ddtrace 1.12.1 → 1.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +109 -9
- data/ext/ddtrace_profiling_native_extension/collectors_thread_context.c +97 -14
- data/ext/ddtrace_profiling_native_extension/extconf.rb +6 -0
- data/ext/ddtrace_profiling_native_extension/http_transport.c +19 -6
- data/ext/ddtrace_profiling_native_extension/native_extension_helpers.rb +1 -1
- data/ext/ddtrace_profiling_native_extension/private_vm_api_access.c +41 -2
- data/ext/ddtrace_profiling_native_extension/private_vm_api_access.h +6 -0
- data/ext/ddtrace_profiling_native_extension/stack_recorder.c +6 -10
- data/ext/ddtrace_profiling_native_extension/time_helpers.c +40 -4
- data/ext/ddtrace_profiling_native_extension/time_helpers.h +14 -0
- data/lib/datadog/appsec/component.rb +9 -0
- data/lib/datadog/appsec/configuration/settings.rb +104 -195
- data/lib/datadog/appsec/configuration.rb +0 -79
- data/lib/datadog/appsec/contrib/auto_instrument.rb +2 -4
- data/lib/datadog/appsec/contrib/devise/event.rb +57 -0
- data/lib/datadog/appsec/contrib/devise/ext.rb +13 -0
- data/lib/datadog/appsec/contrib/devise/integration.rb +42 -0
- data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +76 -0
- data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +52 -0
- data/lib/datadog/appsec/contrib/devise/patcher.rb +45 -0
- data/lib/datadog/appsec/contrib/devise/resource.rb +35 -0
- data/lib/datadog/appsec/contrib/devise/tracking.rb +49 -0
- data/lib/datadog/appsec/contrib/rack/ext.rb +2 -1
- data/lib/datadog/appsec/contrib/rack/reactive/request.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/reactive/response.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +12 -7
- data/lib/datadog/appsec/contrib/rails/ext.rb +3 -2
- data/lib/datadog/appsec/contrib/rails/framework.rb +1 -3
- data/lib/datadog/appsec/contrib/rails/patcher.rb +8 -8
- data/lib/datadog/appsec/contrib/rails/reactive/action.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/ext.rb +2 -1
- data/lib/datadog/appsec/contrib/sinatra/framework.rb +1 -3
- data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +1 -1
- data/lib/datadog/appsec/event.rb +1 -1
- data/lib/datadog/appsec/extensions.rb +1 -130
- data/lib/datadog/appsec/monitor/reactive/set_user.rb +1 -1
- data/lib/datadog/appsec/processor.rb +1 -1
- data/lib/datadog/appsec/rate_limiter.rb +1 -1
- data/lib/datadog/appsec/remote.rb +1 -1
- data/lib/datadog/appsec.rb +1 -2
- data/lib/datadog/ci/configuration/settings.rb +6 -8
- data/lib/datadog/ci/contrib/cucumber/configuration/settings.rb +7 -5
- data/lib/datadog/ci/contrib/cucumber/ext.rb +10 -8
- data/lib/datadog/ci/contrib/minitest/configuration/settings.rb +35 -0
- data/lib/datadog/ci/contrib/minitest/ext.rb +21 -0
- data/lib/datadog/ci/contrib/minitest/integration.rb +49 -0
- data/lib/datadog/ci/contrib/minitest/patcher.rb +27 -0
- data/lib/datadog/ci/contrib/minitest/test_helper.rb +68 -0
- data/lib/datadog/ci/contrib/rspec/configuration/settings.rb +7 -5
- data/lib/datadog/ci/contrib/rspec/ext.rb +9 -7
- data/lib/datadog/ci.rb +1 -0
- data/lib/datadog/core/backport.rb +51 -0
- data/lib/datadog/core/configuration/base.rb +5 -5
- data/lib/datadog/core/configuration/components.rb +6 -1
- data/lib/datadog/core/configuration/ext.rb +7 -5
- data/lib/datadog/core/configuration/option.rb +269 -19
- data/lib/datadog/core/configuration/option_definition.rb +76 -11
- data/lib/datadog/core/configuration/options.rb +22 -10
- data/lib/datadog/core/configuration/settings.rb +116 -61
- data/lib/datadog/core/environment/ext.rb +13 -11
- data/lib/datadog/core/environment/yjit.rb +58 -0
- data/lib/datadog/core/git/ext.rb +24 -22
- data/lib/datadog/core/logging/ext.rb +3 -1
- data/lib/datadog/core/metrics/ext.rb +7 -5
- data/lib/datadog/core/remote/client/capabilities.rb +5 -0
- data/lib/datadog/core/remote/client.rb +3 -0
- data/lib/datadog/core/remote/component.rb +25 -34
- data/lib/datadog/core/remote/configuration/content.rb +28 -1
- data/lib/datadog/core/remote/configuration/repository.rb +3 -1
- data/lib/datadog/core/remote/ext.rb +1 -1
- data/lib/datadog/core/remote/negotiation.rb +17 -4
- data/lib/datadog/core/runtime/ext.rb +22 -12
- data/lib/datadog/core/runtime/metrics.rb +43 -0
- data/lib/datadog/core/telemetry/client.rb +12 -2
- data/lib/datadog/core/telemetry/emitter.rb +4 -2
- data/lib/datadog/core/telemetry/event.rb +19 -4
- data/lib/datadog/core/telemetry/ext.rb +4 -1
- data/lib/datadog/core/telemetry/heartbeat.rb +2 -4
- data/lib/datadog/core/telemetry/http/ext.rb +10 -8
- data/lib/datadog/core/telemetry/http/transport.rb +1 -0
- data/lib/datadog/core/telemetry/v2/app_client_configuration_change.rb +41 -0
- data/lib/datadog/core/telemetry/v2/request.rb +29 -0
- data/lib/datadog/core/transport/http/client.rb +1 -1
- data/lib/datadog/core/transport/http/config.rb +10 -0
- data/lib/datadog/core/utils/duration.rb +52 -0
- data/lib/datadog/core/utils/hash.rb +47 -0
- data/lib/datadog/core/utils/network.rb +1 -1
- data/lib/datadog/core/utils/safe_dup.rb +27 -20
- data/lib/datadog/core/utils.rb +1 -1
- data/lib/datadog/core/workers/async.rb +2 -2
- data/lib/datadog/kit/appsec/events.rb +139 -89
- data/lib/datadog/kit/identity.rb +80 -65
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +3 -0
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +1 -0
- data/lib/datadog/profiling/collectors/thread_context.rb +9 -2
