datadog 2.30.0 → 2.32.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +44 -1
- data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +17 -7
- data/ext/datadog_profiling_native_extension/collectors_thread_context.c +11 -4
- data/ext/datadog_profiling_native_extension/collectors_thread_context.h +6 -0
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +18 -0
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
- data/ext/datadog_profiling_native_extension/extconf.rb +7 -4
- data/ext/datadog_profiling_native_extension/http_transport.c +10 -5
- data/ext/libdatadog_api/crashtracker.c +5 -8
- data/ext/libdatadog_api/datadog_ruby_common.c +18 -0
- data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
- data/ext/libdatadog_api/di.c +127 -0
- data/ext/libdatadog_api/extconf.rb +9 -4
- data/ext/libdatadog_api/init.c +5 -2
- data/ext/libdatadog_extconf_helpers.rb +46 -1
- data/lib/datadog/ai_guard/component.rb +2 -0
- data/lib/datadog/ai_guard/configuration.rb +105 -2
- data/lib/datadog/ai_guard/contrib/ruby_llm/chat_instrumentation.rb +41 -3
- data/lib/datadog/ai_guard/evaluation/content_builder.rb +31 -0
- data/lib/datadog/ai_guard/evaluation/content_part.rb +36 -0
- data/lib/datadog/ai_guard/evaluation/no_op_result.rb +3 -1
- data/lib/datadog/ai_guard/evaluation/request.rb +14 -9
- data/lib/datadog/ai_guard/evaluation/result.rb +3 -1
- data/lib/datadog/ai_guard/evaluation.rb +37 -7
- data/lib/datadog/ai_guard/ext.rb +1 -0
- data/lib/datadog/ai_guard.rb +26 -8
- data/lib/datadog/appsec/autoload.rb +1 -1
- data/lib/datadog/appsec/component.rb +11 -7
- data/lib/datadog/appsec/configuration.rb +414 -1
- data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +2 -1
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +6 -7
- data/lib/datadog/appsec/instrumentation/gateway.rb +0 -13
- data/lib/datadog/appsec/metrics/telemetry.rb +13 -1
- data/lib/datadog/appsec/monitor/gateway/watcher.rb +2 -0
- data/lib/datadog/appsec/security_engine/runner.rb +1 -1
- data/lib/datadog/appsec/trace_keeper.rb +18 -6
- data/lib/datadog/appsec/utils/http/media_type.rb +1 -2
- data/lib/datadog/appsec/utils/http/url_encoded.rb +3 -3
- data/lib/datadog/appsec.rb +5 -9
- data/lib/datadog/core/configuration/base.rb +17 -5
- data/lib/datadog/core/configuration/components.rb +22 -9
- data/lib/datadog/core/configuration/config_helper.rb +9 -0
- data/lib/datadog/core/configuration/option.rb +30 -5
- data/lib/datadog/core/configuration/option_definition.rb +38 -12
- data/lib/datadog/core/configuration/options.rb +40 -6
- data/lib/datadog/core/configuration/settings.rb +18 -0
- data/lib/datadog/core/configuration/supported_configurations.rb +3 -0
- data/lib/datadog/core/configuration.rb +1 -1
- data/lib/datadog/core/contrib/rails/railtie.rb +32 -0
- data/lib/datadog/core/contrib/rails/utils.rb +7 -3
- data/lib/datadog/core/crashtracking/component.rb +3 -3
- data/lib/datadog/core/diagnostics/environment_logger.rb +3 -1
- data/lib/datadog/core/environment/container.rb +2 -2
- data/lib/datadog/core/environment/ext.rb +1 -0
- data/lib/datadog/core/environment/identity.rb +25 -3
- data/lib/datadog/core/environment/process.rb +12 -0
- data/lib/datadog/core/feature_flags.rb +1 -1
- data/lib/datadog/core/metrics/client.rb +5 -5
- data/lib/datadog/core/remote/client.rb +1 -1
- data/lib/datadog/core/remote/component.rb +38 -21
- data/lib/datadog/core/runtime/metrics.rb +1 -1
- data/lib/datadog/core/telemetry/component.rb +3 -0
- data/lib/datadog/core/telemetry/emitter.rb +1 -1
- data/lib/datadog/core/telemetry/event/app_client_configuration_change.rb +2 -3
- data/lib/datadog/core/telemetry/event/app_extended_heartbeat.rb +32 -0
- data/lib/datadog/core/telemetry/event/app_started.rb +151 -169
- data/lib/datadog/core/telemetry/event.rb +1 -7
- data/lib/datadog/core/telemetry/ext.rb +1 -0
- data/lib/datadog/core/telemetry/transport/http/telemetry.rb +5 -0
- data/lib/datadog/core/telemetry/worker.rb +20 -0
- data/lib/datadog/core/transport/http.rb +2 -0
- data/lib/datadog/core/utils/only_once.rb +1 -1
- data/lib/datadog/core/utils/spawn_monkey_patch.rb +36 -0
- data/lib/datadog/core/utils.rb +1 -1
- data/lib/datadog/core/workers/async.rb +1 -1
- data/lib/datadog/core.rb +1 -2
- data/lib/datadog/data_streams/configuration.rb +40 -1
- data/lib/datadog/data_streams/pathway_context.rb +1 -1
- data/lib/datadog/data_streams/processor.rb +1 -1
- data/lib/datadog/data_streams.rb +1 -1
- data/lib/datadog/di/base.rb +8 -5
- data/lib/datadog/di/boot.rb +2 -4
