datadog 2.31.0 → 2.33.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/datadog_profiling_native_extension/clock_id.h +9 -1
- data/ext/datadog_profiling_native_extension/clock_id_from_mach.c +73 -0
- data/ext/datadog_profiling_native_extension/clock_id_from_pthread.c +1 -1
- data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +17 -7
- data/ext/datadog_profiling_native_extension/collectors_thread_context.c +16 -5
- data/ext/datadog_profiling_native_extension/collectors_thread_context.h +6 -0
- data/ext/datadog_profiling_native_extension/extconf.rb +8 -4
- data/ext/datadog_profiling_native_extension/http_transport.c +10 -5
- data/ext/datadog_profiling_native_extension/stack_recorder.c +3 -9
- data/ext/datadog_profiling_native_extension/time_helpers.h +1 -0
- data/ext/libdatadog_api/crashtracker.c +2 -0
- data/ext/libdatadog_api/di.c +48 -0
- data/ext/libdatadog_api/extconf.rb +7 -4
- data/ext/libdatadog_extconf_helpers.rb +38 -1
- data/lib/datadog/ai_guard/autoload.rb +10 -0
- data/lib/datadog/ai_guard/component.rb +1 -1
- data/lib/datadog/ai_guard/configuration.rb +105 -2
- data/lib/datadog/ai_guard/contrib/auto_instrument.rb +24 -0
- data/lib/datadog/ai_guard/contrib/rack/integration.rb +42 -0
- data/lib/datadog/ai_guard/contrib/rack/patcher.rb +26 -0
- data/lib/datadog/ai_guard/contrib/rack/request_middleware.rb +83 -0
- data/lib/datadog/ai_guard/contrib/rails/integration.rb +41 -0
- data/lib/datadog/ai_guard/contrib/rails/patcher.rb +97 -0
- data/lib/datadog/ai_guard/evaluation.rb +2 -0
- data/lib/datadog/ai_guard/ext.rb +2 -0
- data/lib/datadog/ai_guard.rb +8 -0
- data/lib/datadog/appsec/autoload.rb +1 -1
- data/lib/datadog/appsec/component.rb +1 -1
- data/lib/datadog/appsec/configuration.rb +414 -1
- data/lib/datadog/appsec/contrib/aws_lambda/gateway/watcher.rb +75 -0
- data/lib/datadog/appsec/contrib/aws_lambda/integration.rb +39 -0
- data/lib/datadog/appsec/contrib/aws_lambda/patcher.rb +30 -0
- data/lib/datadog/appsec/contrib/aws_lambda/waf_addresses.rb +111 -0
- data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +2 -1
- data/lib/datadog/appsec/contrib/rack/gateway/request.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/patcher.rb +2 -2
- data/lib/datadog/appsec/metrics/telemetry.rb +13 -1
- data/lib/datadog/appsec/security_engine/runner.rb +1 -1
- data/lib/datadog/appsec/trace_keeper.rb +18 -6
- data/lib/datadog/appsec/utils/http/url_encoded.rb +2 -2
- data/lib/datadog/appsec.rb +1 -0
- data/lib/datadog/core/configuration/components.rb +1 -1
- data/lib/datadog/core/configuration/settings.rb +13 -0
- data/lib/datadog/core/configuration/supported_configurations.rb +4 -0
- data/lib/datadog/core/configuration.rb +1 -1
- data/lib/datadog/core/contrib/rails/utils.rb +1 -1
- data/lib/datadog/core/crashtracking/component.rb +3 -3
- data/lib/datadog/core/diagnostics/environment_logger.rb +3 -1
- data/lib/datadog/core/environment/container.rb +2 -2
- data/lib/datadog/core/environment/ext.rb +1 -0
- data/lib/datadog/core/environment/socket.rb +13 -0
- data/lib/datadog/core/feature_flags.rb +1 -1
- data/lib/datadog/core/metrics/client.rb +5 -5
- data/lib/datadog/core/remote/client.rb +1 -1
- data/lib/datadog/core/remote/component.rb +2 -2
- data/lib/datadog/core/runtime/metrics.rb +1 -1
- data/lib/datadog/core/telemetry/emitter.rb +1 -1
- data/lib/datadog/core/telemetry/event/app_started.rb +2 -2
- data/lib/datadog/core/transport/http.rb +2 -0
- data/lib/datadog/core/utils.rb +1 -1
- data/lib/datadog/core/workers/async.rb +1 -1
- data/lib/datadog/core.rb +1 -1
- data/lib/datadog/data_streams/configuration.rb +40 -1
- data/lib/datadog/data_streams/pathway_context.rb +1 -1
- data/lib/datadog/data_streams/processor.rb +1 -1
- data/lib/datadog/data_streams.rb +1 -1
- data/lib/datadog/di/base.rb +8 -5
- data/lib/datadog/di/code_tracker.rb +179 -1
