datadog 2.12.1 → 2.19.0

data/lib/datadog/appsec/assets/waf_rules/scanners.json

@@ -1,114 +0,0 @@
-[
-  {
-    "id": "d962f7ddb3f55041e39195a60ff79d4814a7c331",
-    "name": "US Passport Scanner",
-    "key": {
-      "operator": "match_regex",
-      "parameters": {
-        "regex": "passport",
-        "options": {
-          "case_sensitive": false,
-          "min_length": 8
-        }
-      }
-    },
-    "value": {
-      "operator": "match_regex",
-      "parameters": {
-        "regex": "\\b[0-9A-Z]{9}\\b|\\b[0-9]{6}[A-Z][0-9]{2}\\b",
-        "options": {
-          "case_sensitive": false,
-          "min_length": 8
-        }
-      }
-    },
-    "tags": {
-      "type": "passport_number",
-      "category": "pii"
-    }
-  },
-  {
-    "id": "ac6d683cbac77f6e399a14990793dd8fd0fca333",
-    "name": "US Vehicle Identification Number Scanner",
-    "key": {
-      "operator": "match_regex",
-      "parameters": {
-        "regex": "vehicle[_\\s-]*identification[_\\s-]*number|vin",
-        "options": {
-          "case_sensitive": false,
-          "min_length": 3
-        }
-      }
-    },
-    "value": {
-      "operator": "match_regex",
-      "parameters": {
-        "regex": "\\b[A-HJ-NPR-Z0-9]{17}\\b",
-        "options": {
-          "case_sensitive": false,
-          "min_length": 17
-        }
-      }
-    },
-    "tags": {
-      "type": "vin",
-      "category": "pii"
-    }
-  },
-  {
-    "id": "de0899e0cbaaa812bb624cf04c912071012f616d",
-    "name": "UK National Insurance Number Scanner",
-    "key": {
-      "operator": "match_regex",
-      "parameters": {
-        "regex": "national[\\s_]?(?:insurance(?:\\s+number)?)?|NIN|NI[\\s_]?number|insurance[\\s_]?number",
-        "options": {
-          "case_sensitive": false,
-          "min_length": 3
-        }
-      }
-    },
-    "value": {
-      "operator": "match_regex",
-      "parameters": {
-        "regex": "\\b[A-Z]{2}\\d{6}[A-Z]?\\b",
-        "options": {
-          "case_sensitive": false,
-          "min_length": 8
-        }
-      }
-    },
-    "tags": {
-      "type": "uk_nin",
-      "category": "pii"
-    }
-  },
-  {
-    "id": "450239afc250a19799b6c03dc0e16fd6a4b2a1af",
-    "name": "Canadian Social Insurance Number Scanner",
-    "key": {
-      "operator": "match_regex",
-      "parameters": {
-        "regex": "social[\\s_]?(?:insurance(?:\\s+number)?)?|SIN|Canadian[\\s_]?(?:social[\\s_]?(?:insurance)?|insurance[\\s_]?number)?",
-        "options": {
-          "case_sensitive": false,
-          "min_length": 3
-        }
-      }
-    },
-    "value": {
-      "operator": "match_regex",
-      "parameters": {
-        "regex": "\\b\\d{3}-\\d{3}-\\d{3}\\b",
-        "options": {
-          "case_sensitive": false,
-          "min_length": 11
-        }
-      }
-    },
-    "tags": {
-      "type": "canadian_sin",
-      "category": "pii"
-    }
-  }
-]

