ddtrace 1.11.1 → 1.12.0

data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb

@@ -23,13 +23,13 @@ module Datadog
                 gateway.watch('sinatra.request.dispatch', :appsec) do |stack, gateway_request|
                   block = false
                   event = nil
-                  waf_context = gateway_request.env['datadog.waf.context']
+                  scope = gateway_request.env[Datadog::AppSec::Ext::SCOPE_KEY]
 
                   AppSec::Reactive::Operation.new('sinatra.request.dispatch') do |op|
                     trace = active_trace
                     span = active_span
 
-                    Rack::Reactive::RequestBody.subscribe(op, waf_context) do |result, _block|
+                    Rack::Reactive::RequestBody.subscribe(op, scope.processor_context) do |result, _block|
                       if result.status == :match
                         # TODO: should this hash be an Event instance instead?
                         event = {
@@ -42,7 +42,7 @@ module Datadog
 
                         span.set_tag('appsec.event', 'true') if span
 
-                        waf_context.events << event
+                        scope.processor_context.events << event
                       end
                     end
 
@@ -66,13 +66,13 @@ module Datadog
                 gateway.watch('sinatra.request.routed', :appsec) do |stack, (gateway_request, gateway_route_params)|
                   block = false
                   event = nil
-                  waf_context = gateway_request.env['datadog.waf.context']
+                  scope = gateway_request.env[Datadog::AppSec::Ext::SCOPE_KEY]
 
                   AppSec::Reactive::Operation.new('sinatra.request.routed') do |op|
                     trace = active_trace
                     span = active_span
 
-                    Sinatra::Reactive::Routed.subscribe(op, waf_context) do |result, _block|
+                    Sinatra::Reactive::Routed.subscribe(op, scope.processor_context) do |result, _block|
                       if result.status == :match
                         # TODO: should this hash be an Event instance instead?
                         event = {
@@ -85,7 +85,7 @@ module Datadog
 
                         span.set_tag('appsec.event', 'true') if span
 
-                        waf_context.events << event
+                        scope.processor_context.events << event
                       end
                     end
 

data/lib/datadog/appsec/contrib/sinatra/integration.rb

@@ -1,6 +1,5 @@
 require_relative '../integration'
 
-require_relative 'configuration/settings'
 require_relative 'patcher'
 require_relative 'request_middleware'
 
@@ -32,10 +31,6 @@ module Datadog
             true
           end
 
-          def default_configuration
-            Configuration::Settings.new
-          end
-
           def patcher
             Patcher
           end

data/lib/datadog/appsec/contrib/sinatra/patcher.rb

@@ -4,6 +4,7 @@ require_relative '../patcher'
 require_relative '../../response'
 require_relative '../rack/request_middleware'
 require_relative 'framework'
+require_relative 'ext'
 require_relative 'gateway/watcher'
 require_relative 'gateway/route_params'
 require_relative 'gateway/request'
@@ -51,7 +52,7 @@ module Datadog
           def dispatch!
             env = @request.env
 
-            context = env['datadog.waf.context']
+            context = env[Datadog::AppSec::Ext::SCOPE_KEY]
 
             return super unless context
 
@@ -61,7 +62,7 @@ module Datadog
 
             request_return, request_response = Instrumentation.gateway.push('sinatra.request.dispatch', gateway_request) do
               # handle process_route interruption
-              catch(Ext::ROUTE_INTERRUPT) { super }
+              catch(Datadog::AppSec::Contrib::Sinatra::Ext::ROUTE_INTERRUPT) { super }
             end
 
             if request_response && request_response.any? { |action, _event| action == :block }
@@ -80,7 +81,7 @@ module Datadog
           def process_route(*)
             env = @request.env
 
-            context = env['datadog.waf.context']
+            context = env[Datadog::AppSec::Ext::SCOPE_KEY]
 
             return super unless context
 
@@ -106,7 +107,7 @@ module Datadog
                 self.response = AppSec::Response.negotiate(env).to_sinatra_response
 