- data/lib/datadog/di/component.rb +1 -1
- data/lib/datadog/di/configuration.rb +235 -2
- data/lib/datadog/di/instrumenter.rb +46 -26
- data/lib/datadog/di/probe_builder.rb +1 -1
- data/lib/datadog/di/probe_file_loader.rb +2 -2
- data/lib/datadog/di/probe_manager.rb +6 -6
- data/lib/datadog/di/probe_notification_builder.rb +1 -1
- data/lib/datadog/di/probe_notifier_worker.rb +2 -2
- data/lib/datadog/di/remote.rb +6 -6
- data/lib/datadog/di/serializer.rb +1 -1
- data/lib/datadog/di/transport/input.rb +3 -3
- data/lib/datadog/error_tracking/configuration.rb +55 -2
- data/lib/datadog/kit/enable_core_dumps.rb +1 -1
- data/lib/datadog/open_feature/component.rb +18 -1
- data/lib/datadog/open_feature/evaluation_engine.rb +3 -3
- data/lib/datadog/open_feature/exposures/reporter.rb +1 -1
- data/lib/datadog/open_feature/exposures/worker.rb +1 -1
- data/lib/datadog/open_feature/hooks/flag_eval_hook.rb +49 -0
- data/lib/datadog/open_feature/metrics/flag_eval_metrics.rb +149 -0
- data/lib/datadog/open_feature/provider.rb +19 -1
- data/lib/datadog/open_feature/remote.rb +1 -1
- data/lib/datadog/open_feature/transport.rb +1 -1
- data/lib/datadog/opentelemetry/metrics.rb +13 -4
- data/lib/datadog/opentelemetry/sdk/configurator.rb +1 -1
- data/lib/datadog/opentelemetry/sdk/id_generator.rb +16 -10
- data/lib/datadog/opentelemetry/sdk/metrics_exporter.rb +1 -1
- data/lib/datadog/profiling/collectors/code_provenance.rb +35 -9
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +31 -2
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +8 -2
- data/lib/datadog/profiling/collectors/info.rb +16 -3
- data/lib/datadog/profiling/component.rb +3 -6
- data/lib/datadog/profiling/exporter.rb +37 -12
- data/lib/datadog/profiling/ext.rb +0 -2
- data/lib/datadog/profiling/flush.rb +21 -12
- data/lib/datadog/profiling/http_transport.rb +12 -1
- data/lib/datadog/profiling/load_native_extension.rb +1 -1
- data/lib/datadog/profiling/profiler.rb +13 -1
- data/lib/datadog/profiling/scheduler.rb +2 -2
- data/lib/datadog/profiling/stack_recorder.rb +0 -4
- data/lib/datadog/profiling/tasks/exec.rb +8 -3
- data/lib/datadog/profiling/tasks/help.rb +1 -0
- data/lib/datadog/profiling/tasks/setup.rb +2 -2
- data/lib/datadog/single_step_instrument.rb +1 -1
- data/lib/datadog/symbol_database/configuration.rb +65 -0
- data/lib/datadog/symbol_database/extractor.rb +906 -0
- data/lib/datadog/symbol_database/file_hash.rb +46 -0
- data/lib/datadog/symbol_database/logger.rb +43 -0
- data/lib/datadog/symbol_database/scope.rb +102 -0
- data/lib/datadog/symbol_database/scope_batcher.rb +280 -0
- data/lib/datadog/symbol_database/service_version.rb +57 -0
- data/lib/datadog/symbol_database/symbol.rb +66 -0
- data/lib/datadog/symbol_database/transport/http/endpoint.rb +28 -0
- data/lib/datadog/symbol_database/transport/http.rb +45 -0
- data/lib/datadog/symbol_database/transport.rb +54 -0
- data/lib/datadog/symbol_database/uploader.rb +169 -0
- data/lib/datadog/symbol_database.rb +49 -0
- data/lib/datadog/tracing/buffer.rb +3 -3
- data/lib/datadog/tracing/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb +5 -3
- data/lib/datadog/tracing/contrib/action_view/events/render_template.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/discard.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue_at.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue_retry.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/perform.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/retry_stopped.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/events/render.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/events/serialize.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +2 -2
- data/lib/datadog/tracing/contrib/active_record/events/instantiation.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/events/sql.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +1 -1
