RubyGems - datadog - Versions diffs - 2.7.1 → 2.17.0 - Mend

datadog 2.7.1 → 2.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (417) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +310 -1
data/ext/datadog_profiling_native_extension/clock_id.h +2 -2
data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +66 -56
data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +1 -1
data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +1 -1
data/ext/datadog_profiling_native_extension/collectors_idle_sampling_helper.c +16 -16
data/ext/datadog_profiling_native_extension/collectors_stack.c +10 -10
data/ext/datadog_profiling_native_extension/collectors_stack.h +2 -2
data/ext/datadog_profiling_native_extension/collectors_thread_context.c +314 -145
data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
data/ext/datadog_profiling_native_extension/encoded_profile.c +79 -0
data/ext/datadog_profiling_native_extension/encoded_profile.h +8 -0
data/ext/datadog_profiling_native_extension/extconf.rb +7 -8
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.c +2 -0
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.h +0 -8
data/ext/datadog_profiling_native_extension/heap_recorder.c +61 -174
data/ext/datadog_profiling_native_extension/heap_recorder.h +2 -2
data/ext/datadog_profiling_native_extension/http_transport.c +64 -98
data/ext/datadog_profiling_native_extension/private_vm_api_access.c +68 -1
data/ext/datadog_profiling_native_extension/private_vm_api_access.h +10 -1
data/ext/datadog_profiling_native_extension/profiling.c +19 -8
data/ext/datadog_profiling_native_extension/ruby_helpers.c +8 -8
data/ext/datadog_profiling_native_extension/stack_recorder.c +84 -131
data/ext/datadog_profiling_native_extension/stack_recorder.h +2 -2
data/ext/datadog_profiling_native_extension/time_helpers.h +1 -1
data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.c +47 -0
data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.h +31 -0
data/ext/libdatadog_api/crashtracker.c +17 -15
data/ext/libdatadog_api/crashtracker.h +5 -0
data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
data/ext/libdatadog_api/init.c +15 -0
data/ext/libdatadog_api/library_config.c +122 -0
data/ext/libdatadog_api/library_config.h +19 -0
data/ext/libdatadog_api/macos_development.md +3 -3
data/ext/libdatadog_api/process_discovery.c +117 -0
data/ext/libdatadog_api/process_discovery.h +5 -0
data/ext/libdatadog_extconf_helpers.rb +1 -1
data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb +89 -0
data/lib/datadog/appsec/actions_handler.rb +49 -0
data/lib/datadog/appsec/anonymizer.rb +16 -0
data/lib/datadog/appsec/api_security/lru_cache.rb +49 -0
data/lib/datadog/appsec/api_security.rb +9 -0
data/lib/datadog/appsec/assets/waf_rules/README.md +50 -5
data/lib/datadog/appsec/assets/waf_rules/processors.json +239 -10
data/lib/datadog/appsec/assets/waf_rules/recommended.json +355 -157
data/lib/datadog/appsec/assets/waf_rules/scanners.json +926 -17
data/lib/datadog/appsec/assets/waf_rules/strict.json +62 -32
data/lib/datadog/appsec/autoload.rb +1 -1
data/lib/datadog/appsec/component.rb +41 -33
data/lib/datadog/appsec/compressed_json.rb +40 -0
data/lib/datadog/appsec/configuration/settings.rb +152 -25
data/lib/datadog/appsec/context.rb +74 -0
data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +92 -0
data/lib/datadog/appsec/contrib/active_record/integration.rb +41 -0
data/lib/datadog/appsec/contrib/active_record/patcher.rb +101 -0
data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
data/lib/datadog/appsec/contrib/devise/configuration.rb +52 -0
data/lib/datadog/appsec/contrib/devise/data_extractor.rb +78 -0
data/lib/datadog/appsec/contrib/devise/ext.rb +22 -0
data/lib/datadog/appsec/contrib/devise/integration.rb +1 -2
data/lib/datadog/appsec/contrib/devise/patcher.rb +33 -25
data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +102 -0
data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb +69 -0
data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} +3 -3
data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +106 -0
data/lib/datadog/appsec/contrib/excon/integration.rb +41 -0
data/lib/datadog/appsec/contrib/excon/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +42 -0
data/lib/datadog/appsec/contrib/faraday/connection_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/integration.rb +42 -0
data/lib/datadog/appsec/contrib/faraday/patcher.rb +53 -0
data/lib/datadog/appsec/contrib/faraday/rack_builder_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +41 -0
data/lib/datadog/appsec/contrib/graphql/appsec_trace.rb +1 -7
data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +17 -30
data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
data/lib/datadog/appsec/contrib/graphql/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/ext.rb +34 -0
data/lib/datadog/appsec/contrib/rack/gateway/response.rb +3 -3
data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +78 -98
data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rack/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +10 -11
data/lib/datadog/appsec/contrib/rack/request_middleware.rb +52 -68
data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +16 -33
data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rails/patcher.rb +25 -38
data/lib/datadog/appsec/contrib/rest_client/integration.rb +45 -0
data/lib/datadog/appsec/contrib/rest_client/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +38 -0
