ddtrace 1.12.1 → 1.23.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +613 -9
- data/LICENSE-3rdparty.csv +1 -1
- data/bin/ddprofrb +15 -0
- data/bin/ddtracerb +3 -1
- data/ext/{ddtrace_profiling_loader/ddtrace_profiling_loader.c → datadog_profiling_loader/datadog_profiling_loader.c} +2 -2
- data/ext/{ddtrace_profiling_loader → datadog_profiling_loader}/extconf.rb +3 -3
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/NativeExtensionDesign.md +3 -5
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id.h +0 -3
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id_from_pthread.c +3 -22
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id_noop.c +0 -1
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_cpu_and_wall_time_worker.c +338 -108
- data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +422 -0
- data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +101 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_dynamic_sampling_rate.c +22 -14
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_dynamic_sampling_rate.h +4 -0
- data/ext/datadog_profiling_native_extension/collectors_gc_profiling_helper.c +156 -0
- data/ext/datadog_profiling_native_extension/collectors_gc_profiling_helper.h +5 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_idle_sampling_helper.c +3 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_stack.c +111 -118
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_stack.h +11 -4
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_thread_context.c +545 -144
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_thread_context.h +3 -2
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/extconf.rb +68 -17
- data/ext/datadog_profiling_native_extension/heap_recorder.c +1047 -0
- data/ext/datadog_profiling_native_extension/heap_recorder.h +166 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/helpers.h +6 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/http_transport.c +60 -32
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.c +62 -0
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.h +42 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/native_extension_helpers.rb +50 -4
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/private_vm_api_access.c +155 -32
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/private_vm_api_access.h +16 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/profiling.c +19 -3
- data/ext/datadog_profiling_native_extension/ruby_helpers.c +267 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/ruby_helpers.h +33 -0
- data/ext/datadog_profiling_native_extension/stack_recorder.c +1040 -0
- data/ext/datadog_profiling_native_extension/stack_recorder.h +27 -0
- data/ext/datadog_profiling_native_extension/time_helpers.c +53 -0
- data/ext/datadog_profiling_native_extension/time_helpers.h +26 -0
- data/lib/datadog/appsec/assets/waf_rules/processors.json +92 -0
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +698 -75
- data/lib/datadog/appsec/assets/waf_rules/scanners.json +114 -0
- data/lib/datadog/appsec/assets/waf_rules/strict.json +98 -8
- data/lib/datadog/appsec/assets.rb +8 -0
- data/lib/datadog/appsec/component.rb +21 -2
- data/lib/datadog/appsec/configuration/settings.rb +167 -189
- data/lib/datadog/appsec/configuration.rb +0 -79
- data/lib/datadog/appsec/contrib/auto_instrument.rb +2 -4
- data/lib/datadog/appsec/contrib/devise/event.rb +57 -0
- data/lib/datadog/appsec/contrib/devise/ext.rb +13 -0
- data/lib/datadog/appsec/contrib/devise/integration.rb +42 -0
- data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +76 -0
- data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +54 -0
- data/lib/datadog/appsec/contrib/devise/patcher.rb +45 -0
- data/lib/datadog/appsec/contrib/devise/resource.rb +35 -0
- data/lib/datadog/appsec/contrib/devise/tracking.rb +57 -0
- data/lib/datadog/appsec/contrib/rack/ext.rb +2 -1
- data/lib/datadog/appsec/contrib/rack/gateway/request.rb +6 -2
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +8 -6
- data/lib/datadog/appsec/contrib/rack/reactive/request.rb +3 -8
- data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +3 -6
- data/lib/datadog/appsec/contrib/rack/reactive/response.rb +3 -6
- data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +3 -2
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +77 -27
- data/lib/datadog/appsec/contrib/rails/ext.rb +3 -2
- data/lib/datadog/appsec/contrib/rails/framework.rb +1 -3
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +3 -2
- data/lib/datadog/appsec/contrib/rails/patcher.rb +17 -11
- data/lib/datadog/appsec/contrib/rails/reactive/action.rb +3 -6
- data/lib/datadog/appsec/contrib/sinatra/ext.rb +2 -1
- data/lib/datadog/appsec/contrib/sinatra/framework.rb +1 -3
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +6 -4
- data/lib/datadog/appsec/contrib/sinatra/patcher.rb +13 -7
- data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +3 -6
- data/lib/datadog/appsec/event.rb +106 -50
- data/lib/datadog/appsec/extensions.rb +1 -130
- data/lib/datadog/appsec/monitor/gateway/watcher.rb +3 -3
- data/lib/datadog/appsec/monitor/reactive/set_user.rb +3 -6
- data/lib/datadog/appsec/processor/actions.rb +49 -0
- data/lib/datadog/appsec/processor/rule_loader.rb +60 -0
- data/lib/datadog/appsec/processor/rule_merger.rb +22 -2
