RubyGems - datadog - Versions diffs - 2.14.0 → 2.16.0 - Mend

datadog 2.14.0 → 2.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +67 -1
data/ext/datadog_profiling_native_extension/collectors_thread_context.c +7 -6
data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
data/ext/datadog_profiling_native_extension/encoded_profile.c +69 -0
data/ext/datadog_profiling_native_extension/encoded_profile.h +7 -0
data/ext/datadog_profiling_native_extension/extconf.rb +3 -0
data/ext/datadog_profiling_native_extension/heap_recorder.c +8 -1
data/ext/datadog_profiling_native_extension/http_transport.c +25 -32
data/ext/datadog_profiling_native_extension/profiling.c +2 -0
data/ext/datadog_profiling_native_extension/stack_recorder.c +22 -21
data/ext/libdatadog_api/crashtracker.c +1 -9
data/ext/libdatadog_api/crashtracker.h +5 -0
data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
data/ext/libdatadog_api/init.c +15 -0
data/ext/libdatadog_api/library_config.c +122 -0
data/ext/libdatadog_api/library_config.h +19 -0
data/ext/libdatadog_api/process_discovery.c +117 -0
data/ext/libdatadog_api/process_discovery.h +5 -0
data/lib/datadog/appsec/actions_handler.rb +3 -2
data/lib/datadog/appsec/assets/waf_rules/README.md +50 -5
data/lib/datadog/appsec/assets/waf_rules/processors.json +239 -10
data/lib/datadog/appsec/assets/waf_rules/scanners.json +926 -17
data/lib/datadog/appsec/autoload.rb +1 -1
data/lib/datadog/appsec/component.rb +29 -20
data/lib/datadog/appsec/compressed_json.rb +40 -0
data/lib/datadog/appsec/configuration/settings.rb +31 -18
data/lib/datadog/appsec/context.rb +1 -1
data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +10 -12
data/lib/datadog/appsec/contrib/active_record/integration.rb +2 -2
data/lib/datadog/appsec/contrib/active_record/patcher.rb +22 -22
data/lib/datadog/appsec/contrib/devise/data_extractor.rb +2 -3
data/lib/datadog/appsec/contrib/devise/ext.rb +1 -0
data/lib/datadog/appsec/contrib/devise/integration.rb +1 -1
data/lib/datadog/appsec/contrib/devise/patcher.rb +3 -5
data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +17 -4
data/lib/datadog/appsec/contrib/excon/integration.rb +1 -1
data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +9 -10
data/lib/datadog/appsec/contrib/faraday/integration.rb +1 -1
data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +8 -9
data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +8 -9
data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +22 -32
data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rack/request_middleware.rb +16 -16
data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +11 -13
data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rails/patcher.rb +21 -21
data/lib/datadog/appsec/contrib/rest_client/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +10 -11
data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +17 -23
data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
data/lib/datadog/appsec/event.rb +95 -134
data/lib/datadog/appsec/instrumentation/gateway/argument.rb +5 -2
data/lib/datadog/appsec/metrics/telemetry.rb +1 -1
data/lib/datadog/appsec/monitor/gateway/watcher.rb +42 -12
data/lib/datadog/appsec/processor/rule_loader.rb +26 -28
data/lib/datadog/appsec/processor/rule_merger.rb +5 -5
data/lib/datadog/appsec/processor.rb +1 -1
data/lib/datadog/appsec/remote.rb +16 -11
data/lib/datadog/appsec/response.rb +6 -6
data/lib/datadog/appsec/security_engine/runner.rb +1 -1
data/lib/datadog/appsec/security_event.rb +39 -0
data/lib/datadog/appsec.rb +1 -1
data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
data/lib/datadog/core/configuration/components.rb +19 -10
data/lib/datadog/core/configuration/option.rb +61 -25
data/lib/datadog/core/configuration/settings.rb +10 -0