- data/lib/datadog/tracing/contrib/active_support/notifications/subscription.rb +2 -2
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +1 -1
- data/lib/datadog/tracing/contrib/component.rb +1 -1
- data/lib/datadog/tracing/contrib/configuration/resolver.rb +7 -4
- data/lib/datadog/tracing/contrib/dalli/quantize.rb +1 -1
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/excon/middleware.rb +2 -2
- data/lib/datadog/tracing/contrib/extensions.rb +9 -0
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +2 -2
- data/lib/datadog/tracing/contrib/grape/endpoint.rb +5 -5
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +2 -2
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +2 -2
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +2 -2
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +6 -2
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +2 -2
- data/lib/datadog/tracing/contrib/kafka/instrumentation/consumer.rb +2 -2
- data/lib/datadog/tracing/contrib/kafka/instrumentation/producer.rb +2 -2
- data/lib/datadog/tracing/contrib/karafka/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +3 -3
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/presto/instrumentation.rb +3 -3
- data/lib/datadog/tracing/contrib/rack/configuration/settings.rb +6 -0
- data/lib/datadog/tracing/contrib/rack/ext.rb +27 -0
- data/lib/datadog/tracing/contrib/rack/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/trace_proxy_middleware.rb +117 -1
- data/lib/datadog/tracing/contrib/rails/log_injection.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/runner.rb +1 -1
- data/lib/datadog/tracing/contrib/rake/instrumentation.rb +2 -2
- data/lib/datadog/tracing/contrib/redis/quantize.rb +1 -1
- data/lib/datadog/tracing/contrib/redis/tags.rb +1 -1
- data/lib/datadog/tracing/contrib/sidekiq/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/stripe/request.rb +1 -1
- data/lib/datadog/tracing/contrib.rb +8 -0
- data/lib/datadog/tracing/diagnostics/environment_logger.rb +3 -1
- data/lib/datadog/tracing/distributed/baggage.rb +59 -5
- data/lib/datadog/tracing/distributed/datadog.rb +11 -11
- data/lib/datadog/tracing/distributed/datadog_tags_codec.rb +1 -1
- data/lib/datadog/tracing/distributed/propagation.rb +2 -2
- data/lib/datadog/tracing/distributed/trace_context.rb +74 -32
- data/lib/datadog/tracing/event.rb +1 -1
- data/lib/datadog/tracing/metadata/tagging.rb +2 -2
- data/lib/datadog/tracing/pipeline.rb +1 -1
- data/lib/datadog/tracing/remote.rb +1 -1
- data/lib/datadog/tracing/sampling/rule.rb +1 -1
- data/lib/datadog/tracing/sampling/rule_sampler.rb +2 -2
- data/lib/datadog/tracing/sampling/span/rule_parser.rb +2 -2
- data/lib/datadog/tracing/span_operation.rb +3 -3
- data/lib/datadog/tracing/trace_operation.rb +4 -4
- data/lib/datadog/tracing/tracer.rb +6 -8
- data/lib/datadog/tracing/transport/io/client.rb +1 -1
- data/lib/datadog/tracing/workers.rb +2 -1
- data/lib/datadog/version.rb +1 -1
- metadata +33 -12
- data/ext/datadog_profiling_native_extension/clock_id_noop.c +0 -21
- data/lib/datadog/ai_guard/configuration/settings.rb +0 -113
- data/lib/datadog/appsec/configuration/settings.rb +0 -423
- data/lib/datadog/data_streams/configuration/settings.rb +0 -49
- data/lib/datadog/di/configuration/settings.rb +0 -243
- data/lib/datadog/error_tracking/configuration/settings.rb +0 -63
|
@@ -1,423 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require_relative '../../core/utils/duration'
|
|
4
|
-
require_relative '../sample_rate'
|
|
5
|
-
|
|
6
|
-
module Datadog
|
|
7
|
-
module AppSec
|
|
8
|
-
module Configuration
|
|
9
|
-
# Settings
|
|
10
|
-
module Settings
|
|
11
|
-
# rubocop:disable Layout/LineLength
|
|
12
|
-
DEFAULT_OBFUSCATOR_KEY_REGEX = '(?i)pass|pw(?:or)?d|secret|(?:api|private|public|access)[_-]?key|token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization|jsessionid|phpsessid|asp\.net[_-]sessionid|sid|jwt'
