RubyGems - datadog - Versions diffs - 2.7.1 → 2.18.0 - Mend

datadog 2.7.1 → 2.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (441) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +353 -1
data/ext/datadog_profiling_native_extension/clock_id.h +2 -2
data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +78 -102
data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +1 -1
data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +1 -1
data/ext/datadog_profiling_native_extension/collectors_idle_sampling_helper.c +16 -16
data/ext/datadog_profiling_native_extension/collectors_stack.c +235 -57
data/ext/datadog_profiling_native_extension/collectors_stack.h +21 -5
data/ext/datadog_profiling_native_extension/collectors_thread_context.c +376 -156
data/ext/datadog_profiling_native_extension/collectors_thread_context.h +1 -0
data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
data/ext/datadog_profiling_native_extension/encoded_profile.c +79 -0
data/ext/datadog_profiling_native_extension/encoded_profile.h +8 -0
data/ext/datadog_profiling_native_extension/extconf.rb +14 -8
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.c +2 -0
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.h +0 -8
data/ext/datadog_profiling_native_extension/heap_recorder.c +295 -532
data/ext/datadog_profiling_native_extension/heap_recorder.h +6 -8
data/ext/datadog_profiling_native_extension/http_transport.c +64 -98
data/ext/datadog_profiling_native_extension/libdatadog_helpers.c +22 -0
data/ext/datadog_profiling_native_extension/libdatadog_helpers.h +8 -5
data/ext/datadog_profiling_native_extension/private_vm_api_access.c +69 -1
data/ext/datadog_profiling_native_extension/private_vm_api_access.h +16 -4
data/ext/datadog_profiling_native_extension/profiling.c +19 -8
data/ext/datadog_profiling_native_extension/ruby_helpers.c +9 -21
data/ext/datadog_profiling_native_extension/ruby_helpers.h +2 -10
data/ext/datadog_profiling_native_extension/stack_recorder.c +231 -181
data/ext/datadog_profiling_native_extension/stack_recorder.h +2 -2
data/ext/datadog_profiling_native_extension/time_helpers.h +1 -1
data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.c +47 -0
data/ext/datadog_profiling_native_extension/unsafe_api_calls_check.h +31 -0
data/ext/libdatadog_api/crashtracker.c +17 -15
data/ext/libdatadog_api/crashtracker.h +5 -0
data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
data/ext/libdatadog_api/extconf.rb +2 -2
data/ext/libdatadog_api/init.c +15 -0
data/ext/libdatadog_api/library_config.c +164 -0
data/ext/libdatadog_api/library_config.h +25 -0
data/ext/libdatadog_api/macos_development.md +3 -3
data/ext/libdatadog_api/process_discovery.c +112 -0
data/ext/libdatadog_api/process_discovery.h +5 -0
data/ext/libdatadog_extconf_helpers.rb +2 -2
data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb +89 -0
data/lib/datadog/appsec/actions_handler.rb +49 -0
data/lib/datadog/appsec/anonymizer.rb +16 -0
data/lib/datadog/appsec/api_security/lru_cache.rb +56 -0
data/lib/datadog/appsec/api_security/route_extractor.rb +65 -0
data/lib/datadog/appsec/api_security/sampler.rb +59 -0
data/lib/datadog/appsec/api_security.rb +23 -0
data/lib/datadog/appsec/assets/waf_rules/README.md +50 -5
data/lib/datadog/appsec/assets/waf_rules/recommended.json +623 -253
data/lib/datadog/appsec/assets/waf_rules/strict.json +69 -107
data/lib/datadog/appsec/autoload.rb +1 -1
data/lib/datadog/appsec/component.rb +49 -65
data/lib/datadog/appsec/compressed_json.rb +40 -0
data/lib/datadog/appsec/configuration/settings.rb +212 -27
data/lib/datadog/appsec/context.rb +74 -0
data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +92 -0
data/lib/datadog/appsec/contrib/active_record/integration.rb +41 -0
data/lib/datadog/appsec/contrib/active_record/patcher.rb +101 -0
data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
data/lib/datadog/appsec/contrib/devise/configuration.rb +52 -0
data/lib/datadog/appsec/contrib/devise/data_extractor.rb +78 -0
data/lib/datadog/appsec/contrib/devise/ext.rb +22 -0
data/lib/datadog/appsec/contrib/devise/integration.rb +1 -2
data/lib/datadog/appsec/contrib/devise/patcher.rb +33 -25
data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +102 -0
data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb +69 -0
data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} +3 -3
data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +106 -0
data/lib/datadog/appsec/contrib/excon/integration.rb +41 -0
data/lib/datadog/appsec/contrib/excon/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +42 -0
data/lib/datadog/appsec/contrib/faraday/connection_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/integration.rb +42 -0
data/lib/datadog/appsec/contrib/faraday/patcher.rb +53 -0
data/lib/datadog/appsec/contrib/faraday/rack_builder_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +41 -0