data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +31 -68
data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
data/lib/datadog/appsec/contrib/sinatra/patcher.rb +5 -31
data/lib/datadog/appsec/event.rb +96 -135
data/lib/datadog/appsec/ext.rb +12 -3
data/lib/datadog/appsec/instrumentation/gateway/argument.rb +7 -2
data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
data/lib/datadog/appsec/metrics/collector.rb +38 -0
data/lib/datadog/appsec/metrics/exporter.rb +35 -0
data/lib/datadog/appsec/metrics/telemetry.rb +23 -0
data/lib/datadog/appsec/metrics.rb +13 -0
data/lib/datadog/appsec/monitor/gateway/watcher.rb +52 -32
data/lib/datadog/appsec/processor/rule_loader.rb +26 -31
data/lib/datadog/appsec/processor/rule_merger.rb +7 -6
data/lib/datadog/appsec/processor.rb +5 -4
data/lib/datadog/appsec/remote.rb +26 -12
data/lib/datadog/appsec/response.rb +19 -85
data/lib/datadog/appsec/security_engine/result.rb +67 -0
data/lib/datadog/appsec/security_engine/runner.rb +88 -0
data/lib/datadog/appsec/security_engine.rb +9 -0
data/lib/datadog/appsec/security_event.rb +39 -0
data/lib/datadog/appsec/utils.rb +0 -2
data/lib/datadog/appsec.rb +23 -10
data/lib/datadog/auto_instrument.rb +3 -0
data/lib/datadog/core/buffer/random.rb +18 -2
data/lib/datadog/core/configuration/agent_settings_resolver.rb +42 -14
data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
data/lib/datadog/core/configuration/components.rb +76 -32
data/lib/datadog/core/configuration/components_state.rb +23 -0
data/lib/datadog/core/configuration/ext.rb +5 -1
data/lib/datadog/core/configuration/option.rb +79 -43
data/lib/datadog/core/configuration/option_definition.rb +6 -4
data/lib/datadog/core/configuration/options.rb +3 -3
data/lib/datadog/core/configuration/settings.rb +100 -41
data/lib/datadog/core/configuration/stable_config.rb +23 -0
data/lib/datadog/core/configuration.rb +43 -11
data/lib/datadog/{tracing → core}/contrib/rails/utils.rb +1 -3
data/lib/datadog/core/crashtracking/component.rb +4 -13
data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
data/lib/datadog/core/encoding.rb +17 -1
data/lib/datadog/core/environment/agent_info.rb +78 -0
data/lib/datadog/core/environment/cgroup.rb +10 -12
data/lib/datadog/core/environment/container.rb +38 -40
data/lib/datadog/core/environment/ext.rb +6 -6
data/lib/datadog/core/environment/git.rb +1 -0
data/lib/datadog/core/environment/identity.rb +3 -3
data/lib/datadog/core/environment/platform.rb +3 -3
data/lib/datadog/core/environment/variable_helpers.rb +1 -1
data/lib/datadog/core/error.rb +11 -9
data/lib/datadog/core/logger.rb +2 -2
data/lib/datadog/core/metrics/client.rb +27 -27
data/lib/datadog/core/metrics/logging.rb +5 -5
data/lib/datadog/core/process_discovery.rb +32 -0
data/lib/datadog/core/rate_limiter.rb +4 -2
data/lib/datadog/core/remote/client/capabilities.rb +6 -0
data/lib/datadog/core/remote/client.rb +107 -92
data/lib/datadog/core/remote/component.rb +18 -19
data/lib/datadog/core/remote/configuration/digest.rb +7 -7
data/lib/datadog/core/remote/configuration/path.rb +1 -1
data/lib/datadog/core/remote/configuration/repository.rb +2 -1
data/lib/datadog/core/remote/negotiation.rb +9 -9
data/lib/datadog/core/remote/transport/config.rb +4 -3
data/lib/datadog/core/remote/transport/http/api.rb +13 -18
data/lib/datadog/core/remote/transport/http/client.rb +5 -4
data/lib/datadog/core/remote/transport/http/config.rb +27 -55
data/lib/datadog/core/remote/transport/http/negotiation.rb +8 -51
data/lib/datadog/core/remote/transport/http.rb +25 -94
data/lib/datadog/core/remote/transport/negotiation.rb +17 -4
data/lib/datadog/core/remote/worker.rb +10 -7
data/lib/datadog/core/runtime/metrics.rb +12 -5
data/lib/datadog/core/telemetry/component.rb +84 -49
data/lib/datadog/core/telemetry/emitter.rb +23 -11
data/lib/datadog/core/telemetry/event/app_client_configuration_change.rb +65 -0
data/lib/datadog/core/telemetry/event/app_closing.rb +18 -0
data/lib/datadog/core/telemetry/event/app_dependencies_loaded.rb +33 -0
data/lib/datadog/core/telemetry/event/app_heartbeat.rb +18 -0
data/lib/datadog/core/telemetry/event/app_integrations_change.rb +58 -0
data/lib/datadog/core/telemetry/event/app_started.rb +179 -0
data/lib/datadog/core/telemetry/event/base.rb +40 -0
data/lib/datadog/core/telemetry/event/distributions.rb +18 -0
data/lib/datadog/core/telemetry/event/generate_metrics.rb +43 -0
data/lib/datadog/core/telemetry/event/log.rb +76 -0
data/lib/datadog/core/telemetry/event/message_batch.rb +42 -0
data/lib/datadog/core/telemetry/event/synth_app_client_configuration_change.rb +43 -0
data/lib/datadog/core/telemetry/event.rb +17 -383
data/lib/datadog/core/telemetry/ext.rb +1 -0
data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
data/lib/datadog/core/telemetry/logger.rb +1 -1
data/lib/datadog/core/telemetry/logging.rb +2 -2
data/lib/datadog/core/telemetry/metric.rb +28 -6
data/lib/datadog/core/telemetry/request.rb +4 -4
data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
data/lib/datadog/core/telemetry/transport/http.rb +63 -0
data/lib/datadog/core/telemetry/transport/telemetry.rb +51 -0
data/lib/datadog/core/telemetry/worker.rb +128 -25
data/lib/datadog/core/transport/http/adapters/test.rb +2 -1
data/lib/datadog/core/transport/http/adapters/unix_socket.rb +1 -1
data/lib/datadog/{tracing → core}/transport/http/api/instance.rb +18 -1
