datadog 2.12.1 → 2.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +154 -2
- data/ext/datadog_profiling_native_extension/collectors_thread_context.c +16 -14
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.c +79 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.h +8 -0
- data/ext/datadog_profiling_native_extension/extconf.rb +3 -0
- data/ext/datadog_profiling_native_extension/heap_recorder.c +8 -1
- data/ext/datadog_profiling_native_extension/http_transport.c +60 -94
- data/ext/datadog_profiling_native_extension/private_vm_api_access.c +8 -0
- data/ext/datadog_profiling_native_extension/profiling.c +2 -0
- data/ext/datadog_profiling_native_extension/stack_recorder.c +23 -23
- data/ext/libdatadog_api/crashtracker.c +11 -12
- data/ext/libdatadog_api/crashtracker.h +5 -0
- data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
- data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
- data/ext/libdatadog_api/init.c +15 -0
- data/ext/libdatadog_api/library_config.c +122 -0
- data/ext/libdatadog_api/library_config.h +19 -0
- data/ext/libdatadog_api/macos_development.md +3 -3
- data/ext/libdatadog_api/process_discovery.c +117 -0
- data/ext/libdatadog_api/process_discovery.h +5 -0
- data/ext/libdatadog_extconf_helpers.rb +1 -1
- data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb +89 -0
- data/lib/datadog/appsec/actions_handler.rb +24 -2
- data/lib/datadog/appsec/anonymizer.rb +16 -0
- data/lib/datadog/appsec/api_security/lru_cache.rb +49 -0
- data/lib/datadog/appsec/api_security.rb +9 -0
- data/lib/datadog/appsec/assets/waf_rules/README.md +50 -5
- data/lib/datadog/appsec/assets/waf_rules/processors.json +239 -10
- data/lib/datadog/appsec/assets/waf_rules/scanners.json +926 -17
- data/lib/datadog/appsec/autoload.rb +1 -1
- data/lib/datadog/appsec/component.rb +29 -20
- data/lib/datadog/appsec/compressed_json.rb +40 -0
- data/lib/datadog/appsec/configuration/settings.rb +93 -28
- data/lib/datadog/appsec/context.rb +1 -1
- data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +10 -12
- data/lib/datadog/appsec/contrib/active_record/integration.rb +2 -2
- data/lib/datadog/appsec/contrib/active_record/patcher.rb +22 -22
- data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
- data/lib/datadog/appsec/contrib/devise/configuration.rb +7 -31
- data/lib/datadog/appsec/contrib/devise/data_extractor.rb +78 -0
- data/lib/datadog/appsec/contrib/devise/ext.rb +22 -0
- data/lib/datadog/appsec/contrib/devise/integration.rb +1 -2
- data/lib/datadog/appsec/contrib/devise/patcher.rb +34 -23
- data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +102 -0
- data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb +69 -0
- data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} +2 -2
- data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +106 -0
- data/lib/datadog/appsec/contrib/excon/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +9 -10
- data/lib/datadog/appsec/contrib/faraday/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +8 -9
- data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +8 -9
- data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/ext.rb +34 -0
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +49 -32
- data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +19 -18
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +11 -13
- data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/patcher.rb +21 -21
- data/lib/datadog/appsec/contrib/rest_client/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +10 -11
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +17 -23
- data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
- data/lib/datadog/appsec/event.rb +96 -135
- data/lib/datadog/appsec/ext.rb +4 -2
- data/lib/datadog/appsec/instrumentation/gateway/argument.rb +7 -2
- data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
- data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
- data/lib/datadog/appsec/metrics/telemetry.rb +1 -1
- data/lib/datadog/appsec/monitor/gateway/watcher.rb +49 -14
- data/lib/datadog/appsec/processor/rule_loader.rb +26 -28
- data/lib/datadog/appsec/processor/rule_merger.rb +7 -6
- data/lib/datadog/appsec/processor.rb +1 -1
- data/lib/datadog/appsec/remote.rb +23 -11
- data/lib/datadog/appsec/response.rb +6 -6
- data/lib/datadog/appsec/security_engine/runner.rb +3 -3
- data/lib/datadog/appsec/security_event.rb +39 -0
- data/lib/datadog/appsec/utils.rb +0 -2
- data/lib/datadog/appsec.rb +1 -1
- data/lib/datadog/core/buffer/random.rb +18 -2
- data/lib/datadog/core/configuration/agent_settings_resolver.rb +5 -5
- data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
- data/lib/datadog/core/configuration/components.rb +50 -31
- data/lib/datadog/core/configuration/components_state.rb +23 -0
- data/lib/datadog/core/configuration/ext.rb +4 -0
- data/lib/datadog/core/configuration/option.rb +79 -43
- data/lib/datadog/core/configuration/option_definition.rb +4 -4
- data/lib/datadog/core/configuration/options.rb +3 -3
- data/lib/datadog/core/configuration/settings.rb +68 -35
- data/lib/datadog/core/configuration/stable_config.rb +23 -0
- data/lib/datadog/core/configuration.rb +40 -16
- data/lib/datadog/core/crashtracking/component.rb +3 -10
- data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
- data/lib/datadog/core/encoding.rb +1 -1
- data/lib/datadog/core/environment/agent_info.rb +4 -3
- data/lib/datadog/core/environment/cgroup.rb +10 -12
- data/lib/datadog/core/environment/container.rb +38 -40
- data/lib/datadog/core/environment/ext.rb +6 -6
- data/lib/datadog/core/environment/git.rb +1 -0
- data/lib/datadog/core/environment/identity.rb +3 -3
- data/lib/datadog/core/environment/platform.rb +3 -3