|
|
13
|
-
DEFAULT_OBFUSCATOR_VALUE_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\.net(?:[_-]|-)sessionid|sid|jwt)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}'
|
|
14
|
-
# rubocop:enable Layout/LineLength
|
|
15
|
-
|
|
16
|
-
DISABLED_AUTO_USER_INSTRUMENTATION_MODE = 'disabled'
|
|
17
|
-
ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE = 'anonymization'
|
|
18
|
-
IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE = 'identification'
|
|
19
|
-
AUTO_USER_INSTRUMENTATION_MODES = [
|
|
20
|
-
DISABLED_AUTO_USER_INSTRUMENTATION_MODE,
|
|
21
|
-
ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE,
|
|
22
|
-
IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
|
|
23
|
-
].freeze
|
|
24
|
-
AUTO_USER_INSTRUMENTATION_MODES_ALIASES = {
|
|
25
|
-
'ident' => IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE,
|
|
26
|
-
'anon' => ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE,
|
|
27
|
-
}.freeze
|
|
28
|
-
|
|
29
|
-
# NOTE: These two constants are deprecated
|
|
30
|
-
SAFE_TRACK_USER_EVENTS_MODE = 'safe'
|
|
31
|
-
EXTENDED_TRACK_USER_EVENTS_MODE = 'extended'
|
|
32
|
-
APPSEC_VALID_TRACK_USER_EVENTS_MODE = [
|
|
33
|
-
SAFE_TRACK_USER_EVENTS_MODE, EXTENDED_TRACK_USER_EVENTS_MODE
|
|
34
|
-
].freeze
|
|
35
|
-
APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES = ['1', 'true'].concat(
|
|
36
|
-
APPSEC_VALID_TRACK_USER_EVENTS_MODE
|
|
37
|
-
).freeze
|
|
38
|
-
|
|
39
|
-
def self.extended(base)
|
|
40
|
-
base = base.singleton_class unless base.is_a?(Class)
|
|
41
|
-
add_settings!(base)
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
# rubocop:disable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
|
45
|
-
def self.add_settings!(base)
|
|
46
|
-
base.class_eval do
|
|
47
|
-
settings :appsec do
|
|
48
|
-
option :enabled do |o|
|
|
49
|
-
o.type :bool
|
|
50
|
-
o.env 'DD_APPSEC_ENABLED'
|
|
51
|
-
o.default false
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
define_method(:instrument) do |integration_name|
|
|
55
|
-
if enabled
|
|
56
|
-
registered_integration = Datadog::AppSec::Contrib::Integration.registry[integration_name]
|
|
57
|
-
if registered_integration
|
|
58
|
-
klass = registered_integration.klass
|
|
59
|
-
if klass.loaded? && klass.compatible?
|
|
60
|
-
instance = klass.new
|
|
61
|
-
instance.patcher.patch unless instance.patcher.patched?
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
# RASP or Runtime Application Self-Protection
|
|
68
|
-
# is a collection of techniques and heuristics aimed at detecting malicious inputs and preventing
|
|
69
|
-
# any potential side-effects on the application resulting from the use of said malicious inputs.
|
|
70
|
-
option :rasp_enabled do |o|
|
|
71
|
-
o.type :bool, nilable: true
|
|
72
|
-
o.env 'DD_APPSEC_RASP_ENABLED'
|
|
73
|
-
o.default true
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
option :ruleset do |o|
|
|
77
|
-
o.env 'DD_APPSEC_RULES'
|
|
78
|
-
o.default :recommended
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
option :ip_passlist do |o|
|
|
82
|
-
o.default []
|
|
83
|
-
|
|
84
|
-
o.setter do |value|
|
|
85
|
-
next value if value.nil? || value.empty?
|
|
86
|
-
|
|
87
|
-
Datadog::Core.log_deprecation(disallowed_next_major: false) do
|
|
88
|
-
'The ip_passlist setting is deprecated and will be removed in the next release. ' \
|
|
89
|
-
'Please migrate this configuration to your service settings via the Datadog UI'
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
value
|
|
93
|
-
end
|
|
94
|
-
end
|
|
95
|
-
|
|
96
|
-
option :ip_denylist do |o|
|
|
97
|
-
o.type :array
|
|
98
|
-
o.default []
|
|
99
|
-
|
|
100
|
-
o.setter do |value|
|
|
101
|
-
next value if value.nil? || value.empty?
