RubyGems - datadog - Versions diffs - 2.12.1 → 2.12.2 - Mend

datadog 2.12.1 → 2.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -2
data/ext/datadog_profiling_native_extension/private_vm_api_access.c +8 -0
data/lib/datadog/appsec/contrib/rack/ext.rb +20 -0
data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +20 -0
data/lib/datadog/appsec/contrib/rack/request_middleware.rb +3 -0
data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
data/lib/datadog/appsec/processor/rule_merger.rb +2 -1
data/lib/datadog/appsec/remote.rb +7 -0
data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
data/lib/datadog/tracing/metadata.rb +2 -0
data/lib/datadog/tracing/span.rb +10 -1
data/lib/datadog/tracing/span_operation.rb +6 -1
data/lib/datadog/tracing/transport/serializable_trace.rb +3 -1
data/lib/datadog/version.rb +1 -1
metadata +7 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d150a054dd119a853c1f7c0653a2ea2dedb1b20ce4b538168ead98ed3abc8720
-  data.tar.gz: 69ff582e245644c0c867d48ecd20fd2b493fc97b778235d163bef193aa8ea298
+  metadata.gz: 5a27bb8e1291ee014e342297fc3d53aca8a895017281201b1b0a29cd376ba905
+  data.tar.gz: e26c326437e4edcbdfac0ad604514a48c23c31500a68dcc4affb53251aed5f8f
 SHA512:
-  metadata.gz: 8845d2c09585196054cdf50b353dbf1a226a58d468c3ed9c99b8a12bfa12e659b41c4e67abf6e20288fa740692c9bd4ea874004e523bbe29b1a30b6bc997a53b
-  data.tar.gz: c4e4b6a42acc8af8675287440b437db002201d5eb5a1371e141b6ffdef82c752f063f8c4fd679fdaa4196530612bdc066e81897a1c14c41ec62ac77e65afafe2
+  metadata.gz: e8dab2f6ed8bc48fb95a4c9c3c28fce16b8eaaceb70179ee12b9a009498dabe498d73b08a25180fdb53642fc78da4388b2c80bbf76a61afd25af53449f2e9375
+  data.tar.gz: 4489a8e084f7873e59b4d2a13d27b9a75f2b95ae0c9b5129edfdb02a58c736890bd5226df765de216010512b9fd0ffad6f82cc373ea8ee995340ef838c721d65

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,12 @@
 ## [Unreleased]
+## [2.12.2] - 2025-03-17
+### Fixed
+* AppSec: Fix custom In-App WAF blocking response that was configured in the UI is now applied correctly ([#4497][])
 ## [2.12.1] - 2025-03-05
 ### Fixed
@@ -3139,7 +3145,8 @@ Release notes: https://github.com/DataDog/dd-trace-rb/releases/tag/v0.3.1
 Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
-[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v2.12.1...master
+[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v2.12.2...master
+[2.12.2]: https://github.com/DataDog/dd-trace-rb/compare/v2.12.1...v2.12.2
 [2.12.1]: https://github.com/DataDog/dd-trace-rb/compare/v2.12.0...v2.12.1
 [2.12.0]: https://github.com/DataDog/dd-trace-rb/compare/v2.11.0...v2.12.0
 [2.11.0]: https://github.com/DataDog/dd-trace-rb/compare/v2.10.0...v2.11.0
@@ -4643,6 +4650,7 @@ Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
 [#4425]: https://github.com/DataDog/dd-trace-rb/issues/4425
 [#4426]: https://github.com/DataDog/dd-trace-rb/issues/4426
 [#4437]: https://github.com/DataDog/dd-trace-rb/issues/4437
+[#4497]: https://github.com/DataDog/dd-trace-rb/issues/4497
 [@AdrianLC]: https://github.com/AdrianLC
 [@Azure7111]: https://github.com/Azure7111
 [@BabyGroot]: https://github.com/BabyGroot
@@ -4794,4 +4802,4 @@ Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
 [@y-yagi]: https://github.com/y-yagi
 [@yujideveloper]: https://github.com/yujideveloper
 [@yukimurasawa]: https://github.com/yukimurasawa
-[@zachmccormick]: https://github.com/zachmccormick
+[@zachmccormick]: https://github.com/zachmccormick

data/ext/datadog_profiling_native_extension/private_vm_api_access.c CHANGED Viewed

