RubyGems - ddtrace - Versions diffs - 1.12.1 → 1.13.0 - Mend

ddtrace 1.12.1 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (264) hide show

data/lib/datadog/appsec/contrib/devise/event.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Class to extract event information from the resource
+        class Event
+          UUID_REGEX = /^\h{8}-\h{4}-\h{4}-\h{4}-\h{12}$/.freeze
+          SAFE_MODE = 'safe'
+          EXTENDED_MODE = 'extended'
+          attr_reader :user_id
+          def initialize(resource, mode)
+            @resource = resource
+            @mode = mode
+            @user_id = nil
+            @email = nil
+            @username = nil
+            extract if @resource
+          end
+          def to_h
+            return @event if defined?(@event)
+            @event = {}
+            @event[:email] = @email if @email
+            @event[:username] = @username if @username
+            @event
+          end
+          private
+          def extract
+            @user_id = @resource.id
+            case @mode
+            when EXTENDED_MODE
+              @email = @resource.email
+              @username = @resource.username
+            when SAFE_MODE
+              @user_id = nil unless @user_id && @user_id.to_s =~ UUID_REGEX
+            else
+              Datadog.logger.warn(
+                "Invalid automated user evenst mode: `#{@mode}`. "\
+                              'Supported modes are: `safe` and `extended`.'
+              )
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/ext.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Devise integration constants
+        module Ext
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/integration.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+require_relative '../integration'
+require_relative 'patcher'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Description of Devise integration
+        class Integration
+          include Datadog::AppSec::Contrib::Integration
+          MINIMUM_VERSION = Gem::Version.new('3.2.1')
+          register_as :devise, auto_patch: true
+          def self.version
+            Gem.loaded_specs['devise'] && Gem.loaded_specs['devise'].version
+          end
+          def self.loaded?
+            !defined?(::Devise).nil?
+          end
+          def self.compatible?
+            super && version >= MINIMUM_VERSION
+          end
+          def self.auto_instrument?
+            true
+          end
+          def patcher
+            Patcher
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+require_relative '../tracking'
+require_relative '../resource'
+require_relative '../event'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        module Patcher
+          # Hook in devise validate method
+          module AuthenticatablePatch
+            # rubocop:disable Metrics/MethodLength
+            def validate(resource, &block)
+              result = super
+              return result unless AppSec.enabled?
+              track_user_events_configuration = Datadog.configuration.appsec.track_user_events
+              return result unless track_user_events_configuration.enabled
+              automated_track_user_events_mode = track_user_events_configuration.mode
+              appsec_scope = Datadog::AppSec.active_scope
+              return result unless appsec_scope
+              devise_resource = resource ? Resource.new(resource) : nil
+              event_information = Event.new(devise_resource, automated_track_user_events_mode)
+              if result
+                if event_information.user_id
+                  Datadog.logger.debug { 'User Login Event success' }
+                else
+                  Datadog.logger.debug { 'User Login Event success, but can\'t extract user ID. Tracking empty event' }
+                end
+                Tracking.track_login_success(
+                  appsec_scope.trace,
+                  appsec_scope.service_entry_span,
+                  user_id: event_information.user_id,
+                  **event_information.to_h
+                )
+                return result
+              end
+              user_exists = nil
+              if resource
+                user_exists = true
+                Datadog.logger.debug { 'User Login Event failure users exists' }
+              else
+                user_exists = false
+                Datadog.logger.debug { 'User Login Event failure user do not exists' }
+              end
+              Tracking.track_login_failure(
+                appsec_scope.trace,
+                appsec_scope.service_entry_span,
+                user_id: event_information.user_id,
+                user_exists: user_exists,
+                **event_information.to_h
+              )
+              result
+            end
+            # rubocop:enable Metrics/MethodLength
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+require_relative '../tracking'
+require_relative '../resource'
+require_relative '../event'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        module Patcher
+          # Hook in devise registration controller
+          module RegistrationControllerPatch
+            def create
+              return super unless AppSec.enabled?
+              track_user_events_configuration = Datadog.configuration.appsec.track_user_events
+              return super unless track_user_events_configuration.enabled
+              automated_track_user_events_mode = track_user_events_configuration.mode
+              appsec_scope = Datadog::AppSec.active_scope
+              return super unless appsec_scope
+              super do |resource|
+                if resource.persisted?
+                  devise_resource = Resource.new(resource)
+                  event_information = Event.new(devise_resource, automated_track_user_events_mode)
+                  if event_information.user_id
+                    Datadog.logger.debug { 'User Signup Event' }
+                  else
+                    Datadog.logger.warn { 'User Signup Event, but can\'t extract user ID. Tracking empty event' }
+                  end
+                  Tracking.track_signup(
+                    appsec_scope.trace,
+                    appsec_scope.service_entry_span,
+                    user_id: event_information.user_id,
+                    **event_information.to_h
+                  )
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/patcher.rb ADDED Viewed