data/lib/datadog/appsec/contrib/graphql/appsec_trace.rb +1 -7
data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +17 -30
data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
data/lib/datadog/appsec/contrib/graphql/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/ext.rb +34 -0
data/lib/datadog/appsec/contrib/rack/gateway/response.rb +3 -3
data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +78 -98
data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rack/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +10 -11
data/lib/datadog/appsec/contrib/rack/request_middleware.rb +73 -78
data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +16 -33
data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
data/lib/datadog/appsec/contrib/rails/patcher.rb +25 -38
data/lib/datadog/appsec/contrib/rest_client/integration.rb +45 -0
data/lib/datadog/appsec/contrib/rest_client/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +38 -0
data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +31 -68
data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
data/lib/datadog/appsec/contrib/sinatra/patcher.rb +5 -31
data/lib/datadog/appsec/event.rb +96 -135
data/lib/datadog/appsec/ext.rb +12 -3
data/lib/datadog/appsec/instrumentation/gateway/argument.rb +7 -2
data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
data/lib/datadog/appsec/metrics/collector.rb +38 -0
data/lib/datadog/appsec/metrics/exporter.rb +35 -0
data/lib/datadog/appsec/metrics/telemetry.rb +23 -0
data/lib/datadog/appsec/metrics.rb +13 -0
data/lib/datadog/appsec/monitor/gateway/watcher.rb +52 -32
data/lib/datadog/appsec/processor/rule_loader.rb +30 -36
data/lib/datadog/appsec/remote.rb +31 -57
data/lib/datadog/appsec/response.rb +19 -85
data/lib/datadog/appsec/security_engine/engine.rb +194 -0
data/lib/datadog/appsec/security_engine/result.rb +67 -0
data/lib/datadog/appsec/security_engine/runner.rb +87 -0
data/lib/datadog/appsec/security_engine.rb +9 -0
data/lib/datadog/appsec/security_event.rb +39 -0
data/lib/datadog/appsec/utils.rb +0 -2
data/lib/datadog/appsec.rb +22 -12
data/lib/datadog/auto_instrument.rb +3 -0
data/lib/datadog/core/buffer/random.rb +18 -2
data/lib/datadog/core/configuration/agent_settings.rb +52 -0
data/lib/datadog/core/configuration/agent_settings_resolver.rb +4 -18
data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
data/lib/datadog/core/configuration/components.rb +74 -32
data/lib/datadog/core/configuration/components_state.rb +23 -0
data/lib/datadog/core/configuration/ext.rb +5 -1
data/lib/datadog/core/configuration/option.rb +81 -45
data/lib/datadog/core/configuration/option_definition.rb +6 -4
data/lib/datadog/core/configuration/options.rb +3 -3
data/lib/datadog/core/configuration/settings.rb +121 -50
data/lib/datadog/core/configuration/stable_config.rb +22 -0
data/lib/datadog/core/configuration.rb +43 -11
data/lib/datadog/{tracing → core}/contrib/rails/utils.rb +1 -3
data/lib/datadog/core/crashtracking/component.rb +4 -13
data/lib/datadog/core/crashtracking/tag_builder.rb +4 -22
data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
data/lib/datadog/core/encoding.rb +17 -1
data/lib/datadog/core/environment/agent_info.rb +78 -0
data/lib/datadog/core/environment/cgroup.rb +10 -12
data/lib/datadog/core/environment/container.rb +38 -40
data/lib/datadog/core/environment/ext.rb +6 -6
data/lib/datadog/core/environment/git.rb +1 -0
data/lib/datadog/core/environment/identity.rb +3 -3
data/lib/datadog/core/environment/platform.rb +3 -3
data/lib/datadog/core/environment/variable_helpers.rb +1 -1
data/lib/datadog/core/error.rb +11 -9
data/lib/datadog/core/logger.rb +2 -2
data/lib/datadog/core/metrics/client.rb +27 -27
data/lib/datadog/core/metrics/logging.rb +5 -5
data/lib/datadog/core/process_discovery/tracer_memfd.rb +15 -0
data/lib/datadog/core/process_discovery.rb +36 -0
data/lib/datadog/core/rate_limiter.rb +4 -2
data/lib/datadog/core/remote/client/capabilities.rb +6 -0
data/lib/datadog/core/remote/client.rb +107 -92
data/lib/datadog/core/remote/component.rb +18 -19
data/lib/datadog/core/remote/configuration/digest.rb +7 -7
data/lib/datadog/core/remote/configuration/path.rb +1 -1
data/lib/datadog/core/remote/configuration/repository.rb +14 -1
data/lib/datadog/core/remote/negotiation.rb +9 -9
data/lib/datadog/core/remote/transport/config.rb +4 -3
data/lib/datadog/core/remote/transport/http/api.rb +13 -18
data/lib/datadog/core/remote/transport/http/client.rb +5 -4
data/lib/datadog/core/remote/transport/http/config.rb +27 -55
data/lib/datadog/core/remote/transport/http/negotiation.rb +8 -51
data/lib/datadog/core/remote/transport/http.rb +25 -94
data/lib/datadog/core/remote/transport/negotiation.rb +17 -4
data/lib/datadog/core/remote/worker.rb +10 -7
data/lib/datadog/core/runtime/metrics.rb +12 -5
data/lib/datadog/core/tag_builder.rb +56 -0
data/lib/datadog/core/telemetry/component.rb +84 -49
data/lib/datadog/core/telemetry/emitter.rb +23 -11
