RubyGems - datadog - Versions diffs - 2.7.1 → 2.17.0 - Mend

datadog 2.7.1 → 2.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (417) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +310 -1
data/ext/datadog_profiling_native_extension/clock_id.h +2 -2
data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +66 -56
data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +1 -1
data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +1 -1
data/ext/datadog_profiling_native_extension/collectors_idle_sampling_helper.c +16 -16
data/ext/datadog_profiling_native_extension/collectors_stack.c +10 -10
data/ext/datadog_profiling_native_extension/collectors_stack.h +2 -2
data/ext/datadog_profiling_native_extension/collectors_thread_context.c +314 -145
data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
data/ext/datadog_profiling_native_extension/encoded_profile.c +79 -0
data/ext/datadog_profiling_native_extension/encoded_profile.h +8 -0
data/ext/datadog_profiling_native_extension/extconf.rb +7 -8
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.c +2 -0
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.h +0 -8
data/ext/datadog_profiling_native_extension/heap_recorder.c +61 -174
data/ext/datadog_profiling_native_extension/heap_recorder.h +2 -2
data/ext/datadog_profiling_native_extension/http_transport.c +64 -98
data/ext/datadog_profiling_native_extension/private_vm_api_access.c +68 -1
data/ext/datadog_profiling_native_extension/private_vm_api_access.h +10 -1
data/ext/datadog_profiling_native_extension/profiling.c +19 -8
data/ext/datadog_profiling_native_extension/ruby_helpers.c +8 -8
data/ext/datadog_profiling_native_extension/stack_recorder.c +84 -131
data/ext/datadog_profiling_native_extension/stack_recorder.h +2 -2
data/ext/datadog_profiling_native_extension/time_helpers.h +1 -1
data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.c +47 -0
data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.h +31 -0
data/ext/libdatadog_api/crashtracker.c +17 -15
data/ext/libdatadog_api/crashtracker.h +5 -0
data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
data/ext/libdatadog_api/init.c +15 -0
data/ext/libdatadog_api/library_config.c +122 -0
data/ext/libdatadog_api/library_config.h +19 -0
data/ext/libdatadog_api/macos_development.md +3 -3
data/ext/libdatadog_api/process_discovery.c +117 -0
data/ext/libdatadog_api/process_discovery.h +5 -0
data/ext/libdatadog_extconf_helpers.rb +1 -1
data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb +89 -0
data/lib/datadog/appsec/actions_handler.rb +49 -0
data/lib/datadog/appsec/anonymizer.rb +16 -0
data/lib/datadog/appsec/api_security/lru_cache.rb +49 -0
data/lib/datadog/appsec/api_security.rb +9 -0
data/lib/datadog/appsec/assets/waf_rules/README.md +50 -5
data/lib/datadog/appsec/assets/waf_rules/processors.json +239 -10
data/lib/datadog/appsec/assets/waf_rules/recommended.json +355 -157
data/lib/datadog/appsec/assets/waf_rules/scanners.json +926 -17
data/lib/datadog/appsec/assets/waf_rules/strict.json +62 -32
data/lib/datadog/appsec/autoload.rb +1 -1
data/lib/datadog/appsec/component.rb +41 -33
data/lib/datadog/appsec/compressed_json.rb +40 -0
data/lib/datadog/appsec/configuration/settings.rb +152 -25
data/lib/datadog/appsec/context.rb +74 -0
data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +92 -0
data/lib/datadog/appsec/contrib/active_record/integration.rb +41 -0
data/lib/datadog/appsec/contrib/active_record/patcher.rb +101 -0
data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
data/lib/datadog/appsec/contrib/devise/configuration.rb +52 -0
data/lib/datadog/appsec/contrib/devise/data_extractor.rb +78 -0
data/lib/datadog/appsec/contrib/devise/ext.rb +22 -0
data/lib/datadog/appsec/contrib/devise/integration.rb +1 -2
data/lib/datadog/appsec/contrib/devise/patcher.rb +33 -25
data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +102 -0
data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb +69 -0
data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} +3 -3
data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +106 -0
data/lib/datadog/appsec/contrib/excon/integration.rb +41 -0
data/lib/datadog/appsec/contrib/excon/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +42 -0
data/lib/datadog/appsec/contrib/faraday/connection_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/integration.rb +42 -0
data/lib/datadog/appsec/contrib/faraday/patcher.rb +53 -0
data/lib/datadog/appsec/contrib/faraday/rack_builder_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +41 -0
data/lib/datadog/appsec/contrib/graphql/appsec_trace.rb +1 -7
data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +17 -30
data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
data/lib/datadog/appsec/contrib/graphql/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/ext.rb +34 -0
data/lib/datadog/appsec/contrib/rack/gateway/response.rb +3 -3
data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +78 -98
data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rack/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +10 -11
data/lib/datadog/appsec/contrib/rack/request_middleware.rb +52 -68
data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +16 -33
data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rails/patcher.rb +25 -38
data/lib/datadog/appsec/contrib/rest_client/integration.rb +45 -0
data/lib/datadog/appsec/contrib/rest_client/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +38 -0
data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +31 -68
data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
data/lib/datadog/appsec/contrib/sinatra/patcher.rb +5 -31
data/lib/datadog/appsec/event.rb +96 -135
