datadog 2.29.0 → 2.31.0

data/ext/libdatadog_api/extconf.rb

@@ -40,7 +40,8 @@ append_cflags '-Werror' if ENV['DATADOG_GEM_CI'] == 'true'
 # * by upstream Ruby -- search for gnu99 in the codebase
 # * by msgpack, another datadog gem dependency
 #   (https://github.com/msgpack/msgpack-ruby/blob/18ce08f6d612fe973843c366ac9a0b74c4e50599/ext/msgpack/extconf.rb#L8)
-append_cflags '-std=gnu99'
+# @ivoanjo: We could probably start using C11/gnu11 for non macOS-too but it's somewhat hard to validate so I chickened out for now
+append_cflags RUBY_PLATFORM.include?('darwin') ? '-std=gnu11' : '-std=gnu99'
 
 # Allow defining variables at any point in a function
 append_cflags '-Wno-declaration-after-statement'
@@ -74,29 +75,13 @@ if ENV['DDTRACE_DEBUG'] == 'true'
 end
 
 # If we got here, libdatadog is available and loaded
-ENV['PKG_CONFIG_PATH'] = "#{ENV["PKG_CONFIG_PATH"]}:#{Libdatadog.pkgconfig_folder}"
-Logging.message("[datadog] PKG_CONFIG_PATH set to #{ENV["PKG_CONFIG_PATH"].inspect}\n")
 $stderr.puts("Using libdatadog #{Libdatadog::VERSION} from #{Libdatadog.pkgconfig_folder}")
 
-unless pkg_config('datadog_profiling_with_rpath')
-  Logging.message("[datadog] Ruby detected the pkg-config command is #{$PKGCONFIG.inspect}\n")
-
-  if Datadog::LibdatadogExtconfHelpers.pkg_config_missing?
-    skip_building_extension!('the `pkg-config` system tool is missing')
-  else
-    skip_building_extension!('there was a problem in setting up the `libdatadog` dependency')
-  end
+unless Datadog::LibdatadogExtconfHelpers.configure_libdatadog(extconf_folder: __dir__)
+  skip_building_extension!('there was a problem in setting up the `libdatadog` dependency')
 end
 
-# See comments on the helper methods being used for why we need to additionally set this.
-# The extremely excessive escaping around ORIGIN below seems to be correct and was determined after a lot of
-# experimentation. We need to get these special characters across a lot of tools untouched...
-extra_relative_rpaths = [
-  Datadog::LibdatadogExtconfHelpers.libdatadog_folder_relative_to_native_lib_folder(current_folder: __dir__),
-  *Datadog::LibdatadogExtconfHelpers.libdatadog_folder_relative_to_ruby_extensions_folders,
-]
-extra_relative_rpaths.each { |folder| $LDFLAGS += " -Wl,-rpath,$$$\\\\{ORIGIN\\}/#{folder.to_str}" }
-Logging.message("[datadog] After pkg-config $LDFLAGS were set to: #{$LDFLAGS.inspect}\n")
+Datadog::LibdatadogExtconfHelpers.add_libdatadog_version_define
 
 # Tag the native extension library with the Ruby version and Ruby platform.
 # This makes it easier for development (avoids "oops I forgot to rebuild when I switched my Ruby") and ensures that

data/ext/libdatadog_api/init.c

@@ -1,12 +1,14 @@
 #include <ruby.h>
 
 #include "datadog_ruby_common.h"
+
 #include "crashtracker.h"
-#include "process_discovery.h"
-#include "library_config.h"
 #include "feature_flags.h"
+#include "library_config.h"
+#include "process_discovery.h"
 
 void ddsketch_init(VALUE core_module);
+void di_init(VALUE datadog_module);
 
 void DDTRACE_EXPORT Init_libdatadog_api(void) {
   VALUE datadog_module = rb_define_module("Datadog");
@@ -21,4 +23,5 @@ void DDTRACE_EXPORT Init_libdatadog_api(void) {
   library_config_init(core_module);
   ddsketch_init(core_module);
   feature_flags_init(core_module);
+  di_init(datadog_module);
 }

data/ext/libdatadog_extconf_helpers.rb

@@ -10,7 +10,7 @@ module Datadog
   module LibdatadogExtconfHelpers
     # Used to make sure the correct gem version gets loaded, as extconf.rb does not get run with "bundle exec" and thus
     # may see multiple libdatadog versions. See https://github.com/DataDog/dd-trace-rb/pull/2531 for the horror story.
-    LIBDATADOG_VERSION = '~> 25.0.0.1.0'
+    LIBDATADOG_VERSION = '~> 30.0.0.1.0'
 