- data/lib/datadog/appsec/processor.rb +35 -7
- data/lib/datadog/appsec/rate_limiter.rb +1 -1
- data/lib/datadog/appsec/remote.rb +17 -11
- data/lib/datadog/appsec/response.rb +82 -4
- data/lib/datadog/appsec/sample_rate.rb +21 -0
- data/lib/datadog/appsec.rb +3 -4
- data/lib/datadog/auto_instrument.rb +3 -0
- data/lib/datadog/core/backport.rb +51 -0
- data/lib/datadog/core/configuration/agent_settings_resolver.rb +38 -29
- data/lib/datadog/core/configuration/base.rb +6 -16
- data/lib/datadog/core/configuration/components.rb +20 -7
- data/lib/datadog/core/configuration/ext.rb +28 -5
- data/lib/datadog/core/configuration/option.rb +271 -21
- data/lib/datadog/core/configuration/option_definition.rb +73 -32
- data/lib/datadog/core/configuration/options.rb +27 -15
- data/lib/datadog/core/configuration/settings.rb +398 -119
- data/lib/datadog/core/configuration.rb +24 -4
- data/lib/datadog/core/diagnostics/environment_logger.rb +132 -235
- data/lib/datadog/core/environment/class_count.rb +6 -6
- data/lib/datadog/core/environment/execution.rb +103 -0
- data/lib/datadog/core/environment/ext.rb +13 -11
- data/lib/datadog/core/environment/git.rb +25 -0
- data/lib/datadog/core/environment/identity.rb +18 -48
- data/lib/datadog/core/environment/platform.rb +7 -1
- data/lib/datadog/core/environment/variable_helpers.rb +0 -69
- data/lib/datadog/core/environment/yjit.rb +58 -0
- data/lib/datadog/core/error.rb +1 -0
- data/lib/datadog/core/git/ext.rb +6 -23
- data/lib/datadog/core/logging/ext.rb +3 -1
- data/lib/datadog/core/metrics/ext.rb +7 -5
- data/lib/datadog/core/remote/client/capabilities.rb +7 -2
- data/lib/datadog/core/remote/client.rb +3 -0
- data/lib/datadog/core/remote/component.rb +52 -48
- data/lib/datadog/core/remote/configuration/content.rb +28 -1
- data/lib/datadog/core/remote/configuration/repository.rb +3 -1
- data/lib/datadog/core/remote/ext.rb +2 -1
- data/lib/datadog/core/remote/negotiation.rb +20 -7
- data/lib/datadog/core/remote/tie/tracing.rb +39 -0
- data/lib/datadog/core/remote/tie.rb +27 -0
- data/lib/datadog/core/remote/transport/config.rb +60 -0
- data/lib/datadog/core/remote/transport/http/api/instance.rb +39 -0
- data/lib/datadog/core/remote/transport/http/api/spec.rb +21 -0
- data/lib/datadog/core/remote/transport/http/api.rb +58 -0
- data/lib/datadog/core/remote/transport/http/builder.rb +219 -0
- data/lib/datadog/core/remote/transport/http/client.rb +48 -0
- data/lib/datadog/core/remote/transport/http/config.rb +280 -0
- data/lib/datadog/core/remote/transport/http/negotiation.rb +146 -0
- data/lib/datadog/core/remote/transport/http.rb +179 -0
- data/lib/datadog/core/{transport → remote/transport}/negotiation.rb +25 -23
- data/lib/datadog/core/remote/worker.rb +11 -5
- data/lib/datadog/core/runtime/ext.rb +22 -12
- data/lib/datadog/core/runtime/metrics.rb +43 -0
- data/lib/datadog/core/telemetry/client.rb +28 -10
- data/lib/datadog/core/telemetry/emitter.rb +9 -11
- data/lib/datadog/core/telemetry/event.rb +250 -44
- data/lib/datadog/core/telemetry/ext.rb +8 -1
- data/lib/datadog/core/telemetry/heartbeat.rb +3 -7
- data/lib/datadog/core/telemetry/http/ext.rb +13 -8
- data/lib/datadog/core/telemetry/http/response.rb +4 -0
- data/lib/datadog/core/telemetry/http/transport.rb +10 -3
- data/lib/datadog/core/telemetry/request.rb +59 -0
- data/lib/datadog/core/transport/ext.rb +49 -0
- data/lib/datadog/core/transport/http/adapters/net.rb +168 -0
- data/lib/datadog/core/transport/http/adapters/registry.rb +29 -0
- data/lib/datadog/core/transport/http/adapters/test.rb +89 -0
- data/lib/datadog/core/transport/http/adapters/unix_socket.rb +83 -0
- data/lib/datadog/core/transport/http/api/endpoint.rb +31 -0
- data/lib/datadog/core/transport/http/api/fallbacks.rb +26 -0
- data/lib/datadog/core/transport/http/api/map.rb +18 -0
- data/lib/datadog/core/transport/http/env.rb +62 -0
- data/lib/datadog/core/transport/http/response.rb +60 -0
- data/lib/datadog/core/transport/parcel.rb +22 -0
- data/lib/datadog/core/transport/request.rb +17 -0
- data/lib/datadog/core/transport/response.rb +64 -0
- data/lib/datadog/core/utils/duration.rb +52 -0
- data/lib/datadog/core/utils/hash.rb +47 -0
- data/lib/datadog/core/utils/network.rb +1 -1
- data/lib/datadog/core/utils/safe_dup.rb +27 -20
- data/lib/datadog/core/utils/url.rb +25 -0
- data/lib/datadog/core/utils.rb +1 -1
- data/lib/datadog/core/workers/async.rb +3 -2
- data/lib/datadog/core/workers/polling.rb +2 -2
- data/lib/datadog/kit/appsec/events.rb +139 -89
- data/lib/datadog/kit/enable_core_dumps.rb +5 -6
- data/lib/datadog/kit/identity.rb +80 -65
- data/lib/datadog/opentelemetry/api/context.rb +10 -3
- data/lib/datadog/opentelemetry/sdk/propagator.rb +5 -3
- data/lib/datadog/opentelemetry/sdk/span_processor.rb +48 -5
- data/lib/datadog/opentelemetry/sdk/trace/span.rb +167 -0
- data/lib/datadog/opentelemetry/trace.rb +58 -0
- data/lib/datadog/opentelemetry.rb +4 -0
- data/lib/datadog/opentracer/text_map_propagator.rb +2 -1
- data/lib/datadog/opentracer.rb +9 -0
- data/lib/datadog/profiling/collectors/code_provenance.rb +10 -4
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +43 -20
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +3 -1
- data/lib/datadog/profiling/collectors/info.rb +101 -0
- data/lib/datadog/profiling/collectors/thread_context.rb +17 -2
- data/lib/datadog/profiling/component.rb +248 -97