@@ -312,6 +312,7 @@ VALUE thread_name_for(VALUE thread) {
 // to support our custom rb_profile_frames (see below)
 // Modifications:
 // * Support int first_lineno for Ruby 3.2.0+ (https://github.com/ruby/ruby/pull/6430)
+// * Validate iseq and pos before calling `rb_iseq_line_no` as a safety measure (see comment below for details)
 //
 // `node_id` gets used depending on Ruby VM compilation settings (USE_ISEQ_NODE_ID being defined).
 // To avoid getting false "unused argument" warnings in setups where it's not used, we need to do this weird dance
@@ -358,6 +359,13 @@ calc_pos(const rb_iseq_t *iseq, const VALUE *pc, int *lineno, int *node_id)
             __builtin_trap();
         }
 #endif
+        // In PROF-11475 we spotted a crash when calling `rb_iseq_line_no` from this method. We couldn't reproduce or
+        // figure out the root cause, but "just in case", we're validating that the iseq looks valid and that the
+        // `n` used for the position is also sane, and if they don't look good, we don't calculate the line, rather
+        // than potentially trigger any issues.
+        if (RB_UNLIKELY(!RB_TYPE_P((VALUE) iseq, T_IMEMO) || n < 0 || n > ISEQ_BODY(iseq)->iseq_size)) return 0;
         if (lineno) *lineno = rb_iseq_line_no(iseq, pos);
 #ifdef USE_ISEQ_NODE_ID
         if (node_id) *node_id = rb_iseq_node_id(iseq, pos);

data/lib/datadog/appsec/contrib/rack/ext.rb CHANGED Viewed

@@ -6,6 +6,26 @@ module Datadog
       module Rack
         # Rack integration constants
         module Ext
+          IDENTITY_COLLECTABLE_REQUEST_HEADERS = [
+            'accept-encoding',
+            'accept-language',
+            'cf-connecting-ip',
+            'cf-connecting-ipv6',
+            'content-encoding',
+            'content-language',
+            'content-length',
+            'fastly-client-ip',
+            'forwarded',
+            'forwarded-for',
+            'host',
+            'true-client-ip',
+            'via',
+            'x-client-ip',
+            'x-cluster-client-ip',
+            'x-forwarded',
+            'x-forwarded-for',
+            'x-real-ip'
+          ].freeze
         end
       end
     end

data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require_relative '../ext'
 require_relative '../../../instrumentation/gateway'
 require_relative '../../../event'
@@ -110,6 +111,25 @@ module Datadog
                   stack.call(gateway_request.request)
                 end
               end
+              # NOTE: In the current state we unable to substibe twice to the same
+              #       event within the same group. Ideally this code should live
+              #       somewhere closer to identity related monitor.
+              # WARNING: The Gateway is a subject of refactoring
+              def watch_request_finish(gateway = Instrumentation.gateway)
+                gateway.watch('rack.request.finish', :appsec) do |stack, gateway_request|
+                  context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
+                  next stack.call(gateway_request.request) if context.span.nil? || !gateway.pushed?('identity.set_user')
+                  gateway_request.headers.each do |name, value|
+                    next unless Ext::IDENTITY_COLLECTABLE_REQUEST_HEADERS.include?(name)
+                    context.span["http.request.headers.#{name}"] = value
+                  end
+                  stack.call(gateway_request.request)
+                end
+              end
             end
           end
         end

data/lib/datadog/appsec/contrib/rack/request_middleware.rb CHANGED Viewed

@@ -77,6 +77,8 @@ module Datadog
             gateway_response = nil
             interrupt_params = catch(::Datadog::AppSec::Ext::INTERRUPT) do
+              # TODO: This event should be renamed into `rack.request.start` to
+              #       reflect that it's the beginning of the request-cycle
               http_response, _gateway_request = Instrumentation.gateway.push('rack.request', gateway_request) do
                 @app.call(env)
               end
@@ -85,6 +87,7 @@ module Datadog
                 http_response[2], http_response[0], http_response[1], context: ctx
               )
+              Instrumentation.gateway.push('rack.request.finish', gateway_request)
               Instrumentation.gateway.push('rack.response', gateway_response)
               nil

data/lib/datadog/appsec/instrumentation/gateway/middleware.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Instrumentation
+      class Gateway
+        # NOTE: This class extracted as-is and will be deprecated
+        # Instrumentation gateway middleware
+        class Middleware
+          attr_reader :key, :block
+          def initialize(key, &block)
+            @key = key
+            @block = block
+          end
+          def call(stack, env)
+            @block.call(stack, env)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/instrumentation/gateway.rb CHANGED Viewed