data/lib/datadog/appsec/ext.rb +12 -3
data/lib/datadog/appsec/instrumentation/gateway/argument.rb +7 -2
data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
data/lib/datadog/appsec/metrics/collector.rb +38 -0
data/lib/datadog/appsec/metrics/exporter.rb +35 -0
data/lib/datadog/appsec/metrics/telemetry.rb +23 -0
data/lib/datadog/appsec/metrics.rb +13 -0
data/lib/datadog/appsec/monitor/gateway/watcher.rb +52 -32
data/lib/datadog/appsec/processor/rule_loader.rb +26 -31
data/lib/datadog/appsec/processor/rule_merger.rb +7 -6
data/lib/datadog/appsec/processor.rb +5 -4
data/lib/datadog/appsec/remote.rb +26 -12
data/lib/datadog/appsec/response.rb +19 -85
data/lib/datadog/appsec/security_engine/result.rb +67 -0
data/lib/datadog/appsec/security_engine/runner.rb +88 -0
data/lib/datadog/appsec/security_engine.rb +9 -0
data/lib/datadog/appsec/security_event.rb +39 -0
data/lib/datadog/appsec/utils.rb +0 -2
data/lib/datadog/appsec.rb +23 -10
data/lib/datadog/auto_instrument.rb +3 -0
data/lib/datadog/core/buffer/random.rb +18 -2
data/lib/datadog/core/configuration/agent_settings_resolver.rb +42 -14
data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
data/lib/datadog/core/configuration/components.rb +76 -32
data/lib/datadog/core/configuration/components_state.rb +23 -0
data/lib/datadog/core/configuration/ext.rb +5 -1
data/lib/datadog/core/configuration/option.rb +79 -43
data/lib/datadog/core/configuration/option_definition.rb +6 -4
data/lib/datadog/core/configuration/options.rb +3 -3
data/lib/datadog/core/configuration/settings.rb +100 -41
data/lib/datadog/core/configuration/stable_config.rb +23 -0
data/lib/datadog/core/configuration.rb +43 -11
data/lib/datadog/{tracing → core}/contrib/rails/utils.rb +1 -3
data/lib/datadog/core/crashtracking/component.rb +4 -13
data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
data/lib/datadog/core/encoding.rb +17 -1
data/lib/datadog/core/environment/agent_info.rb +78 -0
data/lib/datadog/core/environment/cgroup.rb +10 -12
data/lib/datadog/core/environment/container.rb +38 -40
data/lib/datadog/core/environment/ext.rb +6 -6
data/lib/datadog/core/environment/git.rb +1 -0
data/lib/datadog/core/environment/identity.rb +3 -3
data/lib/datadog/core/environment/platform.rb +3 -3
data/lib/datadog/core/environment/variable_helpers.rb +1 -1
data/lib/datadog/core/error.rb +11 -9
data/lib/datadog/core/logger.rb +2 -2
data/lib/datadog/core/metrics/client.rb +27 -27
data/lib/datadog/core/metrics/logging.rb +5 -5
data/lib/datadog/core/process_discovery.rb +32 -0
data/lib/datadog/core/rate_limiter.rb +4 -2
data/lib/datadog/core/remote/client/capabilities.rb +6 -0
data/lib/datadog/core/remote/client.rb +107 -92
data/lib/datadog/core/remote/component.rb +18 -19
data/lib/datadog/core/remote/configuration/digest.rb +7 -7
data/lib/datadog/core/remote/configuration/path.rb +1 -1
data/lib/datadog/core/remote/configuration/repository.rb +2 -1
data/lib/datadog/core/remote/negotiation.rb +9 -9
data/lib/datadog/core/remote/transport/config.rb +4 -3
data/lib/datadog/core/remote/transport/http/api.rb +13 -18
data/lib/datadog/core/remote/transport/http/client.rb +5 -4
data/lib/datadog/core/remote/transport/http/config.rb +27 -55
data/lib/datadog/core/remote/transport/http/negotiation.rb +8 -51
data/lib/datadog/core/remote/transport/http.rb +25 -94
data/lib/datadog/core/remote/transport/negotiation.rb +17 -4
data/lib/datadog/core/remote/worker.rb +10 -7
data/lib/datadog/core/runtime/metrics.rb +12 -5
data/lib/datadog/core/telemetry/component.rb +84 -49
data/lib/datadog/core/telemetry/emitter.rb +23 -11
data/lib/datadog/core/telemetry/event/app_client_configuration_change.rb +65 -0
data/lib/datadog/core/telemetry/event/app_closing.rb +18 -0
data/lib/datadog/core/telemetry/event/app_dependencies_loaded.rb +33 -0
data/lib/datadog/core/telemetry/event/app_heartbeat.rb +18 -0
data/lib/datadog/core/telemetry/event/app_integrations_change.rb +58 -0
data/lib/datadog/core/telemetry/event/app_started.rb +179 -0
data/lib/datadog/core/telemetry/event/base.rb +40 -0
data/lib/datadog/core/telemetry/event/distributions.rb +18 -0
data/lib/datadog/core/telemetry/event/generate_metrics.rb +43 -0
data/lib/datadog/core/telemetry/event/log.rb +76 -0
data/lib/datadog/core/telemetry/event/message_batch.rb +42 -0
data/lib/datadog/core/telemetry/event/synth_app_client_configuration_change.rb +43 -0
data/lib/datadog/core/telemetry/event.rb +17 -383
data/lib/datadog/core/telemetry/ext.rb +1 -0
data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
data/lib/datadog/core/telemetry/logger.rb +1 -1
data/lib/datadog/core/telemetry/logging.rb +2 -2
data/lib/datadog/core/telemetry/metric.rb +28 -6
data/lib/datadog/core/telemetry/request.rb +4 -4
data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
data/lib/datadog/core/telemetry/transport/http.rb +63 -0
data/lib/datadog/core/telemetry/transport/telemetry.rb +51 -0
data/lib/datadog/core/telemetry/worker.rb +128 -25
data/lib/datadog/core/transport/http/adapters/test.rb +2 -1
data/lib/datadog/core/transport/http/adapters/unix_socket.rb +1 -1
data/lib/datadog/{tracing → core}/transport/http/api/instance.rb +18 -1
data/lib/datadog/core/transport/http/api/spec.rb +36 -0
data/lib/datadog/{tracing → core}/transport/http/builder.rb +53 -31
data/lib/datadog/core/transport/http.rb +75 -0
data/lib/datadog/core/transport/response.rb +4 -0
data/lib/datadog/core/utils/at_fork_monkey_patch.rb +6 -6
data/lib/datadog/core/utils/duration.rb +32 -32
data/lib/datadog/core/utils/forking.rb +2 -2
data/lib/datadog/core/utils/network.rb +6 -6
data/lib/datadog/core/utils/only_once_successful.rb +16 -5
data/lib/datadog/core/utils/time.rb +20 -0
data/lib/datadog/core/utils/truncation.rb +21 -0