- data/lib/datadog/profiling/component.rb +41 -9
- data/lib/datadog/profiling/exporter.rb +5 -1
- data/lib/datadog/profiling/flush.rb +9 -2
- data/lib/datadog/profiling/http_transport.rb +4 -1
- data/lib/datadog/profiling/load_native_extension.rb +7 -1
- data/lib/datadog/profiling.rb +11 -1
- data/lib/datadog/tracing/component.rb +58 -6
- data/lib/datadog/tracing/configuration/dynamic/option.rb +71 -0
- data/lib/datadog/tracing/configuration/dynamic.rb +64 -0
- data/lib/datadog/tracing/configuration/ext.rb +35 -32
- data/lib/datadog/tracing/configuration/http.rb +74 -0
- data/lib/datadog/tracing/configuration/settings.rb +106 -92
- data/lib/datadog/tracing/contrib/action_cable/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/action_cable/ext.rb +20 -18
- data/lib/datadog/tracing/contrib/action_mailer/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/action_mailer/ext.rb +20 -18
- data/lib/datadog/tracing/contrib/action_pack/configuration/settings.rb +8 -6
- data/lib/datadog/tracing/contrib/action_pack/ext.rb +10 -8
- data/lib/datadog/tracing/contrib/action_view/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/action_view/ext.rb +12 -10
- data/lib/datadog/tracing/contrib/active_job/configuration/settings.rb +13 -7
- data/lib/datadog/tracing/contrib/active_job/ext.rb +25 -23
- data/lib/datadog/tracing/contrib/active_job/log_injection.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/active_model_serializers/ext.rb +12 -10
- data/lib/datadog/tracing/contrib/active_record/configuration/settings.rb +9 -7
- data/lib/datadog/tracing/contrib/active_record/events/sql.rb +0 -8
- data/lib/datadog/tracing/contrib/active_record/ext.rb +17 -15
- data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +0 -5
- data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +9 -7
- data/lib/datadog/tracing/contrib/active_support/ext.rb +18 -16
- data/lib/datadog/tracing/contrib/aws/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/aws/ext.rb +37 -24
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +9 -5
- data/lib/datadog/tracing/contrib/concurrent_ruby/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/concurrent_ruby/ext.rb +4 -2
- data/lib/datadog/tracing/contrib/dalli/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/dalli/ext.rb +19 -11
- data/lib/datadog/tracing/contrib/dalli/instrumentation.rb +8 -6
- data/lib/datadog/tracing/contrib/delayed_job/configuration/settings.rb +13 -7
- data/lib/datadog/tracing/contrib/delayed_job/ext.rb +16 -14
- data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +21 -15
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +8 -5
- data/lib/datadog/tracing/contrib/ethon/configuration/settings.rb +16 -9
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +43 -3
- data/lib/datadog/tracing/contrib/ethon/ext.rb +19 -11
- data/lib/datadog/tracing/contrib/ethon/multi_patch.rb +0 -5
- data/lib/datadog/tracing/contrib/excon/configuration/settings.rb +19 -10
- data/lib/datadog/tracing/contrib/excon/ext.rb +16 -8
- data/lib/datadog/tracing/contrib/excon/middleware.rb +20 -5
- data/lib/datadog/tracing/contrib/ext.rb +23 -1
- data/lib/datadog/tracing/contrib/extensions.rb +32 -0
- data/lib/datadog/tracing/contrib/faraday/configuration/settings.rb +20 -10
- data/lib/datadog/tracing/contrib/faraday/ext.rb +16 -8
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +16 -5
- data/lib/datadog/tracing/contrib/grape/configuration/settings.rb +8 -6
- data/lib/datadog/tracing/contrib/grape/ext.rb +16 -14
- data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +8 -6
- data/lib/datadog/tracing/contrib/graphql/ext.rb +7 -5
- data/lib/datadog/tracing/contrib/grpc/configuration/settings.rb +19 -9
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +29 -20
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +21 -20
- data/lib/datadog/tracing/contrib/grpc/ext.rb +16 -13
- data/lib/datadog/tracing/contrib/grpc/formatting.rb +127 -0
- data/lib/datadog/tracing/contrib/hanami/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/hanami/ext.rb +10 -8
- data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +4 -7
- data/lib/datadog/tracing/contrib/http/configuration/settings.rb +33 -11
- data/lib/datadog/tracing/contrib/http/ext.rb +16 -9
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +17 -5
- data/lib/datadog/tracing/contrib/httpclient/configuration/settings.rb +33 -11
- data/lib/datadog/tracing/contrib/httpclient/ext.rb +17 -9
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +17 -5
- data/lib/datadog/tracing/contrib/httprb/configuration/settings.rb +33 -11
- data/lib/datadog/tracing/contrib/httprb/ext.rb +16 -9
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +17 -5
- data/lib/datadog/tracing/contrib/kafka/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/kafka/ext.rb +42 -39
- data/lib/datadog/tracing/contrib/lograge/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/lograge/ext.rb +3 -1
- data/lib/datadog/tracing/contrib/lograge/instrumentation.rb +1 -0
- data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/mongodb/ext.rb +20 -16
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +9 -5
- data/lib/datadog/tracing/contrib/mysql2/configuration/settings.rb +17 -14
- data/lib/datadog/tracing/contrib/mysql2/ext.rb +15 -10
- data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +9 -5