@@ -1,35 +1,29 @@
 # frozen_string_literal: true
+require_relative 'gateway/middleware'
 module Datadog
   module AppSec
     # Instrumentation for AppSec
     module Instrumentation
       # Instrumentation gateway implementation
       class Gateway
-        # Instrumentation gateway middleware
-        class Middleware
-          attr_reader :key, :block
-          def initialize(key, &block)
-            @key = key
-            @block = block
-          end
-          def call(stack, env)
-            @block.call(stack, env)
-          end
-        end
-        private_constant :Middleware
         def initialize
           @middlewares = Hash.new { |h, k| h[k] = [] }
+          @pushed_events = {}
         end
+        # NOTE: Be careful with pushed names because every pushed event name
+        #       is recorded in order to provide an ability to any subscriber
+        #       to check wether an arbitrary event had happened.
+        #
+        # WARNING: If we start pushing generated names we should consider
+        #          limiting the storage of pushed names.
         def push(name, env, &block)
-          block ||= -> {}
+          @pushed_events[name] = true
-          middlewares_for_name = middlewares[name]
+          block ||= -> {}
+          middlewares_for_name = @middlewares[name]
           return [block.call, nil] if middlewares_for_name.empty?
@@ -48,14 +42,15 @@ module Datadog
         end
         def watch(name, key, &block)
-          @middlewares[name] << Middleware.new(key, &block) unless middlewares[name].any? { |m| m.key == key }
+          @middlewares[name] << Middleware.new(key, &block) unless @middlewares[name].any? { |m| m.key == key }
         end
-        private
-        attr_reader :middlewares
+        def pushed?(name)
+          @pushed_events.key?(name)
+        end
       end
+      # NOTE: This left as-is and will be depricated soon.
       def self.gateway
         @gateway ||= Gateway.new # TODO: not thread safe
       end

data/lib/datadog/appsec/processor/rule_merger.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module Datadog
           # TODO: `processors` and `scanners` are not provided by the caller, consider removing them
           def merge(
             telemetry:,
-            rules:, data: [], overrides: [], exclusions: [], custom_rules: [],
+            rules:, actions: [], data: [], overrides: [], exclusions: [], custom_rules: [],
             processors: nil, scanners: nil
           )
             processors ||= begin
@@ -54,6 +54,7 @@ module Datadog
             combined_exclusions = combine_exclusions(exclusions) if exclusions.any?
             combined_custom_rules = combine_custom_rules(custom_rules) if custom_rules.any?
+            combined_rules['actions'] = actions if actions.any?
             combined_rules['rules_data'] = combined_data if combined_data
             combined_rules['rules_override'] = combined_overrides if combined_overrides
             combined_rules['exclusions'] = combined_exclusions if combined_exclusions

data/lib/datadog/appsec/remote.rb CHANGED Viewed

@@ -53,10 +53,12 @@ module Datadog
         end
         # rubocop:disable Metrics/MethodLength
+        # rubocop:disable Metrics/CyclomaticComplexity
         def receivers(telemetry)
           return [] unless remote_features_enabled?
           matcher = Core::Remote::Dispatcher::Matcher::Product.new(ASM_PRODUCTS)
+          # rubocop:disable Metrics/BlockLength
           receiver = Core::Remote::Dispatcher::Receiver.new(matcher) do |repository, changes|
             changes.each do |change|
               Datadog.logger.debug { "remote config change: '#{change.path}'" }
@@ -67,6 +69,7 @@ module Datadog
             data = []
             overrides = []
             exclusions = []
+            actions = []
             repository.contents.each do |content|
               parsed_content = parse_content(content)
@@ -80,6 +83,7 @@ module Datadog
                 overrides << parsed_content['rules_override'] if parsed_content['rules_override']
                 exclusions << parsed_content['exclusions'] if parsed_content['exclusions']
                 custom_rules << parsed_content['custom_rules'] if parsed_content['custom_rules']
+                actions.concat(parsed_content['actions']) if parsed_content['actions']
               end
             end
@@ -97,6 +101,7 @@ module Datadog
             ruleset = AppSec::Processor::RuleMerger.merge(
               rules: rules,
               data: data,
+              actions: actions,
               overrides: overrides,
               exclusions: exclusions,
               custom_rules: custom_rules,
@@ -109,10 +114,12 @@ module Datadog
               content.applied if ASM_PRODUCTS.include?(content.path.product)
             end
           end
+          # rubocop:enable Metrics/BlockLength
           [receiver]
         end
         # rubocop:enable Metrics/MethodLength
+        # rubocop:enable Metrics/CyclomaticComplexity
         private