data/lib/datadog/core/vendor/multipart-post/multipart/post/composite_read_io.rb +1 -1
data/lib/datadog/core/vendor/multipart-post/multipart/post/multipartable.rb +8 -8
data/lib/datadog/core/vendor/multipart-post/multipart/post/parts.rb +7 -7
data/lib/datadog/core/worker.rb +1 -1
data/lib/datadog/core/workers/async.rb +29 -12
data/lib/datadog/core/workers/interval_loop.rb +12 -1
data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
data/lib/datadog/core.rb +8 -0
data/lib/datadog/di/base.rb +115 -0
data/lib/datadog/di/boot.rb +34 -0
data/lib/datadog/di/code_tracker.rb +26 -15
data/lib/datadog/di/component.rb +23 -14
data/lib/datadog/di/configuration/settings.rb +25 -1
data/lib/datadog/di/contrib/active_record.rb +1 -0
data/lib/datadog/di/contrib/railtie.rb +15 -0
data/lib/datadog/di/contrib.rb +28 -0
data/lib/datadog/di/error.rb +5 -0
data/lib/datadog/di/instrumenter.rb +111 -20
data/lib/datadog/di/logger.rb +30 -0
data/lib/datadog/di/preload.rb +18 -0
data/lib/datadog/di/probe.rb +14 -7
data/lib/datadog/di/probe_builder.rb +1 -0
data/lib/datadog/di/probe_manager.rb +11 -5
data/lib/datadog/di/probe_notification_builder.rb +34 -8
data/lib/datadog/di/probe_notifier_worker.rb +52 -26
data/lib/datadog/di/redactor.rb +0 -1
data/lib/datadog/di/remote.rb +147 -0
data/lib/datadog/di/serializer.rb +14 -7
data/lib/datadog/di/transport/diagnostics.rb +62 -0
data/lib/datadog/di/transport/http/api.rb +42 -0
data/lib/datadog/di/transport/http/client.rb +47 -0
data/lib/datadog/di/transport/http/diagnostics.rb +65 -0
data/lib/datadog/di/transport/http/input.rb +67 -0
data/lib/datadog/di/transport/http.rb +57 -0
data/lib/datadog/di/transport/input.rb +62 -0
data/lib/datadog/di/utils.rb +103 -0
data/lib/datadog/di.rb +14 -76
data/lib/datadog/error_tracking/collector.rb +87 -0
data/lib/datadog/error_tracking/component.rb +167 -0
data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
data/lib/datadog/error_tracking/configuration.rb +11 -0
data/lib/datadog/error_tracking/ext.rb +18 -0
data/lib/datadog/error_tracking/extensions.rb +16 -0
data/lib/datadog/error_tracking/filters.rb +77 -0
data/lib/datadog/error_tracking.rb +18 -0
data/lib/datadog/kit/appsec/events.rb +15 -3
data/lib/datadog/kit/identity.rb +9 -5
data/lib/datadog/opentelemetry/api/baggage.rb +90 -0
data/lib/datadog/opentelemetry/api/baggage.rbs +26 -0
data/lib/datadog/opentelemetry/api/context.rb +16 -2
data/lib/datadog/opentelemetry/sdk/trace/span.rb +1 -1
data/lib/datadog/opentelemetry.rb +2 -1
data/lib/datadog/profiling/collectors/code_provenance.rb +1 -1
data/lib/datadog/profiling/collectors/info.rb +3 -0
data/lib/datadog/profiling/collectors/thread_context.rb +1 -1
data/lib/datadog/profiling/component.rb +60 -76
data/lib/datadog/profiling/encoded_profile.rb +11 -0
data/lib/datadog/profiling/exporter.rb +3 -4
data/lib/datadog/profiling/ext.rb +0 -2
data/lib/datadog/profiling/flush.rb +5 -8
data/lib/datadog/profiling/http_transport.rb +6 -85
data/lib/datadog/profiling/load_native_extension.rb +1 -33
data/lib/datadog/profiling/scheduler.rb +8 -1
data/lib/datadog/profiling/stack_recorder.rb +4 -4
data/lib/datadog/profiling/tag_builder.rb +1 -5
data/lib/datadog/profiling.rb +6 -2
data/lib/datadog/tracing/analytics.rb +1 -1
data/lib/datadog/tracing/component.rb +16 -12
data/lib/datadog/tracing/configuration/ext.rb +8 -1
data/lib/datadog/tracing/configuration/settings.rb +22 -10
data/lib/datadog/tracing/context_provider.rb +1 -1
data/lib/datadog/tracing/contrib/action_cable/integration.rb +5 -2
data/lib/datadog/tracing/contrib/action_mailer/integration.rb +6 -2
data/lib/datadog/tracing/contrib/action_pack/integration.rb +5 -2
data/lib/datadog/tracing/contrib/action_view/integration.rb +5 -2
data/lib/datadog/tracing/contrib/active_job/integration.rb +5 -2
data/lib/datadog/tracing/contrib/active_record/integration.rb +7 -3
data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +7 -2
data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +36 -1
data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +4 -0
data/lib/datadog/tracing/contrib/active_support/cache/redis.rb +14 -4
data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -0
data/lib/datadog/tracing/contrib/active_support/integration.rb +5 -2
data/lib/datadog/tracing/contrib/auto_instrument.rb +2 -2
data/lib/datadog/tracing/contrib/aws/instrumentation.rb +10 -0
data/lib/datadog/tracing/contrib/aws/integration.rb +3 -0
data/lib/datadog/tracing/contrib/aws/parsed_context.rb +5 -1
data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +3 -0
data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +4 -0
data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +6 -1
data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +4 -5
data/lib/datadog/tracing/contrib/excon/middleware.rb +5 -3
data/lib/datadog/tracing/contrib/ext.rb +1 -0
data/lib/datadog/tracing/contrib/extensions.rb +29 -3
data/lib/datadog/tracing/contrib/faraday/middleware.rb +5 -3
data/lib/datadog/tracing/contrib/graphql/configuration/error_extension_env_parser.rb +21 -0
data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +11 -0
data/lib/datadog/tracing/contrib/graphql/ext.rb +5 -0
data/lib/datadog/tracing/contrib/graphql/unified_trace.rb +102 -11
data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +7 -1
data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +3 -0
data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +0 -15
data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +4 -1
data/lib/datadog/tracing/contrib/http/instrumentation.rb +6 -10
data/lib/datadog/tracing/contrib/http/integration.rb +3 -0
data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +6 -16