data/lib/datadog/core/configuration/stable_config.rb +23 -0
data/lib/datadog/core/configuration.rb +24 -0
data/lib/datadog/core/crashtracking/component.rb +1 -9
data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
data/lib/datadog/core/environment/git.rb +1 -0
data/lib/datadog/core/environment/variable_helpers.rb +1 -1
data/lib/datadog/core/metrics/client.rb +8 -7
data/lib/datadog/core/process_discovery.rb +32 -0
data/lib/datadog/core/remote/client.rb +7 -0
data/lib/datadog/core/runtime/metrics.rb +1 -1
data/lib/datadog/core/telemetry/component.rb +60 -50
data/lib/datadog/core/telemetry/emitter.rb +17 -11
data/lib/datadog/core/telemetry/event.rb +7 -4
data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
data/lib/datadog/core/telemetry/metric.rb +5 -5
data/lib/datadog/core/telemetry/request.rb +4 -4
data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
data/lib/datadog/core/telemetry/transport/http.rb +63 -0
data/lib/datadog/core/telemetry/transport/telemetry.rb +52 -0
data/lib/datadog/core/telemetry/worker.rb +45 -0
data/lib/datadog/core/utils/time.rb +12 -0
data/lib/datadog/core/workers/async.rb +20 -2
data/lib/datadog/core/workers/interval_loop.rb +12 -1
data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
data/lib/datadog/core.rb +8 -0
data/lib/datadog/di/boot.rb +34 -0
data/lib/datadog/di/probe_notification_builder.rb +1 -1
data/lib/datadog/di/remote.rb +2 -0
data/lib/datadog/di/transport/http/diagnostics.rb +0 -1
data/lib/datadog/di/transport/http/input.rb +0 -1
data/lib/datadog/di/transport/http.rb +0 -6
data/lib/datadog/di.rb +5 -32
data/lib/datadog/error_tracking/collector.rb +87 -0
data/lib/datadog/error_tracking/component.rb +167 -0
data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
data/lib/datadog/error_tracking/configuration.rb +11 -0
data/lib/datadog/error_tracking/ext.rb +18 -0
data/lib/datadog/error_tracking/extensions.rb +16 -0
data/lib/datadog/error_tracking/filters.rb +77 -0
data/lib/datadog/error_tracking.rb +18 -0
data/lib/datadog/kit/identity.rb +1 -1
data/lib/datadog/profiling/collectors/info.rb +3 -0
data/lib/datadog/profiling/encoded_profile.rb +11 -0
data/lib/datadog/profiling/exporter.rb +3 -4
data/lib/datadog/profiling/ext.rb +0 -1
data/lib/datadog/profiling/flush.rb +4 -7
data/lib/datadog/profiling/http_transport.rb +10 -59
data/lib/datadog/profiling/stack_recorder.rb +4 -4
data/lib/datadog/profiling.rb +1 -0
data/lib/datadog/tracing/analytics.rb +1 -1
data/lib/datadog/tracing/contrib/active_record/integration.rb +1 -1
data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +2 -0
data/lib/datadog/tracing/contrib/karafka/monitor.rb +1 -1
data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +8 -0
data/lib/datadog/tracing/contrib/mongodb/ext.rb +1 -0
data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +18 -1
data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
data/lib/datadog/tracing/contrib/opensearch/ext.rb +9 -0
data/lib/datadog/tracing/contrib/opensearch/patcher.rb +5 -1
data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +1 -1
data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
data/lib/datadog/tracing/distributed/datadog.rb +2 -2
data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
data/lib/datadog/tracing/span_event.rb +1 -1
data/lib/datadog/tracing/span_operation.rb +38 -14
data/lib/datadog/tracing/trace_operation.rb +15 -7
data/lib/datadog/tracing/tracer.rb +7 -3
data/lib/datadog/tracing/utils.rb +1 -1
data/lib/datadog/version.rb +1 -1
data/lib/datadog.rb +2 -3
metadata +40 -10
data/lib/datadog/core/telemetry/http/env.rb +0 -20
data/lib/datadog/core/telemetry/http/ext.rb +0 -28
data/lib/datadog/core/telemetry/http/response.rb +0 -70
data/lib/datadog/core/telemetry/http/transport.rb +0 -90

