RubyGems - datadog - Versions diffs - 2.9.0 → 2.11.0 - Mend

datadog 2.9.0 → 2.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

data/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb DELETED Viewed

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Contrib
-      module GraphQL
-        module Reactive
-          # Dispatch data from a GraphQL resolve query to the WAF context
-          module Multiplex
-            ADDRESSES = [
-              'graphql.server.all_resolvers'
-            ].freeze
-            private_constant :ADDRESSES
-            def self.publish(engine, gateway_multiplex)
-              catch(:block) do
-                engine.publish('graphql.server.all_resolvers', gateway_multiplex.arguments)
-                nil
-              end
-            end
-            def self.subscribe(engine, context)
-              engine.subscribe(*ADDRESSES) do |*values|
-                Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
-                arguments = values[0]
-                persistent_data = {
-                  'graphql.server.all_resolvers' => arguments
-                }
-                waf_timeout = Datadog.configuration.appsec.waf_timeout
-                result = context.run_waf(persistent_data, {}, waf_timeout)
-                next if result.status != :match
-                yield result
-                throw(:block, true) unless result.actions.empty?
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/patcher.rb DELETED Viewed

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Contrib
-      # Common patcher code for AppSec integrations
-      # TODO: empty implementation, check with tracer shareable code
-      module Patcher
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/rack/reactive/request.rb DELETED Viewed

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Contrib
-      module Rack
-        module Reactive
-          # Dispatch data from a Rack request to the WAF context
-          module Request
-            ADDRESSES = [
-              'request.headers',
-              'request.uri.raw',
-              'request.query',
-              'request.cookies',
-              'request.client_ip',
-              'server.request.method'
-            ].freeze
-            private_constant :ADDRESSES
-            def self.publish(engine, gateway_request)
-              catch(:block) do
-                engine.publish('request.query', gateway_request.query)
-                engine.publish('request.headers', gateway_request.headers)
-                engine.publish('request.uri.raw', gateway_request.fullpath)
-                engine.publish('request.cookies', gateway_request.cookies)
-                engine.publish('request.client_ip', gateway_request.client_ip)
-                engine.publish('server.request.method', gateway_request.method)
-                nil
-              end
-            end
-            def self.subscribe(engine, context)
-              engine.subscribe(*ADDRESSES) do |*values|
-                Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
-                headers = values[0]
-                headers_no_cookies = headers.dup.tap { |h| h.delete('cookie') }
-                uri_raw = values[1]
-                query = values[2]
-                cookies = values[3]
-                client_ip = values[4]
-                request_method = values[5]
-                persistent_data = {
-                  'server.request.cookies' => cookies,
-                  'server.request.query' => query,
-                  'server.request.uri.raw' => uri_raw,
-                  'server.request.headers' => headers,
-                  'server.request.headers.no_cookies' => headers_no_cookies,
-                  'http.client_ip' => client_ip,
-                  'server.request.method' => request_method,
-                }
-                waf_timeout = Datadog.configuration.appsec.waf_timeout
-                result = context.run_waf(persistent_data, {}, waf_timeout)
-                next if result.status != :match
-                yield result
-                throw(:block, true) unless result.actions.empty?
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb DELETED Viewed

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Contrib
-      module Rack
-        module Reactive
-          # Dispatch data from a Rack request to the WAF context
-          module RequestBody
-            ADDRESSES = [
-              'request.body',
-            ].freeze
-            private_constant :ADDRESSES
-            def self.publish(engine, gateway_request)
-              catch(:block) do
-                # params have been parsed from the request body
-                engine.publish('request.body', gateway_request.form_hash)
-                nil
-              end
-            end
-            def self.subscribe(engine, context)
-              engine.subscribe(*ADDRESSES) do |*values|
-                Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
-                body = values[0]
-                persistent_data = {
-                  'server.request.body' => body,
-                }
-                waf_timeout = Datadog.configuration.appsec.waf_timeout
-                result = context.run_waf(persistent_data, {}, waf_timeout)
-                next if result.status != :match
-                yield result
-                throw(:block, true) unless result.actions.empty?
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/rack/reactive/response.rb DELETED Viewed

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Contrib
-      module Rack
-        module Reactive
-          # Dispatch data from a Rack response to the WAF context
-          module Response
-            ADDRESSES = [
-              'response.status',
-              'response.headers',
-            ].freeze
-            private_constant :ADDRESSES
-            def self.publish(engine, gateway_response)
-              catch(:block) do
-                engine.publish('response.status', gateway_response.status)
-                engine.publish('response.headers', gateway_response.headers)
-                nil
-              end
-            end
-            def self.subscribe(engine, context)
-              engine.subscribe(*ADDRESSES) do |*values|
-                Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
-                response_status = values[0]
-                response_headers = values[1]
-                response_headers_no_cookies = response_headers.dup.tap { |h| h.delete('set-cookie') }
-                persistent_data = {
-                  'server.response.status' => response_status.to_s,
-                  'server.response.headers' => response_headers,
-                  'server.response.headers.no_cookies' => response_headers_no_cookies,
-                }
-                waf_timeout = Datadog.configuration.appsec.waf_timeout
-                result = context.run_waf(persistent_data, {}, waf_timeout)
-                next if result.status != :match
-                yield result
-                throw(:block, true) unless result.actions.empty?
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/rails/reactive/action.rb DELETED Viewed