- data/lib/datadog/core/environment/variable_helpers.rb +1 -1
- data/lib/datadog/core/error.rb +11 -9
- data/lib/datadog/core/logger.rb +2 -2
- data/lib/datadog/core/metrics/client.rb +20 -21
- data/lib/datadog/core/metrics/logging.rb +5 -5
- data/lib/datadog/core/process_discovery.rb +32 -0
- data/lib/datadog/core/rate_limiter.rb +4 -2
- data/lib/datadog/core/remote/client.rb +40 -32
- data/lib/datadog/core/remote/component.rb +6 -9
- data/lib/datadog/core/remote/configuration/digest.rb +7 -7
- data/lib/datadog/core/remote/configuration/path.rb +1 -1
- data/lib/datadog/core/remote/configuration/repository.rb +2 -1
- data/lib/datadog/core/remote/negotiation.rb +9 -9
- data/lib/datadog/core/remote/transport/config.rb +4 -3
- data/lib/datadog/core/remote/transport/http/client.rb +5 -4
- data/lib/datadog/core/remote/transport/http/config.rb +27 -37
- data/lib/datadog/core/remote/transport/http/negotiation.rb +7 -33
- data/lib/datadog/core/remote/transport/http.rb +22 -57
- data/lib/datadog/core/remote/transport/negotiation.rb +4 -3
- data/lib/datadog/core/runtime/metrics.rb +12 -5
- data/lib/datadog/core/telemetry/component.rb +78 -53
- data/lib/datadog/core/telemetry/emitter.rb +23 -11
- data/lib/datadog/core/telemetry/event/app_client_configuration_change.rb +65 -0
- data/lib/datadog/core/telemetry/event/app_closing.rb +18 -0
- data/lib/datadog/core/telemetry/event/app_dependencies_loaded.rb +33 -0
- data/lib/datadog/core/telemetry/event/app_heartbeat.rb +18 -0
- data/lib/datadog/core/telemetry/event/app_integrations_change.rb +58 -0
- data/lib/datadog/core/telemetry/event/app_started.rb +179 -0
- data/lib/datadog/core/telemetry/event/base.rb +40 -0
- data/lib/datadog/core/telemetry/event/distributions.rb +18 -0
- data/lib/datadog/core/telemetry/event/generate_metrics.rb +43 -0
- data/lib/datadog/core/telemetry/event/log.rb +76 -0
- data/lib/datadog/core/telemetry/event/message_batch.rb +42 -0
- data/lib/datadog/core/telemetry/event/synth_app_client_configuration_change.rb +43 -0
- data/lib/datadog/core/telemetry/event.rb +17 -472
- data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
- data/lib/datadog/core/telemetry/logger.rb +1 -1
- data/lib/datadog/core/telemetry/metric.rb +8 -8
- data/lib/datadog/core/telemetry/request.rb +4 -4
- data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
- data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
- data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
- data/lib/datadog/core/telemetry/transport/http.rb +63 -0
- data/lib/datadog/core/telemetry/transport/telemetry.rb +51 -0
- data/lib/datadog/core/telemetry/worker.rb +90 -24
- data/lib/datadog/core/transport/http/adapters/test.rb +2 -1
- data/lib/datadog/core/transport/http/api/instance.rb +17 -0
- data/lib/datadog/core/transport/http/api/spec.rb +17 -0
- data/lib/datadog/core/transport/http/builder.rb +18 -16
- data/lib/datadog/core/transport/http.rb +39 -2
- data/lib/datadog/core/utils/at_fork_monkey_patch.rb +6 -6
- data/lib/datadog/core/utils/duration.rb +32 -32
- data/lib/datadog/core/utils/forking.rb +2 -2
- data/lib/datadog/core/utils/network.rb +6 -6
- data/lib/datadog/core/utils/only_once_successful.rb +16 -5
- data/lib/datadog/core/utils/time.rb +20 -0
- data/lib/datadog/core/utils/truncation.rb +21 -0
- data/lib/datadog/core/vendor/multipart-post/multipart/post/composite_read_io.rb +1 -1
- data/lib/datadog/core/vendor/multipart-post/multipart/post/multipartable.rb +8 -8
- data/lib/datadog/core/vendor/multipart-post/multipart/post/parts.rb +7 -7
- data/lib/datadog/core/worker.rb +1 -1
- data/lib/datadog/core/workers/async.rb +29 -12
- data/lib/datadog/core/workers/interval_loop.rb +12 -1
- data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
- data/lib/datadog/core.rb +8 -0
- data/lib/datadog/di/boot.rb +34 -0
- data/lib/datadog/di/component.rb +0 -2
- data/lib/datadog/di/probe_notification_builder.rb +1 -1
- data/lib/datadog/di/probe_notifier_worker.rb +16 -16
- data/lib/datadog/di/remote.rb +2 -0
- data/lib/datadog/di/transport/diagnostics.rb +4 -3
- data/lib/datadog/di/transport/http/api.rb +2 -12
- data/lib/datadog/di/transport/http/client.rb +4 -3
- data/lib/datadog/di/transport/http/diagnostics.rb +7 -34
- data/lib/datadog/di/transport/http/input.rb +7 -34
- data/lib/datadog/di/transport/http.rb +14 -62
- data/lib/datadog/di/transport/input.rb +4 -3
- data/lib/datadog/di/utils.rb +5 -0
- data/lib/datadog/di.rb +5 -32
- data/lib/datadog/error_tracking/collector.rb +87 -0
- data/lib/datadog/error_tracking/component.rb +167 -0
- data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
- data/lib/datadog/error_tracking/configuration.rb +11 -0
- data/lib/datadog/error_tracking/ext.rb +18 -0
- data/lib/datadog/error_tracking/extensions.rb +16 -0
- data/lib/datadog/error_tracking/filters.rb +77 -0
- data/lib/datadog/error_tracking.rb +18 -0
- data/lib/datadog/kit/appsec/events.rb +12 -0
- data/lib/datadog/kit/identity.rb +5 -1
- data/lib/datadog/opentelemetry/api/baggage.rb +90 -0
- data/lib/datadog/opentelemetry/api/baggage.rbs +26 -0
- data/lib/datadog/opentelemetry/api/context.rb +16 -2
- data/lib/datadog/opentelemetry/sdk/trace/span.rb +1 -1
- data/lib/datadog/opentelemetry.rb +2 -1
- data/lib/datadog/profiling/collectors/code_provenance.rb +1 -1
- data/lib/datadog/profiling/collectors/info.rb +3 -0
- data/lib/datadog/profiling/collectors/thread_context.rb +1 -1
- data/lib/datadog/profiling/encoded_profile.rb +11 -0
- data/lib/datadog/profiling/exporter.rb +3 -4
- data/lib/datadog/profiling/ext.rb +0 -2
- data/lib/datadog/profiling/flush.rb +5 -8
- data/lib/datadog/profiling/http_transport.rb +5 -59
- data/lib/datadog/profiling/scheduler.rb +8 -1
- data/lib/datadog/profiling/stack_recorder.rb +4 -4