|
|
102
|
-
|
|
103
|
-
Datadog::Core.log_deprecation(disallowed_next_major: false) do
|
|
104
|
-
'The ip_denylist setting is deprecated and will be removed in the next release. ' \
|
|
105
|
-
'Please migrate this configuration to your service settings via the Datadog UI'
|
|
106
|
-
end
|
|
107
|
-
|
|
108
|
-
value
|
|
109
|
-
end
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
option :user_id_denylist do |o|
|
|
113
|
-
o.type :array
|
|
114
|
-
o.default []
|
|
115
|
-
|
|
116
|
-
o.setter do |value|
|
|
117
|
-
next value if value.nil? || value.empty?
|
|
118
|
-
|
|
119
|
-
Datadog::Core.log_deprecation(disallowed_next_major: false) do
|
|
120
|
-
'The user_id_denylist setting is deprecated and will be removed in the next release. ' \
|
|
121
|
-
'Please migrate this configuration to your service settings via the Datadog UI'
|
|
122
|
-
end
|
|
123
|
-
|
|
124
|
-
value
|
|
125
|
-
end
|
|
126
|
-
end
|
|
127
|
-
|
|
128
|
-
option :waf_timeout do |o|
|
|
129
|
-
o.env 'DD_APPSEC_WAF_TIMEOUT' # us
|
|
130
|
-
o.default 5_000
|
|
131
|
-
o.setter do |v|
|
|
132
|
-
Datadog::Core::Utils::Duration.call(v.to_s, base: :us)
|
|
133
|
-
end
|
|
134
|
-
end
|
|
135
|
-
|
|
136
|
-
option :waf_debug do |o|
|
|
137
|
-
o.env 'DD_APPSEC_WAF_DEBUG'
|
|
138
|
-
o.default false
|
|
139
|
-
o.type :bool
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
option :trace_rate_limit do |o|
|
|
143
|
-
o.type :int
|
|
144
|
-
o.env 'DD_APPSEC_TRACE_RATE_LIMIT' # trace/s
|
|
145
|
-
o.default 100
|
|
146
|
-
end
|
|
147
|
-
|
|
148
|
-
option :obfuscator_key_regex do |o|
|
|
149
|
-
o.type :string
|
|
150
|
-
o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP'
|
|
151
|
-
o.default DEFAULT_OBFUSCATOR_KEY_REGEX
|
|
152
|
-
end
|
|
153
|
-
|
|
154
|
-
option :obfuscator_value_regex do |o|
|
|
155
|
-
o.type :string
|
|
156
|
-
o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP'
|
|
157
|
-
o.default DEFAULT_OBFUSCATOR_VALUE_REGEX
|
|
158
|
-
end
|
|
159
|
-
|
|
160
|
-
settings :block do
|
|
161
|
-
settings :templates do
|
|
162
|
-
option :html do |o|
|
|
163
|
-
o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML'
|
|
164
|
-
o.type :string, nilable: true
|
|
165
|
-
o.setter do |value|
|
|
166
|
-
if value
|
|
167
|
-
unless File.exist?(value)
|
|
168
|
-
raise(ArgumentError,
|
|
169
|
-
"appsec.templates.html: file not found: #{value}")
|
|
170
|
-
end
|
|
171
|
-
|
|
172
|
-
File.binread(value) || ''
|
|
173
|
-
end
|
|
174
|
-
end
|
|
175
|
-
end
|
|
176
|
-
|
|
177
|
-
option :json do |o|
|
|
178
|
-
o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON'
|
|
179
|
-
o.type :string, nilable: true
|
|
180
|
-
o.setter do |value|
|
|
181
|
-
if value
|
|
182
|
-
unless File.exist?(value)
|
|
183
|
-
raise(ArgumentError,
|
|
184
|
-
"appsec.templates.json: file not found: #{value}")
|
|
185
|
-
end
|
|
186
|
-
|
|
187
|
-
File.binread(value) || ''
|
|
188
|
-
end
|
|
189
|
-
end
|
|
190
|
-
end
|
|
191
|
-
|
|
192
|
-
option :text do |o|
|
|
193
|
-
o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_TEXT'
|
|
194
|
-
o.type :string, nilable: true
|
|
195
|
-
o.setter do |value|
|
|
196
|
-
if value
|
|
197
|
-
unless File.exist?(value)
|
|
198
|
-
raise(ArgumentError,
|
|
199
|
-
"appsec.templates.text: file not found: #{value}")
|
|
200
|
-
end
|
|
201
|
-
|
|
202
|
-
File.binread(value) || ''
|
|
203
|
-
end
|
|
204
|
-
end
|
|
205
|
-
end
|
|
206
|
-
end
|
|
207
|
-
end
|
|
208
|
-
|
|
209
|
-
settings :stack_trace do
|
|
210
|
-
option :enabled do |o|
|
|
211
|
-
o.type :bool
|
|
212
|
-
o.env 'DD_APPSEC_STACK_TRACE_ENABLED'