     # Used as an workaround for a limitation with how dynamic linking works in environments where the datadog gem and
     # libdatadog are moved after the extension gets compiled.
@@ -23,9 +23,9 @@ module Datadog
     # Linux: e.g. `readelf -d datadog_profiling_native_extension.2.7.3_x86_64-linux.so`.
     #
     # In older versions of the datadog gem, we only set as runpath an absolute path to libdatadog.
-    # (This gets set automatically by the call
-    # to `pkg_config('datadog_profiling_with_rpath')` in `extconf.rb`). This worked fine as long as libdatadog was **NOT**
-    # moved from the folder it was present at datadog gem installation/linking time.
+    # (This gets set automatically by the call to `configure_libdatadog` in `extconf.rb`).
+    # This worked fine as long as libdatadog was **NOT** moved from the folder it was present at
+    # datadog gem installation/linking time.
     #
     # Unfortunately, environments such as Heroku and AWS Elastic Beanstalk move gems around in the filesystem after
     # installation. Thus, the profiling native extension could not be loaded in these environments
@@ -47,12 +47,12 @@ module Datadog
     # we could setup when doing a `require`.
     #
     def self.libdatadog_folder_relative_to_native_lib_folder(
-      current_folder:,
+      extconf_folder:,
       libdatadog_pkgconfig_folder: Libdatadog.pkgconfig_folder
     )
       return unless libdatadog_pkgconfig_folder
 
-      native_lib_folder = "#{current_folder}/../../lib/"
+      native_lib_folder = "#{extconf_folder}/../../lib/"
       libdatadog_lib_folder = "#{libdatadog_pkgconfig_folder}/../"
 
       Pathname.new(libdatadog_lib_folder).relative_path_from(Pathname.new(native_lib_folder)).to_s
@@ -104,13 +104,51 @@ module Datadog
       end
     end
 
-    # mkmf sets $PKGCONFIG after the `pkg_config` gets used in extconf.rb. When `pkg_config` is unsuccessful, we use
-    # this helper to decide if we can show more specific error message vs a generic "something went wrong".
-    def self.pkg_config_missing?(command: $PKGCONFIG) # standard:disable Style/GlobalVars
-      pkg_config_available = command && xsystem("#{command} --version")
+    # Directly configures mkmf to link against libdatadog by setting $INCFLAGS, $LDFLAGS, and $libs.
+    #
+    # This replaces the previous use of mkmf's `pkg_config("datadog_profiling_with_rpath")`, removing the need for
+    # the pkg-config system tool to be installed.
+    #
+    # The extconf_folder argument should be the __dir__ of the calling extconf.rb, used to compute relative rpaths.
+    # The logger argument is the mkmf Logging module, dependency-injected to make testing easier.
+    # rubocop:disable Style/GlobalVars
+    def self.configure_libdatadog(
+      extconf_folder:,
+      libdatadog_pkgconfig_folder: Libdatadog.pkgconfig_folder,
+      gem_dir: Gem.dir,
+      logger: Logging
+    )
+      return unless libdatadog_pkgconfig_folder
+
+      # The lib and include folders are at a fixed relative path from pkgconfig_folder
+      libdir = "#{libdatadog_pkgconfig_folder}/../../lib"
+      includedir = "#{libdatadog_pkgconfig_folder}/../../include"
 
-      pkg_config_available != true
+      # Set mkmf global variables
+      $INCFLAGS << " -I#{includedir}"
+      $LDFLAGS << " -L#{libdir} -Wl,-rpath,#{libdir}"
+      $libs << " -ldatadog_profiling"
+
+      # Add extra relative rpaths using $ORIGIN to handle environments where gems are moved after installation.
+      # The excessive escaping is needed to get these special characters through Make and the shell untouched.
+      extra_relative_rpaths = [
+        libdatadog_folder_relative_to_native_lib_folder(
+          extconf_folder: extconf_folder,
+          libdatadog_pkgconfig_folder: libdatadog_pkgconfig_folder,
+        ),
+        *libdatadog_folder_relative_to_ruby_extensions_folders(
+          gem_dir: gem_dir,
+          libdatadog_pkgconfig_folder: libdatadog_pkgconfig_folder,
+        ),
+      ]
+      extra_relative_rpaths.each { |folder| $LDFLAGS << " -Wl,-rpath,$$$\\\\{ORIGIN\\}/#{folder}" }
+
+      logger.message("linking with libdatadog (include=#{includedir}, lib=#{libdir})\n")
+      logger.message("[datadog] $LDFLAGS were set to: #{$LDFLAGS.inspect}\n")
+
+      true
     end
+    # rubocop:enable Style/GlobalVars
 
     def self.try_loading_libdatadog
       gem 'libdatadog', LIBDATADOG_VERSION
@@ -124,6 +162,14 @@ module Datadog
       end
     end
 
