datadog 2.14.0 → 2.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (149) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +67 -1
  3. data/ext/datadog_profiling_native_extension/collectors_thread_context.c +7 -6
  4. data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
  5. data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
  6. data/ext/datadog_profiling_native_extension/encoded_profile.c +69 -0
  7. data/ext/datadog_profiling_native_extension/encoded_profile.h +7 -0
  8. data/ext/datadog_profiling_native_extension/extconf.rb +3 -0
  9. data/ext/datadog_profiling_native_extension/heap_recorder.c +8 -1
  10. data/ext/datadog_profiling_native_extension/http_transport.c +25 -32
  11. data/ext/datadog_profiling_native_extension/profiling.c +2 -0
  12. data/ext/datadog_profiling_native_extension/stack_recorder.c +22 -21
  13. data/ext/libdatadog_api/crashtracker.c +1 -9
  14. data/ext/libdatadog_api/crashtracker.h +5 -0
  15. data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
  16. data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
  17. data/ext/libdatadog_api/init.c +15 -0
  18. data/ext/libdatadog_api/library_config.c +122 -0
  19. data/ext/libdatadog_api/library_config.h +19 -0
  20. data/ext/libdatadog_api/process_discovery.c +117 -0
  21. data/ext/libdatadog_api/process_discovery.h +5 -0
  22. data/lib/datadog/appsec/actions_handler.rb +3 -2
  23. data/lib/datadog/appsec/assets/waf_rules/README.md +50 -5
  24. data/lib/datadog/appsec/assets/waf_rules/processors.json +239 -10
  25. data/lib/datadog/appsec/assets/waf_rules/scanners.json +926 -17
  26. data/lib/datadog/appsec/autoload.rb +1 -1
  27. data/lib/datadog/appsec/component.rb +29 -20
  28. data/lib/datadog/appsec/compressed_json.rb +40 -0
  29. data/lib/datadog/appsec/configuration/settings.rb +31 -18
  30. data/lib/datadog/appsec/context.rb +1 -1
  31. data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +10 -12
  32. data/lib/datadog/appsec/contrib/active_record/integration.rb +2 -2
  33. data/lib/datadog/appsec/contrib/active_record/patcher.rb +22 -22
  34. data/lib/datadog/appsec/contrib/devise/data_extractor.rb +2 -3
  35. data/lib/datadog/appsec/contrib/devise/ext.rb +1 -0
  36. data/lib/datadog/appsec/contrib/devise/integration.rb +1 -1
  37. data/lib/datadog/appsec/contrib/devise/patcher.rb +3 -5
  38. data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +17 -4
  39. data/lib/datadog/appsec/contrib/excon/integration.rb +1 -1
  40. data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +9 -10
  41. data/lib/datadog/appsec/contrib/faraday/integration.rb +1 -1
  42. data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +8 -9
  43. data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +8 -9
  44. data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
  45. data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +22 -32
  46. data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
  47. data/lib/datadog/appsec/contrib/rack/request_middleware.rb +16 -16
  48. data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +11 -13
  49. data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
  50. data/lib/datadog/appsec/contrib/rails/patcher.rb +21 -21
  51. data/lib/datadog/appsec/contrib/rest_client/integration.rb +1 -1
  52. data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +10 -11
  53. data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +17 -23
  54. data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
  55. data/lib/datadog/appsec/event.rb +95 -134
  56. data/lib/datadog/appsec/instrumentation/gateway/argument.rb +5 -2
  57. data/lib/datadog/appsec/metrics/telemetry.rb +1 -1
  58. data/lib/datadog/appsec/monitor/gateway/watcher.rb +42 -12
  59. data/lib/datadog/appsec/processor/rule_loader.rb +26 -28
  60. data/lib/datadog/appsec/processor/rule_merger.rb +5 -5
  61. data/lib/datadog/appsec/processor.rb +1 -1
  62. data/lib/datadog/appsec/remote.rb +16 -11
  63. data/lib/datadog/appsec/response.rb +6 -6
  64. data/lib/datadog/appsec/security_engine/runner.rb +1 -1
  65. data/lib/datadog/appsec/security_event.rb +39 -0
  66. data/lib/datadog/appsec.rb +1 -1
  67. data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
  68. data/lib/datadog/core/configuration/components.rb +19 -10
  69. data/lib/datadog/core/configuration/option.rb +61 -25
  70. data/lib/datadog/core/configuration/settings.rb +10 -0
  71. data/lib/datadog/core/configuration/stable_config.rb +23 -0
  72. data/lib/datadog/core/configuration.rb +24 -0
  73. data/lib/datadog/core/crashtracking/component.rb +1 -9