data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +7 -15
data/lib/datadog/tracing/contrib/httprb/integration.rb +3 -0
data/lib/datadog/tracing/contrib/kafka/integration.rb +3 -0
data/lib/datadog/tracing/contrib/karafka/configuration/settings.rb +27 -0
data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +48 -0
data/lib/datadog/tracing/contrib/karafka/ext.rb +27 -0
data/lib/datadog/tracing/contrib/karafka/integration.rb +45 -0
data/lib/datadog/tracing/contrib/karafka/monitor.rb +66 -0
data/lib/datadog/tracing/contrib/karafka/patcher.rb +71 -0
data/lib/datadog/tracing/contrib/karafka.rb +37 -0
data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +8 -0
data/lib/datadog/tracing/contrib/mongodb/ext.rb +1 -0
data/lib/datadog/tracing/contrib/mongodb/integration.rb +3 -0
data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +18 -1
data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
data/lib/datadog/tracing/contrib/opensearch/ext.rb +9 -0
data/lib/datadog/tracing/contrib/opensearch/integration.rb +3 -0
data/lib/datadog/tracing/contrib/opensearch/patcher.rb +5 -1
data/lib/datadog/tracing/contrib/patcher.rb +5 -2
data/lib/datadog/tracing/contrib/presto/integration.rb +3 -0
data/lib/datadog/tracing/contrib/rack/header_collection.rb +11 -1
data/lib/datadog/tracing/contrib/rack/integration.rb +2 -2
data/lib/datadog/tracing/contrib/rack/middlewares.rb +1 -1
data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
data/lib/datadog/tracing/contrib/rails/framework.rb +2 -2
data/lib/datadog/tracing/contrib/rails/patcher.rb +1 -1
data/lib/datadog/tracing/contrib/rest_client/integration.rb +3 -0
data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +5 -3
data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +6 -1
data/lib/datadog/tracing/contrib/sidekiq/distributed/propagation.rb +3 -0
data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +1 -1
data/lib/datadog/tracing/contrib/span_attribute_schema.rb +6 -1
data/lib/datadog/tracing/contrib/support.rb +28 -0
data/lib/datadog/tracing/contrib.rb +1 -0
data/lib/datadog/tracing/correlation.rb +9 -2
data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
data/lib/datadog/tracing/distributed/baggage.rb +131 -0
data/lib/datadog/tracing/distributed/datadog.rb +4 -2
data/lib/datadog/tracing/distributed/propagation.rb +25 -4
data/lib/datadog/tracing/distributed/propagation_policy.rb +42 -0
data/lib/datadog/tracing/metadata/errors.rb +4 -4
data/lib/datadog/tracing/metadata/ext.rb +5 -0
data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
data/lib/datadog/tracing/metadata.rb +2 -0
data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
data/lib/datadog/tracing/sampling/span/rule.rb +0 -1
data/lib/datadog/tracing/span.rb +22 -5
data/lib/datadog/tracing/span_event.rb +124 -4
data/lib/datadog/tracing/span_operation.rb +52 -16
data/lib/datadog/tracing/sync_writer.rb +9 -5
data/lib/datadog/tracing/trace_digest.rb +9 -2
data/lib/datadog/tracing/trace_operation.rb +44 -24
data/lib/datadog/tracing/trace_segment.rb +6 -4
data/lib/datadog/tracing/tracer.rb +60 -12
data/lib/datadog/tracing/transport/http/api.rb +5 -4
data/lib/datadog/tracing/transport/http/client.rb +5 -4
data/lib/datadog/tracing/transport/http/traces.rb +13 -44
data/lib/datadog/tracing/transport/http.rb +13 -70
data/lib/datadog/tracing/transport/serializable_trace.rb +31 -7
data/lib/datadog/tracing/transport/trace_formatter.rb +7 -0
data/lib/datadog/tracing/transport/traces.rb +47 -13
data/lib/datadog/tracing/utils.rb +1 -1
data/lib/datadog/tracing/workers/trace_writer.rb +8 -5
data/lib/datadog/tracing/workers.rb +5 -4
data/lib/datadog/tracing/writer.rb +10 -6
data/lib/datadog/tracing.rb +16 -3
data/lib/datadog/version.rb +2 -2
data/lib/datadog.rb +2 -0
metadata +143 -50
data/ext/datadog_profiling_loader/datadog_profiling_loader.c +0 -142
data/ext/datadog_profiling_loader/extconf.rb +0 -60
data/lib/datadog/appsec/contrib/devise/event.rb +0 -57
data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +0 -77
data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +0 -54
data/lib/datadog/appsec/contrib/devise/resource.rb +0 -35
data/lib/datadog/appsec/contrib/devise/tracking.rb +0 -57
data/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb +0 -46
data/lib/datadog/appsec/contrib/patcher.rb +0 -12
data/lib/datadog/appsec/contrib/rack/reactive/request.rb +0 -69
data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +0 -47
data/lib/datadog/appsec/contrib/rack/reactive/response.rb +0 -53
data/lib/datadog/appsec/contrib/rails/reactive/action.rb +0 -53
data/lib/datadog/appsec/contrib/sinatra/ext.rb +0 -14
data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +0 -48
data/lib/datadog/appsec/monitor/reactive/set_user.rb +0 -45
data/lib/datadog/appsec/processor/actions.rb +0 -49
data/lib/datadog/appsec/processor/context.rb +0 -107
data/lib/datadog/appsec/reactive/address_hash.rb +0 -22
data/lib/datadog/appsec/reactive/engine.rb +0 -47
data/lib/datadog/appsec/reactive/operation.rb +0 -68
data/lib/datadog/appsec/reactive/subscriber.rb +0 -19
data/lib/datadog/appsec/scope.rb +0 -58
data/lib/datadog/appsec/utils/trace_operation.rb +0 -15
data/lib/datadog/core/crashtracking/agent_base_url.rb +0 -21
data/lib/datadog/core/remote/transport/http/api/instance.rb +0 -39
data/lib/datadog/core/remote/transport/http/api/spec.rb +0 -21
data/lib/datadog/core/remote/transport/http/builder.rb +0 -219
data/lib/datadog/core/telemetry/http/env.rb +0 -20
data/lib/datadog/core/telemetry/http/ext.rb +0 -28
data/lib/datadog/core/telemetry/http/response.rb +0 -70
data/lib/datadog/core/telemetry/http/transport.rb +0 -90
data/lib/datadog/di/transport.rb +0 -81
data/lib/datadog/tracing/transport/http/api/spec.rb +0 -19