- data/lib/datadog/di/code_tracker.rb +179 -1
- data/lib/datadog/di/component.rb +5 -1
- data/lib/datadog/di/configuration.rb +235 -2
- data/lib/datadog/di/instrumenter.rb +55 -29
- data/lib/datadog/di/probe_builder.rb +1 -1
- data/lib/datadog/di/probe_file_loader.rb +2 -2
- data/lib/datadog/di/probe_manager.rb +6 -6
- data/lib/datadog/di/probe_notification_builder.rb +110 -2
- data/lib/datadog/di/probe_notifier_worker.rb +2 -2
- data/lib/datadog/di/remote.rb +6 -6
- data/lib/datadog/di/transport/input.rb +3 -3
- data/lib/datadog/di.rb +81 -0
- data/lib/datadog/error_tracking/configuration.rb +55 -2
- data/lib/datadog/kit/enable_core_dumps.rb +1 -1
- data/lib/datadog/open_feature/component.rb +18 -1
- data/lib/datadog/open_feature/evaluation_engine.rb +2 -2
- data/lib/datadog/open_feature/hooks/flag_eval_hook.rb +49 -0
- data/lib/datadog/open_feature/metrics/flag_eval_metrics.rb +149 -0
- data/lib/datadog/open_feature/provider.rb +19 -1
- data/lib/datadog/open_feature/remote.rb +1 -1
- data/lib/datadog/open_feature/transport.rb +1 -1
- data/lib/datadog/opentelemetry/configuration/settings.rb +2 -0
- data/lib/datadog/opentelemetry/metrics.rb +3 -3
- data/lib/datadog/opentelemetry/sdk/configurator.rb +1 -1
- data/lib/datadog/opentelemetry/sdk/metrics_exporter.rb +1 -1
- data/lib/datadog/profiling/collectors/code_provenance.rb +36 -11
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +31 -2
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +8 -2
- data/lib/datadog/profiling/collectors/info.rb +16 -3
- data/lib/datadog/profiling/component.rb +12 -4
- data/lib/datadog/profiling/exporter.rb +37 -12
- data/lib/datadog/profiling/ext.rb +0 -2
- data/lib/datadog/profiling/flush.rb +21 -12
- data/lib/datadog/profiling/http_transport.rb +12 -1
- data/lib/datadog/profiling/load_native_extension.rb +2 -2
- data/lib/datadog/profiling/profiler.rb +13 -5
- data/lib/datadog/profiling/scheduler.rb +2 -2
- data/lib/datadog/profiling/tasks/exec.rb +8 -3
- data/lib/datadog/profiling/tasks/help.rb +1 -0
- data/lib/datadog/profiling/tasks/setup.rb +2 -2
- data/lib/datadog/profiling.rb +1 -2
- data/lib/datadog/single_step_instrument.rb +1 -1
- data/lib/datadog/symbol_database/configuration.rb +65 -0
- data/lib/datadog/symbol_database/extractor.rb +915 -0
- data/lib/datadog/symbol_database/file_hash.rb +46 -0
- data/lib/datadog/symbol_database/logger.rb +43 -0
- data/lib/datadog/symbol_database/scope.rb +98 -0
- data/lib/datadog/symbol_database/service_version.rb +57 -0
- data/lib/datadog/symbol_database/symbol.rb +66 -0
- data/lib/datadog/symbol_database/transport/http/endpoint.rb +28 -0
- data/lib/datadog/symbol_database/transport/http.rb +45 -0
- data/lib/datadog/symbol_database/transport.rb +54 -0
- data/lib/datadog/symbol_database/uploader.rb +166 -0
- data/lib/datadog/symbol_database.rb +49 -0
- data/lib/datadog/tracing/buffer.rb +3 -3
- data/lib/datadog/tracing/component.rb +11 -0
- data/lib/datadog/tracing/configuration/settings.rb +2 -1
- data/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb +5 -3
- data/lib/datadog/tracing/contrib/action_pack/action_dispatch/instrumentation.rb +20 -0
- data/lib/datadog/tracing/contrib/action_pack/action_dispatch/patcher.rb +3 -1
- data/lib/datadog/tracing/contrib/action_view/events/render_template.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/discard.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue_at.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue_retry.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/perform.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/retry_stopped.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/events/render.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/events/serialize.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +2 -2
- data/lib/datadog/tracing/contrib/active_record/events/instantiation.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/events/sql.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +1 -1
- data/lib/datadog/tracing/contrib/active_support/notifications/subscription.rb +2 -2
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +1 -1
- data/lib/datadog/tracing/contrib/component.rb +1 -1
- data/lib/datadog/tracing/contrib/configurable.rb +18 -3
- data/lib/datadog/tracing/contrib/configuration/resolver.rb +7 -4
- data/lib/datadog/tracing/contrib/dalli/quantize.rb +1 -1
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/excon/middleware.rb +2 -2
- data/lib/datadog/tracing/contrib/extensions.rb +9 -0