  74. data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
  75. data/lib/datadog/core/environment/git.rb +1 -0
  76. data/lib/datadog/core/environment/variable_helpers.rb +1 -1
  77. data/lib/datadog/core/metrics/client.rb +8 -7
  78. data/lib/datadog/core/process_discovery.rb +32 -0
  79. data/lib/datadog/core/remote/client.rb +7 -0
  80. data/lib/datadog/core/runtime/metrics.rb +1 -1
  81. data/lib/datadog/core/telemetry/component.rb +60 -50
  82. data/lib/datadog/core/telemetry/emitter.rb +17 -11
  83. data/lib/datadog/core/telemetry/event.rb +7 -4
  84. data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
  85. data/lib/datadog/core/telemetry/metric.rb +5 -5
  86. data/lib/datadog/core/telemetry/request.rb +4 -4
  87. data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
  88. data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
  89. data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
  90. data/lib/datadog/core/telemetry/transport/http.rb +63 -0
  91. data/lib/datadog/core/telemetry/transport/telemetry.rb +52 -0
  92. data/lib/datadog/core/telemetry/worker.rb +45 -0
  93. data/lib/datadog/core/utils/time.rb +12 -0
  94. data/lib/datadog/core/workers/async.rb +20 -2
  95. data/lib/datadog/core/workers/interval_loop.rb +12 -1
  96. data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
  97. data/lib/datadog/core.rb +8 -0
  98. data/lib/datadog/di/boot.rb +34 -0
  99. data/lib/datadog/di/probe_notification_builder.rb +1 -1
  100. data/lib/datadog/di/remote.rb +2 -0
  101. data/lib/datadog/di/transport/http/diagnostics.rb +0 -1
  102. data/lib/datadog/di/transport/http/input.rb +0 -1
  103. data/lib/datadog/di/transport/http.rb +0 -6
  104. data/lib/datadog/di.rb +5 -32
  105. data/lib/datadog/error_tracking/collector.rb +87 -0
  106. data/lib/datadog/error_tracking/component.rb +167 -0
  107. data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
  108. data/lib/datadog/error_tracking/configuration.rb +11 -0
  109. data/lib/datadog/error_tracking/ext.rb +18 -0
  110. data/lib/datadog/error_tracking/extensions.rb +16 -0
  111. data/lib/datadog/error_tracking/filters.rb +77 -0
  112. data/lib/datadog/error_tracking.rb +18 -0
  113. data/lib/datadog/kit/identity.rb +1 -1
  114. data/lib/datadog/profiling/collectors/info.rb +3 -0
  115. data/lib/datadog/profiling/encoded_profile.rb +11 -0
  116. data/lib/datadog/profiling/exporter.rb +3 -4
  117. data/lib/datadog/profiling/ext.rb +0 -1
  118. data/lib/datadog/profiling/flush.rb +4 -7
  119. data/lib/datadog/profiling/http_transport.rb +10 -59
  120. data/lib/datadog/profiling/stack_recorder.rb +4 -4
  121. data/lib/datadog/profiling.rb +1 -0
  122. data/lib/datadog/tracing/analytics.rb +1 -1
  123. data/lib/datadog/tracing/contrib/active_record/integration.rb +1 -1
  124. data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +2 -0
  125. data/lib/datadog/tracing/contrib/karafka/monitor.rb +1 -1
  126. data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +8 -0
  127. data/lib/datadog/tracing/contrib/mongodb/ext.rb +1 -0
  128. data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +18 -1
  129. data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
  130. data/lib/datadog/tracing/contrib/opensearch/ext.rb +9 -0
  131. data/lib/datadog/tracing/contrib/opensearch/patcher.rb +5 -1
  132. data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
  133. data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +1 -1
  134. data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
  135. data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
  136. data/lib/datadog/tracing/distributed/datadog.rb +2 -2
  137. data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
  138. data/lib/datadog/tracing/span_event.rb +1 -1
  139. data/lib/datadog/tracing/span_operation.rb +38 -14
  140. data/lib/datadog/tracing/trace_operation.rb +15 -7
  141. data/lib/datadog/tracing/tracer.rb +7 -3
  142. data/lib/datadog/tracing/utils.rb +1 -1
  143. data/lib/datadog/version.rb +1 -1
  144. data/lib/datadog.rb +2 -3
  145. metadata +40 -10
  146. data/lib/datadog/core/telemetry/http/env.rb +0 -20
  147. data/lib/datadog/core/telemetry/http/ext.rb +0 -28
  148. data/lib/datadog/core/telemetry/http/response.rb +0 -70
  149. data/lib/datadog/core/telemetry/http/transport.rb +0 -90
@@ -1,8 +1,9 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require_relative '../ext'
4
- require_relative '../../../instrumentation/gateway'
5
4
  require_relative '../../../event'
5
+ require_relative '../../../security_event'
6
+ require_relative '../../../instrumentation/gateway'
6
7
 