data/lib/datadog/appsec/contrib/faraday/patcher.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # Patcher for Faraday
+        module Patcher
+          module_function
+          def patched?
+            Patcher.instance_variable_get(:@patched)
+          end
+          def target_version
+            Integration.version
+          end
+          def patch
+            require_relative 'ssrf_detection_middleware'
+            require_relative 'connection_patch'
+            require_relative 'rack_builder_patch'
+            ::Faraday::Middleware.register_middleware(datadog_appsec: SSRFDetectionMiddleware)
+            configure_default_faraday_connection
+            Patcher.instance_variable_set(:@patched, true)
+          end
+          def configure_default_faraday_connection
+            if target_version >= Gem::Version.new('1.0.0')
+              # Patch the default connection (e.g. +Faraday.get+)
+              ::Faraday.default_connection.use(:datadog_appsec)
+              # Patch new connection instances (e.g. +Faraday.new+)
+              ::Faraday::Connection.prepend(ConnectionPatch)
+            else
+              # Patch the default connection (e.g. +Faraday.get+)
+              #
+              # We insert our middleware before the 'adapter', which is
+              # always the last handler.
+              idx = ::Faraday.default_connection.builder.handlers.size - 1
+              ::Faraday.default_connection.builder.insert(idx, SSRFDetectionMiddleware)
+              # Patch new connection instances (e.g. +Faraday.new+)
+              ::Faraday::RackBuilder.prepend(RackBuilderPatch)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/faraday/rack_builder_patch.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # Handles installation of our middleware if the user has *not*
+        # already explicitly configured it for this correction.
+        #
+        # RackBuilder class was introduced in faraday 0.9.0:
+        # https://github.com/lostisland/faraday/commit/77d7546d6d626b91086f427c56bc2cdd951353b3
+        module RackBuilderPatch
+          def adapter(*args)
+            use(:datadog_appsec) unless @handlers.any? { |h| h.klass == SSRFDetectionMiddleware }
+            super
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# rubocop:disable Naming/FileName
+# frozen_string_literal: true
+require_relative '../../event'
+require_relative '../../security_event'
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # AppSec SSRF detection Middleware for Faraday
+        class SSRFDetectionMiddleware < ::Faraday::Middleware
+          def call(request_env)
+            context = AppSec.active_context
+            return @app.call(request_env) unless context && AppSec.rasp_enabled?
+            ephemeral_data = {
+              'server.io.net.url' => request_env.url.to_s
+            }
+            result = context.run_rasp(Ext::RASP_SSRF, {}, ephemeral_data, Datadog.configuration.appsec.waf_timeout)
+            if result.match?
+              AppSec::Event.tag_and_keep!(context, result)
+              context.events.push(
+                AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
+              )
+              AppSec::ActionsHandler.handle(result.actions)
+            end
+            @app.call(request_env)
+          end
+        end
+      end
+    end
+  end
+end
+# rubocop:enable Naming/FileName