- data/lib/datadog/profiling/exporter.rb +26 -5
- data/lib/datadog/profiling/ext.rb +2 -12
- data/lib/datadog/profiling/flush.rb +10 -5
- data/lib/datadog/profiling/http_transport.rb +23 -6
- data/lib/datadog/profiling/load_native_extension.rb +25 -6
- data/lib/datadog/profiling/native_extension.rb +1 -22
- data/lib/datadog/profiling/profiler.rb +36 -13
- data/lib/datadog/profiling/scheduler.rb +20 -15
- data/lib/datadog/profiling/stack_recorder.rb +19 -4
- data/lib/datadog/profiling/tag_builder.rb +5 -0
- data/lib/datadog/profiling/tasks/exec.rb +3 -3
- data/lib/datadog/profiling/tasks/help.rb +3 -3
- data/lib/datadog/profiling.rb +28 -79
- data/lib/datadog/tracing/component.rb +70 -11
- data/lib/datadog/tracing/configuration/agent_settings_resolver.rb +13 -0
- data/lib/datadog/tracing/configuration/dynamic/option.rb +71 -0
- data/lib/datadog/tracing/configuration/dynamic.rb +64 -0
- data/lib/datadog/tracing/configuration/ext.rb +40 -33
- data/lib/datadog/tracing/configuration/http.rb +74 -0
- data/lib/datadog/tracing/configuration/settings.rb +136 -99
- data/lib/datadog/tracing/contrib/action_cable/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/action_cable/ext.rb +21 -18
- data/lib/datadog/tracing/contrib/action_mailer/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/action_mailer/events/deliver.rb +1 -1
- data/lib/datadog/tracing/contrib/action_mailer/ext.rb +21 -18
- data/lib/datadog/tracing/contrib/action_pack/configuration/settings.rb +10 -7
- data/lib/datadog/tracing/contrib/action_pack/ext.rb +11 -8
- data/lib/datadog/tracing/contrib/action_view/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/action_view/ext.rb +13 -10
- data/lib/datadog/tracing/contrib/active_job/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/active_job/ext.rb +26 -23
- data/lib/datadog/tracing/contrib/active_job/log_injection.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/active_model_serializers/ext.rb +13 -10
- data/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +29 -15
- data/lib/datadog/tracing/contrib/active_record/configuration/settings.rb +10 -7
- data/lib/datadog/tracing/contrib/active_record/events/sql.rb +2 -6
- data/lib/datadog/tracing/contrib/active_record/ext.rb +18 -15
- data/lib/datadog/tracing/contrib/active_record/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +106 -202
- data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +3 -0
- data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -7
- data/lib/datadog/tracing/contrib/active_support/ext.rb +19 -16
- data/lib/datadog/tracing/contrib/analytics.rb +0 -1
- data/lib/datadog/tracing/contrib/aws/configuration/settings.rb +15 -7
- data/lib/datadog/tracing/contrib/aws/ext.rb +38 -24
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +16 -5
- data/lib/datadog/tracing/contrib/concurrent_ruby/async_patch.rb +20 -0
- data/lib/datadog/tracing/contrib/concurrent_ruby/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/concurrent_ruby/context_composite_executor_service.rb +14 -14
- data/lib/datadog/tracing/contrib/concurrent_ruby/ext.rb +4 -2
- data/lib/datadog/tracing/contrib/concurrent_ruby/future_patch.rb +3 -10
- data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +2 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/patcher.rb +19 -2
- data/lib/datadog/tracing/contrib/concurrent_ruby/promises_future_patch.rb +22 -0
- data/lib/datadog/tracing/contrib/configurable.rb +1 -1
- data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/dalli/configuration/settings.rb +21 -7
- data/lib/datadog/tracing/contrib/dalli/ext.rb +27 -11
- data/lib/datadog/tracing/contrib/dalli/instrumentation.rb +17 -8
- data/lib/datadog/tracing/contrib/delayed_job/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/delayed_job/ext.rb +17 -14
- data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +15 -7
- data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +22 -15
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +104 -99
- data/lib/datadog/tracing/contrib/ethon/configuration/settings.rb +17 -9
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +48 -3
- data/lib/datadog/tracing/contrib/ethon/ext.rb +20 -11
- data/lib/datadog/tracing/contrib/ethon/multi_patch.rb +6 -3
- data/lib/datadog/tracing/contrib/excon/configuration/settings.rb +20 -10
- data/lib/datadog/tracing/contrib/excon/ext.rb +17 -8
- data/lib/datadog/tracing/contrib/excon/middleware.rb +25 -5
- data/lib/datadog/tracing/contrib/ext.rb +26 -1
- data/lib/datadog/tracing/contrib/extensions.rb +38 -2
- data/lib/datadog/tracing/contrib/faraday/configuration/settings.rb +27 -10
- data/lib/datadog/tracing/contrib/faraday/ext.rb +17 -8
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +22 -6
- data/lib/datadog/tracing/contrib/grape/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/grape/ext.rb +17 -14
- data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/graphql/ext.rb +8 -5
- data/lib/datadog/tracing/contrib/grpc/configuration/settings.rb +40 -9
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +39 -20
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +37 -18
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor.rb +0 -4
- data/lib/datadog/tracing/contrib/grpc/ext.rb +17 -13
- data/lib/datadog/tracing/contrib/grpc/formatting.rb +127 -0