7
8
  module Datadog
8
9
  module AppSec
@@ -23,7 +24,7 @@ module Datadog
23
24
 
24
25
  def watch_request(gateway = Instrumentation.gateway)
25
26
  gateway.watch('rack.request', :appsec) do |stack, gateway_request|
26
- context = gateway_request.env[Datadog::AppSec::Ext::CONTEXT_KEY]
27
+ context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
27
28
 
28
29
  persistent_data = {
29
30
  'server.request.cookies' => gateway_request.cookies,
@@ -37,18 +38,15 @@ module Datadog
37
38
 
38
39
  result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
39
40
 
40
- if result.match?
41
- Datadog::AppSec::Event.tag_and_keep!(context, result)
42
-
43
- context.events << {
44
- waf_result: result,
45
- trace: context.trace,
46
- span: context.span,
47
- request: gateway_request,
48
- actions: result.actions
49
- }
41
+ if result.match? || !result.derivatives.empty?
42
+ context.events.push(
43
+ AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
44
+ )
45
+ end
50
46
 
51
- Datadog::AppSec::ActionsHandler.handle(result.actions)
47
+ if result.match?
48
+ AppSec::Event.tag_and_keep!(context, result)
49
+ AppSec::ActionsHandler.handle(result.actions)
52
50
  end
53
51
 
54
52
  stack.call(gateway_request.request)
@@ -68,17 +66,13 @@ module Datadog
68
66
  result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
69
67
 
70
68
  if result.match?
71
- Datadog::AppSec::Event.tag_and_keep!(context, result)
69
+ AppSec::Event.tag_and_keep!(context, result)
72
70
 
73
- context.events << {
74
- waf_result: result,
75
- trace: context.trace,
76
- span: context.span,
77
- response: gateway_response,
78
- actions: result.actions
79
- }
71
+ context.events.push(
72
+ AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
73
+ )
80
74
 
81
- Datadog::AppSec::ActionsHandler.handle(result.actions)
75
+ AppSec::ActionsHandler.handle(result.actions)
82
76
  end
83
77
 
84
78
  stack.call(gateway_response.response)
@@ -87,7 +81,7 @@ module Datadog
87
81
 
88
82
  def watch_request_body(gateway = Instrumentation.gateway)
89
83
  gateway.watch('rack.request.body', :appsec) do |stack, gateway_request|
90
- context = gateway_request.env[Datadog::AppSec::Ext::CONTEXT_KEY]
84
+ context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
91
85
 
92
86
  persistent_data = {
93
87
  'server.request.body' => gateway_request.form_hash
@@ -96,17 +90,13 @@ module Datadog
96
90
  result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
97
91
 
98
92
  if result.match?
99
- Datadog::AppSec::Event.tag_and_keep!(context, result)
93
+ AppSec::Event.tag_and_keep!(context, result)
100
94
 