data/ext/libdatadog_api/init.c ADDED Viewed

@@ -0,0 +1,15 @@
+#include <ruby.h>
+#include "datadog_ruby_common.h"
+#include "crashtracker.h"
+#include "process_discovery.h"
+#include "library_config.h"
+void DDTRACE_EXPORT Init_libdatadog_api(void) {
+  VALUE datadog_module = rb_define_module("Datadog");
+  VALUE core_module = rb_define_module_under(datadog_module, "Core");
+  crashtracker_init(core_module);
+  process_discovery_init(core_module);
+  library_config_init(core_module);
+}

data/ext/libdatadog_api/library_config.c ADDED Viewed

@@ -0,0 +1,122 @@
+#include <ruby.h>
+#include <datadog/library-config.h>
+#include "library_config.h"
+#include "datadog_ruby_common.h"
+static VALUE _native_configurator_new(VALUE klass);
+static VALUE _native_configurator_get(VALUE self);
+static VALUE config_vec_class = Qnil;
+// ddog_Configurator memory management
+static void configurator_free(void *configurator_ptr) {
+  ddog_Configurator *configurator = (ddog_Configurator *)configurator_ptr;
+  ddog_library_configurator_drop(configurator);
+}
+static const rb_data_type_t configurator_typed_data = {
+  .wrap_struct_name = "Datadog::Core::Configuration::StableConfig::Configurator",
+  .function = {
+    .dfree = configurator_free,
+    .dsize = NULL,
+  },
+  .flags = RUBY_TYPED_FREE_IMMEDIATELY
+};
+// ddog_Vec_LibraryConfig memory management
+static void config_vec_free(void *config_vec_ptr) {
+  ddog_Vec_LibraryConfig *config_vec = (ddog_Vec_LibraryConfig *)config_vec_ptr;
+  ddog_library_config_drop(*config_vec);
+  ruby_xfree(config_vec_ptr);
+}
+static const rb_data_type_t config_vec_typed_data = {
+  .wrap_struct_name = "Datadog::Core::Configuration::StableConfigVec",
+  .function = {
+    .dfree = config_vec_free,
+    .dsize = NULL,
+  },
+  .flags = RUBY_TYPED_FREE_IMMEDIATELY
+};
+void library_config_init(VALUE core_module) {
+  rb_global_variable(&config_vec_class);
+  VALUE configuration_module = rb_define_module_under(core_module, "Configuration");
+  VALUE stable_config_module = rb_define_module_under(configuration_module, "StableConfig");
+  VALUE configurator_class = rb_define_class_under(stable_config_module, "Configurator", rb_cObject);
+  config_vec_class = rb_define_class_under(configuration_module, "StableConfigVec", rb_cObject);
+  rb_define_alloc_func(configurator_class, _native_configurator_new);
+  rb_define_method(configurator_class, "get", _native_configurator_get, 0);
+  rb_undef_alloc_func(config_vec_class); // It cannot be created from Ruby code and only serves as an intermediate object for the Ruby GC
+}
+// TODO: After libdatadog 17.1 release, delete rb_raise, uncomment code and change `DDTRACE_UNUSED VALUE _klass` by `VALUE klass`