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +2 -2
- data/lib/datadog/tracing/contrib/grape/endpoint.rb +5 -5
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +2 -2
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +2 -2
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +3 -3
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +6 -2
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +3 -3
- data/lib/datadog/tracing/contrib/kafka/instrumentation/consumer.rb +2 -2
- data/lib/datadog/tracing/contrib/kafka/instrumentation/producer.rb +2 -2
- data/lib/datadog/tracing/contrib/karafka/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +3 -3
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/presto/instrumentation.rb +3 -3
- data/lib/datadog/tracing/contrib/rack/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/log_injection.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/patcher.rb +0 -1
- data/lib/datadog/tracing/contrib/rails/runner.rb +1 -1
- data/lib/datadog/tracing/contrib/rake/instrumentation.rb +2 -2
- data/lib/datadog/tracing/contrib/redis/quantize.rb +1 -1
- data/lib/datadog/tracing/contrib/redis/tags.rb +1 -1
- data/lib/datadog/tracing/contrib/sidekiq/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/status_range_matcher.rb +4 -0
- data/lib/datadog/tracing/contrib/stripe/request.rb +1 -1
- data/lib/datadog/tracing/contrib.rb +8 -0
- data/lib/datadog/tracing/diagnostics/environment_logger.rb +3 -1
- data/lib/datadog/tracing/distributed/baggage.rb +59 -5
- data/lib/datadog/tracing/distributed/datadog.rb +13 -11
- data/lib/datadog/tracing/distributed/datadog_tags_codec.rb +1 -1
- data/lib/datadog/tracing/distributed/propagation.rb +2 -2
- data/lib/datadog/tracing/distributed/trace_context.rb +74 -32
- data/lib/datadog/tracing/event.rb +1 -1
- data/lib/datadog/tracing/metadata/tagging.rb +2 -2
- data/lib/datadog/tracing/pipeline.rb +1 -1
- data/lib/datadog/tracing/remote.rb +1 -1
- data/lib/datadog/tracing/sampling/ext.rb +2 -0
- data/lib/datadog/tracing/sampling/priority_sampler.rb +13 -0
- data/lib/datadog/tracing/sampling/rule.rb +1 -1
- data/lib/datadog/tracing/sampling/rule_sampler.rb +54 -25
- data/lib/datadog/tracing/sampling/span/rule_parser.rb +2 -2
- data/lib/datadog/tracing/span_operation.rb +4 -4
- data/lib/datadog/tracing/trace_operation.rb +53 -9
- data/lib/datadog/tracing/tracer.rb +29 -4
- data/lib/datadog/tracing/transport/io/client.rb +1 -1
- data/lib/datadog/tracing/transport/trace_formatter.rb +1 -1
- data/lib/datadog/tracing/workers.rb +2 -1
- data/lib/datadog/version.rb +1 -1
- metadata +27 -12
- data/lib/datadog/ai_guard/configuration/settings.rb +0 -113
- data/lib/datadog/appsec/configuration/settings.rb +0 -423
- data/lib/datadog/data_streams/configuration/settings.rb +0 -49
- data/lib/datadog/di/configuration/settings.rb +0 -243
- data/lib/datadog/error_tracking/configuration/settings.rb +0 -63
|
@@ -1,113 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "uri"
|
|
4
|
-
require_relative "ext"
|
|
5
|
-
|
|
6
|
-
module Datadog
|
|
7
|
-
module AIGuard
|
|
8
|
-
module Configuration
|
|
9
|
-
# AI Guard specific settings
|
|
10
|
-
module Settings
|
|
11
|
-
def self.extended(base)
|
|
12
|
-
base = base.singleton_class unless base.is_a?(Class)
|
|
13
|
-
add_settings!(base)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def self.add_settings!(base)
|
|
17
|
-
base.class_eval do
|
|
18
|
-
# AI Guard specific configurations.
|
|
19
|
-
# @public_api
|
|
20
|
-
#
|
|
21
|
-
# Steep does not update `self` for this `class_eval` block.
|
|
22
|
-
# @type self: Datadog::Core::Configuration::Base::_DslContext
|
|
23
|
-
settings :ai_guard do
|
|
24
|
-
# Enable AI Guard.
|
|
25
|
-
#
|
|
26
|
-
# You can use this option to skip calls to AI Guard API without having to remove library as a whole.
|
|
27
|
-
#
|
|
28
|
-
# @default `DD_AI_GUARD_ENABLED`, otherwise `false`
|
|
29
|
-
# @return [Boolean]
|
|
30
|
-
option :enabled do |o|
|
|
31
|
-
o.type :bool
|
|
32
|
-
o.env Ext::ENV_AI_GUARD_ENABLED
|
|
33
|
-
o.default false
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
define_method(:instrument) do |integration_name|
|
|
37
|
-
return unless enabled # steep:ignore
|
|
38
|
-
|
|
39
|
-
if (registered_integration = Datadog::AIGuard::Contrib::Integration.registry[integration_name])
|
|
40
|
-
klass = registered_integration.klass
|
|
41
|
-
if klass.loaded? && klass.compatible?
|
|
42
|
-
instance = klass.new
|
|
43
|
-
instance.patcher.patch unless instance.patcher.patched?