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+require_relative '../patcher'
+require_relative 'patcher/authenticatable_patch'
+require_relative 'patcher/registration_controller_patch'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Patcher for AppSec on Devise
+        module Patcher
+          include Datadog::AppSec::Contrib::Patcher
+          module_function
+          def patched?
+            Patcher.instance_variable_get(:@patched)
+          end
+          def target_version
+            Integration.version
+          end
+          def patch
+            patch_authenticable_strategy
+            patch_registration_controller
+            Patcher.instance_variable_set(:@patched, true)
+          end
+          def patch_authenticable_strategy
+            ::Devise::Strategies::Authenticatable.prepend(AuthenticatablePatch)
+          end
+          def patch_registration_controller
+            ::ActiveSupport.on_load(:after_initialize) do
+              ::Devise::RegistrationsController.prepend(RegistrationControllerPatch)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/resource.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Class to encpasulate extracting information from a Devise resource
+        # Normally a devise resource would be an Active::Record instance
+        class Resource
+          def initialize(resource)
+            @resource = resource
+          end
+          def id
+            extract(:id) || extract(:uuid)
+          end
+          def email
+            extract(:email)
+          end
+          def username
+            extract(:username)
+          end
+          private
+          def extract(method)
+            @resource.send(method) if @resource.respond_to?(method)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/tracking.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+require_relative '../../../kit/identity'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Internal module to track user events
+        module Tracking
+          LOGIN_SUCCESS_EVENT = 'users.login.success'
+          LOGIN_FAILURE_EVENT = 'users.login.failure'
+          SIGNUP_EVENT = 'users.signup'
+          def self.track_login_success(trace, span, user_id:, **others)
+            track(LOGIN_SUCCESS_EVENT, trace, span, **others)
+            Kit::Identity.set_user(trace, span, id: user_id.to_s, **others) if user_id
+          end
+          def self.track_login_failure(trace, span, user_id:, user_exists:, **others)
+            track(LOGIN_FAILURE_EVENT, trace, span, **others)
+            span.set_tag('appsec.events.users.login.failure.usr.id', user_id) if user_id
+            span.set_tag('appsec.events.users.login.failure.usr.exists', user_exists)
+          end
+          def self.track_signup(trace, span, user_id:, **others)
+            track(SIGNUP_EVENT, trace, span, **others)
+            Kit::Identity.set_user(trace, id: user_id.to_s, **others) if user_id
+          end
+          def self.track(event, trace, span, **others)
+            span.set_tag("appsec.events.#{event}.track", 'true')
+            span.set_tag("_dd.appsec.events.#{event}.auto.mode", Datadog.configuration.appsec.track_user_events.mode)
+            others.each do |k, v|
+              raise ArgumentError, 'key cannot be :track' if k.to_sym == :track
+              span.set_tag("appsec.events.#{event}.#{k}", v) unless v.nil?
+            end
+            trace.keep!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/rack/ext.rb CHANGED Viewed

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 module Datadog
   module AppSec
     module Contrib
       module Rack
         # Rack integration constants
         module Ext
-          APP = 'rack'.freeze
         end
       end
     end

data/lib/datadog/appsec/contrib/rack/reactive/request.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module Datadog
                   'server.request.method' => request_method,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module Datadog
                   'server.request.body' => body,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/contrib/rack/reactive/response.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Datadog
                   'server.response.headers.no_cookies' => response_headers_no_cookies,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/contrib/rack/request_middleware.rb CHANGED Viewed