data/lib/datadog/core/transport/http/api/spec.rb +36 -0
data/lib/datadog/{tracing → core}/transport/http/builder.rb +53 -31
data/lib/datadog/core/transport/http.rb +75 -0
data/lib/datadog/core/transport/response.rb +4 -0
data/lib/datadog/core/utils/at_fork_monkey_patch.rb +6 -6
data/lib/datadog/core/utils/duration.rb +32 -32
data/lib/datadog/core/utils/forking.rb +2 -2
data/lib/datadog/core/utils/network.rb +6 -6
data/lib/datadog/core/utils/only_once_successful.rb +16 -5
data/lib/datadog/core/utils/time.rb +20 -0
data/lib/datadog/core/utils/truncation.rb +21 -0
data/lib/datadog/core/vendor/multipart-post/multipart/post/composite_read_io.rb +1 -1
data/lib/datadog/core/vendor/multipart-post/multipart/post/multipartable.rb +8 -8
data/lib/datadog/core/vendor/multipart-post/multipart/post/parts.rb +7 -7
data/lib/datadog/core/worker.rb +1 -1
data/lib/datadog/core/workers/async.rb +29 -12
data/lib/datadog/core/workers/interval_loop.rb +12 -1
data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
data/lib/datadog/core.rb +8 -0
data/lib/datadog/di/base.rb +115 -0
data/lib/datadog/di/boot.rb +34 -0
data/lib/datadog/di/code_tracker.rb +26 -15
data/lib/datadog/di/component.rb +23 -14
data/lib/datadog/di/configuration/settings.rb +25 -1
data/lib/datadog/di/contrib/active_record.rb +1 -0
data/lib/datadog/di/contrib/railtie.rb +15 -0
data/lib/datadog/di/contrib.rb +28 -0
data/lib/datadog/di/error.rb +5 -0
data/lib/datadog/di/instrumenter.rb +111 -20
data/lib/datadog/di/logger.rb +30 -0
data/lib/datadog/di/preload.rb +18 -0
data/lib/datadog/di/probe.rb +14 -7
data/lib/datadog/di/probe_builder.rb +1 -0
data/lib/datadog/di/probe_manager.rb +11 -5
data/lib/datadog/di/probe_notification_builder.rb +34 -8
data/lib/datadog/di/probe_notifier_worker.rb +52 -26
data/lib/datadog/di/redactor.rb +0 -1
data/lib/datadog/di/remote.rb +147 -0
data/lib/datadog/di/serializer.rb +14 -7
data/lib/datadog/di/transport/diagnostics.rb +62 -0
data/lib/datadog/di/transport/http/api.rb +42 -0
data/lib/datadog/di/transport/http/client.rb +47 -0
data/lib/datadog/di/transport/http/diagnostics.rb +65 -0
data/lib/datadog/di/transport/http/input.rb +67 -0
data/lib/datadog/di/transport/http.rb +57 -0
data/lib/datadog/di/transport/input.rb +62 -0
data/lib/datadog/di/utils.rb +103 -0
data/lib/datadog/di.rb +14 -76
data/lib/datadog/error_tracking/collector.rb +87 -0
data/lib/datadog/error_tracking/component.rb +167 -0
data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
data/lib/datadog/error_tracking/configuration.rb +11 -0
data/lib/datadog/error_tracking/ext.rb +18 -0
data/lib/datadog/error_tracking/extensions.rb +16 -0
data/lib/datadog/error_tracking/filters.rb +77 -0
data/lib/datadog/error_tracking.rb +18 -0
data/lib/datadog/kit/appsec/events.rb +15 -3
data/lib/datadog/kit/identity.rb +9 -5
data/lib/datadog/opentelemetry/api/baggage.rb +90 -0
data/lib/datadog/opentelemetry/api/baggage.rbs +26 -0
data/lib/datadog/opentelemetry/api/context.rb +16 -2
data/lib/datadog/opentelemetry/sdk/trace/span.rb +1 -1
data/lib/datadog/opentelemetry.rb +2 -1
data/lib/datadog/profiling/collectors/code_provenance.rb +1 -1
data/lib/datadog/profiling/collectors/info.rb +3 -0
data/lib/datadog/profiling/collectors/thread_context.rb +1 -1
data/lib/datadog/profiling/component.rb +60 -76
data/lib/datadog/profiling/encoded_profile.rb +11 -0
data/lib/datadog/profiling/exporter.rb +3 -4
data/lib/datadog/profiling/ext.rb +0 -2
data/lib/datadog/profiling/flush.rb +5 -8
data/lib/datadog/profiling/http_transport.rb +6 -85
data/lib/datadog/profiling/load_native_extension.rb +1 -33
data/lib/datadog/profiling/scheduler.rb +8 -1
data/lib/datadog/profiling/stack_recorder.rb +4 -4
data/lib/datadog/profiling/tag_builder.rb +1 -5
data/lib/datadog/profiling.rb +6 -2
data/lib/datadog/tracing/analytics.rb +1 -1
data/lib/datadog/tracing/component.rb +16 -12
data/lib/datadog/tracing/configuration/ext.rb +8 -1
data/lib/datadog/tracing/configuration/settings.rb +22 -10
data/lib/datadog/tracing/context_provider.rb +1 -1
data/lib/datadog/tracing/contrib/action_cable/integration.rb +5 -2
data/lib/datadog/tracing/contrib/action_mailer/integration.rb +6 -2
data/lib/datadog/tracing/contrib/action_pack/integration.rb +5 -2
data/lib/datadog/tracing/contrib/action_view/integration.rb +5 -2
data/lib/datadog/tracing/contrib/active_job/integration.rb +5 -2
data/lib/datadog/tracing/contrib/active_record/integration.rb +7 -3
data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +7 -2
data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +36 -1
data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +4 -0
data/lib/datadog/tracing/contrib/active_support/cache/redis.rb +14 -4
data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -0
data/lib/datadog/tracing/contrib/active_support/integration.rb +5 -2
data/lib/datadog/tracing/contrib/auto_instrument.rb +2 -2
data/lib/datadog/tracing/contrib/aws/instrumentation.rb +10 -0
data/lib/datadog/tracing/contrib/aws/integration.rb +3 -0
data/lib/datadog/tracing/contrib/aws/parsed_context.rb +5 -1
data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +3 -0
data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +4 -0
data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +6 -1
data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +4 -5
data/lib/datadog/tracing/contrib/excon/middleware.rb +5 -3
data/lib/datadog/tracing/contrib/ext.rb +1 -0
data/lib/datadog/tracing/contrib/extensions.rb +29 -3