+    # Adds a C preprocessor define with the libdatadog version used at compile time.
+    # This allows runtime verification that the loaded libdatadog matches what was compiled against.
+    # rubocop:disable Style/GlobalVars
+    def self.add_libdatadog_version_define
+      $defs << %(-DEXPECTED_LIBDATADOG_VERSION=\\"#{Libdatadog::VERSION}\\")
+    end
+    # rubocop:enable Style/GlobalVars
+
     # Note: This helper is currently only used in the `libdatadog_api/extconf.rb` BUT still lives here to enable testing.
     def self.load_libdatadog_or_get_issue
       try_loading_libdatadog do |exception|

data/lib/datadog/ai_guard/component.rb

@@ -7,6 +7,8 @@ require_relative 'evaluation/result'
 require_relative 'evaluation/no_op_result'
 require_relative 'evaluation/message'
 require_relative 'evaluation/tool_call'
+require_relative 'evaluation/content_part'
+require_relative 'evaluation/content_builder'
 require_relative 'ext'
 
 module Datadog

data/lib/datadog/ai_guard/configuration/settings.rb

@@ -17,6 +17,9 @@ module Datadog
           base.class_eval do
             # AI Guard specific configurations.
             # @public_api
+            #
+            # Steep does not update `self` for this `class_eval` block.
+            # @type self: Datadog::Core::Configuration::Base::_DslContext
             settings :ai_guard do
               # Enable AI Guard.
               #

data/lib/datadog/ai_guard/contrib/ruby_llm/chat_instrumentation.rb

@@ -14,13 +14,51 @@ module Datadog
                     AIGuard.assistant(id: tool_call_id, tool_name: tool_call.name, arguments: tool_call.arguments.to_s)
                   end
                 elsif message.tool_result?
-                  AIGuard.tool(tool_call_id: message.tool_call_id, content: message.content)
+                  build_ai_guard_tool(message)
                 else
-                  AIGuard.message(role: message.role, content: message.content)
+                  build_ai_guard_message(message)
                 end
               end
 
-              AIGuard.evaluate(*ai_guard_messages, allow_raise: true)
+              AIGuard.evaluate(*ai_guard_messages)
+            end
+
+            private
+
+            def build_ai_guard_message(message)
+              content = message.content
+
+              case content
+              when ::RubyLLM::Content
+                AIGuard.message(role: message.role) do |m|
+                  m.text(content.text.to_s) if content.text
+
+                  # Calling attachment.for_llm triggers lazy loading of file contents.
+                  # The result is memoized, so providers won't re-read.
+                  content.attachments.each do |attachment|
+                    case attachment.type
+                    when :image
+                      m.image_url(attachment.for_llm)
+                    when :text
+                      m.text(attachment.for_llm)
+                    end
+                    # Skip :pdf, :audio, :video, :unknown — not supported by AIGuard
+                  end
+                end
+              else
+                AIGuard.message(role: message.role, content: content)
+              end
+            end
+
+            def build_ai_guard_tool(message)
+              content = message.content
+              # Tools can return Content or Content::Raw objects (e.g. with attachments),
+              # but AIGuard.tool expects a String. Extract text when content is a Content object.
+              case content
+              when ::RubyLLM::Content
+                content = content.text.to_s
+              end
+              AIGuard.tool(tool_call_id: message.tool_call_id, content: content)
             end
           end
 

data/lib/datadog/ai_guard/evaluation/content_builder.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Datadog
+  module AIGuard
+    module Evaluation
+      # Builder for collecting content parts inside a message block.
+      #
+      # Used via the block form of {Datadog::AIGuard.message}:
+      #
+      #   Datadog::AIGuard.message(role: :user) do |m|
+      #     m.text("What's in this image?")
+      #     m.image_url("https://example.com/img.png")
+      #   end
+      class ContentBuilder
+        attr_reader :parts
+
+        def initialize
+          @parts = []
+        end
+
+        def text(text)
+          @parts << ContentPart::Text.new(text)
+        end
+
+        def image_url(url)
+          @parts << ContentPart::ImageURL.new(url)
+        end
+      end
+    end
+  end
+end