- data/lib/datadog/profiling/tag_builder.rb +1 -5
- data/lib/datadog/profiling.rb +6 -2
- data/lib/datadog/tracing/analytics.rb +1 -1
- data/lib/datadog/tracing/component.rb +15 -12
- data/lib/datadog/tracing/configuration/ext.rb +7 -1
- data/lib/datadog/tracing/configuration/settings.rb +18 -2
- data/lib/datadog/tracing/context_provider.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +4 -1
- data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +33 -0
- data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +4 -0
- data/lib/datadog/tracing/contrib/active_support/cache/redis.rb +2 -4
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +10 -0
- data/lib/datadog/tracing/contrib/aws/parsed_context.rb +5 -1
- data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +4 -5
- data/lib/datadog/tracing/contrib/excon/middleware.rb +5 -3
- data/lib/datadog/tracing/contrib/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +5 -3
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +7 -1
- data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +0 -15
- data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +4 -1
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +6 -10
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +6 -16
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +7 -15
- data/lib/datadog/tracing/contrib/karafka/configuration/settings.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +48 -0
- data/lib/datadog/tracing/contrib/karafka/ext.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/integration.rb +45 -0
- data/lib/datadog/tracing/contrib/karafka/monitor.rb +66 -0
- data/lib/datadog/tracing/contrib/karafka/patcher.rb +71 -0
- data/lib/datadog/tracing/contrib/karafka.rb +37 -0
- data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +8 -0
- data/lib/datadog/tracing/contrib/mongodb/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +18 -1
- data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
- data/lib/datadog/tracing/contrib/opensearch/ext.rb +9 -0
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +5 -1
- data/lib/datadog/tracing/contrib/patcher.rb +5 -2
- data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +5 -3
- data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +6 -1
- data/lib/datadog/tracing/contrib/sidekiq/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +1 -1
- data/lib/datadog/tracing/contrib/support.rb +28 -0
- data/lib/datadog/tracing/contrib.rb +1 -0
- data/lib/datadog/tracing/correlation.rb +9 -2
- data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
- data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
- data/lib/datadog/tracing/distributed/baggage.rb +131 -0
- data/lib/datadog/tracing/distributed/datadog.rb +4 -2
- data/lib/datadog/tracing/distributed/propagation.rb +25 -4
- data/lib/datadog/tracing/distributed/propagation_policy.rb +42 -0
- data/lib/datadog/tracing/metadata/errors.rb +4 -4
- data/lib/datadog/tracing/metadata/ext.rb +5 -0
- data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
- data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
- data/lib/datadog/tracing/metadata.rb +2 -0
- data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
- data/lib/datadog/tracing/sampling/span/rule.rb +0 -1
- data/lib/datadog/tracing/span.rb +10 -1
- data/lib/datadog/tracing/span_event.rb +1 -1
- data/lib/datadog/tracing/span_operation.rb +46 -16
- data/lib/datadog/tracing/sync_writer.rb +1 -2
- data/lib/datadog/tracing/trace_digest.rb +9 -2
- data/lib/datadog/tracing/trace_operation.rb +44 -24
- data/lib/datadog/tracing/trace_segment.rb +6 -4
- data/lib/datadog/tracing/tracer.rb +45 -5
- data/lib/datadog/tracing/transport/http/api.rb +2 -10
- data/lib/datadog/tracing/transport/http/client.rb +5 -4
- data/lib/datadog/tracing/transport/http/traces.rb +13 -41
- data/lib/datadog/tracing/transport/http.rb +11 -44
- data/lib/datadog/tracing/transport/serializable_trace.rb +3 -1
- data/lib/datadog/tracing/transport/trace_formatter.rb +7 -0
- data/lib/datadog/tracing/transport/traces.rb +26 -9
- data/lib/datadog/tracing/utils.rb +1 -1
- data/lib/datadog/tracing/workers/trace_writer.rb +2 -6
- data/lib/datadog/tracing/writer.rb +2 -6
- data/lib/datadog/tracing.rb +16 -3
- data/lib/datadog/version.rb +2 -2
- data/lib/datadog.rb +2 -3
- metadata +80 -19
- data/lib/datadog/appsec/contrib/devise/event.rb +0 -54
- data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +0 -72
- data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +0 -47
- data/lib/datadog/appsec/contrib/devise/resource.rb +0 -35
- data/lib/datadog/appsec/contrib/devise/tracking.rb +0 -57
- data/lib/datadog/appsec/utils/trace_operation.rb +0 -15
- data/lib/datadog/core/telemetry/http/env.rb +0 -20
- data/lib/datadog/core/telemetry/http/ext.rb +0 -28
- data/lib/datadog/core/telemetry/http/response.rb +0 -70
- data/lib/datadog/core/telemetry/http/transport.rb +0 -90
|
@@ -4,7 +4,7 @@ if %w[1 true].include?((ENV['DD_APPSEC_ENABLED'] || '').downcase)
|
|
|
4
4
|
begin
|
|
5
5
|
require_relative 'contrib/auto_instrument'
|
|
6
6
|
Datadog::AppSec::Contrib::AutoInstrument.patch_all
|
|
7
|
-
rescue
|
|
7
|
+
rescue => e
|
|
8
8
|
Kernel.warn(
|
|
9
9
|
'[datadog] AppSec failed to instrument. No security check will be performed. error: ' \
|
|
10
10
|
" #{e.class.name} #{e.message}"
|
|
@@ -12,7 +12,25 @@ module Datadog
|
|
|
12
12
|
class << self
|
|
13
13
|
def build_appsec_component(settings, telemetry:)
|
|
14
14
|
return if !settings.respond_to?(:appsec) || !settings.appsec.enabled
|
|
15
|
-
|
|
15
|
+
|
|
16
|
+
ffi_version = Gem.loaded_specs['ffi']&.version
|
|
17
|
+
unless ffi_version
|
|
18
|
+
Datadog.logger.warn('FFI gem is not loaded, AppSec will be disabled.')