data/lib/datadog/appsec/contrib/devise/event.rb

@@ -1,54 +0,0 @@
-# frozen_string_literal: true
-
-module Datadog
-  module AppSec
-    module Contrib
-      module Devise
-        # Class to extract event information from the resource
-        class Event
-          UUID_REGEX = /^\h{8}-\h{4}-\h{4}-\h{4}-\h{12}$/.freeze
-
-          attr_reader :user_id
-
-          def initialize(resource, mode)
-            @resource = resource
-            @mode = mode
-            @user_id = nil
-            @email = nil
-            @username = nil
-
-            extract if @resource
-          end
-
-          def to_h
-            return @event if defined?(@event)
-
-            @event = {}
-            @event[:email] = @email if @email
-            @event[:username] = @username if @username
-            @event
-          end
-
-          private
-
-          def extract
-            @user_id = @resource.id
-
-            case @mode
-            when AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
-              @email = @resource.email
-              @username = @resource.username
-            when AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
-              @user_id = nil unless @user_id && @user_id.to_s =~ UUID_REGEX
-            else
-              Datadog.logger.warn(
-                "Invalid auto_user_instrumentation.mode: `#{@mode}`. " \
-                "Supported modes are: #{AppSec::Configuration::Settings::AUTO_USER_INSTRUMENTATION_MODES.join(' | ')}."
-              )
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb

@@ -1,72 +0,0 @@
-# frozen_string_literal: true
-
-require_relative '../configuration'
-require_relative '../tracking'
-require_relative '../resource'
-require_relative '../event'
-
-module Datadog
-  module AppSec
-    module Contrib
-      module Devise
-        module Patcher
-          # Hook in devise validate method
-          module AuthenticatablePatch
-            # rubocop:disable Metrics/MethodLength
-            def validate(resource, &block)
-              result = super
-
-              return result unless AppSec.enabled?
-              return result if @_datadog_appsec_skip_track_login_event
-              return result unless Configuration.auto_user_instrumentation_enabled?
-              return result unless AppSec.active_context
-
-              devise_resource = resource ? Resource.new(resource) : nil
-              event_information = Event.new(devise_resource, Configuration.auto_user_instrumentation_mode)
-
-              if result
-                if event_information.user_id
-                  Datadog.logger.debug { 'AppSec: User successful login event' }
-                else
-                  Datadog.logger.debug do
-                    "AppSec: User successful login event, but can't extract user ID. Tracking empty event"
-                  end
-                end
-
-                Tracking.track_login_success(
-                  AppSec.active_context.trace,
-                  AppSec.active_context.span,
-                  user_id: event_information.user_id,
-                  **event_information.to_h
-                )
-
-                return result
-              end
-
-              user_exists = nil
-
-              if resource
-                user_exists = true
-                Datadog.logger.debug { 'AppSec: User failed login event, but user exists' }
-              else
-                user_exists = false
-                Datadog.logger.debug { 'AppSec: User failed login event and user does not exist' }
-              end
-
-              Tracking.track_login_failure(
-                AppSec.active_context.trace,
-                AppSec.active_context.span,
-                user_id: event_information.user_id,
-                user_exists: user_exists,
-                **event_information.to_h
-              )
-
-              result
-            end
-            # rubocop:enable Metrics/MethodLength
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-
-require_relative '../configuration'
-require_relative '../tracking'
-require_relative '../resource'
-require_relative '../event'
-
-module Datadog
-  module AppSec
-    module Contrib
-      module Devise
-        module Patcher
-          # Hook in devise registration controller
-          module RegistrationControllerPatch
-            def create
-              return super unless AppSec.enabled?
-              return super unless Configuration.auto_user_instrumentation_enabled?
-              return super unless AppSec.active_context
-
-              super do |resource|
-                if resource.persisted?
-                  devise_resource = Resource.new(resource)
-                  event_information = Event.new(devise_resource, Configuration.auto_user_instrumentation_mode)
-
-                  if event_information.user_id
-                    Datadog.logger.debug { 'AppSec: User signup event' }
-                  else
-                    Datadog.logger.warn { "AppSec: User signup event, but can't extract user ID. Tracking empty event" }
-                  end
-
-                  Tracking.track_signup(
-                    AppSec.active_context.trace,
-                    AppSec.active_context.span,
-                    user_id: event_information.user_id,
-                    **event_information.to_h
-                  )
-                end
-
-                yield resource if block_given?
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/devise/resource.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-module Datadog
-  module AppSec
-    module Contrib
-      module Devise
-        # Class to encpasulate extracting information from a Devise resource
-        # Normally a devise resource would be an Active::Record instance
-        class Resource
-          def initialize(resource)
-            @resource = resource
-          end
-
-          def id
-            extract(:id) || extract(:uuid)
-          end
-
-          def email
-            extract(:email)
-          end
-
-          def username
-            extract(:username)
-          end
-
-          private
-
-          def extract(method)
-            @resource.send(method) if @resource.respond_to?(method)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/devise/tracking.rb