data/lib/datadog/ai_guard/evaluation/content_part.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Datadog
+  module AIGuard
+    module Evaluation
+      # Namespace for content part types used in multi-modal messages.
+      module ContentPart
+        # A text content part.
+        class Text
+          attr_reader :text
+
+          def initialize(text)
+            @text = text
+          end
+
+          def type
+            :text
+          end
+        end
+
+        # An image URL content part. Accepts an absolute URL or a base64 data URI.
+        class ImageURL
+          attr_reader :url
+
+          def initialize(url)
+            @url = url
+          end
+
+          def type
+            :image_url
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/ai_guard/evaluation/no_op_result.rb

@@ -5,12 +5,14 @@ module Datadog
     module Evaluation
       # Class for emulating AI Guard evaluation result when AI Guard is disabled.
       class NoOpResult
-        attr_reader :action, :reason, :tags
+        attr_reader :action, :reason, :tags, :sds_findings, :tag_probabilities
 
         def initialize
           @action = Result::ALLOW_ACTION
           @reason = "AI Guard is disabled"
           @tags = []
+          @sds_findings = []
+          @tag_probabilities = {}
         end
 
         def allow?

data/lib/datadog/ai_guard/evaluation/request.rb

@@ -44,15 +44,7 @@ module Datadog
         end
 
         def serialize_messages(messages)
-          serialized_messages = []
-
-          messages.each do |message|
-            serialized_messages << serialize_message(message)
-
-            break if serialized_messages.count == Datadog.configuration.ai_guard.max_messages_length
-          end
-
-          serialized_messages
+          messages.map { |message| serialize_message(message) }
         end
 
         def serialize_message(message)
@@ -69,12 +61,25 @@ module Datadog
                 }
               ]
             }
+          elsif message.content.is_a?(::Array)
+            {role: message.role, content: serialize_content_parts(message.content)}
           elsif message.tool_call_id
             {role: message.role, tool_call_id: message.tool_call_id, content: message.content}
           else
             {role: message.role, content: message.content}
           end
         end
+
+        def serialize_content_parts(parts)
+          parts.map do |part|
+            case part
+            when ContentPart::Text
+              {type: "text", text: part.text}
+            when ContentPart::ImageURL
+              {type: "image_url", image_url: {url: part.url}}
+            end
+          end
+        end
       end
     end
   end

data/lib/datadog/ai_guard/evaluation/result.rb

@@ -9,7 +9,7 @@ module Datadog
         DENY_ACTION = "DENY"
         ABORT_ACTION = "ABORT"
 
-        attr_reader :action, :reason, :tags
+        attr_reader :action, :reason, :tags, :sds_findings, :tag_probabilities
 
         def initialize(raw_response)
           attributes = raw_response.fetch("data").fetch("attributes")
@@ -17,7 +17,9 @@ module Datadog
           @action = attributes.fetch("action")
           @reason = attributes.fetch("reason")
           @tags = attributes.fetch("tags")
+          @tag_probabilities = attributes.fetch("tag_probs")
           @is_blocking_enabled = attributes.fetch("is_blocking_enabled")
+          @sds_findings = attributes.fetch("sds_findings", [])
         rescue KeyError => e
           raise AIGuardClientError, "Missing key: \"#{e.key}\""
         end

data/lib/datadog/ai_guard/evaluation.rb

@@ -6,10 +6,16 @@ module Datadog
     # and creating `ai_guard` span with required tags
     module Evaluation
       class << self
-        def perform(messages, allow_raise: false)
+        def perform(messages, allow_raise: true)
           raise ArgumentError, "Messages must not be empty" if messages&.empty?
 
           Tracing.trace(Ext::SPAN_NAME) do |span, trace|
+            trace.keep!
+            trace.set_tag(
+              Tracing::Metadata::Ext::Distributed::TAG_DECISION_MAKER,
+              Tracing::Sampling::Ext::Decision::AI_GUARD
+            )
+
             if (last_message = messages.last)
               if last_message.tool_call
                 span.set_tag(Ext::TARGET_TAG, "tool")
@@ -34,8 +40,10 @@ module Datadog
             span.set_metastruct_tag(
               Ext::METASTRUCT_TAG,
               {
-                messages: truncate_content(request.serialized_messages),
-                attack_categories: result.tags
+                messages: truncate_content(truncate_messages(request.serialized_messages)),
+                attack_categories: result.tags,
+                sds: result.sds_findings,
+                tag_probs: result.tag_probabilities
               }
             )
 