|
|
19
|
+
telemetry.error('AppSec: Component not loaded, due to missing FFI gem')
|
|
20
|
+
|
|
21
|
+
return
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.3') && ffi_version < Gem::Version.new('1.16.0')
|
|
25
|
+
Datadog.logger.warn(
|
|
26
|
+
'AppSec is not supported in Ruby versions above 3.3.0 when using `ffi` versions older than 1.16.0, ' \
|
|
27
|
+
'and will be forcibly disabled due to a memory leak in `ffi`. ' \
|
|
28
|
+
'Please upgrade your `ffi` version to 1.16.0 or higher.'
|
|
29
|
+
)
|
|
30
|
+
telemetry.error('AppSec: Component not loaded, ffi version is leaky with ruby > 3.3.0')
|
|
31
|
+
|
|
32
|
+
return
|
|
33
|
+
end
|
|
16
34
|
|
|
17
35
|
processor = create_processor(settings, telemetry)
|
|
18
36
|
|
|
@@ -29,22 +47,6 @@ module Datadog
|
|
|
29
47
|
|
|
30
48
|
private
|
|
31
49
|
|
|
32
|
-
def incompatible_ffi_version?
|
|
33
|
-
ffi_version = Gem.loaded_specs['ffi'] && Gem.loaded_specs['ffi'].version
|
|
34
|
-
return true unless ffi_version
|
|
35
|
-
|
|
36
|
-
return false unless Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.3') &&
|
|
37
|
-
ffi_version < Gem::Version.new('1.16.0')
|
|
38
|
-
|
|
39
|
-
Datadog.logger.warn(
|
|
40
|
-
'AppSec is not supported in Ruby versions above 3.3.0 when using `ffi` versions older than 1.16.0, ' \
|
|
41
|
-
'and will be forcibly disabled due to a memory leak in `ffi`. ' \
|
|
42
|
-
'Please upgrade your `ffi` version to 1.16.0 or higher.'
|
|
43
|
-
)
|
|
44
|
-
|
|
45
|
-
true
|
|
46
|
-
end
|
|
47
|
-
|
|
48
50
|
def create_processor(settings, telemetry)
|
|
49
51
|
rules = AppSec::Processor::RuleLoader.load_rules(
|
|
50
52
|
telemetry: telemetry,
|
|
@@ -59,9 +61,16 @@ module Datadog
|
|
|
59
61
|
|
|
60
62
|
exclusions = AppSec::Processor::RuleLoader.load_exclusions(ip_passlist: settings.appsec.ip_passlist)
|
|
61
63
|
|
|
64
|
+
# NOTE: This is a temporary solution before the RuleMerger refactoring
|
|
65
|
+
# with new RemoteConfig setup
|
|
66
|
+
processors = rules['processors']
|
|
67
|
+
scanners = rules['scanners']
|
|
68
|
+
|
|
62
69
|
ruleset = AppSec::Processor::RuleMerger.merge(
|
|
63
70
|
rules: [rules],
|
|
64
71
|
data: data,
|
|
72
|
+
scanners: scanners,
|
|
73
|
+
processors: processors,
|
|
65
74
|
exclusions: exclusions,
|
|
66
75
|
telemetry: telemetry
|
|
67
76
|
)
|
|
@@ -86,13 +95,13 @@ module Datadog
|
|
|
86
95
|
@mutex.synchronize do
|
|
87
96
|
new_processor = Processor.new(ruleset: ruleset, telemetry: telemetry)
|
|
88
97
|
|
|
89
|
-
if new_processor
|
|
98
|
+
if new_processor&.ready?
|
|
90
99
|
old_processor = @processor
|
|
91
100
|
|
|
92
101
|
@telemetry = telemetry
|
|
93
102
|
@processor = new_processor
|
|
94
103
|
|
|
95
|
-
old_processor
|
|
104
|
+
old_processor&.finalize
|
|
96
105
|
end
|
|
97
106
|
end
|
|
98
107
|
end
|
|
@@ -103,7 +112,7 @@ module Datadog
|
|
|
103
112
|
|
|
104
113
|
def shutdown!
|
|
105
114
|
@mutex.synchronize do
|
|
106
|
-
if processor
|
|
115
|
+
if processor&.ready?
|
|
107
116
|
processor.finalize
|
|
108
117
|
@processor = nil
|
|
109
118
|
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'json'
|
|
4
|
+
require 'zlib'
|
|
5
|
+
require 'stringio'
|
|
6
|
+
|
|
7
|
+
require_relative '../core/utils/base64'