+static VALUE _native_configurator_new(DDTRACE_UNUSED VALUE _klass) {
+  /*
+  ddog_Configurator *configurator = ddog_library_configurator_new(false, DDOG_CHARSLICE_C("ruby"));
+  ddog_library_configurator_with_detect_process_info(configurator);
+  return TypedData_Wrap_Struct(klass, &configurator_typed_data, configurator);
+  */
+  rb_raise(rb_eNotImpError, "TODO: Not in use yet, waiting for libdatadog 17.1");
+}
+static VALUE _native_configurator_get(VALUE self) {
+  ddog_Configurator *configurator;
+  TypedData_Get_Struct(self, ddog_Configurator, &configurator_typed_data, configurator);
+  ddog_Result_VecLibraryConfig configurator_result = ddog_library_configurator_get(configurator);
+  if (configurator_result.tag == DDOG_RESULT_VEC_LIBRARY_CONFIG_ERR_VEC_LIBRARY_CONFIG) {
+    ddog_Error err = configurator_result.err;
+    VALUE message = get_error_details_and_drop(&err);
+    if (is_config_loaded()) {
+      log_warning(message);
+    } else {
+      log_warning_without_config(message);
+    }
+    return rb_hash_new();
+  }
+  // Wrapping config_vec into a Ruby object enables the Ruby GC to manage its memory
+  // We need to allocate memory for config_vec because once it is out of scope, it will be freed (at the end of this function)
+  // So we cannot reference it with &config_vec
+  // We are doing this in case one of the ruby API raises an exception before the end of this function,
+  // so the allocated memory will still be freed
+  ddog_Vec_LibraryConfig *config_vec = ruby_xmalloc(sizeof(ddog_Vec_LibraryConfig));
+  *config_vec = configurator_result.ok;
+  VALUE config_vec_rb = TypedData_Wrap_Struct(config_vec_class, &config_vec_typed_data, config_vec);
+  VALUE local_config_hash = rb_hash_new();
+  VALUE fleet_config_hash = rb_hash_new();
+  // TODO: Uncomment next block after libdatadog 17.1 release
+  /*
+  for (uintptr_t i = 0; i < config_vec->len; i++) {
+    ddog_LibraryConfig config = config_vec->ptr[i];
+    VALUE selected_hash;
+    if (config.source == DDOG_LIBRARY_CONFIG_SOURCE_LOCAL_STABLE_CONFIG) {
+      selected_hash = local_config_hash;
+    }
+    else {
+      selected_hash = fleet_config_hash;
+    }
+    ddog_CStr name = ddog_library_config_name_to_env(config.name);
+    rb_hash_aset(selected_hash, rb_str_new(name.ptr, name.length), rb_str_new(config.value.ptr, config.value.length));
+  }
+  */
+  VALUE result = rb_hash_new();
+  rb_hash_aset(result, ID2SYM(rb_intern("local")), local_config_hash);
+  rb_hash_aset(result, ID2SYM(rb_intern("fleet")), fleet_config_hash);
+  RB_GC_GUARD(config_vec_rb);
+  return result;
+}