data/lib/datadog/appsec/contrib/graphql/appsec_trace.rb CHANGED Viewed

@@ -16,16 +16,10 @@ module Datadog
             gateway_multiplex = Gateway::Multiplex.new(multiplex)
-            multiplex_return, multiplex_response = Instrumentation.gateway.push('graphql.multiplex', gateway_multiplex) do
+            multiplex_return, _gateway_multiplex = Instrumentation.gateway.push('graphql.multiplex', gateway_multiplex) do
               super
             end
-            # Returns an error * the number of queries so that the entire multiplex is blocked
-            if multiplex_response
-              blocked_event = multiplex_response.find { |action, _options| action == :block }
-              multiplex_return = AppSec::Response.graphql_response(gateway_multiplex) if blocked_event
-            end
             multiplex_return
           end
         end

data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb CHANGED Viewed

@@ -1,9 +1,10 @@
 # frozen_string_literal: true
 require 'json'
+require_relative '../../../event'
+require_relative '../../../security_event'
 require_relative '../../../instrumentation/gateway'
-require_relative '../reactive/multiplex'
-require_relative '../../../reactive/operation'
 module Datadog
   module AppSec
@@ -19,43 +20,29 @@ module Datadog
                 watch_multiplex(gateway)
               end
-              # This time we don't throw but use next
               def watch_multiplex(gateway = Instrumentation.gateway)
                 gateway.watch('graphql.multiplex', :appsec) do |stack, gateway_multiplex|
-                  block = false
-                  event = nil
-                  scope = AppSec::Scope.active_scope
-                  if scope
-                    AppSec::Reactive::Operation.new('graphql.multiplex') do |op|
-                      GraphQL::Reactive::Multiplex.subscribe(op, scope.processor_context) do |result|
-                        event = {
-                          waf_result: result,
-                          trace: scope.trace,
-                          span: scope.service_entry_span,
-                          multiplex: gateway_multiplex,
-                          actions: result.actions
-                        }
+                  context = AppSec::Context.active
-                        Datadog::AppSec::Event.tag_and_keep!(scope, result)
-                        scope.processor_context.events << event
-                      end
+                  if context
+                    persistent_data = {
+                      'graphql.server.all_resolvers' => gateway_multiplex.arguments
+                    }
-                      block = GraphQL::Reactive::Multiplex.publish(op, gateway_multiplex)
-                    end
-                  end
+                    result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
-                  next [nil, [[:block, event]]] if block
+                    if result.match?
+                      AppSec::Event.tag_and_keep!(context, result)
-                  ret, res = stack.call(gateway_multiplex.arguments)
+                      context.events.push(
+                        AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
+                      )
-                  if event
-                    res ||= []
-                    res << [:monitor, event]
+                      AppSec::ActionsHandler.handle(result.actions)
+                    end
                   end
-                  [ret, res]
+                  stack.call(gateway_multiplex.arguments)
                 end
               end
             end

data/lib/datadog/appsec/contrib/graphql/integration.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module Datadog
           register_as :graphql, auto_patch: false
           def self.version
-            Gem.loaded_specs['graphql'] && Gem.loaded_specs['graphql'].version
+            Gem.loaded_specs['graphql']&.version
           end
           def self.loaded?

data/lib/datadog/appsec/contrib/graphql/patcher.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
-require_relative '../patcher'
 require_relative 'gateway/watcher'
 if Gem.loaded_specs['graphql'] && Gem.loaded_specs['graphql'].version >= Gem::Version.new('2.0.19')
@@ -13,8 +12,6 @@ module Datadog
       module GraphQL
         # Patcher for AppSec on GraphQL
         module Patcher
-          include Datadog::AppSec::Contrib::Patcher
           module_function
           def patched?