101
- context.events << {
102
- waf_result: result,
103
- trace: context.trace,
104
- span: context.span,
105
- request: gateway_request,
106
- actions: result.actions
107
- }
95
+ context.events.push(
96
+ AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
97
+ )
108
98
 
109
- Datadog::AppSec::ActionsHandler.handle(result.actions)
99
+ AppSec::ActionsHandler.handle(result.actions)
110
100
  end
111
101
 
112
102
  stack.call(gateway_request.request)
@@ -19,7 +19,7 @@ module Datadog
19
19
  register_as :rack, auto_patch: false
20
20
 
21
21
  def self.version
22
- Gem.loaded_specs['rack'] && Gem.loaded_specs['rack'].version
22
+ Gem.loaded_specs['rack']&.version
23
23
  end
24
24
 
25
25
  def self.loaded?
@@ -4,9 +4,12 @@ require 'json'
4
4
 
5
5
  require_relative 'gateway/request'
6
6
  require_relative 'gateway/response'
7
- require_relative '../../instrumentation/gateway'
8
- require_relative '../../processor'
7
+
8
+ require_relative '../../event'
9
9
  require_relative '../../response'
10
+ require_relative '../../processor'
11
+ require_relative '../../security_event'
12
+ require_relative '../../instrumentation/gateway'
10
13
 
11
14
  require_relative '../../../tracing/client_ip'
12
15
  require_relative '../../../tracing/contrib/rack/header_collection'
@@ -36,7 +39,7 @@ module Datadog
36
39
  @rack_headers = {}
37
40
  end
38
41
 
39
- # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
42
+ # rubocop:disable Metrics/MethodLength
40
43
  def call(env)
41
44
  return @app.call(env) unless Datadog::AppSec.enabled?
42
45
 
@@ -97,20 +100,13 @@ module Datadog
97
100
  http_response = AppSec::Response.from_interrupt_params(interrupt_params, env['HTTP_ACCEPT']).to_rack
98
101
  end
99
102
 
100
- if AppSec.api_security_enabled?
101
- ctx.events << {
102
- trace: ctx.trace,
103
- span: ctx.span,
104
- waf_result: ctx.extract_schema,
105
- }
106
- end
107
-
108
- ctx.events.each do |e|
109
- e[:response] ||= gateway_response
110
- e[:request] ||= gateway_request
103
+ if AppSec.perform_api_security_check?
104
+ ctx.events.push(
105
+ AppSec::SecurityEvent.new(ctx.extract_schema, trace: ctx.trace, span: ctx.span)
106
+ )
111
107
  end
112
108
 
113
- AppSec::Event.record(ctx.span, *ctx.events)
109
+ AppSec::Event.record(ctx, request: gateway_request, response: gateway_response)
114
110
 
115
111
  http_response
116
112
  ensure
@@ -119,7 +115,7 @@ module Datadog
119
115
  Datadog::AppSec::Context.deactivate
120
116
  end
121
117
  end
122
- # rubocop:enable Metrics/AbcSize,Metrics/MethodLength
118
+ # rubocop:enable Metrics/MethodLength
123
119
 
124
120
  private
125
121
 
@@ -143,6 +139,7 @@ module Datadog
143
139
  Datadog::Tracing.active_span
144
140
  end
145
141
 
142
+ # standard:disable Metrics/MethodLength
146
143
  def add_appsec_tags(processor, context)
147
144
  span = context.span
148
145
  trace = context.trace
@@ -177,7 +174,9 @@ module Datadog
177
174
  end
178
175
  end
179
176
  end
177
+ # standard:enable Metrics/MethodLength
180
178
 
179
+ # standard:disable Metrics/MethodLength
181
180
  def add_request_tags(context, env)
182
181
  span = context.span
183
182
 
@@ -200,6 +199,7 @@ module Datadog
200
199
  )
201
200
  end
202
201
  end
202
+ # standard:enable Metrics/MethodLength
203
203
 
204
204
  def to_rack_header(header)
205
205
  @rack_headers[header] ||= Datadog::Tracing::Contrib::Rack::Header.to_rack_header(header)
@@ -1,7 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative '../../../instrumentation/gateway'
4
3
  require_relative '../../../event'
4
+ require_relative '../../../security_event'
5
+ require_relative '../../../instrumentation/gateway'
5
6
 