data/ext/libdatadog_api/library_config.h ADDED Viewed

@@ -0,0 +1,19 @@
+#pragma once
+#include "datadog_ruby_common.h"
+void library_config_init(VALUE core_module);
+static inline bool is_config_loaded(void) {
+  VALUE datadog_module = rb_const_get(rb_cObject, rb_intern("Datadog"));
+  VALUE is_config_loaded = rb_funcall(datadog_module, rb_intern("configuration?"), 0);
+  return is_config_loaded == Qtrue;
+}
+static inline VALUE log_warning_without_config(VALUE warning) {
+  VALUE datadog_module = rb_const_get(rb_cObject, rb_intern("Datadog"));
+  VALUE logger = rb_funcall(datadog_module, rb_intern("logger_without_configuration"), 0);
+  return rb_funcall(logger, rb_intern("warn"), 1, warning);
+}

data/ext/libdatadog_api/process_discovery.c ADDED Viewed

@@ -0,0 +1,117 @@
+#include <errno.h>
+#include <stdlib.h>
+#include <ruby.h>
+#include <datadog/common.h>
+#include "datadog_ruby_common.h"
+static VALUE _native_store_tracer_metadata(int argc, VALUE *argv, DDTRACE_UNUSED VALUE _self);
+static VALUE _native_to_rb_int(DDTRACE_UNUSED VALUE _self, VALUE tracer_memfd);
+static VALUE _native_close_tracer_memfd(DDTRACE_UNUSED VALUE _self, VALUE tracer_memfd, VALUE logger);
+static void tracer_memfd_free(void *ptr) {
+  int *fd = (int *)ptr;
+  if (*fd != -1) {
+    close(*fd);
+  }
+  ruby_xfree(ptr);
+}
+static const rb_data_type_t tracer_memfd_type = {
+  .wrap_struct_name = "Datadog::Core::ProcessDiscovery::TracerMemfd",
+  .function = {
+    .dfree = tracer_memfd_free,
+    .dsize = NULL,
+  },
+  .flags = RUBY_TYPED_FREE_IMMEDIATELY
+};
+void process_discovery_init(VALUE core_module) {
+  VALUE process_discovery_class = rb_define_class_under(core_module, "ProcessDiscovery", rb_cObject);
+  VALUE tracer_memfd_class = rb_define_class_under(process_discovery_class, "TracerMemfd", rb_cObject);
+  rb_undef_alloc_func(tracer_memfd_class); // Class cannot be instantiated from Ruby
+  rb_define_singleton_method(process_discovery_class, "_native_store_tracer_metadata", _native_store_tracer_metadata, -1);
+  rb_define_singleton_method(process_discovery_class, "_native_to_rb_int", _native_to_rb_int, 1);
+  rb_define_singleton_method(process_discovery_class, "_native_close_tracer_memfd", _native_close_tracer_memfd, 2);
+}
+// TODO: Remove DDTRACE_UNUSED and rename _self to self once we have updated libdatadog to 17.1
+static VALUE _native_store_tracer_metadata(int argc, VALUE *argv, DDTRACE_UNUSED VALUE _self) {
+  VALUE logger;
+  VALUE options;
+  rb_scan_args(argc, argv, "1:", &logger, &options);
+  if (options == Qnil) options = rb_hash_new();
+  VALUE schema_version = rb_hash_fetch(options, ID2SYM(rb_intern("schema_version")));
+  VALUE runtime_id = rb_hash_fetch(options, ID2SYM(rb_intern("runtime_id")));
+  VALUE tracer_language = rb_hash_fetch(options, ID2SYM(rb_intern("tracer_language")));
