib/datadog/appsec/monitor/gateway/watcher.rb +49 -14
- data/lib/datadog/appsec/processor/rule_loader.rb +30 -33
- data/lib/datadog/appsec/remote.rb +43 -59
- data/lib/datadog/appsec/response.rb +6 -6
- data/lib/datadog/appsec/security_engine/engine.rb +176 -0
- data/lib/datadog/appsec/security_engine/result.rb +44 -9
- data/lib/datadog/appsec/security_engine/runner.rb +44 -21
- data/lib/datadog/appsec/security_event.rb +37 -0
- data/lib/datadog/appsec/thread_safe_ref.rb +61 -0
- data/lib/datadog/appsec/trace_keeper.rb +24 -0
- data/lib/datadog/appsec/utils/hash_coercion.rb +23 -0
- data/lib/datadog/appsec/utils.rb +0 -2
- data/lib/datadog/appsec.rb +5 -15
- data/lib/datadog/auto_instrument_base.rb +2 -1
- data/lib/datadog/core/buffer/random.rb +18 -2
- data/lib/datadog/core/configuration/agent_settings.rb +52 -0
- data/lib/datadog/core/configuration/agent_settings_resolver.rb +8 -50
- data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
- data/lib/datadog/core/configuration/components.rb +69 -37
- data/lib/datadog/core/configuration/components_state.rb +23 -0
- data/lib/datadog/core/configuration/config_helper.rb +100 -0
- data/lib/datadog/core/configuration/deprecations.rb +36 -0
- data/lib/datadog/core/configuration/ext.rb +4 -1
- data/lib/datadog/core/configuration/option.rb +117 -77
- data/lib/datadog/core/configuration/option_definition.rb +5 -14
- data/lib/datadog/core/configuration/options.rb +15 -13
- data/lib/datadog/core/configuration/settings.rb +117 -48
- data/lib/datadog/core/configuration/stable_config.rb +32 -0
- data/lib/datadog/core/configuration/supported_configurations.rb +337 -0
- data/lib/datadog/core/configuration.rb +40 -16
- data/lib/datadog/core/crashtracking/component.rb +3 -10
- data/lib/datadog/core/crashtracking/tag_builder.rb +4 -22
- data/lib/datadog/core/ddsketch.rb +21 -0
- data/lib/datadog/core/deprecations.rb +2 -2
- data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
- data/lib/datadog/core/encoding.rb +1 -1
- data/lib/datadog/core/environment/agent_info.rb +4 -3
- data/lib/datadog/core/environment/cgroup.rb +10 -12
- data/lib/datadog/core/environment/container.rb +38 -40
- data/lib/datadog/core/environment/ext.rb +6 -8
- data/lib/datadog/core/environment/git.rb +3 -2
- data/lib/datadog/core/environment/identity.rb +3 -3
- data/lib/datadog/core/environment/platform.rb +3 -3
- data/lib/datadog/core/environment/variable_helpers.rb +4 -4
- data/lib/datadog/core/environment/yjit.rb +2 -1
- data/lib/datadog/core/error.rb +11 -9
- data/lib/datadog/core/logger.rb +2 -2
- data/lib/datadog/core/metrics/client.rb +29 -29
- data/lib/datadog/core/metrics/logging.rb +5 -5
- data/lib/datadog/core/pin.rb +4 -8
- data/lib/datadog/core/process_discovery/tracer_memfd.rb +13 -0
- data/lib/datadog/core/process_discovery.rb +61 -0
- data/lib/datadog/core/rate_limiter.rb +4 -2
- data/lib/datadog/core/remote/client.rb +44 -35
- data/lib/datadog/core/remote/component.rb +12 -17
- data/lib/datadog/core/remote/configuration/digest.rb +7 -7
- data/lib/datadog/core/remote/configuration/path.rb +1 -1
- data/lib/datadog/core/remote/configuration/repository.rb +14 -1
- data/lib/datadog/core/remote/negotiation.rb +9 -9
- data/lib/datadog/core/remote/transport/config.rb +4 -3
- data/lib/datadog/core/remote/transport/http/client.rb +5 -4
- data/lib/datadog/core/remote/transport/http/config.rb +27 -37
- data/lib/datadog/core/remote/transport/http/negotiation.rb +7 -33
- data/lib/datadog/core/remote/transport/http.rb +25 -89
- data/lib/datadog/core/remote/transport/negotiation.rb +4 -3
- data/lib/datadog/core/runtime/ext.rb +0 -1
- data/lib/datadog/core/runtime/metrics.rb +12 -5
- data/lib/datadog/core/tag_builder.rb +56 -0
- data/lib/datadog/core/telemetry/component.rb +92 -52
- data/lib/datadog/core/telemetry/emitter.rb +23 -11
- data/lib/datadog/core/telemetry/event/app_client_configuration_change.rb +66 -0
- data/lib/datadog/core/telemetry/event/app_closing.rb +18 -0
- data/lib/datadog/core/telemetry/event/app_dependencies_loaded.rb +33 -0
- data/lib/datadog/core/telemetry/event/app_endpoints_loaded.rb +30 -0
- data/lib/datadog/core/telemetry/event/app_heartbeat.rb +18 -0
- data/lib/datadog/core/telemetry/event/app_integrations_change.rb +58 -0
- data/lib/datadog/core/telemetry/event/app_started.rb +287 -0
- data/lib/datadog/core/telemetry/event/base.rb +40 -0
- data/lib/datadog/core/telemetry/event/distributions.rb +18 -0
- data/lib/datadog/core/telemetry/event/generate_metrics.rb +43 -0
- data/lib/datadog/core/telemetry/event/log.rb +76 -0
- data/lib/datadog/core/telemetry/event/message_batch.rb +42 -0
- data/lib/datadog/core/telemetry/event/synth_app_client_configuration_change.rb +43 -0
- data/lib/datadog/core/telemetry/event.rb +18 -472
- data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
- data/lib/datadog/core/telemetry/logger.rb +5 -4
- data/lib/datadog/core/telemetry/logging.rb +11 -5
- data/lib/datadog/core/telemetry/metric.rb +8 -8
- data/lib/datadog/core/telemetry/request.rb +4 -4
- data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
- data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
- data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
- data/lib/datadog/core/telemetry/transport/http.rb +63 -0
- data/lib/datadog/core/telemetry/transport/telemetry.rb +51 -0
- data/lib/datadog/core/telemetry/worker.rb +90 -24
- data/lib/datadog/core/transport/http/adapters/net.rb +17 -2
- data/lib/datadog/core/transport/http/adapters/test.rb +2 -1
- data/lib/datadog/core/transport/http/api/instance.rb +17 -0
- data/lib/datadog/core/transport/http/api/spec.rb +17 -0
- data/lib/datadog/core/transport/http/builder.rb +19 -17
- data/lib/datadog/core/transport/http/env.rb +8 -0
- data/lib/datadog/core/transport/http.rb +75 -0
- data/lib/datadog/core/transport/response.rb +4 -1
- data/lib/datadog/core/utils/at_fork_monkey_patch.rb +6 -6
- data/lib/datadog/core/utils/duration.rb +32 -32
- data/lib/datadog/core/utils/forking.rb +2 -2
- data/lib/datadog/core/utils/network.rb +25 -6
- data/lib/datadog/core/utils/only_once_successful.rb +16 -5
- data/lib/datadog/core/utils/time.rb +20 -0
- data/lib/datadog/core/utils/truncation.rb +21 -0
- data/lib/datadog/core/utils.rb +7 -0
- data/lib/datadog/core/vendor/multipart-post/multipart/post/composite_read_io.rb +1 -1
- data/lib/datadog/core/vendor/multipart-post/multipart/post/multipartable.rb +8 -8
- data/lib/datadog/core/vendor/multipart-post/multipart/post/parts.rb +7 -7
- data/lib/datadog/core/worker.rb +1 -1
- data/lib/datadog/core/workers/async.rb +29 -12
- data/lib/datadog/core/workers/interval_loop.rb +12 -1
- data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
- data/lib/datadog/core.rb +10 -0
- data/lib/datadog/di/boot.rb +43 -0
- data/lib/datadog/di/component.rb +21 -2
- data/lib/datadog/di/context.rb +70 -0
- data/lib/datadog/di/el/compiler.rb +164 -0
- data/lib/datadog/di/el/evaluator.rb +159 -0
- data/lib/datadog/di/el/expression.rb +42 -0
- data/lib/datadog/di/el.rb +5 -0
- data/lib/datadog/di/error.rb +25 -0
- data/lib/datadog/di/instrumenter.rb +132 -20
- data/lib/datadog/di/probe.rb +35 -15
- data/lib/datadog/di/probe_builder.rb +39 -1
- data/lib/datadog/di/probe_file_loader/railtie.rb +15 -0
- data/lib/datadog/di/probe_file_loader.rb +82 -0
- data/lib/datadog/di/probe_manager.rb +3 -2
- data/lib/datadog/di/probe_notification_builder.rb +61 -67
- data/lib/datadog/di/probe_notifier_worker.rb +25 -17
- data/lib/datadog/di/remote.rb +5 -5
- data/lib/datadog/di/serializer.rb +160 -8