                 # interrupt request and return response to dispatch! for consistency
-                throw(Ext::ROUTE_INTERRUPT, response)
+                throw(Datadog::AppSec::Contrib::Sinatra::Ext::ROUTE_INTERRUPT, response)
               end
 
               yield(*args)

data/lib/datadog/appsec/event.rb

@@ -38,17 +38,17 @@ module Datadog
       #
       # This is expected to be called only once per trace for the rate limiter
       # to properly apply
-      def self.record(*events)
+      def self.record(span, *events)
         # ensure rate limiter is called only when there are events to record
         return if events.empty?
 
         Datadog::AppSec::RateLimiter.limit(:traces) do
-          record_via_span(*events)
+          record_via_span(span, *events)
         end
       end
 
       # rubocop:disable Metrics/MethodLength
-      def self.record_via_span(*events)
+      def self.record_via_span(span, *events)
         events.group_by { |e| e[:trace] }.each do |trace, event_group|
           unless trace
             Datadog.logger.debug { "{ error: 'no trace: cannot record', event_group: #{event_group.inspect}}" }
@@ -100,10 +100,10 @@ module Datadog
 
           # complex types are unsupported, we need to serialize to a string
           triggers = trace_tags.delete('_dd.appsec.triggers')
-          trace.set_tag('_dd.appsec.json', JSON.dump({ triggers: triggers }))
+          span.set_tag('_dd.appsec.json', JSON.dump({ triggers: triggers }))
 
           trace_tags.each do |key, value|
-            trace.set_tag(key, value)
+            span.set_tag(key, value)
           end
         end
       end

data/lib/datadog/appsec/ext.rb

@@ -4,6 +4,7 @@ module Datadog
   module AppSec
     module Ext
       INTERRUPT = :datadog_appsec_interrupt
+      SCOPE_KEY = 'datadog.appsec.scope'
     end
   end
 end

data/lib/datadog/appsec/extensions.rb

@@ -30,9 +30,9 @@ module Datadog
 
         # Writer methods
 
-        def instrument(name, options = {})
+        def instrument(name, _unused = {})
           dsl = AppSec::Configuration::DSL.new
-          dsl.instrument(name, options)
+          dsl.instrument(name)
           @settings.merge(dsl)
         end
 
@@ -92,10 +92,6 @@ module Datadog
 
         # Reader methods
 
-        def [](key)
-          @settings[key]
-        end
-
         def enabled
           @settings.enabled
         end

data/lib/datadog/appsec/monitor/gateway/watcher.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require_relative '../../ext'
 require_relative '../../instrumentation/gateway'
 require_relative '../../reactive/operation'
 require_relative '../reactive/set_user'
@@ -22,13 +21,13 @@ module Datadog
               gateway.watch('identity.set_user', :appsec) do |stack, user|
                 block = false
                 event = nil
-                waf_context = Datadog::AppSec::Processor.active_context
+                scope = Datadog::AppSec.active_scope
 
                 AppSec::Reactive::Operation.new('identity.set_user') do |op|
                   trace = active_trace
                   span = active_span
 
-                  Monitor::Reactive::SetUser.subscribe(op, waf_context) do |result, _block|
+                  Monitor::Reactive::SetUser.subscribe(op, scope.processor_context) do |result, _block|
                     if result.status == :match
                       # TODO: should this hash be an Event instance instead?
                       event = {
@@ -41,7 +40,7 @@ module Datadog
 
                       span.set_tag('appsec.event', 'true') if span
 
-                      waf_context.events << event
+                      scope.processor_context.events << event
                     end
                   end
 

data/lib/datadog/appsec/processor/rule_merger.rb

@@ -17,16 +17,18 @@ module Datadog
         end
 
         class << self
-          def merge(rules:, data: [], overrides: [], exclusions: [])
+          def merge(rules:, data: [], overrides: [], exclusions: [], custom_rules: [])
             combined_rules = combine_rules(rules)
 
-            rules_data = combine_data(data) if data.any?
-            rules_overrides = combine_overrides(overrides) if overrides.any?
-            rules_exclusions = combine_exclusions(exclusions) if exclusions.any?
+            combined_data = combine_data(data) if data.any?
+            combined_overrides = combine_overrides(overrides) if overrides.any?
+            combined_exclusions = combine_exclusions(exclusions) if exclusions.any?
+            combined_custom_rules = combine_custom_rules(custom_rules) if custom_rules.any?
 