data/lib/datadog/tracing/metadata/metastruct.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+require 'forwardable'
+module Datadog
+  module Tracing
+    module Metadata
+      # This class is a data structure that is used to store
+      # complex metadata, such as an array of objects.
+      #
+      # It is serialized to MessagePack format when sent to the agent.
+      class Metastruct
+        extend Forwardable
+        def_delegators :@metastruct, :[], :[]=, :to_h
+        def initialize
+          @metastruct = {}
+        end
+        def to_msgpack(packer = nil)
+          # JRuby doesn't pass the packer
+          packer ||= MessagePack::Packer.new
+          packer.write(@metastruct.transform_values(&:to_msgpack))
+        end
+        def pretty_print(q)
+          q.seplist @metastruct.each do |key, value|
+            q.text "#{key} => #{value}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/tracing/metadata/metastruct_tagging.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+require_relative 'metastruct'
+module Datadog
+  module Tracing
+    module Metadata
+      # Adds data storage for the `meta_struct` field.
+      #
+      # This field is used to send more complex data like an array of objects
+      # in MessagePack format to the agent, and has no size limitations.
+      #
+      # The agent fully supports meta_struct from version v7.35.0 (April 2022).
+      #
+      # On versions older than v7.35.0, sending traces containing meta_struct
+      # has no unexpected side-effects; traces are sent to the backend as expected,
+      # while the meta_struct field is stripped.
+      module MetastructTagging
+        # Set the given key / value tag pair on the metastruct.
+        #
+        # A valid example is:
+        #
+        #   span.set_metastruct_tag('_dd.stack', [])
+        def set_metastruct_tag(key, value)
+          metastruct[key] = value
+        end
+        # Return the metastruct tag value for the given key,
+        # returns nil if the key doesn't exist.
+        def get_metastruct_tag(key)
+          metastruct[key]
+        end
+        private
+        def metastruct
+          @metastruct ||= Metastruct.new
+        end
+      end
+    end
+  end
+end

data/lib/datadog/tracing/metadata.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 require_relative 'metadata/analytics'
 require_relative 'metadata/tagging'
+require_relative 'metadata/metastruct_tagging'
 require_relative 'metadata/errors'
 module Datadog
@@ -10,6 +11,7 @@ module Datadog
     module Metadata
       def self.included(base)
         base.include(Metadata::Tagging)
+        base.include(Metadata::MetastructTagging)
         base.include(Metadata::Errors)
         # Additional extensions

data/lib/datadog/tracing/span.rb CHANGED Viewed

@@ -33,6 +33,9 @@ module Datadog
         :status,
         :trace_id
+      attr_reader \
+        :metastruct
       attr_writer \
         :duration
@@ -54,6 +57,7 @@ module Datadog
         id: nil,
         meta: nil,
         metrics: nil,
+        metastruct: nil,
         parent_id: 0,
         resource: name,
         service: nil,
@@ -76,6 +80,7 @@ module Datadog
         @meta = meta || {}
         @metrics = metrics || {}
+        @metastruct = metastruct || {}
         @status = status || 0
         # start_time and end_time track wall clock. In Ruby, wall clock
@@ -144,6 +149,7 @@ module Datadog
           error: @status,
           meta: @meta,
           metrics: @metrics,
+          meta_struct: @metastruct.to_h,
           name: @name,
           parent_id: @parent_id,
           resource: @resource,
@@ -185,12 +191,15 @@ module Datadog
               q.text "#{key} => #{value}"
             end
           end
-          q.group(2, 'Metrics: [', ']') do
+          q.group(2, 'Metrics: [', "]\n") do
             q.breakable
             q.seplist @metrics.each do |key, value|
               q.text "#{key} => #{value}"
             end
           end
+          q.group(2, 'Metastruct: [', ']') do
+            metastruct.pretty_print(q)
+          end
         end
       end