- data/lib/datadog/di/transport/diagnostics.rb +4 -3
- data/lib/datadog/di/transport/http/api.rb +2 -12
- data/lib/datadog/di/transport/http/client.rb +4 -3
- data/lib/datadog/di/transport/http/diagnostics.rb +7 -34
- data/lib/datadog/di/transport/http/input.rb +18 -35
- data/lib/datadog/di/transport/http.rb +15 -77
- data/lib/datadog/di/transport/input.rb +14 -5
- data/lib/datadog/di/utils.rb +5 -0
- data/lib/datadog/di.rb +0 -34
- data/lib/datadog/error_tracking/collector.rb +87 -0
- data/lib/datadog/error_tracking/component.rb +167 -0
- data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
- data/lib/datadog/error_tracking/configuration.rb +11 -0
- data/lib/datadog/error_tracking/ext.rb +18 -0
- data/lib/datadog/error_tracking/extensions.rb +16 -0
- data/lib/datadog/error_tracking/filters.rb +77 -0
- data/lib/datadog/error_tracking.rb +18 -0
- data/lib/datadog/kit/appsec/events/v2.rb +196 -0
- data/lib/datadog/kit/appsec/events.rb +17 -4
- data/lib/datadog/kit/identity.rb +22 -12
- data/lib/datadog/opentelemetry/api/baggage.rb +90 -0
- data/lib/datadog/opentelemetry/api/baggage.rbs +26 -0
- data/lib/datadog/opentelemetry/api/context.rb +21 -6
- data/lib/datadog/opentelemetry/sdk/configurator.rb +1 -1
- data/lib/datadog/opentelemetry/sdk/propagator.rb +4 -4
- data/lib/datadog/opentelemetry/sdk/span_processor.rb +8 -8
- data/lib/datadog/opentelemetry/sdk/trace/span.rb +15 -11
- data/lib/datadog/opentelemetry/trace.rb +4 -4
- data/lib/datadog/opentelemetry.rb +2 -1
- data/lib/datadog/profiling/collectors/code_provenance.rb +18 -9
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +6 -0
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +1 -0
- data/lib/datadog/profiling/collectors/info.rb +44 -0
- data/lib/datadog/profiling/collectors/thread_context.rb +17 -2
- data/lib/datadog/profiling/component.rb +8 -9
- data/lib/datadog/profiling/encoded_profile.rb +11 -0
- data/lib/datadog/profiling/exporter.rb +12 -7
- data/lib/datadog/profiling/ext.rb +2 -15
- data/lib/datadog/profiling/flush.rb +5 -8
- data/lib/datadog/profiling/http_transport.rb +8 -62
- data/lib/datadog/profiling/profiler.rb +2 -0
- data/lib/datadog/profiling/scheduler.rb +10 -2
- data/lib/datadog/profiling/sequence_tracker.rb +44 -0
- data/lib/datadog/profiling/stack_recorder.rb +9 -9
- data/lib/datadog/profiling/tag_builder.rb +7 -41
- data/lib/datadog/profiling/tasks/exec.rb +2 -2
- data/lib/datadog/profiling/tasks/setup.rb +2 -0
- data/lib/datadog/profiling.rb +13 -10
- data/lib/datadog/single_step_instrument.rb +9 -0
- data/lib/datadog/tracing/analytics.rb +1 -1
- data/lib/datadog/tracing/buffer.rb +7 -7
- data/lib/datadog/tracing/component.rb +21 -29
- data/lib/datadog/tracing/configuration/dynamic.rb +6 -8
- data/lib/datadog/tracing/configuration/ext.rb +8 -4
- data/lib/datadog/tracing/configuration/settings.rb +50 -12
- data/lib/datadog/tracing/context.rb +2 -2
- data/lib/datadog/tracing/context_provider.rb +1 -1
- data/lib/datadog/tracing/contrib/action_cable/event.rb +1 -1
- data/lib/datadog/tracing/contrib/action_cable/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/action_mailer/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb +19 -4
- data/lib/datadog/tracing/contrib/action_pack/action_dispatch/instrumentation.rb +19 -12
- data/lib/datadog/tracing/contrib/action_pack/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/action_pack/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/action_view/events/render_template.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/event.rb +8 -8
- data/lib/datadog/tracing/contrib/active_job/events/discard.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue_at.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue_retry.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/perform.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/retry_stopped.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/events/render.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/events/serialize.rb +3 -3
- data/lib/datadog/tracing/contrib/active_model_serializers/integration.rb +1 -2
- data/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/events/instantiation.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/events/sql.rb +5 -5
- data/lib/datadog/tracing/contrib/active_record/integration.rb +2 -2
- data/lib/datadog/tracing/contrib/active_record/utils.rb +15 -15
- data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +17 -8
- data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +33 -0
- data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +4 -0
- data/lib/datadog/tracing/contrib/active_support/cache/redis.rb +2 -4
- data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +13 -0
- data/lib/datadog/tracing/contrib/active_support/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/active_support/notifications/event.rb +2 -1
- data/lib/datadog/tracing/contrib/active_support/notifications/subscription.rb +7 -9
- data/lib/datadog/tracing/contrib/aws/ext.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +12 -2
- data/lib/datadog/tracing/contrib/aws/parsed_context.rb +8 -2
- data/lib/datadog/tracing/contrib/aws/patcher.rb +5 -1
- data/lib/datadog/tracing/contrib/aws/service/base.rb +2 -1
- data/lib/datadog/tracing/contrib/aws/service/dynamodb.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/eventbridge.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/kinesis.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/s3.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/sns.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/sqs.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/states.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/services.rb +7 -7
- data/lib/datadog/tracing/contrib/component.rb +2 -2
- data/lib/datadog/tracing/contrib/concurrent_ruby/async_patch.rb +1 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/context_composite_executor_service.rb +1 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/future_patch.rb +1 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/promises_future_patch.rb +1 -1
- data/lib/datadog/tracing/contrib/configurable.rb +6 -6
- data/lib/datadog/tracing/contrib/configuration/resolvers/pattern_resolver.rb +4 -4
- data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/dalli/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/dalli/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/delayed_job/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/elasticsearch/integration.rb +4 -4
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +51 -53
- data/lib/datadog/tracing/contrib/elasticsearch/quantize.rb +5 -5
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +6 -7
- data/lib/datadog/tracing/contrib/ethon/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/ethon/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/excon/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/excon/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/excon/middleware.rb +7 -5
- data/lib/datadog/tracing/contrib/ext.rb +4 -3
- data/lib/datadog/tracing/contrib/extensions.rb +9 -9
- data/lib/datadog/tracing/contrib/faraday/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/faraday/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +9 -5
- data/lib/datadog/tracing/contrib/grape/endpoint.rb +8 -8
- data/lib/datadog/tracing/contrib/grape/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +7 -0
- data/lib/datadog/tracing/contrib/graphql/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/graphql/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/graphql/patcher.rb +2 -2