-            combined_rules['rules_data'] = rules_data if rules_data
-            combined_rules['rules_override'] = rules_overrides if rules_overrides
-            combined_rules['exclusions'] = rules_exclusions if rules_exclusions
+            combined_rules['rules_data'] = combined_data if combined_data
+            combined_rules['rules_override'] = combined_overrides if combined_overrides
+            combined_rules['exclusions'] = combined_exclusions if combined_exclusions
+            combined_rules['custom_rules'] = combined_custom_rules if combined_custom_rules
 
             combined_rules
           end
@@ -119,6 +121,10 @@ module Datadog
           def combine_exclusions(exclusions)
             exclusions.flatten
           end
+
+          def combine_custom_rules(custom_rules)
+            custom_rules.flatten
+          end
         end
       end
     end

data/lib/datadog/appsec/processor.rb

@@ -43,30 +43,6 @@ module Datadog
         end
       end
 
-      class << self
-        def active_context
-          Thread.current[:datadog_current_waf_context]
-        end
-
-        private
-
-        def active_context=(context)
-          unless context.instance_of?(Context)
-            raise ArgumentError,
-              "The context provide: #{context.inspect} is not a Datadog::AppSec::Processor::Context"
-          end
-
-          Thread.current[:datadog_current_waf_context] = context
-        end
-
-        def reset_active_context
-          Thread.current[:datadog_current_waf_context] = nil
-        end
-      end
-
-      class NoActiveContextError < StandardError; end
-      class AlreadyActiveContextError < StandardError; end
-
       attr_reader :ruleset_info, :addresses
 
       def initialize(ruleset:)
@@ -83,27 +59,6 @@ module Datadog
         !@handle.nil?
       end
 
-      def new_context
-        Context.new(self)
-      end
-
-      def activate_context
-        existing_active_context = Processor.active_context
-        raise AlreadyActiveContextError if existing_active_context
-
-        context = new_context
-        Processor.send(:active_context=, context)
-        context
-      end
-
-      def deactivate_context
-        context = Processor.active_context
-        raise NoActiveContextError unless context
-
-        Processor.send(:reset_active_context)
-        context.finalize
-      end
-
       def finalize
         @handle.finalize
       end

data/lib/datadog/appsec/remote.rb

@@ -30,6 +30,7 @@ module Datadog
           CAP_ASM_REQUEST_BLOCKING,
           CAP_ASM_RESPONSE_BLOCKING,
           CAP_ASM_DD_RULES,
+          CAP_ASM_CUSTOM_RULES,
         ].freeze
 
         ASM_PRODUCTS = [
@@ -47,6 +48,7 @@ module Datadog
           remote_features_enabled? ? ASM_PRODUCTS : []
         end
 
+        # rubocop:disable Metrics/MethodLength
         def receivers
           return [] unless remote_features_enabled?
 