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
# AI Guard API endpoint path.
|
|
49
|
-
#
|
|
50
|
-
# @default `DD_AI_GUARD_ENDPOINT`, otherwise `nil`
|
|
51
|
-
# @return [String, nil]
|
|
52
|
-
option :endpoint do |o|
|
|
53
|
-
o.type :string, nilable: true
|
|
54
|
-
o.env Ext::ENV_AI_GUARD_ENDPOINT
|
|
55
|
-
|
|
56
|
-
o.setter do |value|
|
|
57
|
-
next unless value
|
|
58
|
-
|
|
59
|
-
uri = URI(value.to_s)
|
|
60
|
-
raise ArgumentError, "Please provide an absolute URI that includes a protocol" unless uri.absolute?
|
|
61
|
-
|
|
62
|
-
uri.to_s.delete_suffix("/")
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
# Datadog Application key.
|
|
67
|
-
#
|
|
68
|
-
# @default `DD_APP_KEY` environment variable, otherwise `nil`
|
|
69
|
-
# @return [String, nil]
|
|
70
|
-
option :app_key do |o|
|
|
71
|
-
o.type :string, nilable: true
|
|
72
|
-
o.env Ext::ENV_APP_KEY
|
|
73
|
-
end
|
|
74
|
-
|
|
75
|
-
# Request timeout in milliseconds.
|
|
76
|
-
#
|
|
77
|
-
# @default `DD_AI_GUARD_TIMEOUT`, otherwise 10 000 ms
|
|
78
|
-
# @return [Integer]
|
|
79
|
-
option :timeout_ms do |o|
|
|
80
|
-
o.type :int
|
|
81
|
-
o.env Ext::ENV_AI_GUARD_TIMEOUT
|
|
82
|
-
o.default 10_000
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
# Maximum content size in bytes.
|
|
86
|
-
# Content that exceeds the maximum allowed size is truncated before
|
|
87
|
-
# being stored in the current span context.
|
|
88
|
-
#
|
|
89
|
-
# @default `DD_AI_GUARD_MAX_CONTENT_SIZE`, otherwise 524 228 bytes
|
|
90
|
-
# @return [Integer]
|
|
91
|
-
option :max_content_size_bytes do |o|
|
|
92
|
-
o.type :int
|
|
93
|
-
o.env Ext::ENV_AI_GUARD_MAX_CONTENT_SIZE
|
|
94
|
-
o.default 512 * 1024
|
|
95
|
-
end
|
|
96
|
-
|
|
97
|
-
# Maximum number of messages.
|
|
98
|
-
# Older messages are omitted once the message limit is reached.
|
|
99
|
-
#
|
|
100
|
-
# @default `DD_AI_GUARD_MAX_MESSAGES_LENGTH`, otherwise 16 messages
|
|
101
|
-
# @return [Integer]
|
|
102
|
-
option :max_messages_length do |o|
|
|
103
|
-
o.type :int
|
|
104
|
-
o.env Ext::ENV_AI_GUARD_MAX_MESSAGES_LENGTH
|
|
105
|
-
o.default 16
|
|
106
|
-
end
|
|
107
|
-
end
|
|
108
|
-
end
|
|
109
|
-
end
|
|
110
|
-
end
|
|
111
|
-
end
|
|
112
|
-
end
|
|
113
|
-
end
|
|
@@ -1,423 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require_relative '../../core/utils/duration'
|
|
4
|
-
require_relative '../sample_rate'
|
|
5
|
-
|
|
6
|
-
module Datadog
|
|
7
|
-
module AppSec
|
|
8
|
-
module Configuration
|
|
9
|
-
# Settings
|
|
10
|
-
module Settings
|
|
11
|
-
# rubocop:disable Layout/LineLength
|
|
12
|
-
DEFAULT_OBFUSCATOR_KEY_REGEX = '(?i)pass|pw(?:or)?d|secret|(?:api|private|public|access)[_-]?key|token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization|jsessionid|phpsessid|asp\.net[_-]sessionid|sid|jwt'
|
|
13
|
-
DEFAULT_OBFUSCATOR_VALUE_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\.net(?:[_-]|-)sessionid|sid|jwt)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}'
|
|
14
|
-
# rubocop:enable Layout/LineLength
|
|
15
|
-
|
|
16
|
-
DISABLED_AUTO_USER_INSTRUMENTATION_MODE = 'disabled'
|
|
17
|
-
ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE = 'anonymization'
|
|
18
|
-
IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE = 'identification'
|
|
19
|
-
AUTO_USER_INSTRUMENTATION_MODES = [
|
|
20
|
-
DISABLED_AUTO_USER_INSTRUMENTATION_MODE,
|
|
21
|
-
ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE,
|
|
22
|
-
IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
|
|
23
|
-
].freeze
|
|
24
|
-
AUTO_USER_INSTRUMENTATION_MODES_ALIASES = {
|
|
25
|
-
'ident' => IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE,
|
|
26
|
-
'anon' => ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE,
|
|
27
|
-
}.freeze
|
|
28
|
-
|
|
29
|
-
# NOTE: These two constants are deprecated
|
|
30
|
-
SAFE_TRACK_USER_EVENTS_MODE = 'safe'
|
|
31
|
-
EXTENDED_TRACK_USER_EVENTS_MODE = 'extended'
|
|
32
|
-
APPSEC_VALID_TRACK_USER_EVENTS_MODE = [
|
|
33
|
-
SAFE_TRACK_USER_EVENTS_MODE, EXTENDED_TRACK_USER_EVENTS_MODE
|
|
34
|
-
].freeze
|
|
35
|
-
APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES = ['1', 'true'].concat(
|
|
36
|
-
APPSEC_VALID_TRACK_USER_EVENTS_MODE
|
|
37
|
-
).freeze
|
|
38
|
-
|
|
39
|
-
def self.extended(base)
|
|
40
|
-
base = base.singleton_class unless base.is_a?(Class)
|
|
41
|
-
add_settings!(base)
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
# rubocop:disable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
|
45
|
-
def self.add_settings!(base)
|
|
46
|
-
base.class_eval do
|
|
47
|
-
settings :appsec do
|
|
48
|
-
option :enabled do |o|
|
|
49
|
-
o.type :bool
|
|
50
|
-
o.env 'DD_APPSEC_ENABLED'
|
|
51
|
-
o.default false
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
define_method(:instrument) do |integration_name|
|
|
55
|
-
if enabled
|
|
56
|
-
registered_integration = Datadog::AppSec::Contrib::Integration.registry[integration_name]
|
|
57
|
-
if registered_integration
|
|
58
|
-
klass = registered_integration.klass
|
|
59
|
-
if klass.loaded? && klass.compatible?