- data/lib/datadog/tracing/contrib/graphql/unified_trace.rb +84 -48
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +15 -9
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +3 -3
- data/lib/datadog/tracing/contrib/grpc/distributed/fetcher.rb +1 -1
- data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/grpc/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/hanami/ext.rb +2 -2
- data/lib/datadog/tracing/contrib/hanami/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/hanami/renderer_policy_tracing.rb +1 -1
- data/lib/datadog/tracing/contrib/hanami/router_tracing.rb +9 -11
- data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +0 -15
- data/lib/datadog/tracing/contrib/http/distributed/fetcher.rb +4 -4
- data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +4 -1
- data/lib/datadog/tracing/contrib/http/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +11 -15
- data/lib/datadog/tracing/contrib/httpclient/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +9 -19
- data/lib/datadog/tracing/contrib/httpclient/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/httprb/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +11 -19
- data/lib/datadog/tracing/contrib/httprb/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/event.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/connection/request.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer/process_batch.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer/process_message.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer_group/heartbeat.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer_group/join_group.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer_group/leave_group.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer_group/sync_group.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/produce_operation/send_messages.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/producer/deliver_messages.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/karafka/configuration/settings.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +48 -0
- data/lib/datadog/tracing/contrib/karafka/ext.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/integration.rb +45 -0
- data/lib/datadog/tracing/contrib/karafka/monitor.rb +66 -0
- data/lib/datadog/tracing/contrib/karafka/patcher.rb +71 -0
- data/lib/datadog/tracing/contrib/karafka.rb +37 -0
- data/lib/datadog/tracing/contrib/lograge/instrumentation.rb +1 -1
- data/lib/datadog/tracing/contrib/lograge/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/lograge/patcher.rb +4 -2
- data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +9 -1
- data/lib/datadog/tracing/contrib/mongodb/ext.rb +2 -1
- data/lib/datadog/tracing/contrib/mongodb/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/mongodb/parsers.rb +1 -1
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +23 -6
- data/lib/datadog/tracing/contrib/mysql2/ext.rb +1 -1
- data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +16 -6
- data/lib/datadog/tracing/contrib/mysql2/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
- data/lib/datadog/tracing/contrib/opensearch/ext.rb +12 -2
- data/lib/datadog/tracing/contrib/opensearch/integration.rb +1 -2
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +68 -66
- data/lib/datadog/tracing/contrib/opensearch/quantize.rb +5 -5
- data/lib/datadog/tracing/contrib/patcher.rb +12 -11
- data/lib/datadog/tracing/contrib/pg/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/presto/ext.rb +1 -1
- data/lib/datadog/tracing/contrib/presto/instrumentation.rb +3 -3
- data/lib/datadog/tracing/contrib/presto/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/propagation/sql_comment/comment.rb +1 -1
- data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +1 -1
- data/lib/datadog/tracing/contrib/que/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/racecar/event.rb +1 -1
- data/lib/datadog/tracing/contrib/racecar/events/batch.rb +2 -2
- data/lib/datadog/tracing/contrib/racecar/events/consume.rb +1 -1
- data/lib/datadog/tracing/contrib/racecar/events/message.rb +2 -2
- data/lib/datadog/tracing/contrib/racecar/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/header_collection.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/header_tagging.rb +32 -32
- data/lib/datadog/tracing/contrib/rack/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +21 -17
- data/lib/datadog/tracing/contrib/rack/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/request_queue.rb +4 -3
- data/lib/datadog/tracing/contrib/rack/trace_proxy_middleware.rb +7 -1
- data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/ext.rb +2 -1
- data/lib/datadog/tracing/contrib/rails/integration.rb +2 -2
- data/lib/datadog/tracing/contrib/rails/log_injection.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/middlewares.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/patcher.rb +4 -1
- data/lib/datadog/tracing/contrib/rails/runner.rb +62 -40
- data/lib/datadog/tracing/contrib/rake/instrumentation.rb +4 -4
- data/lib/datadog/tracing/contrib/rake/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/redis/configuration/resolver.rb +2 -2
- data/lib/datadog/tracing/contrib/redis/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/redis/integration.rb +2 -2
- data/lib/datadog/tracing/contrib/redis/patcher.rb +4 -4
- data/lib/datadog/tracing/contrib/redis/quantize.rb +1 -1
- data/lib/datadog/tracing/contrib/redis/tags.rb +1 -1
- data/lib/datadog/tracing/contrib/redis/trace_middleware.rb +4 -4
- data/lib/datadog/tracing/contrib/registry.rb +1 -1
- data/lib/datadog/tracing/contrib/resque/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/resque/resque_job.rb +1 -1
- data/lib/datadog/tracing/contrib/rest_client/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/rest_client/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +8 -6
- data/lib/datadog/tracing/contrib/roda/instrumentation.rb +1 -1
- data/lib/datadog/tracing/contrib/roda/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/semantic_logger/instrumentation.rb +1 -1
- data/lib/datadog/tracing/contrib/semantic_logger/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sequel/database.rb +5 -5
- data/lib/datadog/tracing/contrib/sequel/dataset.rb +1 -1
- data/lib/datadog/tracing/contrib/sequel/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sequel/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/shoryuken/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +6 -1
- data/lib/datadog/tracing/contrib/sidekiq/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/sidekiq/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/sidekiq/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +5 -2
- data/lib/datadog/tracing/contrib/sidekiq/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/sinatra/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sinatra/tracer_middleware.rb +38 -40
- data/lib/datadog/tracing/contrib/sneakers/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/span_attribute_schema.rb +1 -1
- data/lib/datadog/tracing/contrib/stripe/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/stripe/request.rb +1 -1
- data/lib/datadog/tracing/contrib/sucker_punch/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/support.rb +28 -0
- data/lib/datadog/tracing/contrib/trilogy/ext.rb +1 -1
- data/lib/datadog/tracing/contrib/trilogy/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/utils/quantization/hash.rb +11 -11