|
|
213
|
-
o.default true
|
|
214
|
-
end
|
|
215
|
-
|
|
216
|
-
# The maximum number of stack trace frames to collect for each stack trace.
|
|
217
|
-
#
|
|
218
|
-
# If the stack trace exceeds this limit, the frames are dropped from the middle of the stack trace:
|
|
219
|
-
# 75% of the frames are kept from the top of the stack trace and 25% from the bottom
|
|
220
|
-
# (this percentage is also configurable).
|
|
221
|
-
#
|
|
222
|
-
# Minimum value is 10.
|
|
223
|
-
# Set to zero if you don't want any frames to be dropped.
|
|
224
|
-
#
|
|
225
|
-
# Default value is 32
|
|
226
|
-
option :max_depth do |o|
|
|
227
|
-
o.type :int
|
|
228
|
-
o.env 'DD_APPSEC_MAX_STACK_TRACE_DEPTH'
|
|
229
|
-
o.default 32
|
|
230
|
-
|
|
231
|
-
o.setter do |value|
|
|
232
|
-
value = 0 if value < 0
|
|
233
|
-
value
|
|
234
|
-
end
|
|
235
|
-
end
|
|
236
|
-
|
|
237
|
-
# The percentage of frames to keep from the top of the stack trace.
|
|
238
|
-
#
|
|
239
|
-
# Default value is 75
|
|
240
|
-
option :top_percentage do |o|
|
|
241
|
-
o.type :int
|
|
242
|
-
o.env 'DD_APPSEC_MAX_STACK_TRACE_DEPTH_TOP_PERCENT'
|
|
243
|
-
o.default 75
|
|
244
|
-
|
|
245
|
-
o.setter do |value|
|
|
246
|
-
value = 100 if value > 100
|
|
247
|
-
value = 0 if value.negative?
|
|
248
|
-
value
|
|
249
|
-
end
|
|
250
|
-
end
|
|
251
|
-
|
|
252
|
-
# Maximum number of stack traces to collect per span.
|
|
253
|
-
#
|
|
254
|
-
# Set to zero if you want to collect all stack traces.
|
|
255
|
-
#
|
|
256
|
-
# Default value is 2
|
|
257
|
-
option :max_stack_traces do |o|
|
|
258
|
-
o.type :int
|
|
259
|
-
o.env 'DD_APPSEC_MAX_STACK_TRACES'
|
|
260
|
-
o.default 2
|
|
261
|
-
|
|
262
|
-
o.setter do |value|
|
|
263
|
-
value = 0 if value < 0
|
|
264
|
-
value
|
|
265
|
-
end
|
|
266
|
-
end
|
|
267
|
-
end
|
|
268
|
-
|
|
269
|
-
settings :auto_user_instrumentation do
|
|
270
|
-
define_method(:enabled?) { get_option(:mode) != DISABLED_AUTO_USER_INSTRUMENTATION_MODE }
|
|
271
|
-
|
|
272
|
-
option :mode do |o|
|
|
273
|
-
o.type :string
|
|
274
|
-
o.env 'DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE'
|
|
275
|
-
o.default IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
|
|
276
|
-
o.setter do |value|
|
|
277
|
-
mode = AUTO_USER_INSTRUMENTATION_MODES_ALIASES.fetch(value, value)
|
|
278
|
-
next mode if AUTO_USER_INSTRUMENTATION_MODES.include?(mode)
|
|
279
|
-
|
|
280
|
-
Datadog.logger.warn(
|
|
281
|
-
'The appsec.auto_user_instrumentation.mode value provided is not supported. ' \
|
|
282
|
-
"Supported values are: #{AUTO_USER_INSTRUMENTATION_MODES.join(" | ")}. " \
|
|
283
|
-
"Using value: #{DISABLED_AUTO_USER_INSTRUMENTATION_MODE}."