- data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +52 -0
- data/lib/datadog/tracing/contrib/opensearch/ext.rb +37 -0
- data/lib/datadog/tracing/contrib/opensearch/integration.rb +44 -0
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +128 -0
- data/lib/datadog/tracing/contrib/opensearch/quantize.rb +81 -0
- data/lib/datadog/tracing/contrib/pg/configuration/settings.rb +17 -14
- data/lib/datadog/tracing/contrib/pg/ext.rb +22 -19
- data/lib/datadog/tracing/contrib/pg/instrumentation.rb +9 -5
- data/lib/datadog/tracing/contrib/presto/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/presto/ext.rb +25 -20
- data/lib/datadog/tracing/contrib/presto/instrumentation.rb +9 -5
- data/lib/datadog/tracing/contrib/propagation/sql_comment/ext.rb +12 -10
- data/lib/datadog/tracing/contrib/qless/configuration/settings.rb +12 -8
- data/lib/datadog/tracing/contrib/qless/ext.rb +14 -12
- data/lib/datadog/tracing/contrib/que/configuration/settings.rb +21 -12
- data/lib/datadog/tracing/contrib/racecar/configuration/settings.rb +9 -7
- data/lib/datadog/tracing/contrib/racecar/event.rb +0 -5
- data/lib/datadog/tracing/contrib/racecar/ext.rb +20 -18
- data/lib/datadog/tracing/contrib/rack/configuration/settings.rb +16 -12
- data/lib/datadog/tracing/contrib/rack/ext.rb +18 -16
- data/lib/datadog/tracing/contrib/rack/header_collection.rb +3 -0
- data/lib/datadog/tracing/contrib/rack/header_tagging.rb +53 -0
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +8 -49
- data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +15 -11
- data/lib/datadog/tracing/contrib/rails/ext.rb +7 -5
- data/lib/datadog/tracing/contrib/rails/log_injection.rb +4 -10
- data/lib/datadog/tracing/contrib/rails/patcher.rb +10 -41
- data/lib/datadog/tracing/contrib/rails/railtie.rb +3 -3
- data/lib/datadog/tracing/contrib/rake/configuration/settings.rb +12 -9
- data/lib/datadog/tracing/contrib/rake/ext.rb +14 -12
- data/lib/datadog/tracing/contrib/redis/configuration/settings.rb +17 -9
- data/lib/datadog/tracing/contrib/redis/ext.rb +22 -15
- data/lib/datadog/tracing/contrib/redis/tags.rb +9 -5
- data/lib/datadog/tracing/contrib/resque/configuration/settings.rb +13 -7
- data/lib/datadog/tracing/contrib/resque/ext.rb +9 -7
- data/lib/datadog/tracing/contrib/rest_client/configuration/settings.rb +16 -9
- data/lib/datadog/tracing/contrib/rest_client/ext.rb +15 -8
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +20 -5
- data/lib/datadog/tracing/contrib/roda/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/semantic_logger/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/semantic_logger/ext.rb +3 -1
- data/lib/datadog/tracing/contrib/semantic_logger/instrumentation.rb +1 -0
- data/lib/datadog/tracing/contrib/sequel/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/sequel/ext.rb +10 -8
- data/lib/datadog/tracing/contrib/sequel/utils.rb +2 -7
- data/lib/datadog/tracing/contrib/shoryuken/configuration/settings.rb +14 -8
- data/lib/datadog/tracing/contrib/shoryuken/ext.rb +14 -12
- data/lib/datadog/tracing/contrib/sidekiq/configuration/settings.rb +18 -11
- data/lib/datadog/tracing/contrib/sidekiq/ext.rb +32 -30
- data/lib/datadog/tracing/contrib/sinatra/configuration/settings.rb +11 -9
- data/lib/datadog/tracing/contrib/sinatra/env.rb +0 -17
- data/lib/datadog/tracing/contrib/sinatra/ext.rb +21 -19
- data/lib/datadog/tracing/contrib/sinatra/tracer_middleware.rb +3 -14
- data/lib/datadog/tracing/contrib/sneakers/configuration/settings.rb +14 -8
- data/lib/datadog/tracing/contrib/sneakers/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/sneakers/tracer.rb +1 -1
- data/lib/datadog/tracing/contrib/span_attribute_schema.rb +74 -10
- data/lib/datadog/tracing/contrib/stripe/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/sucker_punch/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/sucker_punch/ext.rb +15 -13
- data/lib/datadog/tracing/contrib/utils/database.rb +5 -3
- data/lib/datadog/tracing/correlation.rb +9 -12
- data/lib/datadog/tracing/diagnostics/ext.rb +21 -19
- data/lib/datadog/tracing/distributed/b3_multi.rb +2 -2
- data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
- data/lib/datadog/tracing/distributed/trace_context.rb +52 -17
- data/lib/datadog/tracing/metadata/ext.rb +9 -6
- data/lib/datadog/tracing/remote.rb +78 -0
- data/lib/datadog/tracing/sampling/rule_sampler.rb +29 -0
- data/lib/datadog/tracing/span_operation.rb +3 -15
- data/lib/datadog/tracing/trace_operation.rb +16 -3
- data/lib/datadog/tracing/trace_segment.rb +5 -2
- data/lib/datadog/tracing/tracer.rb +10 -1
- data/lib/ddtrace/transport/ext.rb +15 -9
- data/lib/ddtrace/transport/trace_formatter.rb +9 -0
- data/lib/ddtrace/version.rb +9 -12
- metadata +38 -10
- data/lib/datadog/tracing/contrib/sinatra/headers.rb +0 -35
|
@@ -302,7 +302,8 @@ VALUE thread_name_for(VALUE thread) {
|
|
|
302
302
|
// Taken from upstream vm_backtrace.c at commit 5f10bd634fb6ae8f74a4ea730176233b0ca96954 (March 2022, Ruby 3.2 trunk)
|
|
303
303
|
// Copyright (C) 1993-2012 Yukihiro Matsumoto
|
|
304
304
|
// to support our custom rb_profile_frames (see below)
|
|
305
|
-
// Modifications:
|
|
305
|
+
// Modifications:
|
|
306
|
+
// * Support int first_lineno for Ruby 3.2.0+ (https://github.com/ruby/ruby/pull/6430)
|
|
306
307
|
//
|
|
307
308
|
// `node_id` gets used depending on Ruby VM compilation settings (USE_ISEQ_NODE_ID being defined).