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-require_relative '../request'
-module Datadog
-  module AppSec
-    module Contrib
-      module Rails
-        module Reactive
-          # Dispatch data from a Rails request to the WAF context
-          module Action
-            ADDRESSES = [
-              'rails.request.body',
-              'rails.request.route_params',
-            ].freeze
-            private_constant :ADDRESSES
-            def self.publish(engine, gateway_request)
-              catch(:block) do
-                # params have been parsed from the request body
-                engine.publish('rails.request.body', gateway_request.parsed_body)
-                engine.publish('rails.request.route_params', gateway_request.route_params)
-                nil
-              end
-            end
-            def self.subscribe(engine, context)
-              engine.subscribe(*ADDRESSES) do |*values|
-                Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
-                body = values[0]
-                path_params = values[1]
-                persistent_data = {
-                  'server.request.body' => body,
-                  'server.request.path_params' => path_params,
-                }
-                waf_timeout = Datadog.configuration.appsec.waf_timeout
-                result = context.run_waf(persistent_data, {}, waf_timeout)
-                next if result.status != :match
-                yield result
-                throw(:block, true) unless result.actions.empty?
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/sinatra/ext.rb DELETED Viewed

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Contrib
-      module Sinatra
-        # Sinatra integration constants
-        module Ext
-          ROUTE_INTERRUPT = :datadog_appsec_contrib_sinatra_route_interrupt
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb DELETED Viewed

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Contrib
-      module Sinatra
-        module Reactive
-          # Dispatch data from a Sinatra request to the WAF context
-          module Routed
-            ADDRESSES = [
-              'sinatra.request.route_params',
-            ].freeze
-            private_constant :ADDRESSES
-            def self.publish(engine, data)
-              _request, route_params = data
-              catch(:block) do
-                engine.publish('sinatra.request.route_params', route_params.params)
-                nil
-              end
-            end
-            def self.subscribe(engine, context)
-              engine.subscribe(*ADDRESSES) do |*values|
-                Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
-                path_params = values[0]
-                persistent_data = {
-                  'server.request.path_params' => path_params,
-                }
-                waf_timeout = Datadog.configuration.appsec.waf_timeout
-                result = context.run_waf(persistent_data, {}, waf_timeout)
-                next if result.status != :match
-                yield result
-                throw(:block, true) unless result.actions.empty?
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/monitor/reactive/set_user.rb DELETED Viewed

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Monitor
-      module Reactive
-        # Dispatch data from Datadog::Kit::Identity.set_user to the WAF context
-        module SetUser
-          ADDRESSES = [
-            'usr.id',
-          ].freeze
-          private_constant :ADDRESSES
-          def self.publish(engine, user)
-            catch(:block) do
-              engine.publish('usr.id', user.id)
-              nil
-            end
-          end
-          def self.subscribe(engine, context)
-            engine.subscribe(*ADDRESSES) do |*values|
-              Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
-              user_id = values[0]
-              persistent_data = {
-                'usr.id' => user_id,
-              }
-              waf_timeout = Datadog.configuration.appsec.waf_timeout
-              result = context.run_waf(persistent_data, {}, waf_timeout)
-              next if result.status != :match
-              yield result
-              throw(:block, true) unless result.actions.empty?
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/processor/context.rb DELETED Viewed