data/lib/datadog/core/telemetry/event/app_client_configuration_change.rb +66 -0
data/lib/datadog/core/telemetry/event/app_closing.rb +18 -0
data/lib/datadog/core/telemetry/event/app_dependencies_loaded.rb +33 -0
data/lib/datadog/core/telemetry/event/app_heartbeat.rb +18 -0
data/lib/datadog/core/telemetry/event/app_integrations_change.rb +58 -0
data/lib/datadog/core/telemetry/event/app_started.rb +269 -0
data/lib/datadog/core/telemetry/event/base.rb +40 -0
data/lib/datadog/core/telemetry/event/distributions.rb +18 -0
data/lib/datadog/core/telemetry/event/generate_metrics.rb +43 -0
data/lib/datadog/core/telemetry/event/log.rb +76 -0
data/lib/datadog/core/telemetry/event/message_batch.rb +42 -0
data/lib/datadog/core/telemetry/event/synth_app_client_configuration_change.rb +43 -0
data/lib/datadog/core/telemetry/event.rb +17 -383
data/lib/datadog/core/telemetry/ext.rb +1 -0
data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
data/lib/datadog/core/telemetry/logger.rb +5 -4
data/lib/datadog/core/telemetry/logging.rb +12 -6
data/lib/datadog/core/telemetry/metric.rb +28 -6
data/lib/datadog/core/telemetry/request.rb +4 -4
data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
data/lib/datadog/core/telemetry/transport/http.rb +63 -0
data/lib/datadog/core/telemetry/transport/telemetry.rb +51 -0
data/lib/datadog/core/telemetry/worker.rb +128 -25
data/lib/datadog/core/transport/http/adapters/net.rb +17 -2
data/lib/datadog/core/transport/http/adapters/test.rb +2 -1
data/lib/datadog/core/transport/http/adapters/unix_socket.rb +1 -1
data/lib/datadog/{tracing → core}/transport/http/api/instance.rb +18 -1
data/lib/datadog/core/transport/http/api/spec.rb +36 -0
data/lib/datadog/{tracing → core}/transport/http/builder.rb +53 -31
data/lib/datadog/core/transport/http/env.rb +8 -0
data/lib/datadog/core/transport/http.rb +75 -0
data/lib/datadog/core/transport/response.rb +4 -0
data/lib/datadog/core/utils/at_fork_monkey_patch.rb +6 -6
data/lib/datadog/core/utils/duration.rb +32 -32
data/lib/datadog/core/utils/forking.rb +2 -2
data/lib/datadog/core/utils/network.rb +6 -6
data/lib/datadog/core/utils/only_once_successful.rb +16 -5
data/lib/datadog/core/utils/time.rb +20 -0
data/lib/datadog/core/utils/truncation.rb +21 -0
data/lib/datadog/core/utils.rb +7 -0
data/lib/datadog/core/vendor/multipart-post/multipart/post/composite_read_io.rb +1 -1
data/lib/datadog/core/vendor/multipart-post/multipart/post/multipartable.rb +8 -8
data/lib/datadog/core/vendor/multipart-post/multipart/post/parts.rb +7 -7
data/lib/datadog/core/worker.rb +1 -1
data/lib/datadog/core/workers/async.rb +29 -12
data/lib/datadog/core/workers/interval_loop.rb +12 -1
data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
data/lib/datadog/core.rb +8 -0
data/lib/datadog/di/base.rb +115 -0
data/lib/datadog/di/boot.rb +34 -0
data/lib/datadog/di/code_tracker.rb +26 -15
data/lib/datadog/di/component.rb +23 -14
data/lib/datadog/di/configuration/settings.rb +25 -1
data/lib/datadog/di/contrib/active_record.rb +1 -0
data/lib/datadog/di/contrib/railtie.rb +15 -0
data/lib/datadog/di/contrib.rb +28 -0
data/lib/datadog/di/error.rb +5 -0
data/lib/datadog/di/instrumenter.rb +162 -21
data/lib/datadog/di/logger.rb +30 -0
data/lib/datadog/di/preload.rb +18 -0
data/lib/datadog/di/probe.rb +14 -7
data/lib/datadog/di/probe_builder.rb +1 -0
data/lib/datadog/di/probe_manager.rb +11 -5
data/lib/datadog/di/probe_notification_builder.rb +54 -38
data/lib/datadog/di/probe_notifier_worker.rb +60 -26
data/lib/datadog/di/redactor.rb +0 -1
data/lib/datadog/di/remote.rb +147 -0
data/lib/datadog/di/serializer.rb +19 -8
data/lib/datadog/di/transport/diagnostics.rb +62 -0
data/lib/datadog/di/transport/http/api.rb +42 -0
data/lib/datadog/di/transport/http/client.rb +47 -0
data/lib/datadog/di/transport/http/diagnostics.rb +65 -0
data/lib/datadog/di/transport/http/input.rb +77 -0
data/lib/datadog/di/transport/http.rb +57 -0
data/lib/datadog/di/transport/input.rb +70 -0
data/lib/datadog/di/utils.rb +103 -0
data/lib/datadog/di.rb +14 -76
data/lib/datadog/error_tracking/collector.rb +87 -0
data/lib/datadog/error_tracking/component.rb +167 -0
data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
data/lib/datadog/error_tracking/configuration.rb +11 -0
data/lib/datadog/error_tracking/ext.rb +18 -0
data/lib/datadog/error_tracking/extensions.rb +16 -0
data/lib/datadog/error_tracking/filters.rb +77 -0
data/lib/datadog/error_tracking.rb +18 -0
data/lib/datadog/kit/appsec/events.rb +15 -3
data/lib/datadog/kit/identity.rb +9 -5
data/lib/datadog/opentelemetry/api/baggage.rb +90 -0
data/lib/datadog/opentelemetry/api/baggage.rbs +26 -0
data/lib/datadog/opentelemetry/api/context.rb +16 -2
data/lib/datadog/opentelemetry/sdk/trace/span.rb +1 -1
data/lib/datadog/opentelemetry.rb +2 -1
data/lib/datadog/profiling/collectors/code_provenance.rb +18 -9
data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +4 -0