@@ -1,57 +0,0 @@
-# frozen_string_literal: true
-
-require_relative '../../../kit/identity'
-
-module Datadog
-  module AppSec
-    module Contrib
-      module Devise
-        # Internal module to track user events
-        module Tracking
-          LOGIN_SUCCESS_EVENT = 'users.login.success'
-          LOGIN_FAILURE_EVENT = 'users.login.failure'
-          SIGNUP_EVENT = 'users.signup'
-
-          def self.track_login_success(trace, span, user_id:, **others)
-            return if trace.nil? || span.nil?
-
-            track(LOGIN_SUCCESS_EVENT, trace, span, **others)
-
-            Kit::Identity.set_user(trace, span, id: user_id.to_s, **others) if user_id
-          end
-
-          def self.track_login_failure(trace, span, user_id:, user_exists:, **others)
-            return if trace.nil? || span.nil?
-
-            track(LOGIN_FAILURE_EVENT, trace, span, **others)
-
-            span.set_tag('appsec.events.users.login.failure.usr.id', user_id) if user_id
-            span.set_tag('appsec.events.users.login.failure.usr.exists', user_exists)
-          end
-
-          def self.track_signup(trace, span, user_id:, **others)
-            return if trace.nil? || span.nil?
-
-            track(SIGNUP_EVENT, trace, span, **others)
-            Kit::Identity.set_user(trace, id: user_id.to_s, **others) if user_id
-          end
-
-          def self.track(event, trace, span, **others)
-            return if trace.nil? || span.nil?
-
-            span.set_tag("appsec.events.#{event}.track", 'true')
-            span.set_tag("_dd.appsec.events.#{event}.auto.mode", Configuration.track_user_events_mode)
-
-            others.each do |k, v|
-              raise ArgumentError, 'key cannot be :track' if k.to_sym == :track
-
-              span.set_tag("appsec.events.#{event}.#{k}", v) unless v.nil?
-            end
-
-            trace.keep!
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/processor/rule_merger.rb