- data/lib/datadog/tracing/contrib/utils/quantization/http.rb +6 -6
- data/lib/datadog/tracing/contrib.rb +1 -0
- data/lib/datadog/tracing/correlation.rb +9 -2
- data/lib/datadog/tracing/diagnostics/environment_logger.rb +8 -2
- data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
- data/lib/datadog/tracing/distributed/b3_single.rb +2 -2
- data/lib/datadog/tracing/distributed/baggage.rb +196 -0
- data/lib/datadog/tracing/distributed/datadog.rb +8 -7
- data/lib/datadog/tracing/distributed/datadog_tags_codec.rb +11 -13
- data/lib/datadog/tracing/distributed/helpers.rb +1 -1
- data/lib/datadog/tracing/distributed/none.rb +4 -2
- data/lib/datadog/tracing/distributed/propagation.rb +28 -4
- data/lib/datadog/tracing/distributed/propagation_policy.rb +42 -0
- data/lib/datadog/tracing/distributed/trace_context.rb +22 -16
- data/lib/datadog/tracing/event.rb +5 -7
- data/lib/datadog/tracing/flush.rb +1 -1
- data/lib/datadog/tracing/metadata/analytics.rb +1 -1
- data/lib/datadog/tracing/metadata/errors.rb +4 -4
- data/lib/datadog/tracing/metadata/ext.rb +13 -0
- data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
- data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
- data/lib/datadog/tracing/metadata/tagging.rb +4 -4
- data/lib/datadog/tracing/metadata.rb +2 -0
- data/lib/datadog/tracing/pipeline/span_filter.rb +3 -1
- data/lib/datadog/tracing/pipeline/span_processor.rb +3 -1
- data/lib/datadog/tracing/pipeline.rb +1 -1
- data/lib/datadog/tracing/sampling/ext.rb +0 -2
- data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
- data/lib/datadog/tracing/sampling/rule_sampler.rb +30 -30
- data/lib/datadog/tracing/sampling/span/rule.rb +0 -1
- data/lib/datadog/tracing/sampling/span/rule_parser.rb +1 -1
- data/lib/datadog/tracing/sampling/span/sampler.rb +0 -7
- data/lib/datadog/tracing/span.rb +11 -2
- data/lib/datadog/tracing/span_event.rb +11 -11
- data/lib/datadog/tracing/span_link.rb +12 -12
- data/lib/datadog/tracing/span_operation.rb +76 -26
- data/lib/datadog/tracing/sync_writer.rb +5 -4
- data/lib/datadog/tracing/trace_digest.rb +29 -24
- data/lib/datadog/tracing/trace_operation.rb +121 -97
- data/lib/datadog/tracing/trace_segment.rb +8 -6
- data/lib/datadog/tracing/tracer.rb +90 -43
- data/lib/datadog/tracing/transport/http/api.rb +2 -10
- data/lib/datadog/tracing/transport/http/client.rb +6 -5
- data/lib/datadog/tracing/transport/http/traces.rb +15 -43
- data/lib/datadog/tracing/transport/http.rb +13 -75
- data/lib/datadog/tracing/transport/io/client.rb +5 -5
- data/lib/datadog/tracing/transport/io/traces.rb +4 -4
- data/lib/datadog/tracing/transport/serializable_trace.rb +3 -1
- data/lib/datadog/tracing/transport/statistics.rb +1 -1
- data/lib/datadog/tracing/transport/trace_formatter.rb +7 -0
- data/lib/datadog/tracing/transport/traces.rb +31 -14
- data/lib/datadog/tracing/utils.rb +1 -1
- data/lib/datadog/tracing/workers/trace_writer.rb +16 -16
- data/lib/datadog/tracing/workers.rb +2 -2
- data/lib/datadog/tracing/writer.rb +4 -4
- data/lib/datadog/tracing.rb +16 -3
- data/lib/datadog/version.rb +1 -1
- data/lib/datadog.rb +8 -2
- metadata +115 -24
- data/ext/libdatadog_api/macos_development.md +0 -26
- data/lib/datadog/appsec/assets/waf_rules/processors.json +0 -92
- data/lib/datadog/appsec/assets/waf_rules/scanners.json +0 -114
- data/lib/datadog/appsec/contrib/devise/event.rb +0 -54
- data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +0 -72
- data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +0 -47
- data/lib/datadog/appsec/contrib/devise/resource.rb +0 -35
- data/lib/datadog/appsec/contrib/devise/tracking.rb +0 -57
- data/lib/datadog/appsec/processor/rule_merger.rb +0 -170
- data/lib/datadog/appsec/processor.rb +0 -107
- data/lib/datadog/appsec/utils/trace_operation.rb +0 -15
- data/lib/datadog/core/telemetry/http/env.rb +0 -20
- data/lib/datadog/core/telemetry/http/ext.rb +0 -28
- data/lib/datadog/core/telemetry/http/response.rb +0 -70
- data/lib/datadog/core/telemetry/http/transport.rb +0 -90
|
@@ -0,0 +1,176 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Datadog
|
|
4
|
+
module AppSec
|
|
5
|
+
module SecurityEngine
|
|
6
|
+
# SecurityEngine::Engine creates WAF builder and manages its configuration.
|
|
7
|
+
# It also rebuilds WAF handle from the WAF builder when configuration changes.
|
|
8
|
+
class Engine
|
|
9
|
+
DEFAULT_RULES_CONFIG_PATH = 'ASM_DD/default'
|
|
10
|
+
TELEMETRY_ACTIONS = %w[init update].freeze
|
|
11
|
+
DIAGNOSTICS_CONFIG_KEYS = %w[
|
|
12
|
+
rules
|
|
13
|
+
custom_rules
|
|
14
|
+
exclusions
|
|
15
|
+
actions
|
|
16
|
+
processors
|
|
17
|
+
scanners
|
|
18
|
+
rules_override
|
|
19
|
+
rules_data
|
|
20
|
+
exclusion_data
|
|
21
|
+
].freeze
|
|
22
|
+
|
|
23
|
+
def initialize(appsec_settings:, telemetry:)
|
|
24
|
+
@default_ruleset = appsec_settings.ruleset
|
|
25
|
+
|
|
26
|
+
# NOTE: replace appsec_settings argument with default_ruleset when removing these deprecated settings
|
|
27
|
+
@default_ip_denylist = appsec_settings.ip_denylist
|
|
28
|
+
@default_user_id_denylist = appsec_settings.user_id_denylist
|
|
29
|
+
@default_ip_passlist = appsec_settings.ip_passlist
|
|
30
|
+
|
|
31
|
+
@waf_builder = WAF::HandleBuilder.new(
|
|
32
|
+
obfuscator: {
|
|
33
|
+
key_regex: appsec_settings.obfuscator_key_regex,
|
|
34
|
+
value_regex: appsec_settings.obfuscator_value_regex
|
|
35
|
+
}
|
|
36
|
+
)
|
|
37
|
+
|
|
38
|
+
diagnostics = load_default_config(telemetry: telemetry)
|
|
39
|
+
report_configuration_diagnostics(diagnostics, action: 'init', telemetry: telemetry)