|
|
8
|
+
|
|
9
|
+
module Datadog
|
|
10
|
+
module AppSec
|
|
11
|
+
# Converts derivative schema payloads into JSON and compresses them into a
|
|
12
|
+
# base64 encoded string if the payload is worth compressing.
|
|
13
|
+
#
|
|
14
|
+
# See: https://github.com/DataDog/dd-trace-rb/pull/3177#issuecomment-1747221082
|
|
15
|
+
module CompressedJson
|
|
16
|
+
MIN_SIZE_FOR_COMPRESSION = 260
|
|
17
|
+
|
|
18
|
+
def self.dump(payload)
|
|
19
|
+
value = JSON.dump(payload)
|
|
20
|
+
return value if value.bytesize < MIN_SIZE_FOR_COMPRESSION
|
|
21
|
+
|
|
22
|
+
compress_and_encode(value)
|
|
23
|
+
rescue ArgumentError, Encoding::UndefinedConversionError, JSON::JSONError => e
|
|
24
|
+
AppSec.telemetry.report(e, description: 'AppSec: Failed to convert value into JSON')
|
|
25
|
+
|
|
26
|
+
nil
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
private_class_method def self.compress_and_encode(payload)
|
|
30
|
+
Core::Utils::Base64.strict_encode64(
|
|
31
|
+
Zlib.gzip(payload, level: Zlib::BEST_SPEED, strategy: Zlib::DEFAULT_STRATEGY)
|
|
32
|
+
)
|
|
33
|
+
rescue Zlib::Error, TypeError => e
|
|
34
|
+
AppSec.telemetry.report(e, description: 'AppSec: Failed to compress and encode value')
|
|
35
|
+
|
|
36
|
+
nil
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -131,9 +131,12 @@ module Datadog
|
|
|
131
131
|
o.type :string, nilable: true
|
|
132
132
|
o.setter do |value|
|
|
133
133
|
if value
|
|
134
|
-
|
|
134
|
+
unless File.exist?(value)
|
|
135
|
+
raise(ArgumentError,
|
|
136
|
+
"appsec.templates.html: file not found: #{value}")
|
|
137
|
+
end
|
|
135
138
|
|
|
136
|
-
File.
|
|
139
|
+
File.binread(value) || ''
|
|
137
140
|
end
|
|
138
141
|
end
|
|
139
142
|
end
|
|
@@ -143,9 +146,12 @@ module Datadog
|
|
|
143
146
|
o.type :string, nilable: true
|
|
144
147
|
o.setter do |value|
|
|
145
148
|
if value
|
|
146
|
-
|
|
149
|
+
unless File.exist?(value)
|
|
150
|
+
raise(ArgumentError,
|
|
151
|
+
"appsec.templates.json: file not found: #{value}")
|
|
152
|
+
end
|
|
147
153
|
|
|
148
|
-
File.
|
|
154
|
+
File.binread(value) || ''
|
|
149
155
|
end
|
|
150
156
|
end
|
|
151
157
|
end
|
|
@@ -155,15 +161,78 @@ module Datadog
|
|
|
155
161
|
o.type :string, nilable: true
|
|
156
162
|
o.setter do |value|
|
|
157
163
|
if value
|
|
158
|
-
|
|
164
|
+
unless File.exist?(value)
|
|
165
|
+
raise(ArgumentError,
|
|
166
|
+
"appsec.templates.text: file not found: #{value}")
|
|
167
|
+
end
|
|
159
168
|
|
|
160
|
-
File.
|
|
169
|
+
File.binread(value) || ''
|
|
161
170
|
end
|
|
162
171
|
end
|
|
163
172
|
end
|
|
164
173
|
end
|
|
165
174
|
end
|
|
166
175
|
|
|
176
|
+
settings :stack_trace do
|
|
177
|
+
option :enabled do |o|
|
|
178
|
+
o.type :bool
|
|
179
|
+
o.env 'DD_APPSEC_STACK_TRACE_ENABLED'
|
|
180
|
+
o.default true
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
# The maximum number of stack trace frames to collect for each stack trace.
|
|
184
|
+
#
|
|
185
|
+
# If the stack trace exceeds this limit, the frames are dropped from the middle of the stack trace:
|
|
186
|
+
# 75% of the frames are kept from the top of the stack trace and 25% from the bottom
|
|
187
|
+
# (this percentage is also configurable).
|
|
188
|
+
#
|
|
189
|
+
# Minimum value is 10.
|
|
190
|
+
# Set to zero if you don't want any frames to be dropped.
|
|
191
|
+
#
|
|
192
|
+
# Default value is 32
|
|
193
|
+
option :max_depth do |o|
|
|
194
|
+
o.type :int
|
|
195
|
+
o.env 'DD_APPSEC_MAX_STACK_TRACE_DEPTH'
|
|
196
|
+
o.default 32
|
|
197
|
+
|
|
198
|
+
o.setter do |value|
|
|
199
|
+
value = 0 if value < 0
|
|
200
|
+
value
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
# The percentage of frames to keep from the top of the stack trace.
|
|
205
|
+
#
|
|
206
|
+
# Default value is 75
|
|
207
|
+
option :top_percentage do |o|
|
|
208
|
+
o.type :int
|
|
209
|
+
o.env 'DD_APPSEC_MAX_STACK_TRACE_DEPTH_TOP_PERCENT'
|
|
210
|
+
o.default 75
|
|
211
|
+
|
|
212
|
+
o.setter do |value|
|
|
213
|
+
value = 100 if value > 100
|
|
214
|
+
value = 0 if value.negative?
|
|
215
|
+
value
|
|
216
|
+
end
|
|
217
|
+
end
|
|
218
|
+
|
|
219
|
+
# Maximum number of stack traces to collect per span.
|
|
220
|
+
#
|
|
221
|
+
# Set to zero if you want to collect all stack traces.
|
|
222
|
+
#
|
|
223
|
+
# Default value is 2
|
|
224
|
+
option :max_stack_traces do |o|
|
|
225
|
+
o.type :int
|
|
226
|
+
o.env 'DD_APPSEC_MAX_STACK_TRACES'
|
|
227
|
+
o.default 2
|
|
228
|
+
|
|
229
|
+
o.setter do |value|
|
|
230
|
+
value = 0 if value < 0
|
|
231
|
+
value
|
|
232
|
+
end
|
|
233
|
+
end
|
|
234
|
+
end
|
|
235
|
+
|
|
167
236
|
settings :auto_user_instrumentation do
|
|
168
237
|
define_method(:enabled?) { get_option(:mode) != DISABLED_AUTO_USER_INSTRUMENTATION_MODE }
|
|
169
238
|
|
|
@@ -177,11 +246,11 @@ module Datadog
|
|
|
177
246
|
|
|
178
247
|
Datadog.logger.warn(
|
|
179
248
|
'The appsec.auto_user_instrumentation.mode value provided is not supported. ' \
|
|
180
|
-
"Supported values are: #{AUTO_USER_INSTRUMENTATION_MODES.join(
|
|
181
|
-
"Using
|
|
249
|
+
"Supported values are: #{AUTO_USER_INSTRUMENTATION_MODES.join(" | ")}. " \
|
|
250
|
+
"Using value: #{DISABLED_AUTO_USER_INSTRUMENTATION_MODE}."