- data/lib/datadog/tracing/contrib/hanami/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/hanami/ext.rb +10 -8
- data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +5 -8
- data/lib/datadog/tracing/contrib/http/configuration/settings.rb +34 -11
- data/lib/datadog/tracing/contrib/http/distributed/fetcher.rb +2 -2
- data/lib/datadog/tracing/contrib/http/ext.rb +17 -9
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +27 -7
- data/lib/datadog/tracing/contrib/httpclient/configuration/settings.rb +34 -11
- data/lib/datadog/tracing/contrib/httpclient/ext.rb +18 -9
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +22 -5
- data/lib/datadog/tracing/contrib/httprb/configuration/settings.rb +34 -11
- data/lib/datadog/tracing/contrib/httprb/ext.rb +17 -9
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +22 -5
- data/lib/datadog/tracing/contrib/kafka/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/kafka/ext.rb +43 -39
- data/lib/datadog/tracing/contrib/lograge/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/lograge/ext.rb +3 -1
- data/lib/datadog/tracing/contrib/lograge/instrumentation.rb +2 -17
- data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +15 -7
- data/lib/datadog/tracing/contrib/mongodb/ext.rb +21 -16
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +16 -5
- data/lib/datadog/tracing/contrib/mysql2/configuration/settings.rb +22 -14
- data/lib/datadog/tracing/contrib/mysql2/ext.rb +16 -10
- data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +22 -7
- data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +53 -0
- data/lib/datadog/tracing/contrib/opensearch/ext.rb +38 -0
- data/lib/datadog/tracing/contrib/opensearch/integration.rb +44 -0
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +135 -0
- data/lib/datadog/tracing/contrib/opensearch/quantize.rb +81 -0
- data/lib/datadog/tracing/contrib/pg/configuration/settings.rb +23 -14
- data/lib/datadog/tracing/contrib/pg/ext.rb +23 -19
- data/lib/datadog/tracing/contrib/pg/instrumentation.rb +49 -9
- data/lib/datadog/tracing/contrib/presto/configuration/settings.rb +15 -7
- data/lib/datadog/tracing/contrib/presto/ext.rb +26 -20
- data/lib/datadog/tracing/contrib/presto/instrumentation.rb +14 -5
- data/lib/datadog/tracing/contrib/propagation/sql_comment/ext.rb +12 -10
- data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +1 -1
- data/lib/datadog/tracing/contrib/qless/configuration/settings.rb +13 -8
- data/lib/datadog/tracing/contrib/qless/ext.rb +15 -12
- data/lib/datadog/tracing/contrib/que/configuration/settings.rb +22 -12
- data/lib/datadog/tracing/contrib/que/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/racecar/configuration/settings.rb +10 -7
- data/lib/datadog/tracing/contrib/racecar/event.rb +5 -5
- data/lib/datadog/tracing/contrib/racecar/ext.rb +21 -18
- data/lib/datadog/tracing/contrib/rack/configuration/settings.rb +17 -12
- data/lib/datadog/tracing/contrib/rack/ext.rb +19 -16
- data/lib/datadog/tracing/contrib/rack/header_collection.rb +3 -0
- data/lib/datadog/tracing/contrib/rack/header_tagging.rb +63 -0
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +16 -50
- data/lib/datadog/tracing/contrib/rails/auto_instrument_railtie.rb +0 -2
- data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +20 -15
- data/lib/datadog/tracing/contrib/rails/ext.rb +8 -5
- data/lib/datadog/tracing/contrib/rails/log_injection.rb +7 -10
- data/lib/datadog/tracing/contrib/rails/patcher.rb +10 -41
- data/lib/datadog/tracing/contrib/rails/railtie.rb +3 -3
- data/lib/datadog/tracing/contrib/rake/configuration/settings.rb +14 -10
- data/lib/datadog/tracing/contrib/rake/ext.rb +15 -12
- data/lib/datadog/tracing/contrib/redis/configuration/settings.rb +18 -9
- data/lib/datadog/tracing/contrib/redis/ext.rb +23 -15
- data/lib/datadog/tracing/contrib/redis/instrumentation.rb +5 -40
- data/lib/datadog/tracing/contrib/redis/patcher.rb +34 -21
- data/lib/datadog/tracing/contrib/redis/tags.rb +16 -7
- data/lib/datadog/tracing/contrib/redis/trace_middleware.rb +46 -33
- data/lib/datadog/tracing/contrib/resque/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/resque/ext.rb +10 -7
- data/lib/datadog/tracing/contrib/rest_client/configuration/settings.rb +17 -9
- data/lib/datadog/tracing/contrib/rest_client/ext.rb +16 -8
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +25 -5
- data/lib/datadog/tracing/contrib/roda/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/roda/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/semantic_logger/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/semantic_logger/ext.rb +3 -1
- data/lib/datadog/tracing/contrib/semantic_logger/instrumentation.rb +4 -20
- data/lib/datadog/tracing/contrib/sequel/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/sequel/ext.rb +11 -8
- data/lib/datadog/tracing/contrib/sequel/utils.rb +7 -7
- data/lib/datadog/tracing/contrib/shoryuken/configuration/settings.rb +15 -8
- data/lib/datadog/tracing/contrib/shoryuken/ext.rb +15 -12
- data/lib/datadog/tracing/contrib/sidekiq/configuration/settings.rb +19 -11
- data/lib/datadog/tracing/contrib/sidekiq/ext.rb +33 -30
- data/lib/datadog/tracing/contrib/sinatra/configuration/settings.rb +12 -9
- data/lib/datadog/tracing/contrib/sinatra/env.rb +0 -17
- data/lib/datadog/tracing/contrib/sinatra/ext.rb +22 -19
- data/lib/datadog/tracing/contrib/sinatra/tracer_middleware.rb +3 -14