@@ -57,6 +59,7 @@ module Datadog
             end
 
             rules = []
+            custom_rules = []
             data = []
             overrides = []
             exclusions = []
@@ -72,6 +75,7 @@ module Datadog
               when 'ASM'
                 overrides << parsed_content['rules_override'] if parsed_content['rules_override']
                 exclusions << parsed_content['exclusions'] if parsed_content['exclusions']
+                custom_rules << parsed_content['custom_rules'] if parsed_content['custom_rules']
               end
             end
 
@@ -88,6 +92,7 @@ module Datadog
               data: data,
               overrides: overrides,
               exclusions: exclusions,
+              custom_rules: custom_rules,
             )
 
             Datadog::AppSec.reconfigure(ruleset: ruleset)
@@ -95,6 +100,7 @@ module Datadog
 
           [receiver]
         end
+        # rubocop:enable Metrics/MethodLength
 
         private
 

data/lib/datadog/appsec/scope.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require_relative 'processor'
+
+module Datadog
+  module AppSec
+    # Capture context essential to consistently call processor and report via traces
+    class Scope
+      attr_reader :trace, :service_entry_span, :processor_context
+
+      def initialize(trace, service_entry_span, processor_context)
+        @trace = trace
+        @service_entry_span = service_entry_span
+        @processor_context = processor_context
+      end
+
+      def finalize
+        @processor_context.finalize
+      end
+
+      class << self
+        def activate_scope(trace, service_entry_span, processor)
+          raise ActiveScopeError, 'another scope is active, nested scopes are not supported' if active_scope
+
+          context = Datadog::AppSec::Processor::Context.new(processor)
+
+          self.active_scope = new(trace, service_entry_span, context)
+        end
+
+        def deactivate_scope
+          raise InactiveScopeError, 'no scope is active, nested scopes are not supported' unless active_scope
+
+          scope = active_scope
+
+          reset_active_scope
+
+          scope.finalize
+        end
+
+        def active_scope
+          Thread.current[:datadog_appsec_active_scope]
+        end
+
+        private
+
+        def active_scope=(scope)
+          raise ArgumentError, 'not a Datadog::AppSec::Scope' unless scope.instance_of?(Scope)
+
+          Thread.current[:datadog_appsec_active_scope] = scope
+        end
+
+        def reset_active_scope
+          Thread.current[:datadog_appsec_active_scope] = nil
+        end
+      end
+
+      class InactiveScopeError < StandardError; end
+      class ActiveScopeError < StandardError; end
+    end
+  end
+end

data/lib/datadog/appsec.rb

@@ -2,6 +2,8 @@
 
 require_relative 'appsec/configuration'
 require_relative 'appsec/extensions'
+require_relative 'appsec/scope'
+require_relative 'appsec/ext'
 
 module Datadog
   # Namespace for Datadog AppSec instrumentation
@@ -13,6 +15,10 @@ module Datadog
         Datadog.configuration.appsec.enabled
       end
 
+      def active_scope
+        Datadog::AppSec::Scope.active_scope
+      end
+
       def processor
         appsec_component = components.appsec
 

data/lib/datadog/ci/ext/environment.rb

@@ -19,6 +19,8 @@ module Datadog
         TAG_PROVIDER_NAME = 'ci.provider.name'
         TAG_STAGE_NAME = 'ci.stage.name'
         TAG_WORKSPACE_PATH = 'ci.workspace_path'
+        TAG_NODE_LABELS = 'ci.node.labels'
+        TAG_NODE_NAME = 'ci.node.name'
         TAG_CI_ENV_VARS = '_dd.ci.env_vars'
 
         PROVIDERS = [
@@ -33,7 +35,8 @@ module Datadog
           ['JENKINS_URL', :extract_jenkins],
           ['TEAMCITY_VERSION', :extract_teamcity],
           ['TRAVIS', :extract_travis],
-          ['BITRISE_BUILD_SLUG', :extract_bitrise]
+          ['BITRISE_BUILD_SLUG', :extract_bitrise],
+          ['CF_BUILD_ID', :extract_codefresh]
         ].freeze
 