|
|
308
309
|
// To avoid getting false "unused argument" warnings in setups where it's not used, we need to do this weird dance
|
|
@@ -322,7 +323,11 @@ calc_pos(const rb_iseq_t *iseq, const VALUE *pc, int *lineno, int *node_id)
|
|
|
322
323
|
VM_ASSERT(! ISEQ_BODY(iseq)->local_table_size);
|
|
323
324
|
return 0;
|
|
324
325
|
}
|
|
325
|
-
|
|
326
|
+
# ifndef NO_INT_FIRST_LINENO // Ruby 3.2+
|
|
327
|
+
if (lineno) *lineno = ISEQ_BODY(iseq)->location.first_lineno;
|
|
328
|
+
# else
|
|
329
|
+
if (lineno) *lineno = FIX2INT(ISEQ_BODY(iseq)->location.first_lineno);
|
|
330
|
+
#endif
|
|
326
331
|
#ifdef USE_ISEQ_NODE_ID
|
|
327
332
|
if (node_id) *node_id = -1;
|
|
328
333
|
#endif
|
|
@@ -767,3 +772,37 @@ check_method_entry(VALUE obj, int can_be_svar)
|
|
|
767
772
|
// they're always on the main Ractor
|
|
768
773
|
bool ddtrace_rb_ractor_main_p(void) { return true; }
|
|
769
774
|
#endif // NO_RACTORS
|
|
775
|
+
|
|
776
|
+
// This is a tweaked and inlined version of
|
|
777
|
+
// threadptr_invoke_proc_location + rb_proc_location + iseq_location .
|
|
778
|
+
//
|
|
779
|
+
// It's useful to have here because not all of the methods above are accessible to extensions + to avoid the
|
|
780
|
+
// array allocation that iseq_location did to contain its return value.
|
|
781
|
+
static const rb_iseq_t *maybe_thread_invoke_proc_iseq(VALUE thread_value) {
|
|
782
|
+
rb_thread_t *thread = thread_struct_from_object(thread_value);
|
|
783
|
+
|
|
784
|
+
#ifndef NO_THREAD_INVOKE_ARG // Ruby 2.6+
|
|
785
|
+
if (thread->invoke_type != thread_invoke_type_proc) return NULL;
|
|
786
|
+
|
|
787
|
+
VALUE proc = thread->invoke_arg.proc.proc;
|
|
788
|
+
#else
|
|
789
|
+
if (thread->first_func || !thread->first_proc) return NULL;
|
|
790
|
+
|
|
791
|
+
VALUE proc = thread->first_proc;
|
|
792
|
+
#endif
|
|
793
|
+
|
|
794
|
+
const rb_iseq_t *iseq = rb_proc_get_iseq(proc, 0);
|
|
795
|
+
if (iseq == NULL) return NULL;
|
|
796
|
+
|
|
797
|
+
rb_iseq_check(iseq);
|
|
798
|
+
return iseq;
|
|
799
|
+
}
|
|
800
|
+
|
|
801
|
+
VALUE invoke_location_for(VALUE thread, int *line_location) {
|
|
802
|
+
const rb_iseq_t *iseq = maybe_thread_invoke_proc_iseq(thread);
|
|
803
|
+
|
|
804
|
+
if (iseq == NULL) return Qnil;
|
|
805
|
+
|
|
806
|
+
*line_location = NUM2INT(rb_iseq_first_lineno(iseq));
|
|
807
|
+
return rb_iseq_path(iseq);
|
|
808
|
+
}
|
|
@@ -43,3 +43,9 @@ bool ddtrace_rb_ractor_main_p(void);
|
|
|
43
43
|
|
|
44
44
|
// See comment on `record_placeholder_stack_in_native_code` for a full explanation of what this means (and why we don't just return 0)
|
|
45
45
|
#define PLACEHOLDER_STACK_IN_NATIVE_CODE -1
|
|
46
|
+
|
|
47
|
+
// This method provides the file and line of the "invoke location" of a thread (first file:line of the block used to
|
|
48
|
+
// start the thread), if any.
|
|
49
|
+
// This is what Ruby shows in `Thread#to_s`.
|
|
50
|
+
// The file is returned directly, and the line is recorded onto *line_location.