- data/lib/datadog/tracing/contrib/sneakers/configuration/settings.rb +15 -8
- data/lib/datadog/tracing/contrib/sneakers/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/sneakers/tracer.rb +1 -1
- data/lib/datadog/tracing/contrib/span_attribute_schema.rb +74 -10
- data/lib/datadog/tracing/contrib/stripe/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/stripe/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/sucker_punch/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/sucker_punch/ext.rb +16 -13
- data/lib/datadog/tracing/contrib/trilogy/configuration/settings.rb +58 -0
- data/lib/datadog/tracing/contrib/trilogy/ext.rb +27 -0
- data/lib/datadog/tracing/contrib/trilogy/instrumentation.rb +94 -0
- data/lib/datadog/tracing/contrib/trilogy/integration.rb +43 -0
- data/lib/datadog/{ci/contrib/cucumber → tracing/contrib/trilogy}/patcher.rb +10 -6
- data/lib/datadog/tracing/contrib/utils/database.rb +5 -3
- data/lib/datadog/tracing/contrib/utils/quantization/http.rb +11 -11
- data/lib/datadog/tracing/contrib.rb +2 -0
- data/lib/datadog/tracing/correlation.rb +29 -12
- data/lib/datadog/tracing/diagnostics/environment_logger.rb +165 -0
- data/lib/datadog/tracing/diagnostics/ext.rb +21 -19
- data/lib/datadog/tracing/distributed/b3_multi.rb +2 -2
- data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
- data/lib/datadog/tracing/distributed/datadog.rb +0 -1
- data/lib/datadog/tracing/distributed/propagation.rb +35 -34
- data/lib/datadog/tracing/distributed/trace_context.rb +52 -17
- data/lib/datadog/tracing/metadata/ext.rb +9 -6
- data/lib/datadog/tracing/metadata/tagging.rb +3 -3
- data/lib/datadog/tracing/remote.rb +78 -0
- data/lib/datadog/tracing/sampling/matcher.rb +23 -3
- data/lib/datadog/tracing/sampling/rule.rb +7 -2
- data/lib/datadog/tracing/sampling/rule_sampler.rb +31 -0
- data/lib/datadog/tracing/span_operation.rb +3 -15
- data/lib/datadog/tracing/sync_writer.rb +3 -3
- data/lib/datadog/tracing/trace_digest.rb +31 -0
- data/lib/datadog/tracing/trace_operation.rb +17 -5
- data/lib/datadog/tracing/trace_segment.rb +5 -2
- data/lib/datadog/tracing/tracer.rb +12 -1
- data/lib/datadog/{core → tracing}/transport/http/api/instance.rb +1 -1
- data/lib/datadog/{core → tracing}/transport/http/api/spec.rb +1 -1
- data/lib/datadog/tracing/transport/http/api.rb +43 -0
- data/lib/datadog/{core → tracing}/transport/http/builder.rb +13 -68
- data/lib/datadog/tracing/transport/http/client.rb +57 -0
- data/lib/datadog/tracing/transport/http/statistics.rb +47 -0
- data/lib/datadog/tracing/transport/http/traces.rb +152 -0
- data/lib/datadog/tracing/transport/http.rb +125 -0
- data/lib/datadog/tracing/transport/io/client.rb +89 -0
- data/lib/datadog/tracing/transport/io/response.rb +27 -0
- data/lib/datadog/tracing/transport/io/traces.rb +101 -0
- data/lib/datadog/tracing/transport/io.rb +30 -0
- data/lib/datadog/tracing/transport/serializable_trace.rb +126 -0
- data/lib/datadog/tracing/transport/statistics.rb +77 -0
- data/lib/datadog/tracing/transport/trace_formatter.rb +240 -0
- data/lib/datadog/tracing/transport/traces.rb +224 -0
- data/lib/datadog/tracing/workers/trace_writer.rb +6 -4
- data/lib/datadog/tracing/workers.rb +4 -2
- data/lib/datadog/tracing/writer.rb +5 -2
- data/lib/datadog/tracing.rb +8 -2
- data/lib/ddtrace/transport/ext.rb +22 -14
- data/lib/ddtrace/version.rb +9 -12
- data/lib/ddtrace.rb +1 -1
- metadata +157 -139
- data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.h +0 -25
- data/ext/ddtrace_profiling_native_extension/ruby_helpers.c +0 -110
- data/ext/ddtrace_profiling_native_extension/stack_recorder.c +0 -591
- data/ext/ddtrace_profiling_native_extension/stack_recorder.h +0 -14
- data/ext/ddtrace_profiling_native_extension/time_helpers.c +0 -17
- data/ext/ddtrace_profiling_native_extension/time_helpers.h +0 -10
- data/lib/datadog/ci/configuration/components.rb +0 -32
- data/lib/datadog/ci/configuration/settings.rb +0 -53
- data/lib/datadog/ci/contrib/cucumber/configuration/settings.rb +0 -33
- data/lib/datadog/ci/contrib/cucumber/ext.rb +0 -20
- data/lib/datadog/ci/contrib/cucumber/formatter.rb +0 -94
- data/lib/datadog/ci/contrib/cucumber/instrumentation.rb +0 -28
- data/lib/datadog/ci/contrib/cucumber/integration.rb +0 -47
- data/lib/datadog/ci/contrib/rspec/configuration/settings.rb +0 -33
- data/lib/datadog/ci/contrib/rspec/example.rb +0 -68
- data/lib/datadog/ci/contrib/rspec/ext.rb +0 -19
- data/lib/datadog/ci/contrib/rspec/integration.rb +0 -48
- data/lib/datadog/ci/contrib/rspec/patcher.rb +0 -27
- data/lib/datadog/ci/ext/app_types.rb +0 -9
- data/lib/datadog/ci/ext/environment.rb +0 -575
- data/lib/datadog/ci/ext/settings.rb +0 -10
- data/lib/datadog/ci/ext/test.rb +0 -35
- data/lib/datadog/ci/extensions.rb +0 -19
- data/lib/datadog/ci/flush.rb +0 -38
- data/lib/datadog/ci/test.rb +0 -81
- data/lib/datadog/ci.rb +0 -20
- data/lib/datadog/core/configuration/dependency_resolver.rb +0 -28
- data/lib/datadog/core/configuration/option_definition_set.rb +0 -22
- data/lib/datadog/core/configuration/option_set.rb +0 -10
- data/lib/datadog/core/telemetry/collector.rb +0 -231
- data/lib/datadog/core/telemetry/v1/app_event.rb +0 -52
- data/lib/datadog/core/telemetry/v1/application.rb +0 -92
- data/lib/datadog/core/telemetry/v1/configuration.rb +0 -25
- data/lib/datadog/core/telemetry/v1/dependency.rb +0 -43