+  VALUE tracer_version = rb_hash_fetch(options, ID2SYM(rb_intern("tracer_version")));
+  VALUE hostname = rb_hash_fetch(options, ID2SYM(rb_intern("hostname")));
+  VALUE service_name = rb_hash_fetch(options, ID2SYM(rb_intern("service_name")));
+  VALUE service_env = rb_hash_fetch(options, ID2SYM(rb_intern("service_env")));
+  VALUE service_version = rb_hash_fetch(options, ID2SYM(rb_intern("service_version")));
+  ENFORCE_TYPE(schema_version, T_FIXNUM);
+  ENFORCE_TYPE(runtime_id, T_STRING);
+  ENFORCE_TYPE(tracer_language, T_STRING);
+  ENFORCE_TYPE(tracer_version, T_STRING);
+  ENFORCE_TYPE(hostname, T_STRING);
+  ENFORCE_TYPE(service_name, T_STRING);
+  ENFORCE_TYPE(service_env, T_STRING);
+  ENFORCE_TYPE(service_version, T_STRING);
+  /*
+  ddog_Result_TracerMemfdHandle result = ddog_store_tracer_metadata(
+    (uint8_t) NUM2UINT(schema_version),
+    char_slice_from_ruby_string(runtime_id),
+    char_slice_from_ruby_string(tracer_language),
+    char_slice_from_ruby_string(tracer_version),
+    char_slice_from_ruby_string(hostname),
+    char_slice_from_ruby_string(service_name),
+    char_slice_from_ruby_string(service_env),
+    char_slice_from_ruby_string(service_version)
+  );
+  if (result.tag == DDOG_RESULT_TRACER_MEMFD_HANDLE_ERR_TRACER_MEMFD_HANDLE) {
+    rb_funcall(logger, rb_intern("debug"), 1, rb_sprintf("Failed to store the tracer configuration in a memory file descriptor: %"PRIsVALUE, get_error_details_and_drop(&result.err)));
+    return Qnil;
+  }
+  // &result.ok is a ddog_TracerMemfdHandle, which is a struct only containing int fd, which is a file descriptor
+  // We should just return the fd
+  int *fd = ruby_xmalloc(sizeof(int));
+  *fd = result.ok.fd;
+  VALUE tracer_memfd_class = rb_const_get(self, rb_intern("TracerMemfd"));
+  VALUE tracer_memfd = TypedData_Wrap_Struct(tracer_memfd_class, &tracer_memfd_type, fd);
+  return tracer_memfd;
+  */
+  rb_raise(rb_eNotImpError, "TODO: Not in use yet, waiting for libdatadog 17.1");
+}
+static VALUE _native_to_rb_int(DDTRACE_UNUSED VALUE _self, VALUE tracer_memfd) {
+  int *fd;
+  TypedData_Get_Struct(tracer_memfd, int, &tracer_memfd_type, fd);
+  return INT2NUM(*fd);
+}
+static VALUE _native_close_tracer_memfd(DDTRACE_UNUSED VALUE _self, VALUE tracer_memfd, VALUE logger) {
+  int *fd;
+  TypedData_Get_Struct(tracer_memfd, int, &tracer_memfd_type, fd);
+  if (*fd == -1) {
+    rb_funcall(logger, rb_intern("debug"), 1, rb_sprintf("The tracer configuration memory file descriptor has already been closed"));
+    return Qnil;
+  }
+  int close_result = close(*fd);
+  *fd = -1;
+  if (close_result == -1) {
+    rb_funcall(logger, rb_intern("debug"), 1, rb_sprintf("Failed to close the tracer configuration memory file descriptor: %s", strerror(errno)));
+    return Qnil;
+  }
+  return Qnil;
+}

