ddtrace 1.11.0 → 1.11.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bf1177aae94a3724758e48ce461638de0a4b75956c8c1318251f2b568de28c5d
-  data.tar.gz: f42454cd32ff7eaf91c7beda1e6ff8a99726efddc8e01fdb4797b4f115c29df4
+  metadata.gz: fab36ba8f93f2c9b067c2fcb4916d6aff5ef906d6608671f035490f3b287c6c9
+  data.tar.gz: 0f62cd63c95aa669f8981cb79c56e49228351a01920c142a36170a9443b60400
 SHA512:
-  metadata.gz: 5d5787eb9f073043151922af478a75affcfe8f2a9723fbe6c8e0561be6c7f95c700c91e1f4ca10401e018f1587f0289b1720d5c38e2cccdb80f7fcffd7eba0ba
-  data.tar.gz: 5f9d0adcfc38de9d60c51a46360ce60351228db21cabd07dc176a99f4bf77f80b0cc8f12dbe844ea3ae88f2384174158415a28de3e6adc1b6b54e56be1186665
+  metadata.gz: 6a747def8ca5cef1d31d72fff939567669c72db53b8c30a3b7cd14df8b52da21a4f5d18efbeba1a22686196923ed49195194b7a9136840428d73f4f8e985da67
+  data.tar.gz: 72f36c83fac54b4d503d38f40759a89d400c5d70b24fbcb7ebc8a291d603c0bab07f28ca58082b732afb66960fe9d6e7ab7148147f0e1b727bbaeb4f08a885a6

data/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 ## [Unreleased]
 
+## [1.11.1] - 2023-05-03
+
+### Fixed
+
+* Appsec: Remove misreported `ASM_CUSTOM_RULES` capability ([#2829][])
+* Appsec: Fix block response content negotiation ([#2824][])
+* Appsec: Fix incorrect remote configuration payload key handling  ([#2822][])
+
 ## [1.11.0] - 2023-04-27
 
 ### Highlights
@@ -2402,7 +2410,8 @@ Release notes: https://github.com/DataDog/dd-trace-rb/releases/tag/v0.3.1
 
 Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
 
-[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v1.11.0...master
+[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v1.11.1...master
+[1.11.1]: https://github.com/DataDog/dd-trace-rb/compare/v1.10.1...v1.11.1
 [1.11.0]: https://github.com/DataDog/dd-trace-rb/compare/v1.10.1...v1.11.0
 [1.11.0.beta1]: https://github.com/DataDog/dd-trace-rb/compare/v1.10.1...v1.11.0.beta1
 [1.10.1]: https://github.com/DataDog/dd-trace-rb/compare/v1.10.0...v1.10.1
@@ -3457,6 +3466,9 @@ Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
 [#2805]: https://github.com/DataDog/dd-trace-rb/issues/2805
 [#2806]: https://github.com/DataDog/dd-trace-rb/issues/2806
 [#2810]: https://github.com/DataDog/dd-trace-rb/issues/2810
+[#2822]: https://github.com/DataDog/dd-trace-rb/issues/2822
+[#2824]: https://github.com/DataDog/dd-trace-rb/issues/2824
+[#2829]: https://github.com/DataDog/dd-trace-rb/issues/2829
 [@AdrianLC]: https://github.com/AdrianLC
 [@Azure7111]: https://github.com/Azure7111
 [@BabyGroot]: https://github.com/BabyGroot

data/lib/datadog/appsec/assets/blocked.html

@@ -1,4 +1,4 @@
-<!-- Sorry, you’ve been blocked -->
+<!-- Sorry, you've been blocked -->
 <!DOCTYPE html>
 <html lang="en">
 

data/lib/datadog/appsec/processor/rule_loader.rb

@@ -41,10 +41,10 @@ module Datadog
 
           def load_data(ip_denylist: [], user_id_denylist: [])
             data = []
-            data << { 'rules_data' => [denylist_data('blocked_ips', ip_denylist)] } if ip_denylist.any?
-            data << { 'rules_data' => [denylist_data('blocked_users', user_id_denylist)] } if user_id_denylist.any?
+            data << [denylist_data('blocked_ips', ip_denylist)] if ip_denylist.any?
+            data << [denylist_data('blocked_users', user_id_denylist)] if user_id_denylist.any?
 