data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +1 -0
data/lib/datadog/profiling/collectors/info.rb +3 -0
data/lib/datadog/profiling/collectors/thread_context.rb +17 -2
data/lib/datadog/profiling/component.rb +64 -82
data/lib/datadog/profiling/encoded_profile.rb +11 -0
data/lib/datadog/profiling/exporter.rb +3 -4
data/lib/datadog/profiling/ext.rb +0 -14
data/lib/datadog/profiling/flush.rb +5 -8
data/lib/datadog/profiling/http_transport.rb +8 -87
data/lib/datadog/profiling/load_native_extension.rb +1 -33
data/lib/datadog/profiling/profiler.rb +2 -0
data/lib/datadog/profiling/scheduler.rb +10 -2
data/lib/datadog/profiling/stack_recorder.rb +9 -9
data/lib/datadog/profiling/tag_builder.rb +5 -41
data/lib/datadog/profiling/tasks/setup.rb +2 -0
data/lib/datadog/profiling.rb +6 -2
data/lib/datadog/tracing/analytics.rb +1 -1
data/lib/datadog/tracing/component.rb +16 -12
data/lib/datadog/tracing/configuration/ext.rb +8 -1
data/lib/datadog/tracing/configuration/settings.rb +22 -10
data/lib/datadog/tracing/context_provider.rb +1 -1
data/lib/datadog/tracing/contrib/action_cable/integration.rb +5 -2
data/lib/datadog/tracing/contrib/action_mailer/integration.rb +6 -2
data/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb +15 -0
data/lib/datadog/tracing/contrib/action_pack/action_dispatch/instrumentation.rb +19 -12
data/lib/datadog/tracing/contrib/action_pack/ext.rb +2 -0
data/lib/datadog/tracing/contrib/action_pack/integration.rb +5 -2
data/lib/datadog/tracing/contrib/action_view/integration.rb +5 -2
data/lib/datadog/tracing/contrib/active_job/integration.rb +5 -2
data/lib/datadog/tracing/contrib/active_record/integration.rb +7 -3
data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +7 -2
data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +36 -1
data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +4 -0
data/lib/datadog/tracing/contrib/active_support/cache/redis.rb +14 -4
data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -0
data/lib/datadog/tracing/contrib/active_support/integration.rb +5 -2
data/lib/datadog/tracing/contrib/auto_instrument.rb +2 -2
data/lib/datadog/tracing/contrib/aws/instrumentation.rb +10 -0
data/lib/datadog/tracing/contrib/aws/integration.rb +3 -0
data/lib/datadog/tracing/contrib/aws/parsed_context.rb +5 -1
data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +3 -0
data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +4 -0
data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +6 -1
data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +4 -5
data/lib/datadog/tracing/contrib/excon/middleware.rb +5 -3
data/lib/datadog/tracing/contrib/ext.rb +1 -0
data/lib/datadog/tracing/contrib/extensions.rb +29 -3
data/lib/datadog/tracing/contrib/faraday/middleware.rb +5 -3
data/lib/datadog/tracing/contrib/graphql/configuration/error_extension_env_parser.rb +21 -0
data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +11 -0
data/lib/datadog/tracing/contrib/graphql/ext.rb +5 -0
data/lib/datadog/tracing/contrib/graphql/unified_trace.rb +102 -11
data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +7 -1
data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +3 -0
data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +0 -15
data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +4 -1
data/lib/datadog/tracing/contrib/http/instrumentation.rb +6 -10
data/lib/datadog/tracing/contrib/http/integration.rb +3 -0
data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +6 -16
data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +7 -15
data/lib/datadog/tracing/contrib/httprb/integration.rb +3 -0
data/lib/datadog/tracing/contrib/kafka/integration.rb +3 -0
data/lib/datadog/tracing/contrib/karafka/configuration/settings.rb +27 -0
data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +48 -0
data/lib/datadog/tracing/contrib/karafka/ext.rb +27 -0
data/lib/datadog/tracing/contrib/karafka/integration.rb +45 -0
data/lib/datadog/tracing/contrib/karafka/monitor.rb +66 -0
data/lib/datadog/tracing/contrib/karafka/patcher.rb +71 -0
data/lib/datadog/tracing/contrib/karafka.rb +37 -0
data/lib/datadog/tracing/contrib/lograge/patcher.rb +4 -2
data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +8 -0
data/lib/datadog/tracing/contrib/mongodb/ext.rb +1 -0
data/lib/datadog/tracing/contrib/mongodb/integration.rb +3 -0
data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +18 -1
data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
data/lib/datadog/tracing/contrib/opensearch/ext.rb +9 -0
data/lib/datadog/tracing/contrib/opensearch/integration.rb +3 -0
data/lib/datadog/tracing/contrib/opensearch/patcher.rb +5 -1
data/lib/datadog/tracing/contrib/patcher.rb +5 -2
data/lib/datadog/tracing/contrib/presto/integration.rb +3 -0
data/lib/datadog/tracing/contrib/rack/header_collection.rb +11 -1
data/lib/datadog/tracing/contrib/rack/integration.rb +2 -2