@@ -1,170 +0,0 @@
-# frozen_string_literal: true
-
-require_relative '../assets'
-
-module Datadog
-  module AppSec
-    class Processor
-      # RuleMerger merge different sources of information
-      # into the rules payload
-      module RuleMerger
-        # RuleVersionMismatchError
-        class RuleVersionMismatchError < StandardError
-          def initialize(version1, version2)
-            msg = 'Merging rule files with different version could lead to unkown behaviour. '\
-              "We have receieve two rule files with versions: #{version1}, #{version2}. "\
-              'Please validate the configuration is correct and try again.'
-            super(msg)
-          end
-        end
-
-        class << self
-          # TODO: `processors` and `scanners` are not provided by the caller, consider removing them
-          def merge(
-            telemetry:,
-            rules:, data: [], overrides: [], exclusions: [], custom_rules: [],
-            processors: nil, scanners: nil
-          )
-            processors ||= begin
-              default_waf_processors
-            rescue StandardError => e
-              Datadog.logger.error("libddwaf rulemerger failed to parse default waf processors. Error: #{e.inspect}")
-              telemetry.report(
-                e,
-                description: 'libddwaf rulemerger failed to parse default waf processors'
-              )
-              []
-            end
-
-            scanners ||= begin
-              default_waf_scanners
-            rescue StandardError => e
-              Datadog.logger.error("libddwaf rulemerger failed to parse default waf scanners. Error: #{e.inspect}")
-              telemetry.report(
-                e,
-                description: 'libddwaf rulemerger failed to parse default waf scanners'
-              )
-              []
-            end
-
-            combined_rules = combine_rules(rules)
-
-            combined_data = combine_data(data) if data.any?
-            combined_overrides = combine_overrides(overrides) if overrides.any?
-            combined_exclusions = combine_exclusions(exclusions) if exclusions.any?
-            combined_custom_rules = combine_custom_rules(custom_rules) if custom_rules.any?
-
-            combined_rules['rules_data'] = combined_data if combined_data
-            combined_rules['rules_override'] = combined_overrides if combined_overrides
-            combined_rules['exclusions'] = combined_exclusions if combined_exclusions
-            combined_rules['custom_rules'] = combined_custom_rules if combined_custom_rules
-            combined_rules['processors'] = processors
-            combined_rules['scanners'] = scanners
-            combined_rules
-          end
-
-          def default_waf_processors
-            @default_waf_processors ||= JSON.parse(Datadog::AppSec::Assets.waf_processors)
-          end
-
-          def default_waf_scanners
-            @default_waf_scanners ||= JSON.parse(Datadog::AppSec::Assets.waf_scanners)
-          end
-
-          private
-
-          def combine_rules(rules)
-            return rules[0].dup if rules.size == 1
-
-            final_rules = []
-            # @type var final_version: ::String
-            final_version = (_ = nil)
-
-            rules.each do |rule_file|
-              version = rule_file['version']
-
-              if version && !final_version
-                final_version = version
-              elsif final_version != version
-                raise RuleVersionMismatchError.new(final_version, version)
-              end
-
-              final_rules.concat(rule_file['rules'])
-            end
-
-            {
-              'version' => final_version,
-              'rules' => final_rules
-            }
-          end
-
-          def combine_data(data)
-            result = []
-
-            data.each do |data_entry|
-              data_entry.each do |value|
-                existing_data = result.find { |x| x['id'] == value['id'] }
-
-                if existing_data && existing_data['type'] == value['type']
-                  # Duplicate entry base on type and id
-                  # We need to merge the existing data with the new one
-                  # and make sure to remove duplicates
-                  merged_data = merge_data_base_on_expiration(existing_data['data'], value['data'])
-                  existing_data['data'] = merged_data
-                else
-                  result << value
-                end
-              end
-            end
-
-            return unless result.any?
-
-            result
-          end
-
-          def merge_data_base_on_expiration(data1, data2)
-            result = data1.each_with_object({}) do |value, acc|
-              acc[value['value']] = value['expiration']
-            end
-
-            data2.each do |data|
-              if result.key?(data['value'])
-                # The value is duplicated so we need to keep
-                # the one with the highest expiration value
-                # We replace it if the expiration is higher than the current one
-                # or if no experiration
-                current_expiration = result[data['value']]
-                new_expiration = data['expiration']
-
-                if new_expiration.nil? || current_expiration && new_expiration > current_expiration
-                  result[data['value']] = new_expiration
-                end
-              else
-                result[data['value']] = data['expiration']
-              end
-            end
-
-            result.each_with_object([]) do |entry, acc|
-              value = { 'value' => entry[0] }
-              value['expiration'] = entry[1] if entry[1]
-
-              acc << value
-            end
-          end
-
-          def combine_overrides(overrides)
-            overrides.flatten
-          end
-
-          def combine_exclusions(exclusions)
-            exclusions.flatten
-          end
-
-          def combine_custom_rules(custom_rules)
-            custom_rules.flatten
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/processor.rb