@@ -56,14 +64,35 @@ module Datadog
 
         private
 
+        def truncate_messages(serialized_messages)
+          max_length = Datadog.configuration.ai_guard.max_messages_length
+          serialized_messages.first(max_length)
+        end
+
+        # Truncates content in serialized messages to stay within the configured byte limit.
+        # For multi-modal messages, only text parts are truncated; image URLs are left intact.
         def truncate_content(serialized_messages)
+          max_bytes = Datadog.configuration.ai_guard.max_content_size_bytes
+
           serialized_messages.map do |message| # steep:ignore
             next message unless message[:content]
 
-            {
-              **message,
-              content: message[:content].byteslice(0, Datadog.configuration.ai_guard.max_content_size_bytes)
-            }
+            if message[:content].is_a?(::Array)
+              serialized_content = message[:content].map do |part|
+                if part[:text]
+                  {**part, text: part[:text].to_s.byteslice(0, max_bytes)}
+                else
+                  part
+                end
+              end
+
+              {**message, content: serialized_content}
+            else
+              {
+                **message,
+                content: message[:content].byteslice(0, max_bytes)
+              }
+            end
           end
         end
       end

data/lib/datadog/ai_guard.rb

@@ -10,7 +10,7 @@ module Datadog
   module AIGuard
     Core::Configuration::Settings.extend(Configuration::Settings)
 
-    # This error is raised when user passes `allow_raise: true` to Evaluation.perform
+    # This error is raised when `allow_raise` is set to true (the default) in Evaluation.perform
     # and AI Guard considers the messages not safe. Intended to be rescued by the user.
     #
     # WARNING: This name must not change, since front-end is using it.
@@ -68,13 +68,14 @@ module Datadog
       #   One or more message objects to be evaluated.
       # @param allow_raise [Boolean]
       #   Whether this method may raise an exception when evaluation result is not ALLOW.
+      #   Defaults to true.
       #
       # @return [Datadog::AIGuard::Evaluation::Result]
       #   The result of AI Guard evaluation.
       # @raise [Datadog::AIGuard::AIGuardAbortError]
       #   If the evaluation results in DENY or ABORT action and `allow_raise` is set to true
       # @public_api
-      def evaluate(*messages, allow_raise: false)
+      def evaluate(*messages, allow_raise: true)
         if enabled?
           Evaluation.perform(messages, allow_raise: allow_raise)
         else
@@ -84,25 +85,42 @@ module Datadog
 
       # Builds a generic evaluation message.
       #
-      # Example:
+      # Accepts either a string content or a block for multi-modal content parts:
       #
       # ```
+      # # String content:
       # Datadog::AIGuard.message(role: :user, content: "Hello, assistant")
+      #
+      # # Multi-modal content with block:
+      # Datadog::AIGuard.message(role: :user) do |m|
+      #   m.text("What's in this image?")
+      #   m.image_url("https://example.com/img.png")
+      # end
       # ```
       #
       # @param role [Symbol]
       #   The role associated with the message.
       #   Must be one of `:assistant`, `:tool`, `:system`, `:developer`, or `:user`.
-      # @param content [String]
-      #   The textual content of the message.
+      # @param content [String, nil]
+      #   The textual content of the message. Cannot be combined with a block.
+      # @yield [builder] A block for building multi-modal content parts.
+      # @yieldparam builder [Datadog::AIGuard::Evaluation::ContentBuilder]
       #
       # @return [Datadog::AIGuard::Evaluation::Message]
       #   A new message instance with the given role and content.
       # @raise [ArgumentError]
-      #   If an invalid role is provided.
+      #   If both content and a block are provided, or if an invalid role is provided.
       # @public_api
-      def message(role:, content:)
-        Evaluation::Message.new(role: role, content: content)
+      def message(role:, content: nil)
+        if block_given?
+          raise ArgumentError, "Cannot pass both content and a block" if content
+
+          builder = Evaluation::ContentBuilder.new
+          yield builder
+          Evaluation::Message.new(role: role, content: builder.parts)
+        else
+          Evaluation::Message.new(role: role, content: content)
+        end
       end
 