|
|
284
|
-
)
|
|
285
|
-
|
|
286
|
-
DISABLED_AUTO_USER_INSTRUMENTATION_MODE
|
|
287
|
-
end
|
|
288
|
-
end
|
|
289
|
-
end
|
|
290
|
-
|
|
291
|
-
# DEV-3.0: Remove `track_user_events.enabled` and `track_user_events.mode` options
|
|
292
|
-
settings :track_user_events do
|
|
293
|
-
option :enabled do |o|
|
|
294
|
-
o.default true
|
|
295
|
-
o.type :bool
|
|
296
|
-
o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
|
|
297
|
-
o.env_parser do |env_value|
|
|
298
|
-
if env_value == 'disabled'
|
|
299
|
-
false
|
|
300
|
-
else
|
|
301
|
-
APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES.include?(env_value.strip.downcase)
|
|
302
|
-
end
|
|
303
|
-
end
|
|
304
|
-
o.after_set do |_, _, precedence|
|
|
305
|
-
unless precedence == Datadog::Core::Configuration::Option::Precedence::DEFAULT
|
|
306
|
-
Core.log_deprecation(key: :appsec_track_user_events_enabled) do
|
|
307
|
-
'The appsec.track_user_events.enabled setting is deprecated. ' \
|
|
308
|
-
'Please remove it from your Datadog.configure block and use ' \
|
|
309
|
-
'appsec.auto_user_instrumentation.mode instead.'
|
|
310
|
-
end
|
|
311
|
-
end
|
|
312
|
-
end
|
|
313
|
-
end
|
|
314
|
-
|
|
315
|
-
option :mode do |o|
|
|
316
|
-
o.type :string
|
|
317
|
-
o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
|
|
318
|
-
o.default SAFE_TRACK_USER_EVENTS_MODE
|
|
319
|
-
o.setter do |v|
|
|
320
|
-
if APPSEC_VALID_TRACK_USER_EVENTS_MODE.include?(v)
|
|
321
|
-
v
|
|
322
|
-
elsif v == 'disabled'
|
|
323
|
-
SAFE_TRACK_USER_EVENTS_MODE
|
|
324
|
-
else
|
|
325
|
-
Datadog.logger.warn(
|
|
326
|
-
'The appsec.track_user_events.mode value provided is not supported.' \
|
|
327
|
-
"Supported values are: #{APPSEC_VALID_TRACK_USER_EVENTS_MODE.join(" | ")}." \
|
|
328
|
-
"Using default value: #{SAFE_TRACK_USER_EVENTS_MODE}."
|
|
329
|
-
)
|
|
330
|
-
|
|
331
|
-
SAFE_TRACK_USER_EVENTS_MODE
|
|
332
|
-
end
|
|
333
|
-
end
|
|
334
|
-
o.after_set do |_, _, precedence|
|
|
335
|
-
unless precedence == Datadog::Core::Configuration::Option::Precedence::DEFAULT
|
|
336
|
-
Core.log_deprecation(key: :appsec_track_user_events_mode) do
|
|
337
|
-
'The appsec.track_user_events.mode setting is deprecated. ' \
|
|
338
|
-
'Please remove it from your Datadog.configure block and use ' \
|
|
339
|
-
'appsec.auto_user_instrumentation.mode instead.'
|
|
340
|
-
end
|
|
341
|
-
end
|
|
342
|
-
end
|
|
343
|
-
end
|
|
344
|
-
end
|
|
345
|
-
|
|
346
|
-
settings :api_security do
|
|
347
|
-
define_method(:enabled?) { get_option(:enabled) }
|
|
348
|
-
|
|
349
|
-
option :enabled do |o|
|
|
350
|
-
o.type :bool
|
|
351
|
-
o.env 'DD_API_SECURITY_ENABLED'
|
|
352
|
-
o.default true
|
|
353
|
-
end
|
|
354
|
-
|
|
355
|
-
settings :endpoint_collection do
|
|
356
|
-
# Enables reporting of application routes at application start via telemetry
|
|
357
|
-
option :enabled do |o|
|
|
358
|
-
o.type :bool, nilable: true
|
|
359
|
-
o.env 'DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED'