|
|
182
251
|
)
|
|
183
252
|
|
|
184
|
-
|
|
253
|
+
DISABLED_AUTO_USER_INSTRUMENTATION_MODE
|
|
185
254
|
end
|
|
186
255
|
end
|
|
187
256
|
end
|
|
@@ -199,11 +268,13 @@ module Datadog
|
|
|
199
268
|
APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES.include?(env_value.strip.downcase)
|
|
200
269
|
end
|
|
201
270
|
end
|
|
202
|
-
o.after_set do
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
271
|
+
o.after_set do |_, _, precedence|
|
|
272
|
+
unless precedence == Datadog::Core::Configuration::Option::Precedence::DEFAULT
|
|
273
|
+
Core.log_deprecation(key: :appsec_track_user_events_enabled) do
|
|
274
|
+
'The appsec.track_user_events.enabled setting is deprecated. ' \
|
|
275
|
+
'Please remove it from your Datadog.configure block and use ' \
|
|
276
|
+
'appsec.auto_user_instrumentation.mode instead.'
|
|
277
|
+
end
|
|
207
278
|
end
|
|
208
279
|
end
|
|
209
280
|
end
|
|
@@ -220,18 +291,20 @@ module Datadog
|
|
|
220
291
|
else
|
|
221
292
|
Datadog.logger.warn(
|
|
222
293
|
'The appsec.track_user_events.mode value provided is not supported.' \
|
|
223
|
-
"Supported values are: #{APPSEC_VALID_TRACK_USER_EVENTS_MODE.join(
|
|
294
|
+
"Supported values are: #{APPSEC_VALID_TRACK_USER_EVENTS_MODE.join(" | ")}." \
|
|
224
295
|
"Using default value: #{SAFE_TRACK_USER_EVENTS_MODE}."
|
|
225
296
|
)
|
|
226
297
|
|
|
227
298
|
SAFE_TRACK_USER_EVENTS_MODE
|
|
228
299
|
end
|
|
229
300
|
end
|
|
230
|
-
o.after_set do
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
301
|
+
o.after_set do |_, _, precedence|
|
|
302
|
+
unless precedence == Datadog::Core::Configuration::Option::Precedence::DEFAULT
|
|
303
|
+
Core.log_deprecation(key: :appsec_track_user_events_mode) do
|
|
304
|
+
'The appsec.track_user_events.mode setting is deprecated. ' \
|
|
305
|
+
'Please remove it from your Datadog.configure block and use ' \
|
|
306
|
+
'appsec.auto_user_instrumentation.mode instead.'
|
|
307
|
+
end
|
|
235
308
|
end
|
|
236
309
|
end
|
|
237
310
|
end
|
|
@@ -259,14 +332,6 @@ module Datadog
|
|
|
259
332
|
o.type :bool, nilable: true
|
|
260
333
|
o.env 'DD_APPSEC_SCA_ENABLED'
|
|
261
334
|
end
|
|
262
|
-
|
|
263
|
-
settings :standalone do
|
|
264
|
-
option :enabled do |o|
|
|
265
|
-
o.type :bool
|
|
266
|
-
o.env 'DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED'
|
|
267
|
-
o.default false
|
|
268
|
-
end
|
|
269
|
-
end
|
|
270
335
|
end
|
|
271
336
|
end
|
|
272
337
|
end
|
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require_relative '../../event'
|
|
4
|
+
require_relative '../../security_event'
|
|
5
|
+
|
|
3
6
|
module Datadog
|
|
4
7
|
module AppSec
|
|
5
8
|
module Contrib
|
|
@@ -28,18 +31,13 @@ module Datadog
|
|
|
28
31
|
result = context.run_rasp(Ext::RASP_SQLI, {}, ephemeral_data, waf_timeout)
|
|
29
32
|
|
|
30
33
|
if result.match?
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
actions: result.actions
|
|
39
|
-
}
|
|
40
|
-
context.events << event
|
|
41
|
-
|
|
42
|
-
ActionsHandler.handle(result.actions)
|
|
34
|
+
AppSec::Event.tag_and_keep!(context, result)
|
|
35
|
+
|
|
36
|
+
context.events.push(
|
|
37
|
+
AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
|
|
38
|
+
)
|
|
39
|
+
|
|
40
|
+
AppSec::ActionsHandler.handle(result.actions)
|
|
43
41
|
end
|
|
44
42
|
end
|
|
45
43
|
|
|
@@ -13,10 +13,10 @@ module Datadog
|
|
|
13
13
|
|
|
14
14
|
MINIMUM_VERSION = Gem::Version.new('4')
|
|
15
15
|
|
|
16
|
-
register_as :active_record, auto_patch:
|
|
16
|
+
register_as :active_record, auto_patch: true
|
|
17
17
|
|
|
18
18
|
def self.version
|
|
19
|
-
Gem.loaded_specs['activerecord']
|
|
19
|
+
Gem.loaded_specs['activerecord']&.version
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def self.loaded?