|
|
51
|
+
VALUE invoke_location_for(VALUE thread, int *line_location);
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
#include "stack_recorder.h"
|
|
7
7
|
#include "libdatadog_helpers.h"
|
|
8
8
|
#include "ruby_helpers.h"
|
|
9
|
+
#include "time_helpers.h"
|
|
9
10
|
|
|
10
11
|
// Used to wrap a ddog_prof_Profile in a Ruby object and expose Ruby-level serialization APIs
|
|
11
12
|
// This file implements the native bits of the Datadog::Profiling::StackRecorder class
|
|
@@ -208,7 +209,7 @@ static VALUE _native_active_slot(DDTRACE_UNUSED VALUE _self, VALUE recorder_inst
|
|
|
208
209
|
static VALUE _native_is_slot_one_mutex_locked(DDTRACE_UNUSED VALUE _self, VALUE recorder_instance);
|
|
209
210
|
static VALUE _native_is_slot_two_mutex_locked(DDTRACE_UNUSED VALUE _self, VALUE recorder_instance);
|
|
210
211
|
static VALUE test_slot_mutex_state(VALUE recorder_instance, int slot);
|
|
211
|
-
static ddog_Timespec
|
|
212
|
+
static ddog_Timespec system_epoch_now_timespec(void);
|
|
212
213
|
static VALUE _native_reset_after_fork(DDTRACE_UNUSED VALUE self, VALUE recorder_instance);
|
|
213
214
|
static void serializer_set_start_timestamp_for_next_profile(struct stack_recorder_state *state, ddog_Timespec timestamp);
|
|
214
215
|
static VALUE _native_record_endpoint(DDTRACE_UNUSED VALUE _self, VALUE recorder_instance, VALUE local_root_span_id, VALUE endpoint);
|
|
@@ -347,7 +348,7 @@ static VALUE _native_serialize(DDTRACE_UNUSED VALUE _self, VALUE recorder_instan
|
|
|
347
348
|
struct stack_recorder_state *state;
|
|
348
349
|
TypedData_Get_Struct(recorder_instance, struct stack_recorder_state, &stack_recorder_typed_data, state);
|
|
349
350
|
|
|
350
|
-
ddog_Timespec finish_timestamp =
|
|
351
|
+
ddog_Timespec finish_timestamp = system_epoch_now_timespec();
|
|
351
352
|
// Need to do this while still holding on to the Global VM Lock; see comments on method for why
|
|
352
353
|
serializer_set_start_timestamp_for_next_profile(state, finish_timestamp);
|
|
353
354
|
|
|
@@ -547,14 +548,9 @@ static VALUE test_slot_mutex_state(VALUE recorder_instance, int slot) {
|
|
|
547
548
|
}
|
|
548
549
|
}
|
|
549
550
|
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
struct timespec current_time;
|
|
554
|
-
|
|
555
|
-
if (clock_gettime(CLOCK_REALTIME, ¤t_time) != 0) ENFORCE_SUCCESS_GVL(errno);
|
|
556
|
-
|
|
557
|
-
return (ddog_Timespec) {.seconds = current_time.tv_sec, .nanoseconds = (uint32_t) current_time.tv_nsec};
|
|
551
|
+
static ddog_Timespec system_epoch_now_timespec(void) {
|
|
552
|
+
long now_ns = system_epoch_time_now_ns(RAISE_ON_FAILURE);
|
|
553
|
+
return (ddog_Timespec) {.seconds = now_ns / SECONDS_AS_NS(1), .nanoseconds = now_ns % SECONDS_AS_NS(1)};
|
|
558
554
|
}
|
|
559
555
|
|
|
560
556
|
// After the Ruby VM forks, this method gets called in the child process to clean up any leftover state from the parent.
|
|
@@ -5,13 +5,49 @@
|
|
|
5
5
|
#include "time_helpers.h"
|
|
6
6
|
|
|
7
7
|
// Safety: This function is assumed never to raise exceptions by callers when raise_on_failure == false
|
|
8
|
-
long
|
|
9
|
-
struct timespec
|
|
8
|
+
long retrieve_clock_as_ns(clockid_t clock_id, bool raise_on_failure) {
|
|
9
|
+
struct timespec clock_value;
|
|
10
10
|
|
|
11
|
-
if (clock_gettime(
|
|
11
|
+
if (clock_gettime(clock_id, &clock_value) != 0) {
|
|
12
12
|
if (raise_on_failure) ENFORCE_SUCCESS_GVL(errno);
|
|
13
13
|
return 0;
|
|
14
14
|
}
|
|
15
15
|
|
|
16
|
-
return
|
|
16
|
+
return clock_value.tv_nsec + SECONDS_AS_NS(clock_value.tv_sec);
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
long monotonic_wall_time_now_ns(bool raise_on_failure) { return retrieve_clock_as_ns(CLOCK_MONOTONIC, raise_on_failure); }
|
|
20
|
+
long system_epoch_time_now_ns(bool raise_on_failure) { return retrieve_clock_as_ns(CLOCK_REALTIME, raise_on_failure); }
|
|
21
|
+
|
|
22
|
+
// Design: The monotonic_to_system_epoch_state struct is kept somewhere by the caller, and MUST be initialized to
|
|
23
|
+
// MONOTONIC_TO_SYSTEM_EPOCH_INITIALIZER.
|
|
24
|
+
//
|
|
25
|
+
// This function is used by the ThreadContext collector to convert monotonic wall time timestamps which are used
|
|
26
|
+
// basically everywhere else in the codebase, into system epoch timestamps, which are needed by the timeline feature.
|
|
27
|
+
//
|
|
28
|
+
// There's a few ways we could have tackled this conversion, e.g. check the system clock on every call, or even
|
|
29
|
+
// use system clock timestamps elsewhere in the code.
|
|
30
|
+
// Using a system clock elsewhere has a few disadvantages (e.g. because it can move around if users adjust the system
|
|
31
|
+
// time). I also wanted to avoid calling system_epoch_time_now_ns(...) on every conversion.
|
|
32
|
+
//
|
|
33
|
+
// Thus I arrived at this solution: we calculate a delta between the monotonic clock and the system clock, and use
|
|
34
|
+
// that to convert the timestamps.
|
|
35
|
+
//
|
|
36
|
+
// To avoid the results of the system clock being off in cases where the system clock is adjusted while the profiler
|
|
37
|
+
// is running, every ~60 seconds of observed monotonic wall time we recalculate the delta. This means that worst case
|
|
38
|
+
// we'll have ~60 seconds of wrongly-timestamped data when the system clock jumps around, and in return we save the
|
|
39
|
+
// overhead of having to look up the system clock on every call to this function.