6
7
  module Datadog
7
8
  module AppSec
@@ -19,7 +20,7 @@ module Datadog
19
20
 
20
21
  def watch_request_action(gateway = Instrumentation.gateway)
21
22
  gateway.watch('rails.request.action', :appsec) do |stack, gateway_request|
22
- context = gateway_request.env[Datadog::AppSec::Ext::CONTEXT_KEY]
23
+ context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
23
24
 
24
25
  persistent_data = {
25
26
  'server.request.body' => gateway_request.parsed_body,
@@ -28,18 +29,15 @@ module Datadog
28
29
 
29
30
  result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
30
31
 
31
- if result.match?
32
- Datadog::AppSec::Event.tag_and_keep!(context, result)
33
-
34
- context.events << {
35
- waf_result: result,
36
- trace: context.trace,
37
- span: context.span,
38
- request: gateway_request,
39
- actions: result.actions
40
- }
32
+ if result.match? || !result.derivatives.empty?
33
+ context.events.push(
34
+ AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
35
+ )
36
+ end
41
37
 
42
- Datadog::AppSec::ActionsHandler.handle(result.actions)
38
+ if result.match?
39
+ AppSec::Event.tag_and_keep!(context, result)
40
+ AppSec::ActionsHandler.handle(result.actions)
43
41
  end
44
42
 
45
43
  stack.call(gateway_request.request)
@@ -18,7 +18,7 @@ module Datadog
18
18
  register_as :rails, auto_patch: false
19
19
 
20
20
  def self.version
21
- Gem.loaded_specs['railties'] && Gem.loaded_specs['railties'].version
21
+ Gem.loaded_specs['railties']&.version
22
22
  end
23
23
 
24
24
  def self.loaded?
@@ -96,27 +96,27 @@ module Datadog
96
96
  # find tracer middleware reference in Rails::Configuration::MiddlewareStackProxy
97
97
  app.middleware.instance_variable_get(:@operations).each do |operation|
98
98
  args = case operation
99
- when Array
100
- # rails 5.2
101
- _op, args = operation
102
- args
103
- when Proc
104
- if operation.binding.local_variables.include?(:args)
105
- # rails 6.0, 6.1
106
- operation.binding.local_variable_get(:args)
107
- else
108
- # rails 7.0 uses ... to pass args
109
- args_getter = Class.new do
110
- def method_missing(_op, *args) # rubocop:disable Style/MissingRespondToMissing
111
- args
112
- end
113
- end.new
114
- operation.call(args_getter)
115
- end
116
- else
117
- # unknown, pass through
118
- []
119
- end
99
+ when Array
100
+ # rails 5.2
101
+ _op, args = operation
102
+ args
103
+ when Proc
104
+ if operation.binding.local_variables.include?(:args)
105
+ # rails 6.0, 6.1
106
+ operation.binding.local_variable_get(:args)
107
+ else
108
+ # rails 7.0 uses ... to pass args
109
+ args_getter = Class.new do
110
+ def method_missing(_op, *args) # standard:disable Style/MissingRespondToMissing
111
+ args
112
+ end
113
+ end.new
114
+ operation.call(args_getter)
115
+ end
116
+ else
117
+ # unknown, pass through
118
+ []
119
+ end
120
120
 
121
121
  found = true if args.include?(middleware)
122
122
  end
@@ -20,7 +20,7 @@ module Datadog
20
20
  end
21
21
 
22
22
  def self.version
23
- Gem.loaded_specs['rest-client'] && Gem.loaded_specs['rest-client'].version
23
+ Gem.loaded_specs['rest-client']&.version
24
24
  end
25
25
 
26
26
  def self.loaded?
@@ -1,6 +1,9 @@
1
1
  # rubocop:disable Naming/FileName
2
2
  # frozen_string_literal: true
3
3
 
4
+ require_relative '../../event'
5
+ require_relative '../../security_event'
6
+
4
7
  module Datadog
5
8
  module AppSec
6
9
  module Contrib
@@ -12,24 +15,20 @@ module Datadog
12
15
 