data/lib/datadog/tracing/contrib/faraday/middleware.rb +5 -3
data/lib/datadog/tracing/contrib/graphql/configuration/error_extension_env_parser.rb +21 -0
data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +11 -0
data/lib/datadog/tracing/contrib/graphql/ext.rb +5 -0
data/lib/datadog/tracing/contrib/graphql/unified_trace.rb +102 -11
data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +7 -1
data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +3 -0
data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +0 -15
data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +4 -1
data/lib/datadog/tracing/contrib/http/instrumentation.rb +6 -10
data/lib/datadog/tracing/contrib/http/integration.rb +3 -0
data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +6 -16
data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +7 -15
data/lib/datadog/tracing/contrib/httprb/integration.rb +3 -0
data/lib/datadog/tracing/contrib/kafka/integration.rb +3 -0
data/lib/datadog/tracing/contrib/karafka/configuration/settings.rb +27 -0
data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +48 -0
data/lib/datadog/tracing/contrib/karafka/ext.rb +27 -0
data/lib/datadog/tracing/contrib/karafka/integration.rb +45 -0
data/lib/datadog/tracing/contrib/karafka/monitor.rb +66 -0
data/lib/datadog/tracing/contrib/karafka/patcher.rb +71 -0
data/lib/datadog/tracing/contrib/karafka.rb +37 -0
data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +8 -0
data/lib/datadog/tracing/contrib/mongodb/ext.rb +1 -0
data/lib/datadog/tracing/contrib/mongodb/integration.rb +3 -0
data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +18 -1
data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
data/lib/datadog/tracing/contrib/opensearch/ext.rb +9 -0
data/lib/datadog/tracing/contrib/opensearch/integration.rb +3 -0
data/lib/datadog/tracing/contrib/opensearch/patcher.rb +5 -1
data/lib/datadog/tracing/contrib/patcher.rb +5 -2
data/lib/datadog/tracing/contrib/presto/integration.rb +3 -0
data/lib/datadog/tracing/contrib/rack/header_collection.rb +11 -1
data/lib/datadog/tracing/contrib/rack/integration.rb +2 -2
data/lib/datadog/tracing/contrib/rack/middlewares.rb +1 -1
data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
data/lib/datadog/tracing/contrib/rails/framework.rb +2 -2
data/lib/datadog/tracing/contrib/rails/patcher.rb +1 -1
data/lib/datadog/tracing/contrib/rest_client/integration.rb +3 -0
data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +5 -3
data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +6 -1
data/lib/datadog/tracing/contrib/sidekiq/distributed/propagation.rb +3 -0
data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +1 -1
data/lib/datadog/tracing/contrib/span_attribute_schema.rb +6 -1
data/lib/datadog/tracing/contrib/support.rb +28 -0
data/lib/datadog/tracing/contrib.rb +1 -0
data/lib/datadog/tracing/correlation.rb +9 -2
data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
data/lib/datadog/tracing/distributed/baggage.rb +131 -0
data/lib/datadog/tracing/distributed/datadog.rb +4 -2
data/lib/datadog/tracing/distributed/propagation.rb +25 -4
data/lib/datadog/tracing/distributed/propagation_policy.rb +42 -0
data/lib/datadog/tracing/metadata/errors.rb +4 -4
data/lib/datadog/tracing/metadata/ext.rb +5 -0
data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
data/lib/datadog/tracing/metadata.rb +2 -0
data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
data/lib/datadog/tracing/sampling/span/rule.rb +0 -1
data/lib/datadog/tracing/span.rb +22 -5
data/lib/datadog/tracing/span_event.rb +124 -4
data/lib/datadog/tracing/span_operation.rb +52 -16
data/lib/datadog/tracing/sync_writer.rb +9 -5
data/lib/datadog/tracing/trace_digest.rb +9 -2
data/lib/datadog/tracing/trace_operation.rb +44 -24
data/lib/datadog/tracing/trace_segment.rb +6 -4
data/lib/datadog/tracing/tracer.rb +60 -12
data/lib/datadog/tracing/transport/http/api.rb +5 -4
data/lib/datadog/tracing/transport/http/client.rb +5 -4
data/lib/datadog/tracing/transport/http/traces.rb +13 -44
data/lib/datadog/tracing/transport/http.rb +13 -70
data/lib/datadog/tracing/transport/serializable_trace.rb +31 -7
data/lib/datadog/tracing/transport/trace_formatter.rb +7 -0
data/lib/datadog/tracing/transport/traces.rb +47 -13
data/lib/datadog/tracing/utils.rb +1 -1
data/lib/datadog/tracing/workers/trace_writer.rb +8 -5
data/lib/datadog/tracing/workers.rb +5 -4
data/lib/datadog/tracing/writer.rb +10 -6
data/lib/datadog/tracing.rb +16 -3
data/lib/datadog/version.rb +2 -2
data/lib/datadog.rb +2 -0
metadata +143 -50
data/ext/datadog_profiling_loader/datadog_profiling_loader.c +0 -142
data/ext/datadog_profiling_loader/extconf.rb +0 -60
data/lib/datadog/appsec/contrib/devise/event.rb +0 -57
data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +0 -77
data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +0 -54
data/lib/datadog/appsec/contrib/devise/resource.rb +0 -35
data/lib/datadog/appsec/contrib/devise/tracking.rb +0 -57
data/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb +0 -46
data/lib/datadog/appsec/contrib/patcher.rb +0 -12
data/lib/datadog/appsec/contrib/rack/reactive/request.rb +0 -69
data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +0 -47
data/lib/datadog/appsec/contrib/rack/reactive/response.rb +0 -53
data/lib/datadog/appsec/contrib/rails/reactive/action.rb +0 -53
data/lib/datadog/appsec/contrib/sinatra/ext.rb +0 -14