- data/lib/datadog/core/telemetry/v1/host.rb +0 -59
- data/lib/datadog/core/telemetry/v1/integration.rb +0 -64
- data/lib/datadog/core/telemetry/v1/product.rb +0 -36
- data/lib/datadog/core/telemetry/v1/telemetry_request.rb +0 -106
- data/lib/datadog/core/transport/config.rb +0 -58
- data/lib/datadog/core/transport/http/api.rb +0 -57
- data/lib/datadog/core/transport/http/client.rb +0 -45
- data/lib/datadog/core/transport/http/config.rb +0 -268
- data/lib/datadog/core/transport/http/negotiation.rb +0 -144
- data/lib/datadog/core/transport/http.rb +0 -169
- data/lib/datadog/core/utils/object_set.rb +0 -43
- data/lib/datadog/core/utils/string_table.rb +0 -47
- data/lib/datadog/profiling/backtrace_location.rb +0 -34
- data/lib/datadog/profiling/buffer.rb +0 -43
- data/lib/datadog/profiling/collectors/old_stack.rb +0 -301
- data/lib/datadog/profiling/encoding/profile.rb +0 -41
- data/lib/datadog/profiling/event.rb +0 -15
- data/lib/datadog/profiling/events/stack.rb +0 -82
- data/lib/datadog/profiling/old_recorder.rb +0 -107
- data/lib/datadog/profiling/pprof/builder.rb +0 -125
- data/lib/datadog/profiling/pprof/converter.rb +0 -102
- data/lib/datadog/profiling/pprof/message_set.rb +0 -16
- data/lib/datadog/profiling/pprof/payload.rb +0 -20
- data/lib/datadog/profiling/pprof/pprof.proto +0 -212
- data/lib/datadog/profiling/pprof/pprof_pb.rb +0 -81
- data/lib/datadog/profiling/pprof/stack_sample.rb +0 -139
- data/lib/datadog/profiling/pprof/string_table.rb +0 -12
- data/lib/datadog/profiling/pprof/template.rb +0 -118
- data/lib/datadog/profiling/trace_identifiers/ddtrace.rb +0 -43
- data/lib/datadog/profiling/trace_identifiers/helper.rb +0 -45
- data/lib/datadog/tracing/contrib/sinatra/headers.rb +0 -35
- data/lib/ddtrace/transport/http/adapters/net.rb +0 -168
- data/lib/ddtrace/transport/http/adapters/registry.rb +0 -27
- data/lib/ddtrace/transport/http/adapters/test.rb +0 -85
- data/lib/ddtrace/transport/http/adapters/unix_socket.rb +0 -77
- data/lib/ddtrace/transport/http/api/endpoint.rb +0 -29
- data/lib/ddtrace/transport/http/api/fallbacks.rb +0 -24
- data/lib/ddtrace/transport/http/api/instance.rb +0 -35
- data/lib/ddtrace/transport/http/api/map.rb +0 -16
- data/lib/ddtrace/transport/http/api/spec.rb +0 -17
- data/lib/ddtrace/transport/http/api.rb +0 -39
- data/lib/ddtrace/transport/http/builder.rb +0 -176
- data/lib/ddtrace/transport/http/client.rb +0 -52
- data/lib/ddtrace/transport/http/env.rb +0 -58
- data/lib/ddtrace/transport/http/response.rb +0 -58
- data/lib/ddtrace/transport/http/statistics.rb +0 -43
- data/lib/ddtrace/transport/http/traces.rb +0 -144
- data/lib/ddtrace/transport/http.rb +0 -117
- data/lib/ddtrace/transport/io/client.rb +0 -85
- data/lib/ddtrace/transport/io/response.rb +0 -25
- data/lib/ddtrace/transport/io/traces.rb +0 -99
- data/lib/ddtrace/transport/io.rb +0 -28
- data/lib/ddtrace/transport/parcel.rb +0 -20
- data/lib/ddtrace/transport/request.rb +0 -15
- data/lib/ddtrace/transport/response.rb +0 -60
- data/lib/ddtrace/transport/serializable_trace.rb +0 -122
- data/lib/ddtrace/transport/statistics.rb +0 -75
- data/lib/ddtrace/transport/trace_formatter.rb +0 -198
- data/lib/ddtrace/transport/traces.rb +0 -216
- /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_idle_sampling_helper.h +0 -0
- /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/setup_signal_handler.c +0 -0
- /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/setup_signal_handler.h +0 -0
@@ -1,223 +1,201 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
3
|
+
require_relative '../../core/utils/duration'
|
4
|
+
require_relative '../sample_rate'
|
4
5
|
|
5
6
|
module Datadog
|
6
7
|
module AppSec
|
7
8
|
module Configuration
|
8
|
-
#
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
9
|
+
# Settings
|
10
|
+
module Settings
|
11
|
+
# rubocop:disable Layout/LineLength
|
12
|
+
DEFAULT_OBFUSCATOR_KEY_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization'
|
13
|
+
DEFAULT_OBFUSCATOR_VALUE_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}'
|
14
|
+
# rubocop:enable Layout/LineLength
|
15
|
+
APPSEC_VALID_TRACK_USER_EVENTS_MODE = [
|
16
|
+
'safe',
|
17
|
+
'extended'
|
18
|
+
].freeze
|
19
|
+
APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES = [
|
20
|
+
'1',
|
21
|
+
'true'
|
22
|
+
].concat(APPSEC_VALID_TRACK_USER_EVENTS_MODE).freeze
|
23
|
+
|
24
|
+
def self.extended(base)
|
25
|
+
base = base.singleton_class unless base.is_a?(Class)
|
26
|
+
add_settings!(base)
|
27
|
+
end
|
25
28
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
29
|
+
# rubocop:disable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
30
|
+
def self.add_settings!(base)
|
31
|
+
base.class_eval do
|
32
|
+
settings :appsec do
|
33
|
+
option :enabled do |o|
|
34
|
+
o.type :bool
|
35
|
+
o.env 'DD_APPSEC_ENABLED'
|
36
|
+
o.default false
|
37
|
+
end
|
31
38
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
39
|
+
define_method(:instrument) do |integration_name|
|
40
|
+
if enabled
|
41
|
+
registered_integration = Datadog::AppSec::Contrib::Integration.registry[integration_name]
|
42
|
+
if registered_integration
|
43
|
+
klass = registered_integration.klass
|
44
|
+
if klass.loaded? && klass.compatible?
|
45
|
+
instance = klass.new
|
46
|
+
instance.patcher.patch unless instance.patcher.patched?