|
|
40
|
+
long monotonic_to_system_epoch_ns(monotonic_to_system_epoch_state *state, long monotonic_wall_time_ns) {
|
|
41
|
+
bool reference_needs_update =
|
|
42
|
+
(state->system_epoch_ns_reference == INVALID_TIME) ||
|
|
43
|
+
(state->delta_to_epoch_ns + monotonic_wall_time_ns > state->system_epoch_ns_reference + SECONDS_AS_NS(60));
|
|
44
|
+
|
|
45
|
+
if (reference_needs_update) {
|
|
46
|
+
state->system_epoch_ns_reference = system_epoch_time_now_ns(RAISE_ON_FAILURE);
|
|
47
|
+
long current_monotonic_wall_time_ns = monotonic_wall_time_now_ns(RAISE_ON_FAILURE);
|
|
48
|
+
|
|
49
|
+
state->delta_to_epoch_ns = state->system_epoch_ns_reference - current_monotonic_wall_time_ns;
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
return state->delta_to_epoch_ns + monotonic_wall_time_ns;
|
|
17
53
|
}
|
|
@@ -6,5 +6,19 @@
|
|
|
6
6
|
#define RAISE_ON_FAILURE true
|
|
7
7
|
#define DO_NOT_RAISE_ON_FAILURE false
|
|
8
8
|
|
|
9
|
+
#define INVALID_TIME -1
|
|
10
|
+
|
|
11
|
+
typedef struct {
|
|
12
|
+
long system_epoch_ns_reference;
|
|
13
|
+
long delta_to_epoch_ns;
|
|
14
|
+
} monotonic_to_system_epoch_state;
|
|
15
|
+
|
|
16
|
+
#define MONOTONIC_TO_SYSTEM_EPOCH_INITIALIZER {.system_epoch_ns_reference = INVALID_TIME, .delta_to_epoch_ns = INVALID_TIME}
|
|
17
|
+
|
|
9
18
|
// Safety: This function is assumed never to raise exceptions by callers when raise_on_failure == false
|
|
10
19
|
long monotonic_wall_time_now_ns(bool raise_on_failure);
|
|
20
|
+
|
|
21
|
+
// Safety: This function is assumed never to raise exceptions by callers when raise_on_failure == false
|
|
22
|
+
long system_epoch_time_now_ns(bool raise_on_failure);
|
|
23
|
+
|
|
24
|
+
long monotonic_to_system_epoch_ns(monotonic_to_system_epoch_state *state, long monotonic_wall_time_ns);
|
|
@@ -13,6 +13,15 @@ module Datadog
|
|
|
13
13
|
return unless settings.respond_to?(:appsec) && settings.appsec.enabled
|
|
14
14
|
|
|
15
15
|
processor = create_processor(settings)
|
|
16
|
+
# We want to always instrument user events when AppSec is enabled.
|
|
17
|
+
# There could be cases in which users use the DD_APPSEC_ENABLED Env variable to
|
|
18
|
+
# enable AppSec, in that case, Devise is already instrumented.
|
|
19
|
+
# In the case that users do not use DD_APPSEC_ENABLED, we have to instrument it,
|
|
20
|
+
# hence the lines above.
|
|
21
|
+
|
|
22
|
+
devise_integration = Datadog::AppSec::Contrib::Devise::Integration.new
|
|
23
|
+
settings.appsec.instrument(:devise) unless devise_integration.patcher.patched?
|
|
24
|
+
|
|
16
25
|
new(processor: processor)
|
|
17
26
|
end
|
|
18
27
|
|
|
@@ -1,223 +1,132 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
require_relative '../../core/utils/duration'
|
|
4
4
|
|
|
5
5
|
module Datadog
|
|
6
6
|
module AppSec
|
|
7
7
|
module Configuration
|
|
8
|
-
#
|
|
9
|
-
|
|
10
|
-
class Settings
|
|
11
|
-
class << self
|
|
12
|
-
def boolean
|
|
13
|
-
# @type ^(::String) -> bool
|
|
14
|
-
->(v) do # rubocop:disable Style/Lambda
|
|
15
|
-
case v
|
|
16
|
-
when /(1|true)/i
|
|
17
|
-
true
|
|
18
|
-
when /(0|false)/i, nil
|
|
19
|
-
false
|
|
20
|
-
else
|
|
21
|
-
raise ArgumentError, "invalid boolean: #{v.inspect}"
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
# TODO: allow symbols
|
|
27
|
-
def string
|
|
28
|
-
# @type ^(::String) -> ::String
|
|
29
|
-
->(v) { v.to_s }
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
def integer
|
|
33
|
-
# @type ^(::String) -> ::Integer
|
|
34
|
-
->(v) do # rubocop:disable Style/Lambda
|
|
35
|
-
case v
|
|
36
|
-
when /(\d+)/
|
|
37
|
-
Regexp.last_match(1).to_i
|
|
38
|
-
else
|
|
39
|
-
raise ArgumentError, "invalid integer: #{v.inspect}"
|
|
40
|
-
end
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
# rubocop:disable Metrics/MethodLength
|
|
45
|
-
def duration(base = :ns, type = :integer)
|
|
46
|
-
# @type ^(::String) -> ::Integer | ::Float
|
|
47
|
-
->(v) do # rubocop:disable Style/Lambda
|
|
48
|
-
cast = case type
|
|
49
|
-
when :integer, Integer
|
|
50
|
-
method(:Integer)
|
|
51
|
-
when :float, Float
|
|
52
|
-
method(:Float)
|
|
53
|
-
else
|
|
54
|
-
raise ArgumentError, "invalid type: #{v.inspect}"
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