data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +0 -48
data/lib/datadog/appsec/monitor/reactive/set_user.rb +0 -45
data/lib/datadog/appsec/processor/actions.rb +0 -49
data/lib/datadog/appsec/processor/context.rb +0 -107
data/lib/datadog/appsec/reactive/address_hash.rb +0 -22
data/lib/datadog/appsec/reactive/engine.rb +0 -47
data/lib/datadog/appsec/reactive/operation.rb +0 -68
data/lib/datadog/appsec/reactive/subscriber.rb +0 -19
data/lib/datadog/appsec/scope.rb +0 -58
data/lib/datadog/appsec/utils/trace_operation.rb +0 -15
data/lib/datadog/core/crashtracking/agent_base_url.rb +0 -21
data/lib/datadog/core/remote/transport/http/api/instance.rb +0 -39
data/lib/datadog/core/remote/transport/http/api/spec.rb +0 -21
data/lib/datadog/core/remote/transport/http/builder.rb +0 -219
data/lib/datadog/core/telemetry/http/env.rb +0 -20
data/lib/datadog/core/telemetry/http/ext.rb +0 -28
data/lib/datadog/core/telemetry/http/response.rb +0 -70
data/lib/datadog/core/telemetry/http/transport.rb +0 -90
data/lib/datadog/di/transport.rb +0 -81
data/lib/datadog/tracing/transport/http/api/spec.rb +0 -19

data/lib/datadog/appsec/contrib/devise/data_extractor.rb ADDED Viewed

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+require_relative '../../anonymizer'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Extracts user identification data from Devise resources.
+        # Supports both regular and anonymized data extraction modes.
+        class DataExtractor
+          PRIORITY_ORDERED_ID_KEYS = [:id, 'id', :uuid, 'uuid'].freeze
+          PRIORITY_ORDERED_LOGIN_KEYS = [:email, 'email', :username, 'username', :login, 'login'].freeze
+          def initialize(mode:)
+            @mode = mode
+            @devise_scopes = {}
+          end
+          def extract_id(object)
+            return if object.nil?
+            if object.respond_to?(:[])
+              id = object[PRIORITY_ORDERED_ID_KEYS.find { |key| object[key] }]
+              scope = find_devise_scope(object)
+              id = "#{scope}:#{id}" if id && scope
+              return transform(id)
+            end
+            id = object.id if object.respond_to?(:id)
+            id ||= object.uuid if object.respond_to?(:uuid)
+            scope = find_devise_scope(object)
+            id = "#{scope}:#{id}" if id && scope
+            transform(id)
+          end
+          def extract_login(object)
+            return if object.nil?
+            if object.respond_to?(:[])
+              login = object[PRIORITY_ORDERED_LOGIN_KEYS.find { |key| object[key] }]
+              return transform(login)
+            end
+            login = object.email if object.respond_to?(:email)
+            login ||= object.username if object.respond_to?(:username)
+            login ||= object.login if object.respond_to?(:login)
+            transform(login)
+          end
+          private
+          def find_devise_scope(object)
+            return if ::Devise.mappings.count == 1
+            @devise_scopes[object.class.name] ||= ::Devise.mappings
+              .each_value.find { |mapping| mapping.class_name == object.class.name }&.name
+          end
+          def transform(value)
+            return if value.nil?
+            return value.to_s unless anonymize?
+            Anonymizer.anonymize(value.to_s)
+          end
+          def anonymize?
+            @mode == AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/ext.rb CHANGED Viewed

@@ -6,6 +6,28 @@ module Datadog
       module Devise
         # Devise integration constants
         module Ext
+          EVENT_LOGIN_SUCCESS = 'users.login.success'
+          EVENT_LOGIN_FAILURE = 'users.login.failure'
+          EVENT_SIGNUP = 'users.signup'
+          TAG_DD_USR_ID = '_dd.appsec.usr.id'
+          TAG_DD_USR_LOGIN = '_dd.appsec.usr.login'
+          TAG_DD_SIGNUP_MODE = '_dd.appsec.events.users.signup.auto.mode'
+          TAG_DD_COLLECTION_MODE = '_dd.appsec.user.collection_mode'
+          TAG_DD_LOGIN_SUCCESS_MODE = '_dd.appsec.events.users.login.success.auto.mode'
+          TAG_DD_LOGIN_FAILURE_MODE = '_dd.appsec.events.users.login.failure.auto.mode'
+          TAG_USR_ID = 'usr.id'
+          TAG_SESSION_ID = 'usr.session_id'
+          TAG_SIGNUP_TRACK = 'appsec.events.users.signup.track'
+          TAG_SIGNUP_USR_ID = 'appsec.events.users.signup.usr.id'
+          TAG_SIGNUP_USR_LOGIN = 'appsec.events.users.signup.usr.login'
+          TAG_LOGIN_FAILURE_TRACK = 'appsec.events.users.login.failure.track'
+          TAG_LOGIN_FAILURE_USR_ID = 'appsec.events.users.login.failure.usr.id'
+          TAG_LOGIN_FAILURE_USR_LOGIN = 'appsec.events.users.login.failure.usr.login'
+          TAG_LOGIN_FAILURE_USR_EXISTS = 'appsec.events.users.login.failure.usr.exists'
+          TAG_LOGIN_SUCCESS_TRACK = 'appsec.events.users.login.success.track'
+          TAG_LOGIN_SUCCESS_USR_LOGIN = 'appsec.events.users.login.success.usr.login'
         end
       end
     end

data/lib/datadog/appsec/contrib/devise/integration.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 require_relative '../integration'
 require_relative 'patcher'
 module Datadog
@@ -17,7 +16,7 @@ module Datadog
           register_as :devise, auto_patch: true
           def self.version
-            Gem.loaded_specs['devise'] && Gem.loaded_specs['devise'].version
+            Gem.loaded_specs['devise']&.version
           end
           def self.loaded?