|
|
40
|
+
@ruleset_version = diagnostics['ruleset_version']
|
|
41
|
+
|
|
42
|
+
@handle_ref = ThreadSafeRef.new(@waf_builder.build_handle)
|
|
43
|
+
rescue WAF::Error => e
|
|
44
|
+
error_message = "AppSec security engine failed to initialize"
|
|
45
|
+
|
|
46
|
+
Datadog.logger.error("#{error_message}, error #{e.inspect}")
|
|
47
|
+
telemetry.report(e, description: error_message)
|
|
48
|
+
|
|
49
|
+
raise e
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def new_runner
|
|
53
|
+
SecurityEngine::Runner.new(@handle_ref, ruleset_version: @ruleset_version)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def add_or_update_config(config, path:)
|
|
57
|
+
@is_ruleset_update = path.include?('ASM_DD')
|
|
58
|
+
|
|
59
|
+
# default config has to be removed when adding an ASM_DD config
|
|
60
|
+
remove_config_at_path(DEFAULT_RULES_CONFIG_PATH) if @is_ruleset_update
|
|
61
|
+
|
|
62
|
+
diagnostics = @waf_builder.add_or_update_config(config, path: path)
|
|
63
|
+
@reconfigured_ruleset_version = diagnostics['ruleset_version'] if diagnostics.key?('ruleset_version')
|
|
64
|
+
report_configuration_diagnostics(diagnostics, action: 'update', telemetry: AppSec.telemetry)
|
|
65
|
+
|
|
66
|
+
# we need to load default config if diagnostics contains top-level error for rules or processors
|
|
67
|
+
if @is_ruleset_update &&
|
|
68
|
+
(diagnostics.key?('error') ||
|
|
69
|
+
diagnostics.dig('rules', 'error') ||
|
|
70
|
+
diagnostics.dig('processors', 'errors'))
|
|
71
|
+
diagnostics = load_default_config(telemetry: AppSec.telemetry)
|
|
72
|
+
@reconfigured_ruleset_version = diagnostics['ruleset_version']
|
|
73
|
+
report_configuration_diagnostics(diagnostics, action: 'update', telemetry: AppSec.telemetry)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
diagnostics
|
|
77
|
+
rescue WAF::Error => e
|
|
78
|
+
error_message = "libddwaf builder failed to add or update config at path: #{path}"
|
|
79
|
+
|
|
80
|
+
Datadog.logger.debug("#{error_message}, error: #{e.inspect}")
|
|
81
|
+
AppSec.telemetry.report(e, description: error_message)
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
def remove_config_at_path(path)
|
|
85
|
+
result = @waf_builder.remove_config_at_path(path)
|
|
86
|
+
|
|
87
|
+
if result && path != DEFAULT_RULES_CONFIG_PATH && path.include?('ASM_DD')
|
|
88
|
+
diagnostics = load_default_config(telemetry: AppSec.telemetry)
|
|
89
|
+
@reconfigured_ruleset_version = diagnostics['ruleset_version']
|
|
90
|
+
report_configuration_diagnostics(diagnostics, action: 'update', telemetry: AppSec.telemetry)
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
result
|
|
94
|
+
rescue WAF::Error => e
|
|
95
|
+
error_message = "libddwaf handle builder failed to remove config at path: #{path}"
|
|
96
|
+
|
|
97
|
+
Datadog.logger.error("#{error_message}, error: #{e.inspect}")
|
|
98
|
+
AppSec.telemetry.report(e, description: error_message)
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def reconfigure!
|
|
102
|
+
new_waf_handle = @waf_builder.build_handle
|
|
103
|
+
@ruleset_version = @reconfigured_ruleset_version
|
|
104
|
+
|
|
105
|
+
@handle_ref.current = new_waf_handle
|
|
106
|
+
rescue WAF::Error => e
|
|
107
|
+
# WAF::Error can only be raised during new WAF handle creation or when reading known addresses.
|
|
108
|
+
# This means that the current WAF handle was not yet substituted.
|
|
109
|
+
error_message = "AppSec security engine failed to reconfigure, reverting to the previous configuration"
|
|
110
|
+
|
|
111
|
+
Datadog.logger.error("#{error_message}, error #{e.inspect}")
|
|
112
|
+
AppSec.telemetry.report(e, description: error_message)
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
private
|
|
116
|
+
|
|
117
|
+
def load_default_config(telemetry:)
|
|
118
|
+
config = AppSec::Processor::RuleLoader.load_rules(telemetry: telemetry, ruleset: @default_ruleset)
|
|
119
|
+
|
|
120
|
+
# deprecated - ip and user id denylists should be configured via RC
|
|
121
|
+
config['rules_data'] ||= AppSec::Processor::RuleLoader.load_data(
|
|
122
|
+
ip_denylist: @default_ip_denylist,
|
|
123
|
+
user_id_denylist: @default_user_id_denylist
|
|
124
|
+
)
|
|
125
|
+
|
|
126
|
+
# deprecated - ip passlist should be configured via RC
|
|
127
|
+
config['exclusions'] ||= AppSec::Processor::RuleLoader.load_exclusions(ip_passlist: @default_ip_passlist)
|
|
128
|
+
|
|
129
|
+
@waf_builder.add_or_update_config(config, path: DEFAULT_RULES_CONFIG_PATH)
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
def report_configuration_diagnostics(diagnostics, action:, telemetry:)
|
|
133
|
+
raise ArgumentError, 'action must be one of TELEMETRY_ACTIONS' unless TELEMETRY_ACTIONS.include?(action)
|
|
134
|
+
|
|
135
|
+
common_tags = {
|
|
136
|
+
waf_version: Datadog::AppSec::WAF::VERSION::BASE_STRING,
|
|
137
|
+
event_rules_version: diagnostics['ruleset_version'].to_s,
|
|
138
|
+
action: action
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
if diagnostics['error']
|
|
142
|
+
telemetry.inc(
|
|
143
|
+
Ext::TELEMETRY_METRICS_NAMESPACE, 'waf.config_errors', 1,
|
|
144
|
+
tags: common_tags.merge(scope: 'top-level')
|
|
145
|
+
)
|
|
146
|
+
|
|
147
|
+
telemetry.error(diagnostics['error'])
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
diagnostics.each do |config_key, config_diagnostics|
|
|
151
|
+
next unless DIAGNOSTICS_CONFIG_KEYS.include?(config_key)
|
|
152
|
+
next if !config_diagnostics.key?('error') && config_diagnostics.fetch('errors', []).empty?