         module_function
@@ -196,7 +199,7 @@ module Datadog
         end
 
         def extract_buildkite(env)
-          {
+          tags = {
             Core::Git::Ext::TAG_BRANCH => env['BUILDKITE_BRANCH'],
             Core::Git::Ext::TAG_COMMIT_SHA => env['BUILDKITE_COMMIT'],
             Core::Git::Ext::TAG_REPOSITORY_URL => env['BUILDKITE_REPO'],
@@ -211,11 +214,21 @@ module Datadog
             Core::Git::Ext::TAG_COMMIT_AUTHOR_NAME => env['BUILDKITE_BUILD_AUTHOR'],
             Core::Git::Ext::TAG_COMMIT_AUTHOR_EMAIL => env['BUILDKITE_BUILD_AUTHOR_EMAIL'],
             Core::Git::Ext::TAG_COMMIT_MESSAGE => env['BUILDKITE_MESSAGE'],
+            TAG_NODE_NAME => env['BUILDKITE_AGENT_ID'],
             TAG_CI_ENV_VARS => {
               'BUILDKITE_BUILD_ID' => env['BUILDKITE_BUILD_ID'],
               'BUILDKITE_JOB_ID' => env['BUILDKITE_JOB_ID']
             }.to_json
           }
+
+          extra_tags = env
+            .select { |key| key.start_with?('BUILDKITE_AGENT_META_DATA_') }
+            .map { |key, value| "#{key.to_s.sub('BUILDKITE_AGENT_META_DATA_', '').downcase}:#{value}" }
+            .sort_by(&:length)
+
+          tags[TAG_NODE_LABELS] = extra_tags.to_json unless extra_tags.empty?
+
+          tags
         end
 
         def extract_circle_ci(env)
@@ -274,7 +287,6 @@ module Datadog
         def extract_gitlab(env)
           commit_author_name, commit_author_email = extract_name_email(env['CI_COMMIT_AUTHOR'])
 
-          url = env['CI_PIPELINE_URL']
           {
             Core::Git::Ext::TAG_BRANCH => env['CI_COMMIT_REF_NAME'],
             Core::Git::Ext::TAG_COMMIT_SHA => env['CI_COMMIT_SHA'],
@@ -289,9 +301,11 @@ module Datadog
             TAG_PIPELINE_ID => env['CI_PIPELINE_ID'],
             TAG_PIPELINE_NAME => env['CI_PROJECT_PATH'],
             TAG_PIPELINE_NUMBER => env['CI_PIPELINE_IID'],
-            TAG_PIPELINE_URL => (url.gsub(%r{/-/pipelines/}, '/pipelines/') if url),
+            TAG_PIPELINE_URL => env['CI_PIPELINE_URL'],
             TAG_PROVIDER_NAME => 'gitlab',
             TAG_WORKSPACE_PATH => env['CI_PROJECT_DIR'],
+            TAG_NODE_LABELS => env['CI_RUNNER_TAGS'],
+            TAG_NODE_NAME => env['CI_RUNNER_ID'],
             Core::Git::Ext::TAG_COMMIT_MESSAGE => env['CI_COMMIT_MESSAGE'],
             TAG_CI_ENV_VARS => {
               'CI_PROJECT_URL' => env['CI_PROJECT_URL'],
@@ -308,6 +322,9 @@ module Datadog
             name = name.gsub("/#{normalize_ref(branch)}", '') if branch
             name = name.split('/').reject { |v| v.nil? || v.include?('=') }.join('/')
           end
+
+          node_labels = env['NODE_LABELS'].split.to_json unless env['NODE_LABELS'].nil?
+
           {
             Core::Git::Ext::TAG_BRANCH => branch,
             Core::Git::Ext::TAG_COMMIT_SHA => env['GIT_COMMIT'],
@@ -319,6 +336,8 @@ module Datadog
             TAG_PIPELINE_URL => env['BUILD_URL'],
             TAG_PROVIDER_NAME => 'jenkins',
             TAG_WORKSPACE_PATH => env['WORKSPACE'],
+            TAG_NODE_LABELS => node_labels,
+            TAG_NODE_NAME => env['NODE_NAME'],
             TAG_CI_ENV_VARS => {
               'DD_CUSTOM_TRACE_ID' => env['DD_CUSTOM_TRACE_ID']
             }.to_json
@@ -380,6 +399,23 @@ module Datadog
           }
         end
 