data/lib/datadog/tracing/contrib/rack/middlewares.rb +1 -1
data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
data/lib/datadog/tracing/contrib/rails/framework.rb +2 -2
data/lib/datadog/tracing/contrib/rails/patcher.rb +1 -1
data/lib/datadog/tracing/contrib/rest_client/integration.rb +3 -0
data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +5 -3
data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +6 -1
data/lib/datadog/tracing/contrib/sidekiq/distributed/propagation.rb +3 -0
data/lib/datadog/tracing/contrib/sidekiq/ext.rb +1 -0
data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +5 -2
data/lib/datadog/tracing/contrib/span_attribute_schema.rb +6 -1
data/lib/datadog/tracing/contrib/support.rb +28 -0
data/lib/datadog/tracing/contrib.rb +1 -0
data/lib/datadog/tracing/correlation.rb +9 -2
data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
data/lib/datadog/tracing/distributed/baggage.rb +131 -0
data/lib/datadog/tracing/distributed/datadog.rb +4 -2
data/lib/datadog/tracing/distributed/propagation.rb +25 -4
data/lib/datadog/tracing/distributed/propagation_policy.rb +42 -0
data/lib/datadog/tracing/metadata/errors.rb +4 -4
data/lib/datadog/tracing/metadata/ext.rb +5 -0
data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
data/lib/datadog/tracing/metadata.rb +2 -0
data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
data/lib/datadog/tracing/sampling/span/rule.rb +0 -1
data/lib/datadog/tracing/span.rb +22 -5
data/lib/datadog/tracing/span_event.rb +124 -4
data/lib/datadog/tracing/span_operation.rb +52 -16
data/lib/datadog/tracing/sync_writer.rb +10 -6
data/lib/datadog/tracing/trace_digest.rb +9 -2
data/lib/datadog/tracing/trace_operation.rb +55 -27
data/lib/datadog/tracing/trace_segment.rb +6 -4
data/lib/datadog/tracing/tracer.rb +66 -14
data/lib/datadog/tracing/transport/http/api.rb +5 -4
data/lib/datadog/tracing/transport/http/client.rb +5 -4
data/lib/datadog/tracing/transport/http/traces.rb +13 -44
data/lib/datadog/tracing/transport/http.rb +13 -70
data/lib/datadog/tracing/transport/serializable_trace.rb +31 -7
data/lib/datadog/tracing/transport/trace_formatter.rb +7 -0
data/lib/datadog/tracing/transport/traces.rb +47 -13
data/lib/datadog/tracing/utils.rb +1 -1
data/lib/datadog/tracing/workers/trace_writer.rb +8 -5
data/lib/datadog/tracing/workers.rb +5 -4
data/lib/datadog/tracing/writer.rb +10 -6
data/lib/datadog/tracing.rb +16 -3
data/lib/datadog/version.rb +2 -2
data/lib/datadog.rb +2 -0
metadata +149 -54
data/ext/datadog_profiling_loader/datadog_profiling_loader.c +0 -142
data/ext/datadog_profiling_loader/extconf.rb +0 -60
data/lib/datadog/appsec/assets/waf_rules/processors.json +0 -92
data/lib/datadog/appsec/assets/waf_rules/scanners.json +0 -114
data/lib/datadog/appsec/contrib/devise/event.rb +0 -57
data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +0 -77
data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +0 -54
data/lib/datadog/appsec/contrib/devise/resource.rb +0 -35
data/lib/datadog/appsec/contrib/devise/tracking.rb +0 -57
data/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb +0 -46
data/lib/datadog/appsec/contrib/patcher.rb +0 -12
data/lib/datadog/appsec/contrib/rack/reactive/request.rb +0 -69
data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +0 -47
data/lib/datadog/appsec/contrib/rack/reactive/response.rb +0 -53
data/lib/datadog/appsec/contrib/rails/reactive/action.rb +0 -53
data/lib/datadog/appsec/contrib/sinatra/ext.rb +0 -14
data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +0 -48
data/lib/datadog/appsec/monitor/reactive/set_user.rb +0 -45
data/lib/datadog/appsec/processor/actions.rb +0 -49
data/lib/datadog/appsec/processor/context.rb +0 -107
data/lib/datadog/appsec/processor/rule_merger.rb +0 -170
data/lib/datadog/appsec/processor.rb +0 -106
data/lib/datadog/appsec/reactive/address_hash.rb +0 -22
data/lib/datadog/appsec/reactive/engine.rb +0 -47
data/lib/datadog/appsec/reactive/operation.rb +0 -68
data/lib/datadog/appsec/reactive/subscriber.rb +0 -19
data/lib/datadog/appsec/scope.rb +0 -58
data/lib/datadog/appsec/utils/trace_operation.rb +0 -15
data/lib/datadog/core/crashtracking/agent_base_url.rb +0 -21
data/lib/datadog/core/remote/transport/http/api/instance.rb +0 -39
data/lib/datadog/core/remote/transport/http/api/spec.rb +0 -21
data/lib/datadog/core/remote/transport/http/builder.rb +0 -219
data/lib/datadog/core/telemetry/http/env.rb +0 -20
data/lib/datadog/core/telemetry/http/ext.rb +0 -28
data/lib/datadog/core/telemetry/http/response.rb +0 -70
data/lib/datadog/core/telemetry/http/transport.rb +0 -90
data/lib/datadog/di/transport.rb +0 -81
data/lib/datadog/tracing/transport/http/api/spec.rb +0 -19

data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb ADDED Viewed

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module ActionsHandler
+      # This module serves encapsulates MessagePack serialization for caller locations.