data/lib/datadog/appsec/contrib/devise/patcher.rb CHANGED Viewed

@@ -1,17 +1,21 @@
 # frozen_string_literal: true
-require_relative '../patcher'
-require_relative 'patcher/authenticatable_patch'
-require_relative 'patcher/rememberable_patch'
-require_relative 'patcher/registration_controller_patch'
+require_relative '../../../core/utils/only_once'
+require_relative 'tracking_middleware'
+require_relative 'patches/signup_tracking_patch'
+require_relative 'patches/signin_tracking_patch'
+require_relative 'patches/skip_signin_tracking_patch'
 module Datadog
   module AppSec
     module Contrib
       module Devise
-        # Patcher for AppSec on Devise
+        # Devise patcher
         module Patcher
-          include Datadog::AppSec::Contrib::Patcher
+          GUARD_ONCE_PER_APP = Hash.new do |hash, key|
+            hash[key] = Datadog::Core::Utils::OnlyOnce.new
+          end
           module_function
@@ -24,29 +28,33 @@ module Datadog
           end
           def patch
-            patch_authenticatable_strategy
-            patch_rememberable_strategy
-            patch_registration_controller
-            Patcher.instance_variable_set(:@patched, true)
-          end
-          def patch_authenticatable_strategy
-            ::Devise::Strategies::Authenticatable.prepend(AuthenticatablePatch)
-          end
+            ::ActiveSupport.on_load(:before_initialize) do |app|
+              GUARD_ONCE_PER_APP[app].run do
+                app.middleware.insert_after(Warden::Manager, TrackingMiddleware)
+              rescue RuntimeError
+                AppSec.telemetry.error('AppSec: unable to insert Devise TrackingMiddleware')
+              end
+            end
-          def patch_rememberable_strategy
-            return unless ::Devise::STRATEGIES.include?(:rememberable)
+            ::ActiveSupport.on_load(:after_initialize) do
+              if ::Devise::RegistrationsController.descendants.empty?
+                ::Devise::RegistrationsController.prepend(Patches::SignupTrackingPatch)
+              else
+                ::Devise::RegistrationsController.descendants.each do |controller|
+                  controller.prepend(Patches::SignupTrackingPatch)
+                end
+              end
+            end
-            # Rememberable strategy is required in autoloaded Rememberable model
-            ::Devise::Models::Rememberable # rubocop:disable Lint/Void
-            ::Devise::Strategies::Rememberable.prepend(RememberablePatch)
-          end
+            ::Devise::Strategies::Authenticatable.prepend(Patches::SigninTrackingPatch)
-          def patch_registration_controller
-            ::ActiveSupport.on_load(:after_initialize) do
-              ::Devise::RegistrationsController.prepend(RegistrationControllerPatch)
+            if ::Devise::STRATEGIES.include?(:rememberable)
+              # Rememberable strategy is required in autoloaded Rememberable model
+              require 'devise/models/rememberable'
+              ::Devise::Strategies::Rememberable.prepend(Patches::SkipSigninTrackingPatch)
             end
+            Patcher.instance_variable_set(:@patched, true)
           end
         end
       end

data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb ADDED Viewed

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+require_relative '../ext'
+require_relative '../configuration'
+require_relative '../data_extractor'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        module Patches
+          # A patch for Devise::Authenticatable strategy with tracking functionality
+          module SigninTrackingPatch
+            def validate(resource, &block)
+              result = super
+              return result unless AppSec.enabled?
+              return result if @_datadog_appsec_skip_track_login_event
+              return result unless Configuration.auto_user_instrumentation_enabled?
+              return result unless AppSec.active_context
+              context = AppSec.active_context
+              if context.trace.nil? || context.span.nil?
+                Datadog.logger.debug { 'AppSec: unable to track signin events, due to missing trace or span' }
+                return result
+              end
+              context.trace.keep!