       # Builds an assistant message representing a tool call initiated by the model.

data/lib/datadog/appsec/autoload.rb

@@ -7,7 +7,7 @@ if %w[1 true].include?((Datadog::DATADOG_ENV['DD_APPSEC_ENABLED'] || '').downcas
   rescue => e
     Kernel.warn(
       '[datadog] AppSec failed to instrument. No security check will be performed. error: ' \
-      " #{e.class.name} #{e.message}"
+      " #{e.class}: #{e}"
     )
   end
 end

data/lib/datadog/appsec/component.rb

@@ -45,10 +45,15 @@ module Datadog
           settings.appsec.instrument(:devise) unless devise_integration.patcher.patched?
 
           security_engine = SecurityEngine::Engine.new(appsec_settings: settings.appsec, telemetry: telemetry)
-          new(security_engine: security_engine, telemetry: telemetry)
-        rescue
-          Datadog.logger.warn('AppSec is disabled, see logged errors above')
-
+          new(security_engine: security_engine)
+        rescue => e
+          Datadog.logger.warn("AppSec is disabled: #{e.class}: #{e}; there may be additional logged errors above")
+
+          # Not reporting to telemetry here because some of the rescued exceptions
+          # have already been reported by the code that raised them
+          # (e.g. SecurityEngine::Engine.new reports WAF init failures).
+          # TODO: reconsider whether telemetry reporting belongs here
+          # (single catch-all) or in the downstream code (as it is now).
           nil
         end
 
@@ -70,11 +75,10 @@ module Datadog
         end
       end
 
-      attr_reader :security_engine, :telemetry
+      attr_reader :security_engine
 
-      def initialize(security_engine:, telemetry:)
+      def initialize(security_engine:)
         @security_engine = security_engine
-        @telemetry = telemetry
       end
 
       def reconfigure!

data/lib/datadog/appsec/contrib/active_record/patcher.rb

@@ -61,6 +61,7 @@ module Datadog
             end
 
             ::ActiveRecord::ConnectionAdapters::SQLite3Adapter.prepend(instrumentation_module)
+            Patcher.instance_variable_set(:@patched, true)
           end
 
           def patch_mysql2_adapter
@@ -73,6 +74,7 @@ module Datadog
             end
 
             ::ActiveRecord::ConnectionAdapters::Mysql2Adapter.prepend(instrumentation_module)
+            Patcher.instance_variable_set(:@patched, true)
           end
 
           def patch_postgresql_adapter
@@ -93,6 +95,7 @@ module Datadog
             end
 
             ::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend(instrumentation_module)
+            Patcher.instance_variable_set(:@patched, true)
           end
         end
       end

data/lib/datadog/appsec/contrib/devise/integration.rb

@@ -24,7 +24,7 @@ module Datadog
           end
 
           def self.compatible?
-            super && version >= MINIMUM_VERSION
+            !!(super && (version&.>= MINIMUM_VERSION))
           end
 
           def self.auto_instrument?

data/lib/datadog/appsec/contrib/excon/patcher.rb

@@ -20,6 +20,8 @@ module Datadog
             require_relative 'ssrf_detection_middleware'
 
             ::Excon.defaults[:middlewares].insert(0, SSRFDetectionMiddleware)
+
+            Patcher.instance_variable_set(:@patched, true)
           end
         end
       end

data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb

@@ -98,7 +98,7 @@ module Datadog
 
           def request_url(data)
             klass = (data[:scheme] == 'https') ? URI::HTTPS : URI::HTTP
-            klass.build(host: data[:host], path: data[:path], query: data[:query]).to_s
+            klass.build(host: data[:host], port: data[:port], path: data[:path], query: data[:query]).to_s
           end
 
           def normalize_headers(headers)

data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb

@@ -22,7 +22,7 @@ module Datadog
               end
 
               def watch_multiplex(gateway = Instrumentation.gateway)
-                gateway.watch('graphql.multiplex', :appsec) do |stack, gateway_multiplex|
+                gateway.watch('graphql.multiplex') do |stack, gateway_multiplex|
                   context = AppSec::Context.active
 
                   if context

data/lib/datadog/appsec/contrib/rack/gateway/request.rb

@@ -25,7 +25,7 @@ module Datadog
             def query
               ::Rack::Utils.parse_query(request.query_string)
             rescue => e
-              Datadog.logger.debug { "AppSec: Failed to parse request query string: #{e.class}: #{e.message}" }
+              Datadog.logger.debug { "AppSec: Failed to parse request query string: #{e.class}: #{e}" }
               AppSec.telemetry.report(e, description: 'AppSec: Failed to parse request query string')
 
               {}