data/ext/libdatadog_api/process_discovery.h ADDED Viewed

@@ -0,0 +1,5 @@
+#pragma once
+#include "datadog_ruby_common.h"
+void process_discovery_init(VALUE core_module);

data/lib/datadog/appsec/actions_handler.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module Datadog
         event_category = Ext::EXPLOIT_PREVENTION_EVENT_CATEGORY
         tag_key = Ext::TAG_METASTRUCT_STACK_TRACE
-        existing_stack_data = active_span.get_metastruct_tag(tag_key).dup || { event_category => [] }
+        existing_stack_data = active_span.get_metastruct_tag(tag_key).dup || {event_category => []}
         max_stack_traces = Datadog.configuration.appsec.stack_trace.max_stack_traces
         return if max_stack_traces != 0 && existing_stack_data[event_category].count >= max_stack_traces
@@ -42,7 +42,8 @@ module Datadog
         active_span.set_metastruct_tag(tag_key, existing_stack_data)
       end
-      def generate_schema(_action_params); end
+      def generate_schema(_action_params)
+      end
     end
   end
 end

data/lib/datadog/appsec/assets/waf_rules/README.md CHANGED Viewed

@@ -1,7 +1,52 @@
-Vendored WAF rules originate from https://github.com/datadog/appsec-event-rules
+AppSec WAF rules based on [appsec-event-rules](https://github.com/datadog/appsec-event-rules) builds
-One should check rule compatibility with libddwaf, which is the end consumer of
-these rules.
+## How to update
-There might be rules that look to be irrelevant to Ruby as they may still help
-identify bad actors.
+> [!WARNING]
+> This process is a temporary workaround to maintain compatibility with the existing code structure and will be changed.
+1. Download `recommended.json` and `strict.json` of the desired version from [appsec-event-rules](https://github.com/datadog/appsec-event-rules) (example: [v1.13.3](https://github.com/DataDog/appsec-event-rules/tree/1.13.3/build))
+2. Run the script below inside `waf_rules` folder to extract scanners and processors into separate files
+    ```ruby
+    require 'json'
+    recommended_rules = JSON.parse(File.read(File.expand_path('recommended.json', __dir__)))
+    strict_rules = JSON.parse(File.read(File.expand_path('strict.json', __dir__)))
+    recommended_processors = recommended_rules.delete('processors')
+    strict_processors = strict_rules.delete('processors')
+    if recommended_processors.sort_by { |processor| processor['id'] } !=
+        strict_processors.sort_by { |processor| processor['id'] }
+      raise 'Processors are not the same, unable to extract them'
+    end
+    puts 'Extracting processors...'
+    File.open(File.expand_path('processors.json', __dir__), 'wb') do |file|
+      file.write(JSON.pretty_generate(recommended_processors))
+    end
+    recommended_scanners = recommended_rules.delete('scanners')
+    strict_scanners = strict_rules.delete('scanners')
+    if recommended_scanners.sort_by { |processor| processor['id'] } !=
+        strict_scanners.sort_by { |processor| processor['id'] }
+      raise 'Scanners are not the same, unable to extract them'
+    end
+    puts 'Extracting scanners...'
+    File.open(File.expand_path('scanners.json', __dir__), 'wb') do |file|
+      file.write(JSON.pretty_generate(recommended_scanners))
+    end
+    puts 'Updating rules...'
+    File.open(File.expand_path('recommended.json', __dir__), 'wb') do |file|
+      file.write(JSON.pretty_generate(recommended_rules))
+    end
+    File.open(File.expand_path('strict.json', __dir__), 'wb') do |file|
+      file.write(JSON.pretty_generate(strict_rules))
+    end
+    ```