|
|
@@ -53,43 +53,43 @@ module Datadog
|
|
|
53
53
|
|
|
54
54
|
def patch_sqlite3_adapter
|
|
55
55
|
instrumentation_module = if ::ActiveRecord.gem_version >= Gem::Version.new('7.1')
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
56
|
+
Instrumentation::InternalExecQueryAdapterPatch
|
|
57
|
+
elsif ::ActiveRecord.gem_version.segments.first == 4
|
|
58
|
+
Instrumentation::Rails4ExecQueryAdapterPatch
|
|
59
|
+
else
|
|
60
|
+
Instrumentation::ExecQueryAdapterPatch
|
|
61
|
+
end
|
|
62
62
|
|
|
63
63
|
::ActiveRecord::ConnectionAdapters::SQLite3Adapter.prepend(instrumentation_module)
|
|
64
64
|
end
|
|
65
65
|
|
|
66
66
|
def patch_mysql2_adapter
|
|
67
67
|
instrumentation_module = if ::ActiveRecord.gem_version >= Gem::Version.new('7.1')
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
68
|
+
Instrumentation::InternalExecQueryAdapterPatch
|
|
69
|
+
elsif ::ActiveRecord.gem_version.segments.first == 4
|
|
70
|
+
Instrumentation::Rails4ExecQueryAdapterPatch
|
|
71
|
+
else
|
|
72
|
+
Instrumentation::ExecQueryAdapterPatch
|
|
73
|
+
end
|
|
74
74
|
|
|
75
75
|
::ActiveRecord::ConnectionAdapters::Mysql2Adapter.prepend(instrumentation_module)
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
def patch_postgresql_adapter
|
|
79
79
|
instrumentation_module = if ::ActiveRecord.gem_version.segments.first == 4
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
80
|
+
Instrumentation::Rails4ExecuteAndClearAdapterPatch
|
|
81
|
+
else
|
|
82
|
+
Instrumentation::ExecuteAndClearAdapterPatch
|
|
83
|
+
end
|
|
84
84
|
|
|
85
85
|
if defined?(::ActiveRecord::ConnectionAdapters::JdbcAdapter)
|
|
86
86
|
instrumentation_module = if ::ActiveRecord.gem_version >= Gem::Version.new('7.1')
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
87
|
+
Instrumentation::InternalExecQueryAdapterPatch
|
|
88
|
+
elsif ::ActiveRecord.gem_version.segments.first == 4
|
|
89
|
+
Instrumentation::Rails4ExecQueryAdapterPatch
|
|
90
|
+
else
|
|
91
|
+
Instrumentation::ExecQueryAdapterPatch
|
|
92
|
+
end
|
|
93
93
|
end
|
|
94
94
|
|
|
95
95
|
::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend(instrumentation_module)
|
|
@@ -9,7 +9,7 @@ module Datadog
|
|
|
9
9
|
def self.patch_all
|
|
10
10
|
integrations = []
|
|
11
11
|
|
|
12
|
-
Datadog::AppSec::Contrib::Integration.registry.
|
|
12
|
+
Datadog::AppSec::Contrib::Integration.registry.each_value do |integration|
|
|
13
13
|
next unless integration.klass.auto_instrument?
|
|
14
14
|
|
|
15
15
|
integrations << integration.name
|
|
@@ -7,19 +7,11 @@ module Datadog
|
|
|
7
7
|
# A temporary configuration module to accomodate new RFC changes.
|
|
8
8
|
# NOTE: DEV-3 Remove module
|
|
9
9
|
module Configuration
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
AppSec::Configuration::Settings::SAFE_TRACK_USER_EVENTS_MODE =>
|
|
10
|
+
TRACK_USER_EVENTS_CONVERSION_RULES = {
|
|
11
|
+
AppSec::Configuration::Settings::SAFE_TRACK_USER_EVENTS_MODE =>
|
|
13
12
|
AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE,
|
|
14
|
-
|
|
13
|
+
AppSec::Configuration::Settings::EXTENDED_TRACK_USER_EVENTS_MODE =>
|
|
15
14
|
AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
|
|
16
|
-
}.freeze,
|
|
17
|
-
auto_instrumentation_to_track_user: {
|
|
18
|
-
AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE =>
|
|
19
|
-
AppSec::Configuration::Settings::SAFE_TRACK_USER_EVENTS_MODE,
|
|
20
|
-
AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE =>
|
|
21
|
-
AppSec::Configuration::Settings::EXTENDED_TRACK_USER_EVENTS_MODE
|
|
22
|
-
}.freeze
|
|
23
15
|
}.freeze
|
|
24
16
|
|
|
25
17
|
module_function
|
|
@@ -44,30 +36,14 @@ module Datadog
|
|
|
44
36
|
appsec.auto_user_instrumentation.mode
|
|
45
37
|
appsec.track_user_events.mode
|
|
46
38
|
|
|
47
|
-
if !appsec.
|
|
48
|
-
appsec.
|
|
49
|
-
return
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
if appsec.auto_user_instrumentation.options[:mode].default_precedence?
|
|
53
|
-
return MODES_CONVERSION_RULES[:track_user_to_auto_instrumentation].fetch(
|
|
39
|
+
if !appsec.track_user_events.options[:mode].default_precedence? &&
|
|
40
|
+
appsec.auto_user_instrumentation.options[:mode].default_precedence?
|
|
41
|
+
return TRACK_USER_EVENTS_CONVERSION_RULES.fetch(
|
|
54
42
|
appsec.track_user_events.mode, appsec.auto_user_instrumentation.mode
|
|
55
43
|
)
|
|
56
44
|
end
|
|
57
45
|
|
|
58
|
-
|
|
59
|
-
if appsec.auto_user_instrumentation.mode == identification_mode ||
|
|
60
|
-
appsec.track_user_events.mode == AppSec::Configuration::Settings::EXTENDED_TRACK_USER_EVENTS_MODE
|
|
61
|
-
return identification_mode
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
# NOTE: Remove in next version of tracking
|
|
68
|
-
def track_user_events_mode
|
|
69
|
-
MODES_CONVERSION_RULES[:auto_instrumentation_to_track_user]
|
|
70
|
-
.fetch(auto_user_instrumentation_mode, Datadog.configuration.appsec.track_user_events.mode)
|
|
46
|
+
appsec.auto_user_instrumentation.mode
|
|
71
47
|
end
|
|
72
48
|
end
|
|
73
49
|
end
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative '../../anonymizer'
|
|
4
|
+
|
|
5
|
+
module Datadog
|
|
6
|
+
module AppSec
|
|
7
|
+
module Contrib
|
|
8
|
+
module Devise
|
|
9
|
+
# Extracts user identification data from Devise resources.
|
|
10
|
+
# Supports both regular and anonymized data extraction modes.
|
|
11
|
+
class DataExtractor
|
|
12
|
+
PRIORITY_ORDERED_ID_KEYS = [:id, 'id', :uuid, 'uuid'].freeze
|
|
13
|
+
PRIORITY_ORDERED_LOGIN_KEYS = [:email, 'email', :username, 'username', :login, 'login'].freeze
|
|
14
|
+
|
|
15
|
+
def initialize(mode:)
|
|
16
|
+
@mode = mode
|
|
17
|
+
@devise_scopes = {}
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def extract_id(object)
|
|
21
|
+
return if object.nil?