scale = case base
|
|
58
|
-
when :s
|
|
59
|
-
1_000_000_000
|
|
60
|
-
when :ms
|
|
61
|
-
1_000_000
|
|
62
|
-
when :us
|
|
63
|
-
1000
|
|
64
|
-
when :ns
|
|
65
|
-
1
|
|
66
|
-
else
|
|
67
|
-
raise ArgumentError, "invalid base: #{v.inspect}"
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
case v
|
|
71
|
-
when /^(\d+)h$/
|
|
72
|
-
cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 * 60 / scale
|
|
73
|
-
when /^(\d+)m$/
|
|
74
|
-
cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 / scale
|
|
75
|
-
when /^(\d+)s$/
|
|
76
|
-
cast.call(Regexp.last_match(1)) * 1_000_000_000 / scale
|
|
77
|
-
when /^(\d+)ms$/
|
|
78
|
-
cast.call(Regexp.last_match(1)) * 1_000_000 / scale
|
|
79
|
-
when /^(\d+)us$/
|
|
80
|
-
cast.call(Regexp.last_match(1)) * 1_000 / scale
|
|
81
|
-
when /^(\d+)ns$/
|
|
82
|
-
cast.call(Regexp.last_match(1)) / scale
|
|
83
|
-
when /^(\d+)$/
|
|
84
|
-
cast.call(Regexp.last_match(1))
|
|
85
|
-
else
|
|
86
|
-
raise ArgumentError, "invalid duration: #{v.inspect}"
|
|
87
|
-
end
|
|
88
|
-
end
|
|
89
|
-
end
|
|
90
|
-
# rubocop:enable Metrics/MethodLength
|
|
91
|
-
end
|
|
92
|
-
|
|
8
|
+
# Settings
|
|
9
|
+
module Settings
|
|
93
10
|
# rubocop:disable Layout/LineLength
|
|
94
11
|
DEFAULT_OBFUSCATOR_KEY_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization'
|
|
95
12
|
DEFAULT_OBFUSCATOR_VALUE_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}'
|
|
96
13
|
# rubocop:enable Layout/LineLength
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
obfuscator_value_regex: DEFAULT_OBFUSCATOR_VALUE_REGEX,
|
|
106
|
-
}.freeze
|
|
107
|
-
|
|
108
|
-
ENVS = {
|
|
109
|
-
'DD_APPSEC_ENABLED' => [:enabled, Settings.boolean],
|
|
110
|
-
'DD_APPSEC_RULES' => [:ruleset, Settings.string],
|
|
111
|
-
'DD_APPSEC_WAF_TIMEOUT' => [:waf_timeout, Settings.duration(:us)],
|
|
112
|
-
'DD_APPSEC_WAF_DEBUG' => [:waf_debug, Settings.boolean],
|
|
113
|
-
'DD_APPSEC_TRACE_RATE_LIMIT' => [:trace_rate_limit, Settings.integer],
|
|
114
|
-
'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP' => [:obfuscator_key_regex, Settings.string],
|
|
115
|
-
'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP' => [:obfuscator_value_regex, Settings.string],
|
|
116
|
-
}.freeze
|
|
117
|
-
|
|
118
|
-
# Struct constant whisker cast for Steep
|
|
119
|
-
Integration = _ = Struct.new(:integration) # rubocop:disable Naming/ConstantName
|
|
120
|
-
|
|
121
|
-
def initialize
|
|
122
|
-
@integrations = []
|
|
123
|
-
# Stores which options have been configured using Datadog.configure block or ENV variables
|
|
124
|
-
@configured = Set.new
|
|
125
|
-
@options = DEFAULTS.dup.tap do |options|
|
|
126
|
-
ENVS.each do |env, (key, conv)|
|
|
127
|
-
if ENV[env]
|
|
128
|
-
options[key] = conv.call(ENV[env])
|
|
129
|
-
@configured << key
|
|
130
|
-
end
|
|
131
|
-
end
|
|
132
|
-
end
|
|
133
|
-
end
|
|
134
|
-
|
|
135
|
-
def enabled
|
|
136
|
-
# Cast for Steep
|
|
137
|
-
_ = @options[:enabled]
|
|
138
|
-
end
|
|
139
|
-
|
|
140
|
-
def ruleset
|
|
141
|
-
# Cast for Steep
|
|
142
|
-
_ = @options[:ruleset]
|
|
14
|
+
APPSEC_VALID_TRACK_USER_EVENTS_MODE = [
|
|
15
|
+
'safe',
|
|
16
|
+
'extended'
|
|
17
|
+
].freeze
|
|
18
|
+
|
|
19
|
+
def self.extended(base)
|
|
20
|
+
base = base.singleton_class unless base.is_a?(Class)
|
|
21
|
+
add_settings!(base)
|
|
143
22
|
end
|
|
144
23
|
|
|
145
|
-
#
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
24
|
+
# rubocop:disable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength
|
|
25
|
+
def self.add_settings!(base)
|
|
26
|
+
base.class_eval do
|
|
27
|
+
settings :appsec do
|
|
28
|
+
option :enabled do |o|
|
|
29
|
+
o.type :bool
|
|
30
|
+
o.env 'DD_APPSEC_ENABLED'
|
|
31
|
+
o.default false
|
|
32
|
+
end
|
|
151
33
|
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
34
|
+
define_method(:instrument) do |integration_name|
|
|
35
|
+
if enabled
|
|
36
|
+
registered_integration = Datadog::AppSec::Contrib::Integration.registry[integration_name]
|
|
37
|
+
if registered_integration
|
|
38
|
+
klass = registered_integration.klass
|
|
39
|
+
if klass.loaded? && klass.compatible?
|
|
40
|
+
instance = klass.new
|
|
41
|
+
instance.patcher.patch unless instance.patcher.patched?