data/lib/datadog/appsec/assets/waf_rules/processors.json CHANGED Viewed

@@ -1,6 +1,57 @@
 [
   {
-    "id": "processor-001",
+    "id": "http-endpoint-fingerprint",
+    "generator": "http_endpoint_fingerprint",
+    "conditions": [
+      {
+        "operator": "exists",
+        "parameters": {
+          "inputs": [
+            {
+              "address": "waf.context.event"
+            },
+            {
+              "address": "server.business_logic.users.login.failure"
+            },
+            {
+              "address": "server.business_logic.users.login.success"
+            }
+          ]
+        }
+      }
+    ],
+    "parameters": {
+      "mappings": [
+        {
+          "method": [
+            {
+              "address": "server.request.method"
+            }
+          ],
+          "uri_raw": [
+            {
+              "address": "server.request.uri.raw"
+            }
+          ],
+          "body": [
+            {
+              "address": "server.request.body"
+            }
+          ],
+          "query": [
+            {
+              "address": "server.request.query"
+            }
+          ],
+          "output": "_dd.appsec.fp.http.endpoint"
+        }
+      ]
+    },
+    "evaluate": false,
+    "output": true
+  },
+  {
+    "id": "extract-content",
     "generator": "extract_schema",
     "conditions": [
       {
@@ -32,10 +83,10 @@
         {
           "inputs": [
             {
-              "address": "server.request.headers.no_cookies"
+              "address": "server.request.cookies"
             }
           ],
-          "output": "_dd.appsec.s.req.headers"
+          "output": "_dd.appsec.s.req.cookies"
         },
         {
           "inputs": [
@@ -56,29 +107,89 @@
         {
           "inputs": [
             {
-              "address": "server.request.cookies"
+              "address": "server.response.body"
             }
           ],
-          "output": "_dd.appsec.s.req.cookies"
+          "output": "_dd.appsec.s.res.body"
         },
         {
           "inputs": [
             {
-              "address": "server.response.headers.no_cookies"
+              "address": "graphql.server.all_resolvers"
             }
           ],
-          "output": "_dd.appsec.s.res.headers"
+          "output": "_dd.appsec.s.graphql.all_resolvers"
         },
         {
           "inputs": [
             {
-              "address": "server.response.body"
+              "address": "graphql.server.resolver"
             }
           ],
-          "output": "_dd.appsec.s.res.body"
+          "output": "_dd.appsec.s.graphql.resolver"
+        }
+      ],
+      "scanners": [
+        {
+          "tags": {
+            "category": "payment"
+          }
+        },
+        {
+          "tags": {
+            "category": "pii"
+          }
+        }
+      ]
+    },
+    "evaluate": false,
+    "output": true
+  },
+  {
+    "id": "extract-headers",
+    "generator": "extract_schema",
+    "conditions": [
+      {
+        "operator": "equals",
+        "parameters": {
+          "inputs": [
+            {
+              "address": "waf.context.processor",
+              "key_path": [
+                "extract-schema"
+              ]
+            }
+          ],
+          "type": "boolean",
+          "value": true
+        }
+      }
+    ],
+    "parameters": {
+      "mappings": [
+        {
+          "inputs": [
+            {
+              "address": "server.request.headers.no_cookies"
+            }
+          ],
+          "output": "_dd.appsec.s.req.headers"
+        },
+        {
+          "inputs": [
+            {
+              "address": "server.response.headers.no_cookies"
+            }
+          ],
+          "output": "_dd.appsec.s.res.headers"
         }
       ],
       "scanners": [
+        {
+          "tags": {
+            "category": "credentials"
+          }
+        },
         {
           "tags": {
             "category": "pii"
@@ -88,5 +199,123 @@
     },
     "evaluate": false,
     "output": true
+  },
+  {
+    "id": "http-header-fingerprint",
+    "generator": "http_header_fingerprint",
+    "conditions": [
+      {
+        "operator": "exists",
+        "parameters": {
+          "inputs": [
+            {
+              "address": "waf.context.event"
+            },
+            {
+              "address": "server.business_logic.users.login.failure"
+            },
+            {
+              "address": "server.business_logic.users.login.success"
+            }
+          ]
+        }
+      }
+    ],
+    "parameters": {
+      "mappings": [
+        {
+          "headers": [
+            {
+              "address": "server.request.headers.no_cookies"
+            }
+          ],
+          "output": "_dd.appsec.fp.http.header"
+        }
+      ]
+    },
+    "evaluate": false,
+    "output": true
+  },
+  {
+    "id": "http-network-fingerprint",
+    "generator": "http_network_fingerprint",
+    "conditions": [
+      {
+        "operator": "exists",
+        "parameters": {
+          "inputs": [
+            {
+              "address": "waf.context.event"
+            },
+            {
+              "address": "server.business_logic.users.login.failure"
+            },
+            {
+              "address": "server.business_logic.users.login.success"
+            }
+          ]
+        }
+      }
+    ],
+    "parameters": {
+      "mappings": [
+        {
+          "headers": [
+            {
+              "address": "server.request.headers.no_cookies"
+            }
+          ],
+          "output": "_dd.appsec.fp.http.network"
+        }
+      ]
+    },
+    "evaluate": false,
+    "output": true
+  },
+  {
+    "id": "session-fingerprint",
+    "generator": "session_fingerprint",
+    "conditions": [
+      {
+        "operator": "exists",
+        "parameters": {
+          "inputs": [
+            {
+              "address": "waf.context.event"
+            },
+            {
+              "address": "server.business_logic.users.login.failure"
+            },
+            {
+              "address": "server.business_logic.users.login.success"
+            }
+          ]
+        }
+      }
+    ],
+    "parameters": {
+      "mappings": [
+        {
+          "cookies": [
+            {
+              "address": "server.request.cookies"
+            }
+          ],
+          "session_id": [
+            {
+              "address": "usr.session_id"
+            }
+          ],
+          "user_id": [
+            {
+              "address": "usr.id"
+            }
+          ],
+          "output": "_dd.appsec.fp.session"
+        }
+      ]
+    },
+    "evaluate": false,
+    "output": true
   }
-]
+]