@@ -1,107 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    class Processor
-      # Context manages a sequence of runs
-      class Context
-        LIBDDWAF_SUCCESSFUL_EXECUTION_CODES = [:ok, :match].freeze
-        attr_reader :time_ns, :time_ext_ns, :timeouts, :events
-        def initialize(handle, telemetry:)
-          @context = WAF::Context.new(handle)
-          @telemetry = telemetry
-          @time_ns = 0.0
-          @time_ext_ns = 0.0
-          @timeouts = 0
-          @events = []
-          @run_mutex = Mutex.new
-          @libddwaf_debug_tag = "libddwaf:#{WAF::VERSION::STRING} method:ddwaf_run"
-        end
-        def run(persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
-          @run_mutex.lock
-          start_ns = Core::Utils::Time.get_time(:nanosecond)
-          persistent_data.reject! do |_, v|
-            next false if v.is_a?(TrueClass) || v.is_a?(FalseClass)
-            v.nil? ? true : v.empty?
-          end
-          ephemeral_data.reject! do |_, v|
-            next false if v.is_a?(TrueClass) || v.is_a?(FalseClass)
-            v.nil? ? true : v.empty?
-          end
-          _code, result = try_run(persistent_data, ephemeral_data, timeout)
-          stop_ns = Core::Utils::Time.get_time(:nanosecond)
-          # these updates are not thread safe and should be protected
-          @time_ns += result.total_runtime
-          @time_ext_ns += (stop_ns - start_ns)
-          @timeouts += 1 if result.timeout
-          report_execution(result)
-          result
-        ensure
-          @run_mutex.unlock
-        end
-        def extract_schema
-          return unless extract_schema?
-          input = {
-            'waf.context.processor' => {
-              'extract-schema' => true
-            }
-          }
-          _code, result = try_run(input, {}, WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
-          report_execution(result)
-          result
-        end
-        def finalize
-          @context.finalize
-        end
-        private
-        def try_run(persistent_data, ephemeral_data, timeout)
-          @context.run(persistent_data, ephemeral_data, timeout)
-        rescue WAF::LibDDWAF::Error => e
-          Datadog.logger.debug { "#{@libddwaf_debug_tag} execution error: #{e} backtrace: #{e.backtrace&.first(3)}" }
-          @telemetry.report(e, description: 'libddwaf-rb internal low-level error')
-          [:err_internal, WAF::Result.new(:err_internal, [], 0.0, false, [], [])]
-        end
-        def report_execution(result)
-          Datadog.logger.debug { "#{@libddwaf_debug_tag} execution timed out: #{result.inspect}" } if result.timeout
-          if LIBDDWAF_SUCCESSFUL_EXECUTION_CODES.include?(result.status)
-            Datadog.logger.debug { "#{@libddwaf_debug_tag} execution result: #{result.inspect}" }
-          else
-            message = "#{@libddwaf_debug_tag} execution error: #{result.status.inspect}"
-            Datadog.logger.debug { message }
-            @telemetry.error(message)
-          end
-        end
-        def extract_schema?
-          Datadog.configuration.appsec.api_security.enabled &&
-            Datadog.configuration.appsec.api_security.sample_rate.sample?
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/reactive/address_hash.rb DELETED Viewed

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Reactive
-      # AddressHash for Reactive Engine
-      class AddressHash < Hash
-        def self.new(*arguments, &block)
-          super { |h, k| h[k] = [] }
-        end
-        def addresses
-          keys.flatten
-        end
-        def with(address)
-          keys.select { |k| k.include?(address) }
-        end
-      end
-    end
-  end
-end

data/lib/datadog/appsec/reactive/engine.rb DELETED Viewed

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-require_relative 'address_hash'
-require_relative 'subscriber'
-module Datadog
-  module AppSec
-    module Reactive
-      # Reactive Engine
-      class Engine
-        def initialize
-          @data = {}
-          @subscribers = AddressHash.new
-        end
-        def subscribe(*addresses, &block)
-          @subscribers[addresses.freeze] << Subscriber.new(&block)
-        end
-        def publish(address, value)
-          # check if someone has address subscribed
-          if @subscribers.addresses.include?(address)
-            # someone will be interested, set value
-            @data[address] = value
-            # find candidates i.e address groups that contain the just posted address
-            @subscribers.with(address).each do |addresses|
-              # find targets to the address group containing the posted address
-              subscribers = @subscribers[addresses]
-              # is all data for the targets available?
-              if (addresses - @data.keys).empty?
-                hash = addresses.each_with_object({}) { |a, h| h[a] = @data[a] }
-                subscribers.each { |s| s.call(*hash.values) }
-              end
-            end
-          end
-        end
-        private
-        attr_reader :subscribers, :data
-      end
-    end
-  end
-end

data/lib/datadog/appsec/reactive/subscriber.rb DELETED Viewed

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module AppSec
-    module Reactive
-      # Reactive Engine subscriber
-      class Subscriber
-        def initialize(&block)
-          @block = block
-          freeze
-        end
-        def call(*args)
-          @block.call(*args)
-        end
-      end
-    end
-  end
-end

data/lib/datadog/core/remote/transport/http/api/instance.rb DELETED Viewed

@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module Core
-    module Remote
-      module Transport
-        module HTTP
-          module API
-            # An API configured with adapter and routes
-            class Instance
-              attr_reader \
-                :adapter,
-                :headers,
-                :spec
-              def initialize(spec, adapter, options = {})
-                @spec = spec
-                @adapter = adapter
-                @headers = options.fetch(:headers, {})
-              end
-              def encoder
-                spec.encoder
-              end
-              def call(env)
-                # Add headers to request env, unless empty.
-                env.headers.merge!(headers) unless headers.empty?
-                # Send request env to the adapter.
-                adapter.call(env)
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/datadog/core/remote/transport/http/api/spec.rb DELETED Viewed

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-module Datadog
-  module Core
-    module Remote
-      module Transport
-        module HTTP
-          module API
-            # Specification for an HTTP API
-            # Defines behaviors without specific configuration details.
-            class Spec
-              def initialize
-                yield(self) if block_given?
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end