13
16
  context = AppSec.active_context
14
17
 
15
- ephemeral_data = { 'server.io.net.url' => url }
18
+ ephemeral_data = {'server.io.net.url' => url}
16
19
  result = context.run_rasp(Ext::RASP_SSRF, {}, ephemeral_data, Datadog.configuration.appsec.waf_timeout)
17
20
 
18
21
  if result.match?
19
- Datadog::AppSec::Event.tag_and_keep!(context, result)
22
+ AppSec::Event.tag_and_keep!(context, result)
20
23
 
21
- context.events << {
22
- waf_result: result,
23
- trace: context.trace,
24
- span: context.span,
25
- request_url: url,
26
- actions: result.actions
27
- }
24
+ context.events.push(
25
+ AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
26
+ )
28
27
 
29
- ActionsHandler.handle(result.actions)
28
+ AppSec::ActionsHandler.handle(result.actions)
30
29
  end
31
30
 
32
- super(&block)
31
+ super
33
32
  end
34
33
  end
35
34
  end
@@ -1,7 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative '../../../instrumentation/gateway'
4
3
  require_relative '../../../event'
4
+ require_relative '../../../security_event'
5
+ require_relative '../../../instrumentation/gateway'
5
6
 
6
7
  module Datadog
7
8
  module AppSec
@@ -20,7 +21,7 @@ module Datadog
20
21
 
21
22
  def watch_request_dispatch(gateway = Instrumentation.gateway)
22
23
  gateway.watch('sinatra.request.dispatch', :appsec) do |stack, gateway_request|
23
- context = gateway_request.env[Datadog::AppSec::Ext::CONTEXT_KEY]
24
+ context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
24
25
 
25
26
  persistent_data = {
26
27
  'server.request.body' => gateway_request.form_hash
@@ -28,18 +29,15 @@ module Datadog
28
29
 
29
30
  result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
30
31
 
31
- if result.match?
32
- Datadog::AppSec::Event.tag_and_keep!(context, result)
33
-
34
- context.events << {
35
- waf_result: result,
36
- trace: context.trace,
37
- span: context.span,
38
- request: gateway_request,
39
- actions: result.actions
40
- }
32
+ if result.match? || !result.derivatives.empty?
33
+ context.events.push(
34
+ AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
35
+ )
36
+ end
41
37
 
42
- Datadog::AppSec::ActionsHandler.handle(result.actions)
38
+ if result.match?
39
+ AppSec::Event.tag_and_keep!(context, result)
40
+ AppSec::ActionsHandler.handle(result.actions)
43
41
  end
44
42
 
45
43
  stack.call(gateway_request.request)
@@ -48,7 +46,7 @@ module Datadog
48
46
 
49
47
  def watch_request_routed(gateway = Instrumentation.gateway)
50
48
  gateway.watch('sinatra.request.routed', :appsec) do |stack, (gateway_request, gateway_route_params)|
51
- context = gateway_request.env[Datadog::AppSec::Ext::CONTEXT_KEY]
49
+ context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
52
50
 
53
51
  persistent_data = {
54
52
  'server.request.path_params' => gateway_route_params.params
@@ -57,17 +55,13 @@ module Datadog
57
55
  result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
58
56
 
59
57
  if result.match?
60
- Datadog::AppSec::Event.tag_and_keep!(context, result)
58
+ AppSec::Event.tag_and_keep!(context, result)
61
59
 
62
- context.events << {
63
- waf_result: result,
64
- trace: context.trace,
65
- span: context.span,
66
- request: gateway_request,
67
- actions: result.actions
68
- }
60
+ context.events.push(
61
+ AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
62
+ )
69
63
 
70
- Datadog::AppSec::ActionsHandler.handle(result.actions)
64
+ AppSec::ActionsHandler.handle(result.actions)
71
65
  end
72
66
 
73
67
  stack.call(gateway_request.request)
@@ -18,7 +18,7 @@ module Datadog
18
18
  register_as :sinatra
19
19
 
20
20
  def self.version
21
- Gem.loaded_specs['sinatra'] && Gem.loaded_specs['sinatra'].version
21
+ Gem.loaded_specs['sinatra']&.version
22
22
  end
23
23
 
24
24
  def self.loaded?