|
|
360
|
-
o.default true
|
|
361
|
-
end
|
|
362
|
-
end
|
|
363
|
-
|
|
364
|
-
# NOTE: Unfortunately, we have to go with Float due to other libs
|
|
365
|
-
# setup, even tho we don't plan to support sub-second delays.
|
|
366
|
-
#
|
|
367
|
-
# WARNING: The value will be converted to Integer.
|
|
368
|
-
option :sample_delay do |o|
|
|
369
|
-
o.type :float
|
|
370
|
-
o.env 'DD_API_SECURITY_SAMPLE_DELAY'
|
|
371
|
-
o.default 30
|
|
372
|
-
o.setter do |value|
|
|
373
|
-
value.to_i
|
|
374
|
-
end
|
|
375
|
-
end
|
|
376
|
-
|
|
377
|
-
# DEV-3.0: Remove `api_security.sample_rate` option
|
|
378
|
-
option :sample_rate do |o|
|
|
379
|
-
o.type :float
|
|
380
|
-
o.env 'DD_API_SECURITY_REQUEST_SAMPLE_RATE'
|
|
381
|
-
o.default 0.1
|
|
382
|
-
o.setter do |value|
|
|
383
|
-
value = 1 if value > 1
|
|
384
|
-
SampleRate.new(value)
|
|
385
|
-
end
|
|
386
|
-
o.after_set do |_, _, precedence|
|
|
387
|
-
next if precedence == Datadog::Core::Configuration::Option::Precedence::DEFAULT
|
|
388
|
-
|
|
389
|
-
Core.log_deprecation(key: :appsec_api_security_sample_rate) do
|
|
390
|
-
'The appsec.api_security.sample_rate setting is deprecated. ' \
|
|
391
|
-
'Please remove it from your Datadog.configure block and use ' \
|
|
392
|
-
'appsec.api_security.sample_delay instead.'
|
|
393
|
-
end
|
|
394
|
-
end
|
|
395
|
-
end
|
|
396
|
-
|
|
397
|
-
settings :downstream_body_analysis do
|
|
398
|
-
option :sample_rate do |o|
|
|
399
|
-
o.type :float
|
|
400
|
-
o.env 'DD_API_SECURITY_DOWNSTREAM_BODY_ANALYSIS_SAMPLE_RATE'
|
|
401
|
-
o.default 0.5
|
|
402
|
-
end
|
|
403
|
-
|
|
404
|
-
option :max_requests do |o|
|
|
405
|
-
o.type :int
|
|
406
|
-
o.env 'DD_API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS'
|
|
407
|
-
o.default 1
|
|
408
|
-
end
|
|
409
|
-
end
|
|
410
|
-
end
|
|
411
|
-
|
|
412
|
-
option :sca_enabled do |o|
|
|
413
|
-
o.type :bool, nilable: true
|
|
414
|
-
o.env 'DD_APPSEC_SCA_ENABLED'
|
|
415
|
-
end
|
|
416
|
-
end
|
|
417
|
-
end
|
|
418
|
-
end
|
|
419
|
-
# rubocop:enable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
|
420
|
-
end
|
|
421
|
-
end
|
|
422
|
-
end
|
|
423
|
-
end
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require_relative '../../core/environment/variable_helpers'
|
|
4
|
-
require_relative '../ext'
|
|
5
|
-
|
|
6
|
-
module Datadog
|
|
7
|
-
module DataStreams
|
|
8
|
-
module Configuration
|
|
9
|
-
# Configuration settings for Data Streams Monitoring.
|
|
10
|
-
module Settings
|
|
11
|
-
def self.extended(base)
|
|
12
|
-
base = base.singleton_class unless base.is_a?(Class)
|
|
13
|
-
add_settings!(base)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def self.add_settings!(base)
|
|
17
|
-
base.class_eval do
|
|
18
|
-
# Data Streams Monitoring configuration
|
|
19
|
-
# @public_api
|
|
20
|
-
settings :data_streams do
|
|
21
|
-
# Whether Data Streams Monitoring is enabled. When enabled, the library will
|
|
22
|
-
# collect and report data lineage information for messaging systems.
|
|
23
|
-
#
|
|
24
|
-
# @default `DD_DATA_STREAMS_ENABLED` environment variable, otherwise `false`.
|
|
25
|
-
# @return [Boolean]
|
|
26
|
-
option :enabled do |o|
|
|
27
|
-
o.type :bool
|
|
28
|
-
o.env Ext::ENV_ENABLED
|
|
29
|
-
o.default false
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
# The interval (in seconds) at which Data Streams Monitoring stats are flushed.
|
|
33
|
-
#
|
|
34
|
-
# @default 10.0
|
|
35
|
-
# @env '_DD_TRACE_STATS_WRITER_INTERVAL'
|
|
36
|
-
# @return [Float]
|
|
37
|
-
# @!visibility private
|
|
38
|
-
option :interval do |o|
|
|
39
|
-
o.type :float
|
|
40
|
-
o.env '_DD_TRACE_STATS_WRITER_INTERVAL'
|
|
41
|
-
o.default 10.0
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
|
-
end
|