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
40
50
|
end
|
41
|
-
end
|
42
|
-
end
|
43
51
|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
cast = case type
|
49
|
-
when :integer, Integer
|
50
|
-
method(:Integer)
|
51
|
-
when :float, Float
|
52
|
-
method(:Float)
|
53
|
-
else
|
54
|
-
raise ArgumentError, "invalid type: #{v.inspect}"
|
55
|
-
end
|
56
|
-
|
57
|
-
scale = case base
|
58
|
-
when :s
|
59
|
-
1_000_000_000
|
60
|
-
when :ms
|
61
|
-
1_000_000
|
62
|
-
when :us
|
63
|
-
1000
|
64
|
-
when :ns
|
65
|
-
1
|
66
|
-
else
|
67
|
-
raise ArgumentError, "invalid base: #{v.inspect}"
|
68
|
-
end
|
52
|
+
option :ruleset do |o|
|
53
|
+
o.env 'DD_APPSEC_RULES'
|
54
|
+
o.default :recommended
|
55
|
+
end
|
69
56
|
|
70
|
-
|
71
|
-
|
72
|
-
cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 * 60 / scale
|
73
|
-
when /^(\d+)m$/
|
74
|
-
cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 / scale
|
75
|
-
when /^(\d+)s$/
|
76
|
-
cast.call(Regexp.last_match(1)) * 1_000_000_000 / scale
|
77
|
-
when /^(\d+)ms$/
|
78
|
-
cast.call(Regexp.last_match(1)) * 1_000_000 / scale
|
79
|
-
when /^(\d+)us$/
|
80
|
-
cast.call(Regexp.last_match(1)) * 1_000 / scale
|
81
|
-
when /^(\d+)ns$/
|
82
|
-
cast.call(Regexp.last_match(1)) / scale
|
83
|
-
when /^(\d+)$/
|
84
|
-
cast.call(Regexp.last_match(1))
|
85
|
-
else
|
86
|
-
raise ArgumentError, "invalid duration: #{v.inspect}"
|
57
|
+
option :ip_passlist do |o|
|
58
|
+
o.default []
|
87
59
|
end
|
88
|
-
end
|
89
|
-
end
|
90
|
-
# rubocop:enable Metrics/MethodLength
|
91
|
-
end
|
92
60
|
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
61
|
+
option :ip_denylist do |o|
|
62
|
+
o.type :array
|
63
|
+
o.default []
|
64
|
+
end
|
97
65
|
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
waf_timeout: 5_000, # us
|
102
|
-
waf_debug: false,
|
103
|
-
trace_rate_limit: 100, # traces/s
|
104
|
-
obfuscator_key_regex: DEFAULT_OBFUSCATOR_KEY_REGEX,
|
105
|
-
obfuscator_value_regex: DEFAULT_OBFUSCATOR_VALUE_REGEX,
|
106
|
-
}.freeze
|
107
|
-
|
108
|
-
ENVS = {
|
109
|
-
'DD_APPSEC_ENABLED' => [:enabled, Settings.boolean],
|
110
|
-
'DD_APPSEC_RULES' => [:ruleset, Settings.string],
|
111
|
-
'DD_APPSEC_WAF_TIMEOUT' => [:waf_timeout, Settings.duration(:us)],
|
112
|
-
'DD_APPSEC_WAF_DEBUG' => [:waf_debug, Settings.boolean],
|
113
|
-
'DD_APPSEC_TRACE_RATE_LIMIT' => [:trace_rate_limit, Settings.integer],
|
114
|
-
'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP' => [:obfuscator_key_regex, Settings.string],
|
115
|
-
'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP' => [:obfuscator_value_regex, Settings.string],
|
116
|
-
}.freeze
|
117
|
-
|
118
|
-
# Struct constant whisker cast for Steep
|
119
|
-
Integration = _ = Struct.new(:integration) # rubocop:disable Naming/ConstantName
|
120
|
-
|
121
|
-
def initialize
|
122
|
-
@integrations = []
|
123
|
-
# Stores which options have been configured using Datadog.configure block or ENV variables
|
124
|
-
@configured = Set.new
|
125
|
-
@options = DEFAULTS.dup.tap do |options|
|
126
|
-
ENVS.each do |env, (key, conv)|
|
127
|
-
if ENV[env]
|
128
|
-
options[key] = conv.call(ENV[env])
|
129
|
-
@configured << key
|
66
|
+
option :user_id_denylist do |o|
|
67
|
+
o.type :array
|
68
|
+
o.default []
|
130
69
|
end
|
131
|
-
end
|
132
|
-
end
|
133
|
-
end
|
134
70
|
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
71
|
+
option :waf_timeout do |o|
|
72
|
+
o.env 'DD_APPSEC_WAF_TIMEOUT' # us
|
73
|
+
o.default 5_000
|
74
|
+
o.setter do |v|
|
75
|
+
Datadog::Core::Utils::Duration.call(v.to_s, base: :us)
|
76
|
+
end
|
77
|
+
end
|
139
78
|
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
79
|
+
option :waf_debug do |o|
|
80
|
+
o.env 'DD_APPSEC_WAF_DEBUG'
|
81
|
+
o.default false
|
82
|
+
o.type :bool
|
83
|
+
end
|
144
84
|
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
end
|
85
|
+
option :trace_rate_limit do |o|
|
86
|
+
o.type :int
|
87
|
+
o.env 'DD_APPSEC_TRACE_RATE_LIMIT' # trace/s
|
88
|
+
o.default 100
|
89
|
+
end
|
151
90
|
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
end
|
91
|
+
option :obfuscator_key_regex do |o|
|
92
|
+
o.type :string
|
93
|
+
o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP'
|
94
|
+
o.default DEFAULT_OBFUSCATOR_KEY_REGEX
|
95
|
+
end
|
158
96
|
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
97
|
+
option :obfuscator_value_regex do |o|
|
98
|
+
o.type :string
|
99
|
+
o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP'
|
100
|
+
o.default DEFAULT_OBFUSCATOR_VALUE_REGEX
|
101
|
+
end
|
163
102
|
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
103
|
+
settings :block do
|
104
|
+
settings :templates do
|
105
|
+
option :html do |o|
|
106
|
+
o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML'
|
107
|
+
o.type :string, nilable: true
|
108