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
158
46
|
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
47
|
+
option :ruleset do |o|
|
|
48
|
+
o.env 'DD_APPSEC_RULES'
|
|
49
|
+
o.default :recommended
|
|
50
|
+
end
|
|
163
51
|
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
52
|
+
option :ip_denylist do |o|
|
|
53
|
+
o.type :array
|
|
54
|
+
o.default []
|
|
55
|
+
end
|
|
168
56
|
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
57
|
+
option :user_id_denylist do |o|
|
|
58
|
+
o.type :array
|
|
59
|
+
o.default []
|
|
60
|
+
end
|
|
173
61
|
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
62
|
+
option :waf_timeout do |o|
|
|
63
|
+
o.env 'DD_APPSEC_WAF_TIMEOUT' # us
|
|
64
|
+
o.default 5_000
|
|
65
|
+
o.setter do |v|
|
|
66
|
+
Datadog::Core::Utils::Duration.call(v.to_s, base: :us)
|
|
67
|
+
end
|
|
68
|
+
end
|
|
178
69
|
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
70
|
+
option :waf_debug do |o|
|
|
71
|
+
o.env 'DD_APPSEC_WAF_DEBUG'
|
|
72
|
+
o.default false
|
|
73
|
+
o.type :bool
|
|
74
|
+
end
|
|
183
75
|
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
end
|
|
190
|
-
end
|
|
76
|
+
option :trace_rate_limit do |o|
|
|
77
|
+
o.type :int
|
|
78
|
+
o.env 'DD_APPSEC_TRACE_RATE_LIMIT' # trace/s
|
|
79
|
+
o.default 100
|
|
80
|
+
end
|
|
191
81
|
|
|
192
|
-
|
|
82
|
+
option :obfuscator_key_regex do |o|
|
|
83
|
+
o.type :string
|
|
84
|
+
o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP'
|
|
85
|
+
o.default DEFAULT_OBFUSCATOR_KEY_REGEX
|
|
86
|
+
end
|
|
193
87
|
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
88
|
+
option :obfuscator_value_regex do |o|
|
|
89
|
+
o.type :string
|
|
90
|
+
o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP'
|
|
91
|
+
o.default DEFAULT_OBFUSCATOR_VALUE_REGEX
|
|
92
|
+
end
|
|
199
93
|
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
94
|
+
settings :track_user_events do
|
|
95
|
+
option :enabled do |o|
|
|
96
|
+
o.default true
|
|
97
|
+
o.type :bool
|
|
98
|
+
o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
|
|
99
|
+
o.env_parser do |env_value|
|
|
100
|
+
if env_value == 'disabled'
|
|
101
|
+
false
|
|
102
|
+
else
|
|
103
|
+
['1', 'true'].include?(env_value.strip.downcase)
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
option :mode do |o|
|
|
109
|
+
o.type :string
|
|
110
|
+
o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
|
|
111
|
+
o.default 'safe'
|
|
112
|
+
o.setter do |v|
|
|
113
|
+
if APPSEC_VALID_TRACK_USER_EVENTS_MODE.include?(v)
|
|
114
|
+
v
|
|
115
|
+
else
|
|
116
|
+
Datadog.logger.warn(
|
|
117
|
+
'The appsec.track_user_events.mode value provided is not supported.' \
|
|
118
|
+
'Supported values are: safe | extended.' \
|
|
119
|
+
'Using default value `safe`'
|
|
120
|
+
)
|
|
121
|
+
'safe'
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
end
|
|
205
126
|
end
|
|
206
127
|
end
|
|
207
|
-
|
|
208
|
-
self
|
|
209
|
-
end
|
|
210
|
-
|
|
211
|
-
private
|
|
212
|
-
|
|
213
|
-
def default?(option)
|
|
214
|
-
!@configured.include?(option)
|
|
215
|
-
end
|
|
216
|
-
|
|
217
|
-
# Restore to original state, for testing only.
|
|
218
|
-
def reset!
|
|
219
|
-
initialize
|
|
220
128
|
end
|
|
129
|
+
# rubocop:enable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength
|
|
221
130
|
end
|
|
222
131
|
end
|
|
223
132
|
end
|
|
@@ -5,86 +5,7 @@ require_relative 'configuration/settings'
|
|
|
5
5
|
module Datadog
|
|
6
6
|
module AppSec
|
|
7
7
|
# Configuration for AppSec
|
|
8
|
-
# TODO: this is a trivial implementation, check with shareable code with
|
|
9
|
-
# tracer and other products
|
|
10
8
|
module Configuration
|
|
11
|
-
def self.included(base)
|
|
12
|
-
base.extend(ClassMethods)
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
# Configuration DSL implementation
|
|
16
|
-
class DSL
|
|
17
|
-
# Struct constant whisker cast for Steep
|
|
18
|
-
Instrument = _ = Struct.new(:name) # rubocop:disable Naming/ConstantName
|
|
19
|
-
|
|
20
|
-
def initialize
|
|
21
|
-
@instruments = []
|
|
22
|
-
@options = {}
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
attr_reader :instruments, :options
|
|
26
|
-
|
|
27
|
-
def instrument(name)
|
|
28
|
-
@instruments << Instrument.new(name)
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def enabled=(value)
|
|
32
|
-
options[:enabled] = value
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def ruleset=(value)
|
|
36
|
-
options[:ruleset] = value
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
def ip_denylist=(value)
|
|
40
|
-
options[:ip_denylist] = value
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
def user_id_denylist=(value)
|
|
44
|
-
options[:user_id_denylist] = value
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
# in microseconds
|
|
48
|
-
def waf_timeout=(value)
|
|
49
|
-
options[:waf_timeout] = value
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
def waf_debug=(value)
|
|
53
|
-
options[:waf_debug] = value
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
def trace_rate_limit=(value)
|
|
57
|
-
options[:trace_rate_limit] = value
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
def obfuscator_key_regex=(value)
|
|
61
|
-
options[:obfuscator_key_regex] = value
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
def obfuscator_value_regex=(value)
|
|
65
|
-
options[:obfuscator_value_regex] = value
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
# class-level methods for Configuration
|
|
70
|
-
module ClassMethods
|
|
71
|
-
def configure
|
|
72
|
-
dsl = DSL.new
|
|
73
|
-
yield dsl
|
|
74
|
-
settings.merge(dsl)
|
|
75
|
-
settings
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
def settings
|
|
79
|
-
@settings ||= Settings.new
|
|
80
|
-
end
|
|
81
|
-
|
|
82
|
-
private
|
|
83
|
-
|
|
84
|
-
def default_setting?(setting)
|
|
85
|
-
settings.send(:default?, setting)
|
|
86
|
-
end
|
|
87
|
-
end
|
|
88
9
|
end
|
|
89
10
|
end
|
|
90
11
|
end
|
|
@@ -15,10 +15,8 @@ module Datadog
|
|
|
15
15
|
integrations << integration.name
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
c.instrument integration_name
|
|
21
|
-
end
|
|
18
|
+
integrations.each do |integration_name|
|
|
19
|
+
Datadog.configuration.appsec.instrument integration_name
|
|
22
20
|
end
|
|
23
21
|
end
|
|
24
22
|
end
|