+              if result
+                record_successful_signin(context, resource)
+                Instrumentation.gateway.push('appsec.events.user_lifecycle', Ext::EVENT_LOGIN_SUCCESS)
+                return result
+              end
+              record_failed_signin(context, resource)
+              Instrumentation.gateway.push('appsec.events.user_lifecycle', Ext::EVENT_LOGIN_FAILURE)
+              result
+            end
+            private
+            def record_successful_signin(context, resource)
+              extractor = DataExtractor.new(mode: Configuration.auto_user_instrumentation_mode)
+              id = extractor.extract_id(resource)
+              login = extractor.extract_login(authentication_hash) || extractor.extract_login(resource)
+              if id
+                context.span[Ext::TAG_USR_ID] ||= id
+                context.span[Ext::TAG_DD_USR_ID] = id
+              end
+              context.span[Ext::TAG_LOGIN_SUCCESS_USR_LOGIN] ||= login
+              context.span[Ext::TAG_LOGIN_SUCCESS_TRACK] = 'true'
+              context.span[Ext::TAG_DD_USR_LOGIN] = login
+              context.span[Ext::TAG_DD_LOGIN_SUCCESS_MODE] = Configuration.auto_user_instrumentation_mode
+              # NOTE: We don't have a way to make one-shot receivers for events,
+              #       and because of that we will trigger an additional event even
+              #       if it was already done via the SDK
+              AppSec::Instrumentation.gateway.push(
+                'identity.set_user', AppSec::Instrumentation::Gateway::User.new(id, login)
+              )
+            end
+            def record_failed_signin(context, resource)
+              extractor = DataExtractor.new(mode: Configuration.auto_user_instrumentation_mode)
+              context.span[Ext::TAG_LOGIN_FAILURE_TRACK] = 'true'
+              context.span[Ext::TAG_DD_LOGIN_FAILURE_MODE] = Configuration.auto_user_instrumentation_mode
+              unless resource
+                login = extractor.extract_login(authentication_hash)
+                context.span[Ext::TAG_DD_USR_LOGIN] = login
+                context.span[Ext::TAG_LOGIN_FAILURE_USR_LOGIN] ||= login
+                context.span[Ext::TAG_LOGIN_FAILURE_USR_EXISTS] ||= 'false'
+                return
+              end
+              id = extractor.extract_id(resource)
+              login = extractor.extract_login(authentication_hash) || extractor.extract_login(resource)
+              if id
+                context.span[Ext::TAG_DD_USR_ID] = id
+                context.span[Ext::TAG_LOGIN_FAILURE_USR_ID] ||= id
+              end
+              context.span[Ext::TAG_DD_USR_LOGIN] = login
+              context.span[Ext::TAG_LOGIN_FAILURE_USR_LOGIN] ||= login
+              context.span[Ext::TAG_LOGIN_FAILURE_USR_EXISTS] ||= 'true'
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb ADDED Viewed

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+require_relative '../ext'
+require_relative '../configuration'
+require_relative '../data_extractor'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        module Patches
+          # A patch for Devise::RegistrationsController with tracking functionality
+          module SignupTrackingPatch
+            def create
+              return super unless AppSec.enabled?
+              return super unless Configuration.auto_user_instrumentation_enabled?
+              return super unless AppSec.active_context
+              super do |resource|
+                context = AppSec.active_context
+                if context.trace.nil? || context.span.nil?
+                  Datadog.logger.debug { 'AppSec: unable to track signup events, due to missing trace or span' }
+                  next yield(resource) if block_given?
+                end
+                next yield(resource) if resource.new_record? && block_given?
+                context.trace.keep!
+                record_successful_signup(context, resource)
+                Instrumentation.gateway.push('appsec.events.user_lifecycle', Ext::EVENT_SIGNUP)
+                yield(resource) if block_given?
+              end
+            end
+            private
+            def record_successful_signup(context, resource)
+              extractor = DataExtractor.new(mode: Configuration.auto_user_instrumentation_mode)
+              id = extractor.extract_id(resource)
+              login = extractor.extract_login(resource_params) || extractor.extract_login(resource)
+              context.span[Ext::TAG_SIGNUP_TRACK] = 'true'
+              context.span[Ext::TAG_DD_USR_LOGIN] = login
+              context.span[Ext::TAG_SIGNUP_USR_LOGIN] ||= login
+              context.span[Ext::TAG_DD_SIGNUP_MODE] = Configuration.auto_user_instrumentation_mode
+              if id
+                context.span[Ext::TAG_DD_USR_ID] = id
+                id_tag = resource.active_for_authentication? ? Ext::TAG_USR_ID : Ext::TAG_SIGNUP_USR_ID
+                context.span[id_tag] ||= id
+              end
+              # NOTE: We don't have a way to make one-shot receivers for events,
+              #       and because of that we will trigger an additional event even
+              #       if it was already done via the SDK
+              AppSec::Instrumentation.gateway.push(
+                'identity.set_user', AppSec::Instrumentation::Gateway::User.new(id, login)
+              )
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} RENAMED Viewed

@@ -4,12 +4,12 @@ module Datadog
   module AppSec
     module Contrib
       module Devise
-        module Patcher
+        module Patches
           # To avoid tracking new sessions that are created by
           # Rememberable strategy as Login Success events.
-          module RememberablePatch
+          module SkipSigninTrackingPatch
             def validate(*args)
-              @_datadog_skip_track_login_event = true
+              @_datadog_appsec_skip_track_login_event = true
               super
             end

data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb ADDED Viewed

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+require_relative 'ext'
+require_relative '../../anonymizer'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # A Rack middleware capable of tracking currently signed user
+        class TrackingMiddleware
+          WARDEN_KEY = 'warden'
+          SESSION_ID_KEY = 'session_id'
+          def initialize(app)
+            @app = app
+            @devise_session_scope_keys = {}
+          end
+          def call(env)
+            return @app.call(env) unless AppSec.enabled?
+            return @app.call(env) unless Configuration.auto_user_instrumentation_enabled?
+            return @app.call(env) unless AppSec.active_context
+            unless env.key?(WARDEN_KEY)
+              Datadog.logger.debug { 'AppSec: unable to track requests, due to missing warden manager' }
+              return @app.call(env)
+            end
+            context = AppSec.active_context
+            if context.trace.nil? || context.span.nil?
+              Datadog.logger.debug { 'AppSec: unable to track requests, due to missing trace or span' }
+              return @app.call(env)
+            end
+            # NOTE: Rails session id will be set for unauthenticated users as well,
+            #       so we need to make sure we are tracking only authenticated users.