data/lib/datadog/tracing/span_operation.rb CHANGED Viewed

@@ -289,6 +289,7 @@ module Datadog
           id: @id,
           meta: meta,
           metrics: metrics,
+          metastruct: metastruct,
           name: @name,
           parent_id: @parent_id,
           resource: @resource,
@@ -328,12 +329,15 @@ module Datadog
               q.text "#{key} => #{value}"
             end
           end
-          q.group(2, 'Metrics: [', ']') do
+          q.group(2, 'Metrics: [', "]\n") do
             q.breakable
             q.seplist metrics.each do |key, value|
               q.text "#{key} => #{value}"
             end
           end
+          q.group(2, 'Metastruct: [', ']') do
+            metastruct.pretty_print(q)
+          end
         end
       end
@@ -456,6 +460,7 @@ module Datadog
           id: @id,
           meta: Core::Utils::SafeDup.frozen_or_dup(meta),
           metrics: Core::Utils::SafeDup.frozen_or_dup(metrics),
+          metastruct: Core::Utils::SafeDup.frozen_or_dup(metastruct),
           parent_id: @parent_id,
           resource: @resource,
           service: @service,

data/lib/datadog/tracing/transport/serializable_trace.rb CHANGED Viewed

@@ -69,7 +69,7 @@ module Datadog
         def to_msgpack(packer = nil)
           packer ||= MessagePack::Packer.new
-          number_of_elements_to_write = 11
+          number_of_elements_to_write = 12
           number_of_elements_to_write += 1 if span.events.any? && @native_events_supported
@@ -117,6 +117,8 @@ module Datadog
           packer.write(span.meta)
           packer.write('metrics')
           packer.write(span.metrics)
+          packer.write('meta_struct')
+          packer.write(span.metastruct)
           packer.write('span_links')
           packer.write(span.links.map(&:to_hash))
           packer.write('error')

data/lib/datadog/version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Datadog
   module VERSION
     MAJOR = 2
     MINOR = 12
-    PATCH = 1
+    PATCH = 2
     PRE = nil
     BUILD = nil
     # PRE and BUILD above are modified for dev gems during gem build GHA workflow

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: datadog
 version: !ruby/object:Gem::Version
-  version: 2.12.1
+  version: 2.12.2
 platform: ruby
 authors:
 - Datadog, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-06 00:00:00.000000000 Z
+date: 2025-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: msgpack
@@ -226,6 +226,7 @@ files:
 - lib/datadog/appsec/instrumentation.rb
 - lib/datadog/appsec/instrumentation/gateway.rb
 - lib/datadog/appsec/instrumentation/gateway/argument.rb
+- lib/datadog/appsec/instrumentation/gateway/middleware.rb
 - lib/datadog/appsec/metrics.rb
 - lib/datadog/appsec/metrics/collector.rb
 - lib/datadog/appsec/metrics/exporter.rb
@@ -876,6 +877,8 @@ files:
 - lib/datadog/tracing/metadata/analytics.rb
 - lib/datadog/tracing/metadata/errors.rb
 - lib/datadog/tracing/metadata/ext.rb
+- lib/datadog/tracing/metadata/metastruct.rb
+- lib/datadog/tracing/metadata/metastruct_tagging.rb
 - lib/datadog/tracing/metadata/tagging.rb
 - lib/datadog/tracing/pipeline.rb
 - lib/datadog/tracing/pipeline/span_filter.rb
@@ -930,8 +933,8 @@ licenses:
 - Apache-2.0
 metadata:
   allowed_push_host: https://rubygems.org
-  changelog_uri: https://github.com/DataDog/dd-trace-rb/blob/v2.12.1/CHANGELOG.md
-  source_code_uri: https://github.com/DataDog/dd-trace-rb/tree/v2.12.1
+  changelog_uri: https://github.com/DataDog/dd-trace-rb/blob/v2.12.2/CHANGELOG.md
+  source_code_uri: https://github.com/DataDog/dd-trace-rb/tree/v2.12.2
 post_install_message:
 rdoc_options: []
 require_paths: