RubyGems - ddtrace - Versions diffs - 1.12.1 → 1.13.0 - Mend

ddtrace 1.12.1 → 1.13.0

Files changed (264) hide show

data/lib/datadog/appsec/contrib/devise/event.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Class to extract event information from the resource
+        class Event
+          UUID_REGEX = /^\h{8}-\h{4}-\h{4}-\h{4}-\h{12}$/.freeze
+          SAFE_MODE = 'safe'
+          EXTENDED_MODE = 'extended'
+          attr_reader :user_id
+          def initialize(resource, mode)
+            @resource = resource
+            @mode = mode
+            @user_id = nil
+            @email = nil
+            @username = nil
+            extract if @resource
+          end
+          def to_h
+            return @event if defined?(@event)
+            @event = {}
+            @event[:email] = @email if @email
+            @event[:username] = @username if @username
+            @event
+          end
+          private
+          def extract
+            @user_id = @resource.id
+            case @mode
+            when EXTENDED_MODE
+              @email = @resource.email
+              @username = @resource.username
+            when SAFE_MODE
+              @user_id = nil unless @user_id && @user_id.to_s =~ UUID_REGEX
+            else
+              Datadog.logger.warn(
+                "Invalid automated user evenst mode: `#{@mode}`. "\
+                              'Supported modes are: `safe` and `extended`.'
+              )
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/ext.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Devise integration constants
+        module Ext
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/integration.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+require_relative '../integration'
+require_relative 'patcher'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Description of Devise integration
+        class Integration
+          include Datadog::AppSec::Contrib::Integration
+          MINIMUM_VERSION = Gem::Version.new('3.2.1')
+          register_as :devise, auto_patch: true
+          def self.version
+            Gem.loaded_specs['devise'] && Gem.loaded_specs['devise'].version
+          end
+          def self.loaded?
+            !defined?(::Devise).nil?
+          end
+          def self.compatible?
+            super && version >= MINIMUM_VERSION
+          end
+          def self.auto_instrument?
+            true
+          end
+          def patcher
+            Patcher
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+require_relative '../tracking'
+require_relative '../resource'
+require_relative '../event'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        module Patcher
+          # Hook in devise validate method
+          module AuthenticatablePatch
+            # rubocop:disable Metrics/MethodLength
+            def validate(resource, &block)
+              result = super
+              return result unless AppSec.enabled?
+              track_user_events_configuration = Datadog.configuration.appsec.track_user_events
+              return result unless track_user_events_configuration.enabled
+              automated_track_user_events_mode = track_user_events_configuration.mode
+              appsec_scope = Datadog::AppSec.active_scope
+              return result unless appsec_scope
+              devise_resource = resource ? Resource.new(resource) : nil
+              event_information = Event.new(devise_resource, automated_track_user_events_mode)
+              if result
+                if event_information.user_id
+                  Datadog.logger.debug { 'User Login Event success' }
+                else
+                  Datadog.logger.debug { 'User Login Event success, but can\'t extract user ID. Tracking empty event' }
+                end
+                Tracking.track_login_success(
+                  appsec_scope.trace,
+                  appsec_scope.service_entry_span,
+                  user_id: event_information.user_id,
+                  **event_information.to_h
+                )
+                return result
+              end
+              user_exists = nil
+              if resource
+                user_exists = true
+                Datadog.logger.debug { 'User Login Event failure users exists' }
+              else
+                user_exists = false
+                Datadog.logger.debug { 'User Login Event failure user do not exists' }
+              end
+              Tracking.track_login_failure(
+                appsec_scope.trace,
+                appsec_scope.service_entry_span,
+                user_id: event_information.user_id,
+                user_exists: user_exists,
+                **event_information.to_h
+              )
+              result
+            end
+            # rubocop:enable Metrics/MethodLength
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+require_relative '../tracking'
+require_relative '../resource'
+require_relative '../event'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        module Patcher
+          # Hook in devise registration controller
+          module RegistrationControllerPatch
+            def create
+              return super unless AppSec.enabled?
+              track_user_events_configuration = Datadog.configuration.appsec.track_user_events
+              return super unless track_user_events_configuration.enabled
+              automated_track_user_events_mode = track_user_events_configuration.mode
+              appsec_scope = Datadog::AppSec.active_scope
+              return super unless appsec_scope
+              super do |resource|
+                if resource.persisted?
+                  devise_resource = Resource.new(resource)
+                  event_information = Event.new(devise_resource, automated_track_user_events_mode)
+                  if event_information.user_id
+                    Datadog.logger.debug { 'User Signup Event' }
+                  else
+                    Datadog.logger.warn { 'User Signup Event, but can\'t extract user ID. Tracking empty event' }
+                  end
+                  Tracking.track_signup(
+                    appsec_scope.trace,
+                    appsec_scope.service_entry_span,
+                    user_id: event_information.user_id,
+                    **event_information.to_h
+                  )
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/patcher.rb ADDED Viewed

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+require_relative '../patcher'
+require_relative 'patcher/authenticatable_patch'
+require_relative 'patcher/registration_controller_patch'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Patcher for AppSec on Devise
+        module Patcher
+          include Datadog::AppSec::Contrib::Patcher
+          module_function
+          def patched?
+            Patcher.instance_variable_get(:@patched)
+          end
+          def target_version
+            Integration.version
+          end
+          def patch
+            patch_authenticable_strategy
+            patch_registration_controller
+            Patcher.instance_variable_set(:@patched, true)
+          end
+          def patch_authenticable_strategy
+            ::Devise::Strategies::Authenticatable.prepend(AuthenticatablePatch)
+          end
+          def patch_registration_controller
+            ::ActiveSupport.on_load(:after_initialize) do
+              ::Devise::RegistrationsController.prepend(RegistrationControllerPatch)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/resource.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Class to encpasulate extracting information from a Devise resource
+        # Normally a devise resource would be an Active::Record instance
+        class Resource
+          def initialize(resource)
+            @resource = resource
+          end
+          def id
+            extract(:id) || extract(:uuid)
+          end
+          def email
+            extract(:email)
+          end
+          def username
+            extract(:username)
+          end
+          private
+          def extract(method)
+            @resource.send(method) if @resource.respond_to?(method)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/tracking.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+require_relative '../../../kit/identity'
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # Internal module to track user events
+        module Tracking
+          LOGIN_SUCCESS_EVENT = 'users.login.success'
+          LOGIN_FAILURE_EVENT = 'users.login.failure'
+          SIGNUP_EVENT = 'users.signup'
+          def self.track_login_success(trace, span, user_id:, **others)
+            track(LOGIN_SUCCESS_EVENT, trace, span, **others)
+            Kit::Identity.set_user(trace, span, id: user_id.to_s, **others) if user_id
+          end
+          def self.track_login_failure(trace, span, user_id:, user_exists:, **others)
+            track(LOGIN_FAILURE_EVENT, trace, span, **others)
+            span.set_tag('appsec.events.users.login.failure.usr.id', user_id) if user_id
+            span.set_tag('appsec.events.users.login.failure.usr.exists', user_exists)
+          end
+          def self.track_signup(trace, span, user_id:, **others)
+            track(SIGNUP_EVENT, trace, span, **others)
+            Kit::Identity.set_user(trace, id: user_id.to_s, **others) if user_id
+          end
+          def self.track(event, trace, span, **others)
+            span.set_tag("appsec.events.#{event}.track", 'true')
+            span.set_tag("_dd.appsec.events.#{event}.auto.mode", Datadog.configuration.appsec.track_user_events.mode)
+            others.each do |k, v|
+              raise ArgumentError, 'key cannot be :track' if k.to_sym == :track
+              span.set_tag("appsec.events.#{event}.#{k}", v) unless v.nil?
+            end
+            trace.keep!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/rack/ext.rb CHANGED Viewed

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 module Datadog
   module AppSec
     module Contrib
       module Rack
         # Rack integration constants
         module Ext
-          APP = 'rack'.freeze
         end
       end
     end

data/lib/datadog/appsec/contrib/rack/reactive/request.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module Datadog
                   'server.request.method' => request_method,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module Datadog
                   'server.request.body' => body,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/contrib/rack/reactive/response.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Datadog
                   'server.response.headers.no_cookies' => response_headers_no_cookies,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/contrib/rack/request_middleware.rb CHANGED Viewed

@@ -53,7 +53,7 @@ module Datadog
             gateway_request = Gateway::Request.new(env)
-            add_appsec_tags(processor, scope.trace, scope.service_entry_span, env)
+            add_appsec_tags(processor, scope, env)
             request_return, request_response = catch(::Datadog::AppSec::Ext::INTERRUPT) do
               Instrumentation.gateway.push('rack.request', gateway_request) do
@@ -88,7 +88,7 @@ module Datadog
             request_return
           ensure
             if scope
-              add_waf_runtime_tags(scope.service_entry_span, scope.processor_context)
+              add_waf_runtime_tags(scope)
               Datadog::AppSec::Scope.deactivate_scope
             end
           end
@@ -116,8 +116,11 @@ module Datadog
             Datadog::Tracing.active_span
           end
-          def add_appsec_tags(processor, trace, span, env)
-            return unless trace
+          def add_appsec_tags(processor, scope, env)
+            span = scope.service_entry_span
+            trace = scope.trace
+            return unless trace && span
             span.set_tag('_dd.appsec.enabled', 1)
             span.set_tag('_dd.runtime_family', 'ruby')
@@ -157,9 +160,11 @@ module Datadog
             end
           end
-          def add_waf_runtime_tags(span, context)
-            return unless span
-            return unless context
+          def add_waf_runtime_tags(scope)
+            span = scope.service_entry_span
+            context = scope.processor_context
+            return unless span && context
             span.set_tag('_dd.appsec.waf.timeouts', context.timeouts)

data/lib/datadog/appsec/contrib/rails/ext.rb CHANGED Viewed

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 module Datadog
   module AppSec
     module Contrib
       module Rails
-        # Rack integration constants
+        # Rails integration constants
         module Ext
-          APP = 'rails'.freeze
         end
       end
     end

data/lib/datadog/appsec/contrib/rails/framework.rb CHANGED Viewed

@@ -7,9 +7,7 @@ module Datadog
         # Rails specific framework tie
         module Framework
           def self.setup
-            Datadog::AppSec.configure do |datadog_config|
-              datadog_config.instrument(:rack)
-            end
+            Datadog.configuration.appsec.instrument(:rack)
           end
         end
       end

data/lib/datadog/appsec/contrib/rails/patcher.rb CHANGED Viewed

@@ -33,19 +33,19 @@ module Datadog
           def patch
             Gateway::Watcher.watch
-            patch_before_intialize
-            patch_after_intialize
+            patch_before_initialize
+            patch_after_initialize
             Patcher.instance_variable_set(:@patched, true)
           end
-          def patch_before_intialize
+          def patch_before_initialize
             ::ActiveSupport.on_load(:before_initialize) do
-              Datadog::AppSec::Contrib::Rails::Patcher.before_intialize(self)
+              Datadog::AppSec::Contrib::Rails::Patcher.before_initialize(self)
             end
           end
-          def before_intialize(app)
+          def before_initialize(app)
             BEFORE_INITIALIZE_ONLY_ONCE_PER_APP[app].run do
               # Middleware must be added before the application is initialized.
               # Otherwise the middleware stack will be frozen.
@@ -134,13 +134,13 @@ module Datadog
             Datadog.logger.debug { 'Rails middlewares: ' << app.middleware.map(&:inspect).inspect }
           end
-          def patch_after_intialize
+          def patch_after_initialize
             ::ActiveSupport.on_load(:after_initialize) do
-              Datadog::AppSec::Contrib::Rails::Patcher.after_intialize(self)
+              Datadog::AppSec::Contrib::Rails::Patcher.after_initialize(self)
             end
           end
-          def after_intialize(app)
+          def after_initialize(app)
             AFTER_INITIALIZE_ONLY_ONCE_PER_APP[app].run do
               # Finish configuring the tracer after the application is initialized.
               # We need to wait for some things, like application name, middleware stack, etc.

data/lib/datadog/appsec/contrib/rails/reactive/action.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Datadog
                   'server.request.path_params' => path_params,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/contrib/sinatra/ext.rb CHANGED Viewed

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
 module Datadog
   module AppSec
     module Contrib
       module Sinatra
         # Sinatra integration constants
         module Ext
-          APP = 'sinatra'.freeze
           ROUTE_INTERRUPT = :datadog_appsec_contrib_sinatra_route_interrupt
         end
       end

data/lib/datadog/appsec/contrib/sinatra/framework.rb CHANGED Viewed

@@ -11,9 +11,7 @@ module Datadog
         module Framework
           # Configure Rack from Sinatra, but only if Rack has not been configured manually beforehand
           def self.setup
-            Datadog::AppSec.configure do |datadog_config|
-              datadog_config.instrument(:rack)
-            end
+            Datadog.configuration.appsec.instrument(:rack)
           end
         end
       end

data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module Datadog
                   'server.request.path_params' => path_params,
                 }
-                waf_timeout = Datadog::AppSec.settings.waf_timeout
+                waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)
                 Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout

data/lib/datadog/appsec/event.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Datadog
       # to properly apply
       def self.record(span, *events)
         # ensure rate limiter is called only when there are events to record
-        return if events.empty?
+        return if events.empty? || span.nil?
         Datadog::AppSec::RateLimiter.limit(:traces) do
           record_via_span(span, *events)