@@ -53,7 +53,7 @@ module Datadog
             gateway_request = Gateway::Request.new(env)
-            add_appsec_tags(processor, scope.trace, scope.service_entry_span, env)
+            add_appsec_tags(processor, scope, env)
             request_return, request_response = catch(::Datadog::AppSec::Ext::INTERRUPT) do
               Instrumentation.gateway.push('rack.request', gateway_request) do
@@ -88,7 +88,7 @@ module Datadog
             request_return
           ensure
             if scope
-              add_waf_runtime_tags(scope.service_entry_span, scope.processor_context)
+              add_waf_runtime_tags(scope)
               Datadog::AppSec::Scope.deactivate_scope
             end
           end
@@ -116,8 +116,11 @@ module Datadog
             Datadog::Tracing.active_span
           end
-          def add_appsec_tags(processor, trace, span, env)
-            return unless trace
+          def add_appsec_tags(processor, scope, env)
+            span = scope.service_entry_span
+            trace = scope.trace
+            return unless trace && span
             span.set_tag('_dd.appsec.enabled', 1)
             span.set_tag('_dd.runtime_family', 'ruby')
@@ -157,9 +160,11 @@ module Datadog
             end
           end
-          def add_waf_runtime_tags(span, context)
-            return unless span
-            return unless context
+          def add_waf_runtime_tags(scope)
+            span = scope.service_entry_span
+            context = scope.processor_context
+            return unless span && context
             span.set_tag('_dd.appsec.waf.timeouts', context.timeouts)

data/lib/datadog/appsec/contrib/rails/ext.rb CHANGED Viewed

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 module Datadog
   module AppSec
     module Contrib
       module Rails
-        # Rack integration constants
+        # Rails integration constants
         module Ext
-          APP = 'rails'.freeze
         end
       end
     end

data/lib/datadog/appsec/contrib/rails/framework.rb CHANGED Viewed

@@ -7,9 +7,7 @@ module Datadog
         # Rails specific framework tie
         module Framework
           def self.setup
-            Datadog::AppSec.configure do |datadog_config|
-              datadog_config.instrument(:rack)
-            end
+            Datadog.configuration.appsec.instrument(:rack)
           end
         end
       end

data/lib/datadog/appsec/contrib/rails/patcher.rb CHANGED Viewed

@@ -33,19 +33,19 @@ module Datadog
           def patch
             Gateway::Watcher.watch
-            patch_before_intialize
-            patch_after_intialize
+            patch_before_initialize
+            patch_after_initialize
             Patcher.instance_variable_set(:@patched, true)
           end
-          def patch_before_intialize
+          def patch_before_initialize
             ::ActiveSupport.on_load(:before_initialize) do
-              Datadog::AppSec::Contrib::Rails::Patcher.before_intialize(self)
+              Datadog::AppSec::Contrib::Rails::Patcher.before_initialize(self)
             end
           end
-          def before_intialize(app)
+          def before_initialize(app)
             BEFORE_INITIALIZE_ONLY_ONCE_PER_APP[app].run do
               # Middleware must be added before the application is initialized.
               # Otherwise the middleware stack will be frozen.
@@ -134,13 +134,13 @@ module Datadog
             Datadog.logger.debug { 'Rails middlewares: ' << app.middleware.map(&:inspect).inspect }
           end
-          def patch_after_intialize
+          def patch_after_initialize
             ::ActiveSupport.on_load(:after_initialize) do
-              Datadog::AppSec::Contrib::Rails::Patcher.after_intialize(self)
+              Datadog::AppSec::Contrib::Rails::Patcher.after_initialize(self)
             end
           end
-          def after_intialize(app)
+          def after_initialize(app)
             AFTER_INITIALIZE_ONLY_ONCE_PER_APP[app].run do
               # Finish configuring the tracer after the application is initialized.
               # We need to wait for some things, like application name, middleware stack, etc.

data/lib/datadog/appsec/contrib/rails/reactive/action.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Datadog
                   'server.request.path_params' => path_params,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/contrib/sinatra/ext.rb CHANGED Viewed

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 module Datadog
   module AppSec
     module Contrib
       module Sinatra
         # Sinatra integration constants
         module Ext
-          APP = 'sinatra'.freeze
           ROUTE_INTERRUPT = :datadog_appsec_contrib_sinatra_route_interrupt
         end
       end

data/lib/datadog/appsec/contrib/sinatra/framework.rb CHANGED Viewed

@@ -11,9 +11,7 @@ module Datadog
         module Framework
           # Configure Rack from Sinatra, but only if Rack has not been configured manually beforehand
           def self.setup
-            Datadog::AppSec.configure do |datadog_config|
-              datadog_config.instrument(:rack)
-            end
+            Datadog.configuration.appsec.instrument(:rack)
           end
         end
       end

data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module Datadog
                   'server.request.path_params' => path_params,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/event.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Datadog
       # to properly apply
       def self.record(span, *events)
         # ensure rate limiter is called only when there are events to record
-        return if events.empty?
+        return if events.empty? || span.nil?
         Datadog::AppSec::RateLimiter.limit(:traces) do
           record_via_span(span, *events)