|
|
60
|
-
instance = klass.new
|
|
61
|
-
instance.patcher.patch unless instance.patcher.patched?
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
# RASP or Runtime Application Self-Protection
|
|
68
|
-
# is a collection of techniques and heuristics aimed at detecting malicious inputs and preventing
|
|
69
|
-
# any potential side-effects on the application resulting from the use of said malicious inputs.
|
|
70
|
-
option :rasp_enabled do |o|
|
|
71
|
-
o.type :bool, nilable: true
|
|
72
|
-
o.env 'DD_APPSEC_RASP_ENABLED'
|
|
73
|
-
o.default true
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
option :ruleset do |o|
|
|
77
|
-
o.env 'DD_APPSEC_RULES'
|
|
78
|
-
o.default :recommended
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
option :ip_passlist do |o|
|
|
82
|
-
o.default []
|
|
83
|
-
|
|
84
|
-
o.setter do |value|
|
|
85
|
-
next value if value.nil? || value.empty?
|
|
86
|
-
|
|
87
|
-
Datadog::Core.log_deprecation(disallowed_next_major: false) do
|
|
88
|
-
'The ip_passlist setting is deprecated and will be removed in the next release. ' \
|
|
89
|
-
'Please migrate this configuration to your service settings via the Datadog UI'
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
value
|
|
93
|
-
end
|
|
94
|
-
end
|
|
95
|
-
|
|
96
|
-
option :ip_denylist do |o|
|
|
97
|
-
o.type :array
|
|
98
|
-
o.default []
|
|
99
|
-
|
|
100
|
-
o.setter do |value|
|
|
101
|
-
next value if value.nil? || value.empty?
|
|
102
|
-
|
|
103
|
-
Datadog::Core.log_deprecation(disallowed_next_major: false) do
|
|
104
|
-
'The ip_denylist setting is deprecated and will be removed in the next release. ' \
|
|
105
|
-
'Please migrate this configuration to your service settings via the Datadog UI'
|
|
106
|
-
end
|
|
107
|
-
|
|
108
|
-
value
|
|
109
|
-
end
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
option :user_id_denylist do |o|
|
|
113
|
-
o.type :array
|
|
114
|
-
o.default []
|
|
115
|
-
|
|
116
|
-
o.setter do |value|
|
|
117
|
-
next value if value.nil? || value.empty?
|
|
118
|
-
|
|
119
|
-
Datadog::Core.log_deprecation(disallowed_next_major: false) do
|
|
120
|
-
'The user_id_denylist setting is deprecated and will be removed in the next release. ' \
|
|
121
|
-
'Please migrate this configuration to your service settings via the Datadog UI'
|
|
122
|
-
end
|
|
123
|
-
|
|
124
|
-
value
|
|
125
|
-
end
|
|
126
|
-
end
|
|
127
|
-
|
|
128
|
-
option :waf_timeout do |o|
|
|
129
|
-
o.env 'DD_APPSEC_WAF_TIMEOUT' # us
|
|
130
|
-
o.default 5_000
|
|
131
|
-
o.setter do |v|
|
|
132
|
-
Datadog::Core::Utils::Duration.call(v.to_s, base: :us)
|
|
133
|
-
end
|
|
134
|
-
end
|
|
135
|
-
|
|
136
|
-
option :waf_debug do |o|
|
|
137
|
-
o.env 'DD_APPSEC_WAF_DEBUG'
|
|
138
|
-
o.default false
|
|
139
|
-
o.type :bool
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
option :trace_rate_limit do |o|
|
|
143
|
-
o.type :int
|
|
144
|
-
o.env 'DD_APPSEC_TRACE_RATE_LIMIT' # trace/s
|
|
145
|
-
o.default 100
|
|
146
|
-
end
|
|
147
|
-
|
|
148
|
-
option :obfuscator_key_regex do |o|
|
|
149
|
-
o.type :string
|
|
150
|
-
o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP'
|
|
151
|
-