@@ -1,107 +0,0 @@
-# frozen_string_literal: true
-
-require_relative 'security_engine/runner'
-
-module Datadog
-  module AppSec
-    # Processor integrates libddwaf into datadog/appsec
-    # NOTE: This class will be moved under AppSec::SecurityEngine namespace
-    class Processor
-      attr_reader :diagnostics, :addresses
-
-      def initialize(ruleset:, telemetry:)
-        @telemetry = telemetry
-        @diagnostics = nil
-        @addresses = []
-
-        settings = Datadog.configuration.appsec
-
-        # TODO: Refactor to make it easier to test
-        unless require_libddwaf && libddwaf_provides_waf? && create_waf_handle(settings, ruleset)
-          Datadog.logger.warn('AppSec is disabled, see logged errors above')
-        end
-      end
-
-      def ready?
-        !@handle.nil?
-      end
-
-      def finalize
-        @handle.finalize
-      end
-
-      def new_runner
-        SecurityEngine::Runner.new(@handle, telemetry: @telemetry)
-      end
-
-      private
-
-      # libddwaf raises a LoadError on unsupported platforms; it may at some
-      # point succeed in being required yet not provide a specific needed feature.
-      def require_libddwaf
-        Datadog.logger.debug { "libddwaf platform: #{libddwaf_platform}" }
-
-        require 'libddwaf'
-
-        true
-      rescue LoadError => e
-        Datadog.logger.error do
-          'libddwaf failed to load,' \
-            "installed platform: #{libddwaf_platform} ruby platforms: #{ruby_platforms} error: #{e.inspect}"
-        end
-        @telemetry.report(e, description: 'libddwaf failed to load')
-
-        false
-      end
-
-      # check whether libddwaf is required *and* able to provide the needed feature
-      def libddwaf_provides_waf?
-        defined?(Datadog::AppSec::WAF) ? true : false
-      end
-
-      def create_waf_handle(settings, ruleset)
-        # TODO: this may need to be reset if the main Datadog logging level changes after initialization
-        Datadog::AppSec::WAF.logger = Datadog.logger if Datadog.logger.debug? && settings.waf_debug
-
-        obfuscator_config = {
-          key_regex: settings.obfuscator_key_regex,
-          value_regex: settings.obfuscator_value_regex,
-        }
-
-        @handle = Datadog::AppSec::WAF::Handle.new(ruleset, obfuscator: obfuscator_config)
-        @diagnostics = @handle.diagnostics
-        @addresses = @handle.required_addresses
-
-        true
-      rescue WAF::LibDDWAF::Error => e
-        Datadog.logger.error do
-          "libddwaf failed to initialize, error: #{e.inspect}"
-        end
-        @telemetry.report(e, description: 'libddwaf failed to initialize')
-
-        @diagnostics = e.diagnostics if e.diagnostics
-
-        false
-      rescue StandardError => e
-        Datadog.logger.error do
-          "libddwaf failed to initialize, error: #{e.inspect}"
-        end
-        @telemetry.report(e, description: 'libddwaf failed to initialize')
-
-        false
-      end
-
-      def libddwaf_platform
-        if Gem.loaded_specs['libddwaf']
-          Gem.loaded_specs['libddwaf'].platform.to_s
-        else
-          'unknown'
-        end
-      end
-
-      def ruby_platforms
-        Gem.platforms.map(&:to_s)
-      end
-    end
-  end
-end

data/lib/datadog/appsec/utils/trace_operation.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-module Datadog
-  module AppSec
-    module Utils
-      # Utility class to to AppSec-specific trace operations
-      class TraceOperation
-        def self.appsec_standalone_reject?(trace)
-          Datadog.configuration.appsec.standalone.enabled &&
-            (trace.nil? || trace.get_tag(Datadog::AppSec::Ext::TAG_DISTRIBUTED_APPSEC_EVENT) != '1')
-        end
-      end
-    end
-  end
-end

data/lib/datadog/core/telemetry/http/env.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-module Datadog
-  module Core
-    module Telemetry
-      module Http
-        # Data structure for an HTTP request
-        class Env
-          attr_accessor :path, :body
-
-          attr_writer :headers
-
-          def headers
-            @headers ||= {}
-          end
-        end
-      end
-    end
-  end
-end