|
|
153
|
+
|
|
154
|
+
if config_diagnostics['error']
|
|
155
|
+
telemetry.error(config_diagnostics['error'])
|
|
156
|
+
|
|
157
|
+
telemetry.inc(
|
|
158
|
+
Ext::TELEMETRY_METRICS_NAMESPACE, 'waf.config_errors', 1,
|
|
159
|
+
tags: common_tags.merge(config_key: config_key, scope: 'top-level')
|
|
160
|
+
)
|
|
161
|
+
elsif config_diagnostics['errors']
|
|
162
|
+
config_diagnostics['errors'].each do |error, config_ids|
|
|
163
|
+
telemetry.error("#{error}: [#{config_ids.join(",")}]")
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
telemetry.inc(
|
|
167
|
+
Ext::TELEMETRY_METRICS_NAMESPACE, 'waf.config_errors', config_diagnostics['errors'].count,
|
|
168
|
+
tags: common_tags.merge(config_key: config_key, scope: 'item')
|
|
169
|
+
)
|
|
170
|
+
end
|
|
171
|
+
end
|
|
172
|
+
end
|
|
173
|
+
end
|
|
174
|
+
end
|
|
175
|
+
end
|
|
176
|
+
end
|
|
@@ -7,25 +7,39 @@ module Datadog
|
|
|
7
7
|
module Result
|
|
8
8
|
# A generic result without indication of its type.
|
|
9
9
|
class Base
|
|
10
|
-
attr_reader :events, :actions, :
|
|
10
|
+
attr_reader :events, :actions, :attributes, :duration_ns, :duration_ext_ns
|
|
11
11
|
|
|
12
|
-
def initialize(events:, actions:,
|
|
12
|
+
def initialize(events:, actions:, attributes:, duration_ns:, duration_ext_ns:, timeout:, keep:, input_truncated:)
|
|
13
13
|
@events = events
|
|
14
14
|
@actions = actions
|
|
15
|
-
@
|
|
16
|
-
|
|
17
|
-
@timeout = timeout
|
|
15
|
+
@attributes = attributes
|
|
18
16
|
@duration_ns = duration_ns
|
|
19
17
|
@duration_ext_ns = duration_ext_ns
|
|
18
|
+
|
|
19
|
+
@keep = !!keep
|
|
20
|
+
@timeout = !!timeout
|
|
21
|
+
@input_truncated = !!input_truncated
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
def timeout?
|
|
23
|
-
|
|
25
|
+
@timeout
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def keep?
|
|
29
|
+
@keep
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def input_truncated?
|
|
33
|
+
@input_truncated
|
|
24
34
|
end
|
|
25
35
|
|
|
26
36
|
def match?
|
|
27
37
|
raise NotImplementedError
|
|
28
38
|
end
|
|
39
|
+
|
|
40
|
+
def error?
|
|
41
|
+
raise NotImplementedError
|
|
42
|
+
end
|
|
29
43
|
end
|
|
30
44
|
|
|
31
45
|
# A result that indicates a security rule match
|
|
@@ -33,6 +47,10 @@ module Datadog
|
|
|
33
47
|
def match?
|
|
34
48
|
true
|
|
35
49
|
end
|
|
50
|
+
|
|
51
|
+
def error?
|
|
52
|
+
false
|
|
53
|
+
end
|
|
36
54
|
end
|
|
37
55
|
|
|
38
56
|
# A result that indicates a successful security rules check without a match
|
|
@@ -40,26 +58,43 @@ module Datadog
|
|
|
40
58
|
def match?
|
|
41
59
|
false
|
|
42
60
|
end
|
|
61
|
+
|
|
62
|
+
def error?
|
|
63
|
+
false
|
|
64
|
+
end
|
|
43
65
|
end
|
|
44
66
|
|
|
45
67
|
# A result that indicates an internal security library error
|
|
46
68
|
class Error
|
|
47
|
-
attr_reader :events, :actions, :
|
|
69
|
+
attr_reader :events, :actions, :attributes, :duration_ns, :duration_ext_ns
|
|
48
70
|
|
|
49
|
-
def initialize(duration_ext_ns:)
|
|
71
|
+
def initialize(duration_ext_ns:, input_truncated:)
|
|
50
72
|
@events = []
|
|
51
|
-
@actions = @
|
|
73
|
+
@actions = @attributes = {}
|
|
52
74
|
@duration_ns = 0
|
|
53
75
|
@duration_ext_ns = duration_ext_ns
|
|
76
|
+
@input_truncated = !!input_truncated
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def keep?
|
|
80
|
+
false
|
|
54
81
|
end
|
|
55
82
|
|
|
56
83
|
def timeout?
|
|
57
84
|
false
|
|
58
85
|
end
|
|
59
86
|
|
|
87
|
+
def input_truncated?
|
|
88
|
+
@input_truncated
|
|
89
|
+
end
|
|
90
|
+
|
|
60
91
|
def match?
|
|
61
92
|
false
|
|
62
93
|
end
|
|
94
|
+
|
|
95
|
+
def error?
|
|
96
|
+
true
|
|
97
|
+
end
|
|
63
98
|
end
|
|
64
99
|
end
|
|
65
100
|
end
|
|
@@ -9,10 +9,13 @@ module Datadog
|
|
|
9
9
|
class Runner
|
|
10
10
|
SUCCESSFUL_EXECUTION_CODES = [:ok, :match].freeze
|
|
11
11
|
|
|
12
|
-
|
|
12
|
+
attr_reader :ruleset_version
|
|
13
|
+
|
|
14
|
+
def initialize(handle_ref, ruleset_version:)
|
|
13
15
|
@mutex = Mutex.new
|
|
14
|
-
@
|
|
15
|
-
@
|
|
16
|
+
@handle_ref = handle_ref
|
|
17
|
+
@waf_handle = handle_ref.acquire
|
|
18
|
+
@ruleset_version = ruleset_version
|
|
16
19
|
|
|
17
20
|
@debug_tag = "libddwaf:#{WAF::VERSION::STRING} method:ddwaf_run"
|
|
18
21
|
end
|
|
@@ -24,54 +27,74 @@ module Datadog
|
|
|
24
27
|
persistent_data.reject! do |_, v|
|
|
25
28
|
next false if v.is_a?(TrueClass) || v.is_a?(FalseClass)
|
|
26
29
|
|
|
27
|
-
v.nil?
|
|
30
|
+
v.nil? || v.empty?
|
|
28
31
|
end
|
|
29
32
|
|
|
30
33
|
ephemeral_data.reject! do |_, v|
|
|
31
34
|
next false if v.is_a?(TrueClass) || v.is_a?(FalseClass)
|
|
32
35
|
|
|
33
|
-
v.nil?
|
|
36
|
+
v.nil? || v.empty?
|
|
34
37
|
end
|
|
35
38
|
|
|
36
|
-
|
|
39
|
+
result = try_run(persistent_data, ephemeral_data, timeout)
|
|
37
40
|
stop_ns = Core::Utils::Time.get_time(:nanosecond)
|
|
38
41
|
|
|
39
42
|
report_execution(result)
|
|
40
43
|
|
|
41
44
|
unless SUCCESSFUL_EXECUTION_CODES.include?(result.status)
|
|
42
|
-
return Result::Error.new(duration_ext_ns: stop_ns - start_ns)
|
|
45
|
+
return Result::Error.new(duration_ext_ns: stop_ns - start_ns, input_truncated: result.input_truncated?)