o.default DEFAULT_OBFUSCATOR_KEY_REGEX
|
|
152
|
-
end
|
|
153
|
-
|
|
154
|
-
option :obfuscator_value_regex do |o|
|
|
155
|
-
o.type :string
|
|
156
|
-
o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP'
|
|
157
|
-
o.default DEFAULT_OBFUSCATOR_VALUE_REGEX
|
|
158
|
-
end
|
|
159
|
-
|
|
160
|
-
settings :block do
|
|
161
|
-
settings :templates do
|
|
162
|
-
option :html do |o|
|
|
163
|
-
o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML'
|
|
164
|
-
o.type :string, nilable: true
|
|
165
|
-
o.setter do |value|
|
|
166
|
-
if value
|
|
167
|
-
unless File.exist?(value)
|
|
168
|
-
raise(ArgumentError,
|
|
169
|
-
"appsec.templates.html: file not found: #{value}")
|
|
170
|
-
end
|
|
171
|
-
|
|
172
|
-
File.binread(value) || ''
|
|
173
|
-
end
|
|
174
|
-
end
|
|
175
|
-
end
|
|
176
|
-
|
|
177
|
-
option :json do |o|
|
|
178
|
-
o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON'
|
|
179
|
-
o.type :string, nilable: true
|
|
180
|
-
o.setter do |value|
|
|
181
|
-
if value
|
|
182
|
-
unless File.exist?(value)
|
|
183
|
-
raise(ArgumentError,
|
|
184
|
-
"appsec.templates.json: file not found: #{value}")
|
|
185
|
-
end
|
|
186
|
-
|
|
187
|
-
File.binread(value) || ''
|
|
188
|
-
end
|
|
189
|
-
end
|
|
190
|
-
end
|
|
191
|
-
|
|
192
|
-
option :text do |o|
|
|
193
|
-
o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_TEXT'
|
|
194
|
-
o.type :string, nilable: true
|
|
195
|
-
o.setter do |value|
|
|
196
|
-
if value
|
|
197
|
-
unless File.exist?(value)
|
|
198
|
-
raise(ArgumentError,
|
|
199
|
-
"appsec.templates.text: file not found: #{value}")
|
|
200
|
-
end
|
|
201
|
-
|
|
202
|
-
File.binread(value) || ''
|
|
203
|
-
end
|
|
204
|
-
end
|
|
205
|
-
end
|
|
206
|
-
end
|
|
207
|
-
end
|
|
208
|
-
|
|
209
|
-
settings :stack_trace do
|
|
210
|
-
option :enabled do |o|
|
|
211
|
-
o.type :bool
|
|
212
|
-
o.env 'DD_APPSEC_STACK_TRACE_ENABLED'
|
|
213
|
-
o.default true
|
|
214
|
-
end
|
|
215
|
-
|
|
216
|
-
# The maximum number of stack trace frames to collect for each stack trace.
|
|
217
|
-
#
|
|
218
|
-
# If the stack trace exceeds this limit, the frames are dropped from the middle of the stack trace:
|
|
219
|
-
# 75% of the frames are kept from the top of the stack trace and 25% from the bottom
|
|
220
|
-
# (this percentage is also configurable).
|
|
221
|
-
#
|
|
222
|
-
# Minimum value is 10.
|
|
223
|
-
# Set to zero if you don't want any frames to be dropped.
|
|
224
|
-
#
|
|
225
|
-
# Default value is 32
|
|
226
|
-
option :max_depth do |o|
|
|
227
|
-
o.type :int
|
|
228
|
-
o.env 'DD_APPSEC_MAX_STACK_TRACE_DEPTH'
|
|
229
|
-
o.default 32
|
|
230
|
-
|
|
231
|
-
o.setter do |value|
|
|
232
|
-
value = 0 if value < 0
|
|
233
|
-
value
|
|
234
|
-
end
|
|
235
|
-
end
|
|
236
|
-
|
|
237
|
-
# The percentage of frames to keep from the top of the stack trace.
|
|
238
|
-
#
|
|
239
|
-
# Default value is 75
|
|
240
|
-
option :top_percentage do |o|
|
|
241
|
-
o.type :int
|
|
242
|
-
o.env 'DD_APPSEC_MAX_STACK_TRACE_DEPTH_TOP_PERCENT'
|
|
243
|
-
o.default 75
|
|
244
|
-
|
|
245
|
-
o.setter do |value|
|
|
246
|
-
value = 100 if value > 100
|
|
247
|
-
value = 0 if value.negative?