data/lib/datadog/appsec/contrib/rack/ext.rb CHANGED Viewed

@@ -6,6 +6,40 @@ module Datadog
       module Rack
         # Rack integration constants
         module Ext
+          COLLECTABLE_REQUEST_HEADERS = [
+            'accept',
+            'akamai-user-risk',
+            'cf-ray',
+            'cloudfront-viewer-ja3-fingerprint',
+            'content-type',
+            'user-agent',
+            'x-amzn-trace-Id',
+            'x-appgw-trace-id',
+            'x-cloud-trace-context',
+            'x-sigsci-requestid',
+            'x-sigsci-tags'
+          ].freeze
+          IDENTITY_COLLECTABLE_REQUEST_HEADERS = [
+            'accept-encoding',
+            'accept-language',
+            'cf-connecting-ip',
+            'cf-connecting-ipv6',
+            'content-encoding',
+            'content-language',
+            'content-length',
+            'fastly-client-ip',
+            'forwarded',
+            'forwarded-for',
+            'host',
+            'true-client-ip',
+            'via',
+            'x-client-ip',
+            'x-cluster-client-ip',
+            'x-forwarded',
+            'x-forwarded-for',
+            'x-real-ip'
+          ].freeze
         end
       end
     end

data/lib/datadog/appsec/contrib/rack/gateway/response.rb CHANGED Viewed

@@ -9,14 +9,14 @@ module Datadog
         module Gateway
           # Gateway Response argument.
           class Response < Instrumentation::Gateway::Argument
-            attr_reader :body, :status, :headers, :scope
+            attr_reader :body, :status, :headers, :context
-            def initialize(body, status, headers, scope:)
+            def initialize(body, status, headers, context:)
               super()
               @body = body
               @status = status
               @headers = headers.each_with_object({}) { |(k, v), h| h[k.downcase] = v }
-              @scope = scope
+              @context = context
             end
             def response

data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb CHANGED Viewed

@@ -1,11 +1,9 @@
 # frozen_string_literal: true
-require_relative '../../../instrumentation/gateway'
-require_relative '../../../reactive/operation'
-require_relative '../reactive/request'
-require_relative '../reactive/request_body'
-require_relative '../reactive/response'
+require_relative '../ext'
 require_relative '../../../event'
+require_relative '../../../security_event'
+require_relative '../../../instrumentation/gateway'
 module Datadog
   module AppSec
@@ -21,130 +19,112 @@ module Datadog
                 watch_request(gateway)
                 watch_response(gateway)
                 watch_request_body(gateway)
+                watch_request_finish(gateway)
               end
               def watch_request(gateway = Instrumentation.gateway)
                 gateway.watch('rack.request', :appsec) do |stack, gateway_request|
-                  block = false
-                  event = nil
-                  scope = gateway_request.env[Datadog::AppSec::Ext::SCOPE_KEY]
-                  AppSec::Reactive::Operation.new('rack.request') do |op|
-                    Rack::Reactive::Request.subscribe(op, scope.processor_context) do |result|
-                      if result.status == :match
-                        # TODO: should this hash be an Event instance instead?
-                        event = {
-                          waf_result: result,
-                          trace: scope.trace,
-                          span: scope.service_entry_span,
-                          request: gateway_request,
-                          actions: result.actions
-                        }
-                        # We want to keep the trace in case of security event
-                        scope.trace.keep! if scope.trace
-                        Datadog::AppSec::Event.tag_and_keep!(scope, result)
-                        scope.processor_context.events << event
-                      end
-                    end
-                    block = Rack::Reactive::Request.publish(op, gateway_request)
+                  context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
+                  persistent_data = {
+                    'server.request.cookies' => gateway_request.cookies,
+                    'server.request.query' => gateway_request.query,
+                    'server.request.uri.raw' => gateway_request.fullpath,
+                    'server.request.headers' => gateway_request.headers,
+                    'server.request.headers.no_cookies' => gateway_request.headers.dup.tap { |h| h.delete('cookie') },
+                    'http.client_ip' => gateway_request.client_ip,
+                    'server.request.method' => gateway_request.method
+                  }
+                  result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
+                  if result.match? || !result.derivatives.empty?
+                    context.events.push(
+                      AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
+                    )
                   end
-                  next [nil, [[:block, event]]] if block
-                  ret, res = stack.call(gateway_request.request)
-                  if event
-                    res ||= []
-                    res << [:monitor, event]
+                  if result.match?
+                    AppSec::Event.tag_and_keep!(context, result)
+                    AppSec::ActionsHandler.handle(result.actions)
                   end
-                  [ret, res]
+                  stack.call(gateway_request.request)
                 end
               end
               def watch_response(gateway = Instrumentation.gateway)
                 gateway.watch('rack.response', :appsec) do |stack, gateway_response|
-                  block = false
-                  event = nil
-                  scope = gateway_response.scope
-                  AppSec::Reactive::Operation.new('rack.response') do |op|
-                    Rack::Reactive::Response.subscribe(op, scope.processor_context) do |result|
-                      if result.status == :match
-                        # TODO: should this hash be an Event instance instead?
-                        event = {
-                          waf_result: result,
-                          trace: scope.trace,
-                          span: scope.service_entry_span,
-                          response: gateway_response,
-                          actions: result.actions
-                        }
-                        # We want to keep the trace in case of security event
-                        scope.trace.keep! if scope.trace
-                        Datadog::AppSec::Event.tag_and_keep!(scope, result)
-                        scope.processor_context.events << event
-                      end
-                    end
+                  context = gateway_response.context
-                    block = Rack::Reactive::Response.publish(op, gateway_response)
-                  end
+                  persistent_data = {
+                    'server.response.status' => gateway_response.status.to_s,
+                    'server.response.headers' => gateway_response.headers,
+                    'server.response.headers.no_cookies' => gateway_response.headers.dup.tap { |h| h.delete('set-cookie') }
+                  }
-                  next [nil, [[:block, event]]] if block
+                  result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
-                  ret, res = stack.call(gateway_response.response)
+                  if result.match?
+                    AppSec::Event.tag_and_keep!(context, result)
-                  if event
-                    res ||= []
-                    res << [:monitor, event]
+                    context.events.push(
+                      AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
+                    )
+                    AppSec::ActionsHandler.handle(result.actions)
                   end
-                  [ret, res]
+                  stack.call(gateway_response.response)
                 end
               end
               def watch_request_body(gateway = Instrumentation.gateway)
                 gateway.watch('rack.request.body', :appsec) do |stack, gateway_request|
-                  block = false
-                  event = nil
-                  scope = gateway_request.env[Datadog::AppSec::Ext::SCOPE_KEY]
-                  AppSec::Reactive::Operation.new('rack.request.body') do |op|
-                    Rack::Reactive::RequestBody.subscribe(op, scope.processor_context) do |result|
-                      if result.status == :match
-                        # TODO: should this hash be an Event instance instead?
-                        event = {
-                          waf_result: result,
-                          trace: scope.trace,
-                          span: scope.service_entry_span,
-                          request: gateway_request,
-                          actions: result.actions
-                        }
-                        # We want to keep the trace in case of security event
-                        scope.trace.keep! if scope.trace
-                        Datadog::AppSec::Event.tag_and_keep!(scope, result)
-                        scope.processor_context.events << event
-                      end
-                    end
+                  context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
-                    block = Rack::Reactive::RequestBody.publish(op, gateway_request)
+                  persistent_data = {
+                    'server.request.body' => gateway_request.form_hash
+                  }
+                  result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
+                  if result.match?
+                    AppSec::Event.tag_and_keep!(context, result)
+                    context.events.push(
+                      AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
+                    )
+                    AppSec::ActionsHandler.handle(result.actions)
                   end
-                  next [nil, [[:block, event]]] if block
+                  stack.call(gateway_request.request)
+                end
+              end
+              # NOTE: In the current state we unable to substibe twice to the same
+              #       event within the same group. Ideally this code should live
+              #       somewhere closer to identity related monitor.
+              # WARNING: The Gateway is a subject of refactoring
+              def watch_request_finish(gateway = Instrumentation.gateway)
+                gateway.watch('rack.request.finish', :appsec) do |stack, gateway_request|
+                  context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
-                  ret, res = stack.call(gateway_request.request)
+                  if context.span.nil? || !gateway.pushed?('appsec.events.user_lifecycle')
+                    next stack.call(gateway_request.request)
+                  end
+                  gateway_request.headers.each do |name, value|
+                    if !Ext::COLLECTABLE_REQUEST_HEADERS.include?(name) &&
+                        !Ext::IDENTITY_COLLECTABLE_REQUEST_HEADERS.include?(name)
+                      next
+                    end
-                  if event
-                    res ||= []
-                    res << [:monitor, event]
+                    context.span["http.request.headers.#{name}"] ||= value
                   end
-                  [ret, res]
+                  stack.call(gateway_request.request)
                 end
               end
             end

data/lib/datadog/appsec/contrib/rack/integration.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Datadog
           register_as :rack, auto_patch: false
           def self.version
-            Gem.loaded_specs['rack'] && Gem.loaded_specs['rack'].version
+            Gem.loaded_specs['rack']&.version
           end
           def self.loaded?

data/lib/datadog/appsec/contrib/rack/patcher.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
-require_relative '../patcher'
 require_relative '../../monitor'
 require_relative 'gateway/watcher'
@@ -10,8 +9,6 @@ module Datadog
       module Rack
         # Patcher for Rack integration
         module Patcher
-          include Datadog::AppSec::Contrib::Patcher
           module_function
           def patched?

data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb CHANGED Viewed

@@ -17,25 +17,24 @@ module Datadog
           end
           def call(env)
-            context = env[Datadog::AppSec::Ext::SCOPE_KEY]
+            context = env[Datadog::AppSec::Ext::CONTEXT_KEY]
             return @app.call(env) unless context
             # TODO: handle exceptions, except for @app.call
-            request_return, request_response = Instrumentation.gateway.push(
-              'rack.request.body',
-              Gateway::Request.new(env)
-            ) do
-              @app.call(env)
-            end
+            http_response = nil
+            interrupt_params = catch(::Datadog::AppSec::Ext::INTERRUPT) do
+              http_response, _request = Instrumentation.gateway.push('rack.request.body', Gateway::Request.new(env)) do
+                @app.call(env)
+              end
-            if request_response
-              blocked_event = request_response.find { |action, _event| action == :block }
-              request_return = AppSec::Response.negotiate(env, blocked_event.last[:actions]).to_rack if blocked_event
+              nil
             end
-            request_return
+            return AppSec::Response.from_interrupt_params(interrupt_params, env['HTTP_ACCEPT']).to_rack if interrupt_params
+            http_response
           end
         end
       end