|
|
43
46
|
end
|
|
44
47
|
|
|
45
|
-
klass = result.status == :match ? Result::Match : Result::Ok
|
|
48
|
+
klass = (result.status == :match) ? Result::Match : Result::Ok
|
|
46
49
|
klass.new(
|
|
47
50
|
events: result.events,
|
|
48
51
|
actions: result.actions,
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
52
|
+
attributes: result.attributes,
|
|
53
|
+
keep: result.keep?,
|
|
54
|
+
timeout: result.timeout?,
|
|
55
|
+
duration_ns: result.duration,
|
|
56
|
+
duration_ext_ns: (stop_ns - start_ns),
|
|
57
|
+
input_truncated: result.input_truncated?
|
|
53
58
|
)
|
|
54
59
|
ensure
|
|
55
60
|
@mutex.unlock
|
|
56
61
|
end
|
|
57
62
|
|
|
58
|
-
def
|
|
59
|
-
@
|
|
63
|
+
def waf_context
|
|
64
|
+
@waf_context ||= @waf_handle.build_context
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def waf_addresses
|
|
68
|
+
@waf_handle.known_addresses
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def finalize!
|
|
72
|
+
@waf_context&.finalize!
|
|
73
|
+
ensure
|
|
74
|
+
@handle_ref.release(@waf_handle)
|
|
60
75
|
end
|
|
61
76
|
|
|
62
77
|
private
|
|
63
78
|
|
|
64
79
|
def try_run(persistent_data, ephemeral_data, timeout)
|
|
65
|
-
|
|
66
|
-
rescue WAF::
|
|
80
|
+
waf_context.run(persistent_data, ephemeral_data, timeout)
|
|
81
|
+
rescue WAF::LibDDWAFError => e
|
|
67
82
|
Datadog.logger.debug { "#{@debug_tag} execution error: #{e} backtrace: #{e.backtrace&.first(3)}" }
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
83
|
+
AppSec.telemetry.report(e, description: 'libddwaf-rb internal low-level error')
|
|
84
|
+
|
|
85
|
+
WAF::Result.new(
|
|
86
|
+
status: :err_internal,
|
|
87
|
+
events: [],
|
|
88
|
+
actions: {},
|
|
89
|
+
attributes: {},
|
|
90
|
+
duration: 0,
|
|
91
|
+
keep: false,
|
|
92
|
+
timeout: false
|
|
93
|
+
)
|
|
71
94
|
end
|
|
72
95
|
|
|
73
96
|
def report_execution(result)
|
|
74
|
-
Datadog.logger.debug { "#{@debug_tag} execution timed out: #{result.inspect}" } if result.timeout
|
|
97
|
+
Datadog.logger.debug { "#{@debug_tag} execution timed out: #{result.inspect}" } if result.timeout?
|
|
75
98
|
|
|
76
99
|
if SUCCESSFUL_EXECUTION_CODES.include?(result.status)
|
|
77
100
|
Datadog.logger.debug { "#{@debug_tag} execution result: #{result.inspect}" }
|
|
@@ -79,7 +102,7 @@ module Datadog
|
|
|
79
102
|
message = "#{@debug_tag} execution error: #{result.status.inspect}"
|
|
80
103
|
|
|
81
104
|
Datadog.logger.debug { message }
|
|
82
|
-
|
|
105
|
+
AppSec.telemetry.error(message)
|
|
83
106
|
end
|
|
84
107
|
end
|
|
85
108
|
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Datadog
|
|
4
|
+
module AppSec
|
|
5
|
+
# A class that represents a security event of any kind. It could be an event
|
|
6
|
+
# representing an attack or fingerprinting results as attributes or an API
|
|
7
|
+
# security check with extracted schema.
|
|
8
|
+
class SecurityEvent
|
|
9
|
+
SCHEMA_KEY_PREFIX = '_dd.appsec.s.'
|
|
10
|
+
FINGERPRINT_KEY_PREFIX = '_dd.appsec.fp.'
|
|
11
|
+
|
|
12
|
+
attr_reader :waf_result, :trace, :span
|
|
13
|
+
|
|
14
|
+
def initialize(waf_result, trace:, span:)
|
|
15
|
+
@waf_result = waf_result
|
|
16
|
+
@trace = trace
|
|
17
|
+
@span = span
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def keep?
|
|
21
|
+
@waf_result.keep?
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def schema?
|
|
25
|
+
return @has_schema if defined?(@has_schema)
|
|
26
|
+
|
|
27
|
+
@has_schema = @waf_result.attributes.any? { |name, _| name.start_with?(SCHEMA_KEY_PREFIX) }
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def fingerprint?
|
|
31
|
+
return @has_fingerprint if defined?(@has_fingerprint)
|
|
32
|
+
|
|
33
|
+
@has_fingerprint = @waf_result.attributes.any? { |name, _| name.start_with?(FINGERPRINT_KEY_PREFIX) }
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Datadog
|
|
4
|
+
module AppSec
|
|
5
|
+
# This class is used for referencing an object that might be marked
|
|
6
|
+
# for finalization in another thread.
|
|
7
|
+
#
|
|
8
|
+
# References to the object are counted, and objects marked for finalization
|
|
9
|
+
# can be safely finalized when their reference count reaches zero.
|
|
10
|
+
class ThreadSafeRef
|
|
11
|
+
def initialize(initial_obj, finalizer: :finalize!)
|
|
12
|
+
@current = initial_obj
|
|
13
|
+
@finalizer = finalizer
|
|
14
|
+
|
|
15
|
+
@counters = Hash.new(0)
|
|
16
|
+
@outdated = []
|
|
17
|
+
@mutex = Mutex.new
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def acquire
|
|
21
|
+
@mutex.synchronize do
|
|
22
|
+
@counters[@current] += 1
|
|
23
|
+
|
|
24
|
+
@current
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def release(obj)
|
|
29
|
+
@mutex.synchronize do
|
|
30
|
+
@counters[obj] -= 1
|
|
31
|
+
|
|
32
|
+
@outdated.reject! do |outdated_obj|
|
|
33
|
+
next unless @counters[outdated_obj].zero?
|
|
34
|
+
|
|
35
|
+
finalize(outdated_obj)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def current=(obj)
|
|
41
|
+
@mutex.synchronize do
|
|
42
|
+
@outdated << @current
|
|
43
|
+
|
|
44
|
+
@current = obj
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
private
|
|
49
|
+
|
|
50
|
+
def finalize(obj)
|
|
51
|
+
obj.public_send(@finalizer)
|
|
52
|
+
|
|
53
|
+
true
|
|
54
|
+
rescue => e
|
|
55
|
+
Datadog.logger.debug("Couldn't finalize #{obj.class.name} object, error: #{e.inspect}")
|
|
56
|
+
|
|
57
|
+
true
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Datadog
|
|
4
|
+
module AppSec
|
|
5
|
+
# This class is used to mark trace as manual keep and tag it as ASM product.
|
|
6
|
+
module TraceKeeper
|
|
7
|
+
def self.keep!(trace)
|
|
8
|
+
return unless trace
|
|
9
|
+
|
|
10
|
+
# NOTE: This action will not set correct decision maker value, so the
|
|
11
|
+
# trace keeping must be done with additional steps below
|
|
12
|
+
trace.keep!