|
|
248
|
-
value
|
|
249
|
-
end
|
|
250
|
-
end
|
|
251
|
-
|
|
252
|
-
# Maximum number of stack traces to collect per span.
|
|
253
|
-
#
|
|
254
|
-
# Set to zero if you want to collect all stack traces.
|
|
255
|
-
#
|
|
256
|
-
# Default value is 2
|
|
257
|
-
option :max_stack_traces do |o|
|
|
258
|
-
o.type :int
|
|
259
|
-
o.env 'DD_APPSEC_MAX_STACK_TRACES'
|
|
260
|
-
o.default 2
|
|
261
|
-
|
|
262
|
-
o.setter do |value|
|
|
263
|
-
value = 0 if value < 0
|
|
264
|
-
value
|
|
265
|
-
end
|
|
266
|
-
end
|
|
267
|
-
end
|
|
268
|
-
|
|
269
|
-
settings :auto_user_instrumentation do
|
|
270
|
-
define_method(:enabled?) { get_option(:mode) != DISABLED_AUTO_USER_INSTRUMENTATION_MODE }
|
|
271
|
-
|
|
272
|
-
option :mode do |o|
|
|
273
|
-
o.type :string
|
|
274
|
-
o.env 'DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE'
|
|
275
|
-
o.default IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
|
|
276
|
-
o.setter do |value|
|
|
277
|
-
mode = AUTO_USER_INSTRUMENTATION_MODES_ALIASES.fetch(value, value)
|
|
278
|
-
next mode if AUTO_USER_INSTRUMENTATION_MODES.include?(mode)
|
|
279
|
-
|
|
280
|
-
Datadog.logger.warn(
|
|
281
|
-
'The appsec.auto_user_instrumentation.mode value provided is not supported. ' \
|
|
282
|
-
"Supported values are: #{AUTO_USER_INSTRUMENTATION_MODES.join(" | ")}. " \
|
|
283
|
-
"Using value: #{DISABLED_AUTO_USER_INSTRUMENTATION_MODE}."
|
|
284
|
-
)
|
|
285
|
-
|
|
286
|
-
DISABLED_AUTO_USER_INSTRUMENTATION_MODE
|
|
287
|
-
end
|
|
288
|
-
end
|
|
289
|
-
end
|
|
290
|
-
|
|
291
|
-
# DEV-3.0: Remove `track_user_events.enabled` and `track_user_events.mode` options
|
|
292
|
-
settings :track_user_events do
|
|
293
|
-
option :enabled do |o|
|
|
294
|
-
o.default true
|
|
295
|
-
o.type :bool
|
|
296
|
-
o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
|
|
297
|
-
o.env_parser do |env_value|
|
|
298
|
-
if env_value == 'disabled'
|
|
299
|
-
false
|
|
300
|
-
else
|
|
301
|
-
APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES.include?(env_value.strip.downcase)
|
|
302
|
-
end
|
|
303
|
-
end
|
|
304
|
-
o.after_set do |_, _, precedence|
|
|
305
|
-
unless precedence == Datadog::Core::Configuration::Option::Precedence::DEFAULT
|
|
306
|
-
Core.log_deprecation(key: :appsec_track_user_events_enabled) do
|
|
307
|
-
'The appsec.track_user_events.enabled setting is deprecated. ' \
|
|
308
|
-
'Please remove it from your Datadog.configure block and use ' \
|
|
309
|
-
'appsec.auto_user_instrumentation.mode instead.'
|
|
310
|
-
end
|
|
311
|
-
end
|
|
312
|
-
end
|
|
313
|
-
end
|
|
314
|
-
|
|
315
|
-
option :mode do |o|
|
|
316
|
-
o.type :string
|
|
317
|
-
o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
|
|
318
|
-
o.default SAFE_TRACK_USER_EVENTS_MODE
|
|
319
|
-
o.setter do |v|
|
|
320
|
-
if APPSEC_VALID_TRACK_USER_EVENTS_MODE.include?(v)
|
|
321
|
-
v
|
|
322
|
-
elsif v == 'disabled'
|
|
323
|
-
SAFE_TRACK_USER_EVENTS_MODE
|
|
324
|
-
else
|
|
325
|
-
Datadog.logger.warn(
|
|
326
|
-
'The appsec.track_user_events.mode value provided is not supported.' \
|
|
327
|
-
"Supported values are: #{APPSEC_VALID_TRACK_USER_EVENTS_MODE.join(" | ")}." \
|
|
328
|
-
"Using default value: #{SAFE_TRACK_USER_EVENTS_MODE}."
|
|
329
|
-
)
|
|
330
|
-
|
|
331
|
-
SAFE_TRACK_USER_EVENTS_MODE
|
|
332
|
-
end
|
|
333
|
-
end
|
|
334
|
-
o.after_set do |_, _, precedence|
|
|
335
|
-
unless precedence == Datadog::Core::Configuration::Option::Precedence::DEFAULT
|
|
336
|
-
Core.log_deprecation(key: :appsec_track_user_events_mode) do
|
|
337
|
-
'The appsec.track_user_events.mode setting is deprecated. ' \
|
|
338
|
-
'Please remove it from your Datadog.configure block and use ' \
|
|
339
|
-
'appsec.auto_user_instrumentation.mode instead.'