+        def extract_codefresh(env)
+          branch, tag = branch_or_tag(env['CF_BRANCH'])
+
+          {
+            TAG_PROVIDER_NAME => 'codefresh',
+            TAG_PIPELINE_ID => env['CF_BUILD_ID'],
+            TAG_PIPELINE_NAME => env['CF_PIPELINE_NAME'],
+            TAG_PIPELINE_URL => env['CF_BUILD_URL'],
+            TAG_JOB_NAME => env['CF_STEP_NAME'],
+            Core::Git::Ext::TAG_BRANCH => branch,
+            Core::Git::Ext::TAG_TAG => tag,
+            TAG_CI_ENV_VARS => {
+              'CF_BUILD_ID' => env['CF_BUILD_ID'],
+            }.to_json
+          }
+        end
+
         def extract_user_defined_git(env)
           {
             Core::Git::Ext::TAG_REPOSITORY_URL => env[Core::Git::Ext::ENV_REPOSITORY_URL],

data/lib/datadog/core/configuration/settings.rb

@@ -154,6 +154,9 @@ module Datadog
         # @default `DD_ENV` environment variable, otherwise `nil`
         # @return [String,nil]
         option :env do |o|
+          # DEV-2.0: Remove this conversion for symbol.
+          o.setter { |v| v.to_s if v }
+
           # NOTE: env also gets set as a side effect of tags. See the WORKAROUND note in #initialize for details.
           o.default { ENV.fetch(Core::Environment::Ext::ENV_ENVIRONMENT, nil) }
           o.lazy
@@ -202,12 +205,23 @@ module Datadog
 
           # @public_api
           settings :advanced do
+            # @deprecated This setting is ignored when CPU Profiling 2.0 is in use, and will be removed on dd-trace-rb 2.0.
+            #
             # This should never be reduced, as it can cause the resulting profiles to become biased.
             # The default should be enough for most services, allowing 16 threads to be sampled around 30 times
             # per second for a 60 second period.
-            #
-            # @deprecated This setting is ignored when CPU Profiling 2.0 is in use.
-            option :max_events, default: 32768
+            option :max_events do |o|
+              o.default 32768
+              o.on_set do |value|
+                if value != 32768
+                  Datadog.logger.warn(
+                    'The profiling.advanced.max_events setting has been deprecated for removal. It no longer does ' \
+                    'anything unless you the `force_enable_legacy_profiler` option is in use. ' \
+                    'Please remove it from your Datadog.configure block.'
+                  )
+                end
+              end
+            end
 
             # Controls the maximum number of frames for each thread sampled. Can be tuned to avoid omitted frames in the
             # produced profiles. Increasing this may increase the overhead of profiling.
@@ -250,28 +264,39 @@ module Datadog
               end
             end
 
-            # Forces enabling the new CPU Profiling 2.0 profiler (see ddtrace release notes for more details).
-            #
-            # Note that setting this to "false" (or not setting it) will not prevent the new profiler from
-            # being automatically used.
-            # This option will be deprecated for removal once the legacy profiler is removed.
+            # @deprecated No longer does anything, and will be removed on dd-trace-rb 2.0.
             #
-            # @default `DD_PROFILING_FORCE_ENABLE_NEW` environment variable, otherwise `false`
+            # This was used prior to the GA of the new CPU Profiling 2.0 profiler. Using CPU Profiling 2.0 is now the
+            # default and this doesn't do anything.
             option :force_enable_new_profiler do |o|
-              o.default { env_to_bool('DD_PROFILING_FORCE_ENABLE_NEW', false) }
-              o.lazy
+              o.on_set do
+                Datadog.logger.warn(
+                  'The profiling.advanced.force_enable_new_profiler setting has been deprecated for removal and no ' \
+                  'longer does anything. Please remove it from your Datadog.configure block.'
+                )
+              end
             end
 