|
|
13
|
+
|
|
14
|
+
# Propagate to downstream services the information that
|
|
15
|
+
# the current distributed trace is containing at least one ASM event.
|
|
16
|
+
trace.set_tag(
|
|
17
|
+
Tracing::Metadata::Ext::Distributed::TAG_DECISION_MAKER,
|
|
18
|
+
Tracing::Sampling::Ext::Decision::ASM
|
|
19
|
+
)
|
|
20
|
+
trace.set_distributed_source(Ext::PRODUCT_BIT)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Datadog
|
|
4
|
+
module AppSec
|
|
5
|
+
module Utils
|
|
6
|
+
# A module for coercing arbitrary objects into hashes.
|
|
7
|
+
module HashCoercion
|
|
8
|
+
# A best effort to coerce an object to a hash with methods known to various
|
|
9
|
+
# frameworks with a fallback to standard library.
|
|
10
|
+
#
|
|
11
|
+
# @param object [Object] The object to coerce.
|
|
12
|
+
# @return [Hash, nil] The coerced `Hash` or `nil` if the object is not coercible.
|
|
13
|
+
def self.coerce(object)
|
|
14
|
+
return object.as_json if object.respond_to?(:as_json)
|
|
15
|
+
return object.to_hash if object.respond_to?(:to_hash)
|
|
16
|
+
return object.to_h if object.respond_to?(:to_h)
|
|
17
|
+
|
|
18
|
+
nil
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
data/lib/datadog/appsec/utils.rb
CHANGED
data/lib/datadog/appsec.rb
CHANGED
|
@@ -26,25 +26,15 @@ module Datadog
|
|
|
26
26
|
components.appsec&.telemetry
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
def
|
|
30
|
-
components.appsec&.
|
|
29
|
+
def security_engine
|
|
30
|
+
components.appsec&.security_engine
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
def reconfigure
|
|
34
|
-
|
|
35
|
-
return unless appsec_component
|
|
36
|
-
|
|
37
|
-
appsec_component.reconfigure(ruleset: ruleset, telemetry: telemetry)
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
def reconfigure_lock(&block)
|
|
41
|
-
appsec_component = components.appsec
|
|
42
|
-
return unless appsec_component
|
|
43
|
-
|
|
44
|
-
appsec_component.reconfigure_lock(&block)
|
|
33
|
+
def reconfigure!
|
|
34
|
+
components.appsec&.reconfigure!
|
|
45
35
|
end
|
|
46
36
|
|
|
47
|
-
def
|
|
37
|
+
def perform_api_security_check?
|
|
48
38
|
Datadog.configuration.appsec.api_security.enabled &&
|
|
49
39
|
Datadog.configuration.appsec.api_security.sample_rate.sample?
|
|
50
40
|
end
|
|
@@ -40,7 +40,23 @@ module Datadog
|
|
|
40
40
|
add_all!(underflow) unless underflow.nil?
|
|
41
41
|
|
|
42
42
|
# Iteratively replace items, to ensure pseudo-random replacement.
|
|
43
|
-
overflow
|
|
43
|
+
overflow&.each { |item| replace!(item) }
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def unshift(*items)
|
|
47
|
+
# TODO The existing concat implementation does not always append
|
|
48
|
+
# to the end of the buffer - if the buffer is full, a random
|
|
49
|
+
# item is deleted and the new item is added in the position of
|
|
50
|
+
# removed item.
|
|
51
|
+
# Therefore, if we want to preserve the item order, concat
|
|
52
|
+
# would also need to be changed to maintain order.
|
|
53
|
+
# With the existing implementation, the idea is to not move
|
|
54
|
+
# existing items around, which is what sets unshift apart from
|
|
55
|
+
# concat to begin with.
|
|
56
|
+
#
|
|
57
|
+
# Since this method currently delegates to +concat+, it does not
|
|
58
|
+
# have a matching definition in the thread-safe worker.
|
|
59
|
+
concat(items)
|
|
44
60
|
end
|
|
45
61
|
|
|
46
62
|
# Stored items are returned and the local buffer is reset.
|
|
@@ -78,7 +94,7 @@ module Datadog
|
|
|
78
94
|
underflow = nil
|
|
79
95
|
overflow = nil
|
|
80
96
|
|
|
81
|
-
overflow_size = @max_size > 0 ? (@items.length + items.length) - @max_size : 0
|
|
97
|
+
overflow_size = (@max_size > 0) ? (@items.length + items.length) - @max_size : 0
|
|
82
98
|
|
|
83
99
|
if overflow_size > 0
|
|
84
100
|
# Items will overflow
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative 'ext'
|
|
4
|
+
|
|
5
|
+
module Datadog
|
|
6
|
+
module Core
|
|
7
|
+
module Configuration
|
|
8
|
+
# Immutable container for the resulting settings
|
|
9
|
+
class AgentSettings
|
|
10
|
+
# IPv6 regular expression from
|
|
11
|
+
# https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses
|
|
12
|
+
# Does not match IPv4 addresses.
|
|
13
|
+
IPV6_REGEXP = /\A(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\z)/.freeze # rubocop:disable Layout/LineLength
|
|
14
|
+
|
|
15
|
+
attr_reader :adapter, :ssl, :hostname, :port, :uds_path, :timeout_seconds
|
|
16
|
+
|
|
17
|
+
def initialize(adapter: nil, ssl: nil, hostname: nil, port: nil, uds_path: nil, timeout_seconds: nil)
|
|
18
|
+
@adapter = adapter
|
|
19
|
+
@ssl = ssl
|
|
20
|
+
@hostname = hostname
|
|
21
|
+
@port = port
|
|
22
|
+
@uds_path = uds_path
|
|
23
|
+
@timeout_seconds = timeout_seconds
|
|
24
|
+
freeze
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def url
|
|
28
|
+
case adapter
|
|
29
|
+
when Datadog::Core::Configuration::Ext::Agent::HTTP::ADAPTER
|
|
30
|
+
hostname = self.hostname
|
|
31
|
+
hostname = "[#{hostname}]" if IPV6_REGEXP.match?(hostname)
|
|
32
|
+
"#{ssl ? "https" : "http"}://#{hostname}:#{port}/"
|
|
33
|
+
when Datadog::Core::Configuration::Ext::Agent::UnixSocket::ADAPTER
|
|
34
|
+
"unix://#{uds_path}"
|
|
35
|
+
else
|
|
36
|
+
raise ArgumentError, "Unexpected adapter: #{adapter}"
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def ==(other)
|
|
41
|
+
self.class == other.class &&
|
|
42
|
+
adapter == other.adapter &&
|
|
43
|
+
ssl == other.ssl &&
|
|
44
|
+
hostname == other.hostname &&
|
|
45
|
+
port == other.port &&
|
|
46
|
+
uds_path == other.uds_path &&
|
|
47
|
+
timeout_seconds == other.timeout_seconds
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|