|
|
22
|
+
|
|
23
|
+
if object.respond_to?(:[])
|
|
24
|
+
id = object[PRIORITY_ORDERED_ID_KEYS.find { |key| object[key] }]
|
|
25
|
+
scope = find_devise_scope(object)
|
|
26
|
+
|
|
27
|
+
id = "#{scope}:#{id}" if id && scope
|
|
28
|
+
return transform(id)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
id = object.id if object.respond_to?(:id)
|
|
32
|
+
id ||= object.uuid if object.respond_to?(:uuid)
|
|
33
|
+
|
|
34
|
+
scope = find_devise_scope(object)
|
|
35
|
+
id = "#{scope}:#{id}" if id && scope
|
|
36
|
+
|
|
37
|
+
transform(id)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def extract_login(object)
|
|
41
|
+
return if object.nil?
|
|
42
|
+
|
|
43
|
+
if object.respond_to?(:[])
|
|
44
|
+
login = object[PRIORITY_ORDERED_LOGIN_KEYS.find { |key| object[key] }]
|
|
45
|
+
return transform(login)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
login = object.email if object.respond_to?(:email)
|
|
49
|
+
login ||= object.username if object.respond_to?(:username)
|
|
50
|
+
login ||= object.login if object.respond_to?(:login)
|
|
51
|
+
|
|
52
|
+
transform(login)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
private
|
|
56
|
+
|
|
57
|
+
def find_devise_scope(object)
|
|
58
|
+
return if ::Devise.mappings.count == 1
|
|
59
|
+
|
|
60
|
+
@devise_scopes[object.class.name] ||= ::Devise.mappings
|
|
61
|
+
.each_value.find { |mapping| mapping.class_name == object.class.name }&.name
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def transform(value)
|
|
65
|
+
return if value.nil?
|
|
66
|
+
return value.to_s unless anonymize?
|
|
67
|
+
|
|
68
|
+
Anonymizer.anonymize(value.to_s)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def anonymize?
|
|
72
|
+
@mode == AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
|
@@ -6,6 +6,28 @@ module Datadog
|
|
|
6
6
|
module Devise
|
|
7
7
|
# Devise integration constants
|
|
8
8
|
module Ext
|
|
9
|
+
EVENT_LOGIN_SUCCESS = 'users.login.success'
|
|
10
|
+
EVENT_LOGIN_FAILURE = 'users.login.failure'
|
|
11
|
+
EVENT_SIGNUP = 'users.signup'
|
|
12
|
+
|
|
13
|
+
TAG_DD_USR_ID = '_dd.appsec.usr.id'
|
|
14
|
+
TAG_DD_USR_LOGIN = '_dd.appsec.usr.login'
|
|
15
|
+
TAG_DD_SIGNUP_MODE = '_dd.appsec.events.users.signup.auto.mode'
|
|
16
|
+
TAG_DD_COLLECTION_MODE = '_dd.appsec.user.collection_mode'
|
|
17
|
+
TAG_DD_LOGIN_SUCCESS_MODE = '_dd.appsec.events.users.login.success.auto.mode'
|
|
18
|
+
TAG_DD_LOGIN_FAILURE_MODE = '_dd.appsec.events.users.login.failure.auto.mode'
|
|
19
|
+
|
|
20
|
+
TAG_USR_ID = 'usr.id'
|
|
21
|
+
TAG_SESSION_ID = 'usr.session_id'
|
|
22
|
+
TAG_SIGNUP_TRACK = 'appsec.events.users.signup.track'
|
|
23
|
+
TAG_SIGNUP_USR_ID = 'appsec.events.users.signup.usr.id'
|
|
24
|
+
TAG_SIGNUP_USR_LOGIN = 'appsec.events.users.signup.usr.login'
|
|
25
|
+
TAG_LOGIN_FAILURE_TRACK = 'appsec.events.users.login.failure.track'
|
|
26
|
+
TAG_LOGIN_FAILURE_USR_ID = 'appsec.events.users.login.failure.usr.id'
|
|
27
|
+
TAG_LOGIN_FAILURE_USR_LOGIN = 'appsec.events.users.login.failure.usr.login'
|
|
28
|
+
TAG_LOGIN_FAILURE_USR_EXISTS = 'appsec.events.users.login.failure.usr.exists'
|
|
29
|
+
TAG_LOGIN_SUCCESS_TRACK = 'appsec.events.users.login.success.track'
|
|
30
|
+
TAG_LOGIN_SUCCESS_USR_LOGIN = 'appsec.events.users.login.success.usr.login'
|
|
9
31
|
end
|
|
10
32
|
end
|
|
11
33
|
end
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require_relative '../integration'
|
|
4
|
-
|
|
5
4
|
require_relative 'patcher'
|
|
6
5
|
|
|
7
6
|
module Datadog
|
|
@@ -17,7 +16,7 @@ module Datadog
|
|
|
17
16
|
register_as :devise, auto_patch: true
|
|
18
17
|
|
|
19
18
|
def self.version
|
|
20
|
-
Gem.loaded_specs['devise']
|
|
19
|
+
Gem.loaded_specs['devise']&.version
|
|
21
20
|
end
|
|
22
21
|
|
|
23
22
|
def self.loaded?
|