-            data.any? ? data : nil
+            data
           end
 
           private

data/lib/datadog/appsec/processor/rule_merger.rb

@@ -17,12 +17,12 @@ module Datadog
         end
 
         class << self
-          def merge(rules:, data: nil, overrides: nil, exclusions: nil)
+          def merge(rules:, data: [], overrides: [], exclusions: [])
             combined_rules = combine_rules(rules)
 
-            rules_data = combine_data(data) if data
-            rules_overrides = combine_overrides(overrides) if overrides
-            rules_exclusions = combine_exclusions(exclusions) if exclusions
+            rules_data = combine_data(data) if data.any?
+            rules_overrides = combine_overrides(overrides) if overrides.any?
+            rules_exclusions = combine_exclusions(exclusions) if exclusions.any?
 
             combined_rules['rules_data'] = rules_data if rules_data
             combined_rules['rules_override'] = rules_overrides if rules_overrides
@@ -62,7 +62,7 @@ module Datadog
             result = []
 
             data.each do |data_entry|
-              data_entry['rules_data'].each do |value|
+              data_entry.each do |value|
                 existing_data = result.find { |x| x['id'] == value['id'] }
 
                 if existing_data && existing_data['type'] == value['type']
@@ -113,31 +113,11 @@ module Datadog
           end
 
           def combine_overrides(overrides)
-            rules_override = []
-
-            overrides.each do |override|
-              override['rules_override'].each do |rule_override|
-                rules_override << rule_override
-              end
-            end
-
-            return if rules_override.empty?
-
-            rules_override
+            overrides.flatten
           end
 
           def combine_exclusions(exclusions)
-            rules_exclusions = []
-
-            exclusions.each do |exclusion|
-              exclusion['exclusions'].each do |rule_exclusion|
-                rules_exclusions << rule_exclusion
-              end
-            end
-
-            return if rules_exclusions.empty?
-
-            rules_exclusions
+            exclusions.flatten
           end
         end
       end

data/lib/datadog/appsec/remote.rb

@@ -26,7 +26,6 @@ module Datadog
         ASM_CAPABILITIES = [
           CAP_ASM_IP_BLOCKING,
           CAP_ASM_USER_BLOCKING,
-          CAP_ASM_CUSTOM_RULES,
           CAP_ASM_EXCLUSIONS,
           CAP_ASM_REQUEST_BLOCKING,
           CAP_ASM_RESPONSE_BLOCKING,
@@ -48,7 +47,6 @@ module Datadog
           remote_features_enabled? ? ASM_PRODUCTS : []
         end
 
-        # rubocop:disable Metrics/MethodLength
         def receivers
           return [] unless remote_features_enabled?
 
@@ -63,18 +61,17 @@ module Datadog
             overrides = []
             exclusions = []
 
-            asm_data_config_types = ['blocked_ips', 'blocked_users']
-            asm_overrides_config_types = ['blocking', 'disabled_rules']
-
             repository.contents.each do |content|
+              parsed_content = parse_content(content)
+
               case content.path.product
               when 'ASM_DD'
-                rules << parse_content(content)
+                rules << parsed_content
               when 'ASM_DATA'
-                data << parse_content(content) if asm_data_config_types.include?(content.path.config_id)
+                data << parsed_content['rules_data'] if parsed_content['rules_data']
               when 'ASM'
-                overrides << parse_content(content) if asm_overrides_config_types.include?(content.path.config_id)
-                exclusions << parse_content(content) if content.path.config_id == 'exclusion_filters'
+                overrides << parsed_content['rules_override'] if parsed_content['rules_override']
+                exclusions << parsed_content['exclusions'] if parsed_content['exclusions']
               end
             end
 
@@ -98,7 +95,6 @@ module Datadog
 
           [receiver]
         end
-        # rubocop:enable Metrics/MethodLength
 
         private
 

data/lib/datadog/appsec/response.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'assets'
 require_relative 'utils/http/media_range'
 