|
|
340
|
-
end
|
|
341
|
-
end
|
|
342
|
-
end
|
|
343
|
-
end
|
|
344
|
-
end
|
|
345
|
-
|
|
346
|
-
settings :api_security do
|
|
347
|
-
define_method(:enabled?) { get_option(:enabled) }
|
|
348
|
-
|
|
349
|
-
option :enabled do |o|
|
|
350
|
-
o.type :bool
|
|
351
|
-
o.env 'DD_API_SECURITY_ENABLED'
|
|
352
|
-
o.default true
|
|
353
|
-
end
|
|
354
|
-
|
|
355
|
-
settings :endpoint_collection do
|
|
356
|
-
# Enables reporting of application routes at application start via telemetry
|
|
357
|
-
option :enabled do |o|
|
|
358
|
-
o.type :bool, nilable: true
|
|
359
|
-
o.env 'DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED'
|
|
360
|
-
o.default true
|
|
361
|
-
end
|
|
362
|
-
end
|
|
363
|
-
|
|
364
|
-
# NOTE: Unfortunately, we have to go with Float due to other libs
|
|
365
|
-
# setup, even tho we don't plan to support sub-second delays.
|
|
366
|
-
#
|
|
367
|
-
# WARNING: The value will be converted to Integer.
|
|
368
|
-
option :sample_delay do |o|
|
|
369
|
-
o.type :float
|
|
370
|
-
o.env 'DD_API_SECURITY_SAMPLE_DELAY'
|
|
371
|
-
o.default 30
|
|
372
|
-
o.setter do |value|
|
|
373
|
-
value.to_i
|
|
374
|
-
end
|
|
375
|
-
end
|
|
376
|
-
|
|
377
|
-
# DEV-3.0: Remove `api_security.sample_rate` option
|
|
378
|
-
option :sample_rate do |o|
|
|
379
|
-
o.type :float
|
|
380
|
-
o.env 'DD_API_SECURITY_REQUEST_SAMPLE_RATE'
|
|
381
|
-
o.default 0.1
|
|
382
|
-
o.setter do |value|
|
|
383
|
-
value = 1 if value > 1
|
|
384
|
-
SampleRate.new(value)
|
|
385
|
-
end
|
|
386
|
-
o.after_set do |_, _, precedence|
|
|
387
|
-
next if precedence == Datadog::Core::Configuration::Option::Precedence::DEFAULT
|
|
388
|
-
|
|
389
|
-
Core.log_deprecation(key: :appsec_api_security_sample_rate) do
|
|
390
|
-
'The appsec.api_security.sample_rate setting is deprecated. ' \
|
|
391
|
-
'Please remove it from your Datadog.configure block and use ' \
|
|
392
|
-
'appsec.api_security.sample_delay instead.'
|
|
393
|
-
end
|
|
394
|
-
end
|
|
395
|
-
end
|
|
396
|
-
|
|
397
|
-
settings :downstream_body_analysis do
|
|
398
|
-
option :sample_rate do |o|
|
|
399
|
-
o.type :float
|
|
400
|
-
o.env 'DD_API_SECURITY_DOWNSTREAM_BODY_ANALYSIS_SAMPLE_RATE'
|
|
401
|
-
o.default 0.5
|
|
402
|
-
end
|
|
403
|
-
|
|
404
|
-
option :max_requests do |o|
|
|
405
|
-
o.type :int
|
|
406
|
-
o.env 'DD_API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS'
|
|
407
|
-
o.default 1
|
|
408
|
-
end
|
|
409
|
-
end
|
|
410
|
-
end
|
|
411
|
-
|
|
412
|
-
option :sca_enabled do |o|
|
|
413
|
-
o.type :bool, nilable: true
|
|
414
|
-
o.env 'DD_APPSEC_SCA_ENABLED'
|
|
415
|
-
end
|
|
416
|
-
end
|
|
417
|
-
end
|
|
418
|
-
end
|
|
419
|
-
# rubocop:enable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
|
420
|
-
end
|
|
421
|
-
end
|
|
422
|
-
end
|
|
423
|
-
end
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require_relative '../../core/environment/variable_helpers'
|
|
4
|
-
require_relative '../ext'
|
|
5
|
-
|
|
6
|
-
module Datadog
|
|
7
|
-
module DataStreams
|
|
8
|
-
module Configuration
|
|
9
|
-
# Configuration settings for Data Streams Monitoring.
|
|
10
|
-
module Settings
|
|
11
|
-
def self.extended(base)
|
|
12
|
-
base = base.singleton_class unless base.is_a?(Class)
|
|
13
|
-
add_settings!(base)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def self.add_settings!(base)
|
|
17
|
-
base.class_eval do
|
|
18
|
-
# Data Streams Monitoring configuration
|
|
19
|
-
# @public_api
|
|
20
|
-
settings :data_streams do
|
|
21
|
-
# Whether Data Streams Monitoring is enabled. When enabled, the library will
|
|
22
|
-
# collect and report data lineage information for messaging systems.
|
|
23
|
-
#
|
|
24
|
-
# @default `DD_DATA_STREAMS_ENABLED` environment variable, otherwise `false`.
|
|
25
|
-
# @return [Boolean]
|
|
26
|
-
option :enabled do |o|
|
|
27
|
-
o.type :bool
|
|
28
|
-
o.env Ext::ENV_ENABLED
|
|
29
|
-
o.default false
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
# The interval (in seconds) at which Data Streams Monitoring stats are flushed.
|
|
33
|
-
#
|
|
34
|
-
# @default 10.0
|
|
35
|
-
# @env '_DD_TRACE_STATS_WRITER_INTERVAL'
|
|
36
|
-
# @return [Float]
|
|
37
|
-
# @!visibility private
|
|
38
|
-
option :interval do |o|
|
|
39
|
-
o.type :float
|
|
40
|
-
o.env '_DD_TRACE_STATS_WRITER_INTERVAL'
|
|
41
|
-
o.default 10.0
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
|
-
end
|