+      #
+      # It serializes part of the stack:
+      # up to 32 frames (configurable)
+      # keeping frames from top and bottom of the stack (75% to 25%, configurable).
+      #
+      # It represents the stack trace that is added to span metastruct field.
+      class SerializableBacktrace
+        CLASS_AND_FUNCTION_NAME_REGEX = /\b((?:\w+::)*\w+)?[#.]?\b(\w+)\z/.freeze
+        def initialize(locations:, stack_id:)
+          @stack_id = stack_id
+          @locations = locations
+        end
+        def to_msgpack(packer = nil)
+          # JRuby doesn't pass the packer
+          packer ||= MessagePack::Packer.new
+          packer.write_map_header(3)
+          packer.write('id')
+          packer.write(@stack_id.encode('UTF-8'))
+          packer.write('language')
+          packer.write('ruby'.encode('UTF-8'))
+          serializable_locations_map = build_serializable_locations_map
+          packer.write('frames')
+          packer.write_array_header(serializable_locations_map.size)
+          serializable_locations_map.each do |frame_id, location|
+            packer.write_map_header(6)
+            packer.write('id')
+            packer.write(frame_id)
+            packer.write('text')
+            packer.write(location.to_s.encode('UTF-8'))
+            packer.write('file')
+            packer.write(location.path&.encode('UTF-8'))
+            packer.write('line')
+            packer.write(location.lineno)
+            class_name, function_name = location.label&.match(CLASS_AND_FUNCTION_NAME_REGEX)&.captures
+            packer.write('class_name')
+            packer.write(class_name&.encode('UTF-8'))
+            packer.write('function')
+            packer.write(function_name&.encode('UTF-8'))
+          end
+          packer
+        end
+        private
+        def build_serializable_locations_map
+          max_depth = Datadog.configuration.appsec.stack_trace.max_depth
+          top_percent = Datadog.configuration.appsec.stack_trace.top_percentage
+          drop_from_idx = max_depth * top_percent / 100
+          drop_until_idx = @locations.size - (max_depth - drop_from_idx)
+          frame_idx = -1
+          @locations.each_with_object({}) do |location, map|
+            # we are dropping frames from library code without increasing frame index
+            next if location.path&.include?('lib/datadog')
+            frame_idx += 1
+            next if max_depth != 0 && frame_idx >= drop_from_idx && frame_idx < drop_until_idx
+            map[frame_idx] = location
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/actions_handler.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+require_relative 'actions_handler/serializable_backtrace'
+module Datadog
+  module AppSec
+    # this module encapsulates functions for handling actions that libddawf returns
+    module ActionsHandler
+      module_function
+      def handle(actions_hash)
+        # handle actions according their precedence
+        # stack and schema generation should be done before we throw an interrupt signal
+        generate_stack(actions_hash['generate_stack']) if actions_hash.key?('generate_stack')
+        generate_schema(actions_hash['generate_schema']) if actions_hash.key?('generate_schema')
+        interrupt_execution(actions_hash['redirect_request']) if actions_hash.key?('redirect_request')
+        interrupt_execution(actions_hash['block_request']) if actions_hash.key?('block_request')
+      end
+      def interrupt_execution(action_params)
+        throw(Datadog::AppSec::Ext::INTERRUPT, action_params)
+      end
+      def generate_stack(action_params)
+        return unless Datadog.configuration.appsec.stack_trace.enabled
+        stack_id = action_params['stack_id']
+        return unless stack_id
+        active_span = AppSec.active_context&.span
+        return unless active_span
+        event_category = Ext::EXPLOIT_PREVENTION_EVENT_CATEGORY
+        tag_key = Ext::TAG_METASTRUCT_STACK_TRACE
+        existing_stack_data = active_span.get_metastruct_tag(tag_key).dup || {event_category => []}
+        max_stack_traces = Datadog.configuration.appsec.stack_trace.max_stack_traces
+        return if max_stack_traces != 0 && existing_stack_data[event_category].count >= max_stack_traces
+        backtrace = SerializableBacktrace.new(locations: Array(caller_locations), stack_id: stack_id)
+        existing_stack_data[event_category] << backtrace
+        active_span.set_metastruct_tag(tag_key, existing_stack_data)
+      end
+      def generate_schema(_action_params)
+      end
+    end
+  end
+end

data/lib/datadog/appsec/anonymizer.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require 'digest/sha2'
+module Datadog
+  module AppSec
+    # Manual anonymization of the potential PII data
+    module Anonymizer
+      def self.anonymize(payload)
+        raise ArgumentError, "expected String, received #{payload.class}" unless payload.is_a?(String)
+        "anon_#{Digest::SHA256.hexdigest(payload)[0, 32]}"
+      end
+    end
+  end
+end

data/lib/datadog/appsec/api_security/lru_cache.rb ADDED Viewed

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+require 'forwardable'
+module Datadog
+  module AppSec
+    module APISecurity
+      # An LRU (Least Recently Used) cache implementation that relies on the
+      # Ruby 1.9+ `Hash` implementation that guarantees insertion order.