+            id = transform(extract_id(env[WARDEN_KEY]))
+            session_id = env[WARDEN_KEY].raw_session[SESSION_ID_KEY] if id
+            if id
+              # NOTE: There is no option to set session id without setting user id via SDK.
+              unless context.span.has_tag?(Ext::TAG_USR_ID) && context.span.has_tag?(Ext::TAG_SESSION_ID)
+                user_id = context.span[Ext::TAG_USR_ID] || id
+                user_session_id = context.span[Ext::TAG_SESSION_ID] || session_id
+                # FIXME: The current implementation of event arguments is forsing us
+                #        to bloat User class, and pass nil-value instead of skip
+                #        passing them at first place.
+                #        This is a temporary situation until we refactor events model.
+                AppSec::Instrumentation.gateway.push(
+                  'identity.set_user', AppSec::Instrumentation::Gateway::User.new(user_id, nil, user_session_id)
+                )
+              end
+              context.span[Ext::TAG_USR_ID] ||= id
+              context.span[Ext::TAG_DD_USR_ID] = id
+              context.span[Ext::TAG_DD_COLLECTION_MODE] ||= Configuration.auto_user_instrumentation_mode
+            end
+            @app.call(env)
+          end
+          private
+          def extract_id(warden)
+            session_serializer = warden.session_serializer
+            key = session_key_for(session_serializer, ::Devise.default_scope)
+            id = session_serializer.session[key]&.dig(0, 0)
+            return id if ::Devise.mappings.size == 1
+            return "#{::Devise.default_scope}:#{id}" if id
+            ::Devise.mappings.each_key do |scope|
+              next if scope == ::Devise.default_scope
+              key = session_key_for(session_serializer, scope)
+              id = session_serializer.session[key]&.dig(0, 0)
+              return "#{scope}:#{id}" if id
+            end
+            nil
+          end
+          def session_key_for(session_serializer, scope)
+            @devise_session_scope_keys[scope] ||= session_serializer.key_for(scope)
+          end
+          def transform(value)
+            return if value.nil?
+            return value.to_s unless anonymize?
+            Anonymizer.anonimyze(value.to_s)
+          end
+          def anonymize?
+            Configuration.auto_user_instrumentation_mode ==
+              AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/excon/integration.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+require_relative '../integration'
+require_relative 'patcher'
+module Datadog
+  module AppSec
+    module Contrib
+      module Excon
+        # This class provides helper methods that are used when patching Excon
+        class Integration
+          include Datadog::AppSec::Contrib::Integration
+          MINIMUM_VERSION = Gem::Version.new('0.50.0')
+          register_as :excon
+          def self.version
+            Gem.loaded_specs['excon']&.version
+          end
+          def self.loaded?
+            !defined?(::Excon).nil?
+          end
+          def self.compatible?
+            super && version >= MINIMUM_VERSION
+          end
+          def self.auto_instrument?
+            false
+          end
+          def patcher
+            Patcher
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/excon/patcher.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Excon
+        # AppSec patcher module for Excon
+        module Patcher
+          module_function
+          def patched?
+            Patcher.instance_variable_get(:@patched)
+          end
+          def target_version
+            Integration.version
+          end
+          def patch
+            require_relative 'ssrf_detection_middleware'
+            ::Excon.defaults[:middlewares].insert(0, SSRFDetectionMiddleware)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# rubocop:disable Naming/FileName
+# frozen_string_literal: true
+require 'excon'
+require_relative '../../event'
+require_relative '../../security_event'
+module Datadog
+  module AppSec
+    module Contrib
+      module Excon
+        # AppSec Middleware for Excon
+        class SSRFDetectionMiddleware < ::Excon::Middleware::Base
+          def request_call(data)
+            return super unless AppSec.rasp_enabled? && AppSec.active_context
+            context = AppSec.active_context
+            request_url = URI.join("#{data[:scheme]}://#{data[:host]}", data[:path]).to_s
+            ephemeral_data = {'server.io.net.url' => request_url}
+            result = context.run_rasp(Ext::RASP_SSRF, {}, ephemeral_data, Datadog.configuration.appsec.waf_timeout)
+            if result.match?
+              AppSec::Event.tag_and_keep!(context, result)
+              context.events.push(
+                AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
+              )
+              AppSec::ActionsHandler.handle(result.actions)
+            end
+            super
+          end
+        end
+      end
+    end
+  end
+end
+# rubocop:enable Naming/FileName

data/lib/datadog/appsec/contrib/faraday/connection_patch.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # Handles installation of our middleware if the user has *not*
+        # already explicitly configured our middleware for this correction.
+        #
+        # Wraps Faraday::Connection#initialize:
+        # https://github.com/lostisland/faraday/blob/ff9dc1d1219a1bbdba95a9a4cf5d135b97247ee2/lib/faraday/connection.rb#L62-L92
+        module ConnectionPatch
+          def initialize(*args, &block)
+            super.tap do
+              use(:datadog_appsec) unless builder.handlers.any? { |h| h.klass == SSRFDetectionMiddleware }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/faraday/integration.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+require_relative '../integration'
+require_relative 'patcher'
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # This class provides helper methods that are used when patching Faraday
+        class Integration
+          include Datadog::AppSec::Contrib::Integration
+          MINIMUM_VERSION = Gem::Version.new('0.14.0')
+          register_as :faraday, auto_patch: true
+          def self.version
+            Gem.loaded_specs['faraday']&.version
+          end
+          def self.loaded?
+            !defined?(::Faraday).nil?
+          end
+          def self.compatible?
+            super && version >= MINIMUM_VERSION
+          end
+          def self.auto_instrument?
+            true
+          end
+          def patcher
+            Patcher
+          end
+        end
+      end
+    end
+  end
+end