@@ -27,33 +29,39 @@ module Datadog
 
       class << self
         def negotiate(env)
+          content_type = content_type(env)
+
+          Datadog.logger.debug { "negotiated response content type: #{content_type}" }
+
           Response.new(
             status: 403,
-            headers: { 'Content-Type' => 'text/html' },
-            body: [Datadog::AppSec::Assets.blocked(format: format(env))]
+            headers: { 'Content-Type' => content_type },
+            body: [Datadog::AppSec::Assets.blocked(format: FORMAT_MAP[content_type])]
           )
         end
 
         private
 
         FORMAT_MAP = {
+          'text/plain' => :text,
           'text/html' => :html,
           'application/json' => :json,
-          'text/plain' => :text,
         }.freeze
 
-        DEFAULT_FORMAT = :text
+        DEFAULT_CONTENT_TYPE = 'text/plain'
 
-        def format(env)
-          return DEFAULT_FORMAT unless env.key?('HTTP_ACCEPT')
+        def content_type(env)
+          return DEFAULT_CONTENT_TYPE unless env.key?('HTTP_ACCEPT')
 
-          accepted = env['HTTP_ACCEPT'].split(',').map { |m| Utils::HTTP::MediaRange.new(m) }.sort
+          accepted = env['HTTP_ACCEPT'].split(',').map { |m| Utils::HTTP::MediaRange.new(m) }.sort!.reverse!
 
-          accepted.each_with_object(DEFAULT_FORMAT) do |_default, range|
-            format = FORMAT_MAP.keys.find { |type, _format| range === type }
+          accepted.each_with_object(DEFAULT_CONTENT_TYPE) do |range, _default|
+            match = FORMAT_MAP.keys.find { |type| range === type }
 
-            return FORMAT_MAP[format] if format
+            return match if match
           end
+        rescue Datadog::AppSec::Utils::HTTP::MediaRange::ParseError
+          DEFAULT_CONTENT_TYPE
         end
       end
     end

data/lib/datadog/core/configuration/components.rb

@@ -52,8 +52,14 @@ module Datadog
             Core::Workers::RuntimeMetrics.new(options)
           end
 
-          def build_telemetry(settings)
-            Telemetry::Client.new(enabled: settings.telemetry.enabled)
+          def build_telemetry(settings, agent_settings, logger)
+            enabled = settings.telemetry.enabled
+            if agent_settings.adapter != Datadog::Transport::Ext::HTTP::ADAPTER
+              enabled = false
+              logger.debug { "Telemetry disabled. Agent network adapter not supported: #{agent_settings.adapter}" }
+            end
+
+            Telemetry::Client.new(enabled: enabled)
           end
         end
 
@@ -81,7 +87,7 @@ module Datadog
           )
           @runtime_metrics = self.class.build_runtime_metrics_worker(settings)
           @health_metrics = self.class.build_health_metrics(settings)
-          @telemetry = self.class.build_telemetry(settings)
+          @telemetry = self.class.build_telemetry(settings, agent_settings, logger)
           @appsec = Datadog::AppSec::Component.build_appsec_component(settings)
         end
 

data/lib/datadog/core/telemetry/client.rb

@@ -5,7 +5,7 @@ require_relative '../utils/forking'
 module Datadog
   module Core
     module Telemetry
-      # Telemetry entrypoint, coordinates sending telemetry events at various points in app lifecyle
+      # Telemetry entrypoint, coordinates sending telemetry events at various points in app lifecycle.
       class Client
         attr_reader \
           :emitter,

data/lib/datadog/core/telemetry/http/transport.rb

@@ -10,6 +10,7 @@ module Datadog
     module Telemetry
       module Http
         # Class to send telemetry data to Telemetry API
+        # Currently only supports the HTTP protocol.
         class Transport
           attr_reader \
             :host,

data/lib/ddtrace/version.rb

@@ -4,7 +4,7 @@ module DDTrace
   module VERSION
     MAJOR = 1
     MINOR = 11
-    PATCH = 0
+    PATCH = 1
     PRE = nil
     BUILD = nil
     # PRE and BUILD above are modified for dev gems during gem build GHA workflow

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ddtrace
 version: !ruby/object:Gem::Version
-  version: 1.11.0
+  version: 1.11.1
 platform: ruby
 authors:
 - Datadog, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-27 00:00:00.000000000 Z
+date: 1980-01-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: msgpack
@@ -883,7 +883,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.4.5
+rubygems_version: 3.3.20
 signing_key:
 specification_version: 4
 summary: Datadog tracing code for your Ruby applications