+      #
+      # WARNING: This implementation is NOT thread-safe and should be used
+      #          in a single-threaded context.
+      class LRUCache
+        extend Forwardable
+        def_delegators :@store, :clear, :empty?
+        def initialize(max_size)
+          raise ArgumentError, 'max_size must be an Integer' unless max_size.is_a?(Integer)
+          raise ArgumentError, 'max_size must be greater than 0' if max_size <= 0
+          @max_size = max_size
+          @store = {}
+        end
+        # NOTE: Accessing a key moves it to the end of the list.
+        def [](key)
+          if (entry = @store.delete(key))
+            @store[key] = entry
+          end
+        end
+        def store(key, value)
+          return @store[key] = value if @store.delete(key)
+          # NOTE: evict the oldest entry if store reached the maximum allowed size
+          @store.shift if @store.size >= @max_size
+          @store[key] = value
+        end
+        # NOTE: If the key exists, it's moved to the end of the list and
+        #       if does not, the given block will be executed and the result
+        #       will be stored (which will add it to the end of the list).
+        def fetch_or_store(key)
+          if (entry = @store.delete(key))
+            return @store[key] = entry
+          end
+          # NOTE: evict the oldest entry if store reached the maximum allowed size
+          @store.shift if @store.size >= @max_size
+          @store[key] = yield
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/api_security/route_extractor.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module APISecurity
+      # This is a helper module to extract the route pattern from the Rack::Request.
+      module RouteExtractor
+        SINATRA_ROUTE_KEY = 'sinatra.route'
+        SINATRA_ROUTE_SEPARATOR = ' '
+        GRAPE_ROUTE_KEY = 'grape.routing_args'
+        RAILS_ROUTE_KEY = 'action_dispatch.route_uri_pattern'
+        RAILS_ROUTES_KEY = 'action_dispatch.routes'
+        RAILS_FORMAT_SUFFIX = '(.:format)'
+        # HACK: We rely on the fact that each contrib will modify `request.env`
+        #       and store information sufficient to compute the canonical
+        #       route (ex: `/users/:id`).
+        #
+        #       When contribs like Sinatra or Grape are used, they could be mounted
+        #       into the Rails app, hence you can see the use of the `script_name`
+        #       that will contain the path prefix of the mounted app.
+        #
+        #       Rack
+        #         does not support named arguments, so we have to use `path`
+        #       Sinatra
+        #         uses `sinatra.route` with a string like "GET /users/:id"
+        #       Grape
+        #         uses `grape.routing_args` with a hash with a `:route_info` key
+        #         that contains a `Grape::Router::Route` object that contains
+        #         `Grape::Router::Pattern` object with an `origin` method
+        #       Rails < 7.1 (slow path)
+        #         uses `action_dispatch.routes` to store `ActionDispatch::Routing::RouteSet`
+        #         which can recognize requests
+        #       Rails > 7.1 (fast path)
+        #         uses `action_dispatch.route_uri_pattern` with a string like
+        #         "/users/:id(.:format)"
+        #
+        # WARNING: This method works only *after* the request has been routed.
+        def self.route_pattern(request)
+          if request.env.key?(GRAPE_ROUTE_KEY)
+            pattern = request.env[GRAPE_ROUTE_KEY][:route_info]&.pattern&.origin
+            "#{request.script_name}#{pattern}"
+          elsif request.env.key?(SINATRA_ROUTE_KEY)
+            pattern = request.env[SINATRA_ROUTE_KEY].split(SINATRA_ROUTE_SEPARATOR, 2)[1]
+            "#{request.script_name}#{pattern}"
+          elsif request.env.key?(RAILS_ROUTE_KEY)
+            request.env[RAILS_ROUTE_KEY].delete_suffix(RAILS_FORMAT_SUFFIX)
+          elsif request.env.key?(RAILS_ROUTES_KEY)
+            pattern = request.env[RAILS_ROUTES_KEY].router
+              .recognize(request) { |route, _| break route.path.spec.to_s }
+            # NOTE: If rails is unable to recognize request it returns empty Array
+            pattern = nil if pattern&.empty?