-            # Forces enabling the *legacy* (non-CPU Profiling 2.0 profiler) even when it would otherwise NOT be enabled.
+            # @deprecated Will be removed for dd-trace-rb 2.0.
             #
-            # Temporarily added to ease migration to the new CPU Profiling 2.0 profiler, and will be removed soon.
+            # Forces enabling the *legacy* non-CPU Profiling 2.0 profiler.
             # Do not use unless instructed to by support.
-            # This option will be deprecated for removal once the legacy profiler is removed.
             #
             # @default `DD_PROFILING_FORCE_ENABLE_LEGACY` environment variable, otherwise `false`
             option :force_enable_legacy_profiler do |o|
               o.default { env_to_bool('DD_PROFILING_FORCE_ENABLE_LEGACY', false) }
               o.lazy
+              o.on_set do |value|
+                if value
+                  Datadog.logger.warn(
+                    'The profiling.advanced.force_enable_legacy_profiler setting has been deprecated for removal. ' \
+                    'Do not use unless instructed to by support. ' \
+                    'If you needed to use it due to incompatibilities with the CPU Profiling 2.0 profiler, consider ' \
+                    'using the profiling.advanced.no_signals_workaround_enabled setting instead. ' \
+                    'See <https://dtdg.co/ruby-profiler-troubleshooting> for details.'
+                  )
+                end
+              end
             end
 
             # Forces enabling of profiling of time/resources spent in Garbage Collection.
@@ -317,6 +342,30 @@ module Datadog
               o.default { env_to_bool('DD_PROFILING_SKIP_MYSQL2_CHECK', false) }
               o.lazy
             end
+
+            # The profiler gathers data by sending `SIGPROF` unix signals to Ruby application threads.
+            #
+            # Sending `SIGPROF` is a common profiling approach, and may cause system calls from native
+            # extensions/libraries to be interrupted with a system
+            # [EINTR error code.](https://man7.org/linux/man-pages/man7/signal.7.html#:~:text=Interruption%20of%20system%20calls%20and%20library%20functions%20by%20signal%20handlers)
+            # Rarely, native extensions or libraries called by them may have missing or incorrect error handling for the
+            # `EINTR` error code.
+            #
+            # The "no signals" workaround, when enabled, enables an alternative mode for the profiler where it does not
+            # send `SIGPROF` unix signals. The downside of this approach is that the profiler data will have lower
+            # quality.
+            #
+            # This workaround is automatically enabled when gems that are known to have issues handling
+            # `EINTR` error codes are detected. If you suspect you may be seeing an issue due to the profiler's use of
+            # signals, you can try manually enabling this mode as a fallback.
+            # Please also report these issues to us on <https://github.com/DataDog/dd-trace-rb/issues/new>, so we can
+            # work with the gem authors to fix them!
+            #
+            # @default `DD_PROFILING_NO_SIGNALS_WORKAROUND_ENABLED` environment variable as a boolean, otherwise `:auto`
+            option :no_signals_workaround_enabled do |o|
+              o.default { env_to_bool('DD_PROFILING_NO_SIGNALS_WORKAROUND_ENABLED', :auto) }
+              o.lazy
+            end
           end
 
           # @public_api
@@ -353,6 +402,9 @@ module Datadog
         # @default `DD_SERVICE` environment variable, otherwise the program name (e.g. `'ruby'`, `'rails'`, `'pry'`)
         # @return [String]
         option :service do |o|
+          # DEV-2.0: Remove this conversion for symbol.
+          o.setter { |v| v.to_s if v }
+
           # NOTE: service also gets set as a side effect of tags. See the WORKAROUND note in #initialize for details.
           o.default { ENV.fetch(Core::Environment::Ext::ENV_SERVICE, Core::Environment::Ext::FALLBACK_SERVICE_NAME) }
           o.lazy