+            # NOTE: If rails can't recognize the request, we are going to fallback
+            #       to generic request path
+            (pattern || request.path).delete_suffix(RAILS_FORMAT_SUFFIX)
+          else
+            request.path
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/api_security/sampler.rb ADDED Viewed

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+require 'zlib'
+require_relative 'lru_cache'
+require_relative 'route_extractor'
+require_relative '../../core/utils/time'
+module Datadog
+  module AppSec
+    module APISecurity
+      # A thread-local sampler for API security based on defined delay between
+      # samples with caching capability.
+      class Sampler
+        THREAD_KEY = :datadog_appsec_api_security_sampler
+        MAX_CACHE_SIZE = 4096
+        class << self
+          def thread_local
+            sampler = Thread.current.thread_variable_get(THREAD_KEY)
+            return sampler unless sampler.nil?
+            Thread.current.thread_variable_set(THREAD_KEY, new(sample_delay))
+          end
+          # @api private
+          def reset!
+            Thread.current.thread_variable_set(THREAD_KEY, nil)
+          end
+          private
+          def sample_delay
+            Datadog.configuration.appsec.api_security.sample_delay
+          end
+        end
+        def initialize(sample_delay)
+          raise ArgumentError, 'sample_delay must be an Integer' unless sample_delay.is_a?(Integer)
+          @cache = LRUCache.new(MAX_CACHE_SIZE)
+          @sample_delay_seconds = sample_delay
+        end
+        def sample?(request, response)
+          return true if @sample_delay_seconds.zero?
+          key = Zlib.crc32("#{request.request_method}#{RouteExtractor.route_pattern(request)}#{response.status}")
+          current_timestamp = Core::Utils::Time.now.to_i
+          cached_timestamp = @cache[key] || 0
+          return false if current_timestamp - cached_timestamp <= @sample_delay_seconds
+          @cache.store(key, current_timestamp)
+          true
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/api_security.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+require_relative 'api_security/sampler'
+module Datadog
+  module AppSec
+    # A namespace for API Security features.
+    module APISecurity
+      def self.enabled?
+        Datadog.configuration.appsec.api_security.enabled?
+      end
+      def self.sample?(request, response)
+        Sampler.thread_local.sample?(request, response)
+      end
+      def self.sample_trace?(trace)
+        # NOTE: Reads as "if trace is priority sampled or if in standalone mode"
+        trace&.priority_sampled? || !Datadog.configuration.apm.tracing.enabled
+      end
+    end
+  end
+end

data/lib/datadog/appsec/assets/waf_rules/README.md CHANGED Viewed

@@ -1,7 +1,52 @@
-Vendored WAF rules originate from https://github.com/datadog/appsec-event-rules
+AppSec WAF rules based on [appsec-event-rules](https://github.com/datadog/appsec-event-rules) builds
-One should check rule compatibility with libddwaf, which is the end consumer of
-these rules.
+## How to update
-There might be rules that look to be irrelevant to Ruby as they may still help
-identify bad actors.
+> [!WARNING]
+> This process is a temporary workaround to maintain compatibility with the existing code structure and will be changed.
+1. Download `recommended.json` and `strict.json` of the desired version from [appsec-event-rules](https://github.com/datadog/appsec-event-rules) (example: [v1.13.3](https://github.com/DataDog/appsec-event-rules/tree/1.13.3/build))
+2. Run the script below inside `waf_rules` folder to extract scanners and processors into separate files
+    ```ruby
+    require 'json'
+    recommended_rules = JSON.parse(File.read(File.expand_path('recommended.json', __dir__)))
+    strict_rules = JSON.parse(File.read(File.expand_path('strict.json', __dir__)))
+    recommended_processors = recommended_rules.delete('processors')
+    strict_processors = strict_rules.delete('processors')
+    if recommended_processors.sort_by { |processor| processor['id'] } !=
+        strict_processors.sort_by { |processor| processor['id'] }
+      raise 'Processors are not the same, unable to extract them'
+    end
+    puts 'Extracting processors...'
+    File.open(File.expand_path('processors.json', __dir__), 'wb') do |file|
+      file.write(JSON.pretty_generate(recommended_processors))
+    end
+    recommended_scanners = recommended_rules.delete('scanners')
+    strict_scanners = strict_rules.delete('scanners')
+    if recommended_scanners.sort_by { |processor| processor['id'] } !=
+        strict_scanners.sort_by { |processor| processor['id'] }
+      raise 'Scanners are not the same, unable to extract them'
+    end
+    puts 'Extracting scanners...'
+    File.open(File.expand_path('scanners.json', __dir__), 'wb') do |file|
+      file.write(JSON.pretty_generate(recommended_scanners))
+    end
+    puts 'Updating rules...'
+    File.open(File.expand_path('recommended.json', __dir__), 'wb') do |file|
+      file.write(JSON.pretty_generate(recommended_rules))
+    end
+    File.open(File.expand_path('strict.json', __dir__), 'wb') do |file|
+      file.write(JSON.pretty_generate(strict_rules))
+    end
+    ```