|
+
o.setter do |value|
|
109
|
+
if value
|
110
|
+
raise(ArgumentError, "appsec.templates.html: file not found: #{value}") unless File.exist?(value)
|
168
111
|
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
112
|
+
File.open(value, 'rb', &:read) || ''
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
173
116
|
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
117
|
+
option :json do |o|
|
118
|
+
o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON'
|
119
|
+
o.type :string, nilable: true
|
120
|
+
o.setter do |value|
|
121
|
+
if value
|
122
|
+
raise(ArgumentError, "appsec.templates.json: file not found: #{value}") unless File.exist?(value)
|
178
123
|
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
124
|
+
File.open(value, 'rb', &:read) || ''
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
183
128
|
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
end
|
129
|
+
option :text do |o|
|
130
|
+
o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_TEXT'
|
131
|
+
o.type :string, nilable: true
|
132
|
+
o.setter do |value|
|
133
|
+
if value
|
134
|
+
raise(ArgumentError, "appsec.templates.text: file not found: #{value}") unless File.exist?(value)
|
191
135
|
|
192
|
-
|
136
|
+
File.open(value, 'rb', &:read) || ''
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
141
|
+
end
|
193
142
|
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
143
|
+
settings :track_user_events do
|
144
|
+
option :enabled do |o|
|
145
|
+
o.default true
|
146
|
+
o.type :bool
|
147
|
+
o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
|
148
|
+
o.env_parser do |env_value|
|
149
|
+
if env_value == 'disabled'
|
150
|
+
false
|
151
|
+
else
|
152
|
+
APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES.include?(env_value.strip.downcase)
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
option :mode do |o|
|
158
|
+
o.type :string
|
159
|
+
o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
|
160
|
+
o.default 'safe'
|
161
|
+
o.setter do |v|
|
162
|
+
if APPSEC_VALID_TRACK_USER_EVENTS_MODE.include?(v)
|
163
|
+
v
|
164
|
+
elsif v == 'disabled'
|
165
|
+
'safe'
|
166
|
+
else
|
167
|
+
Datadog.logger.warn(
|
168
|
+
'The appsec.track_user_events.mode value provided is not supported.' \
|
169
|
+
'Supported values are: safe | extended.' \
|
170
|
+
'Using default value `safe`'
|
171
|
+
)
|
172
|
+
'safe'
|
173
|
+
end
|
174
|
+
end
|
175
|
+
end
|
176
|
+
end
|
199
177
|
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
178
|
+
settings :api_security do
|
179
|
+
option :enabled do |o|
|
180
|
+
o.type :bool
|
181
|
+
o.env 'DD_EXPERIMENTAL_API_SECURITY_ENABLED'
|
182
|
+
o.default false
|
183
|
+
end
|
184
|
+
|
185
|
+
option :sample_rate do |o|
|
186
|
+
o.type :float
|
187
|
+
o.env 'DD_API_SECURITY_REQUEST_SAMPLE_RATE'
|
188
|
+
o.default 0.1
|
189
|
+
o.setter do |value|
|
190
|
+
value = 1 if value > 1
|
191
|
+
SampleRate.new(value)
|
192
|
+
end
|
193
|
+
end
|
194
|
+
end
|
205
195
|
end
|
206
196
|
end
|
207
|
-
|
208
|
-
self
|
209
|
-
end
|
210
|
-
|
211
|
-
private
|
212
|
-
|
213
|
-
def default?(option)
|
214
|
-
!@configured.include?(option)
|
215
|
-
end
|
216
|
-
|
217
|
-
# Restore to original state, for testing only.
|
218
|
-
def reset!
|
219
|
-
initialize
|
220
197
|
end
|
198
|
+
# rubocop:enable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
|
221
199
|
end
|
222
200
|
end
|
223
201
|
end
|
@@ -5,86 +5,7 @@ require_relative 'configuration/settings'
|
|
5
5
|
module Datadog
|
6
6
|
module AppSec
|
7
7
|
# Configuration for AppSec
|
8
|
-
# TODO: this is a trivial implementation, check with shareable code with
|
9
|
-
# tracer and other products
|
10
8
|
module Configuration
|
11
|
-
def self.included(base)
|
12
|
-
base.extend(ClassMethods)
|
13
|
-
end
|
14
|
-
|
15
|
-
# Configuration DSL implementation
|
16
|
-
class DSL
|
17
|
-
# Struct constant whisker cast for Steep
|
18
|
-
Instrument = _ = Struct.new(:name) # rubocop:disable Naming/ConstantName
|
19
|
-
|
20
|
-
def initialize
|
21
|
-
@instruments = []
|
22
|
-
@options = {}
|
23
|
-
end
|
24
|
-
|
25
|
-
attr_reader :instruments, :options
|
26
|
-
|
27
|
-
def instrument(name)
|
28
|
-
@instruments << Instrument.new(name)
|
29
|
-
end
|
30
|
-
|
31
|
-
def enabled=(value)
|
32
|
-
options[:enabled] = value
|
33
|
-
end
|
34
|
-
|
35
|
-
def ruleset=(value)
|
36
|
-
options[:ruleset] = value
|
37
|
-
end
|
38
|
-
|
39
|
-
def ip_denylist=(value)
|
40
|
-
options[:ip_denylist] = value
|
41
|
-
end
|
42
|
-
|
43
|
-
def user_id_denylist=(value)
|
44
|
-
options[:user_id_denylist] = value
|
45
|
-
end
|
46
|
-
|
47
|
-
# in microseconds
|
48
|
-
def waf_timeout=(value)
|
49
|
-
options[:waf_timeout] = value
|
50
|
-
end
|
51
|
-
|
52
|
-
def waf_debug=(value)
|
53
|
-
options[:waf_debug] = value
|
54
|
-
end
|
55
|
-
|
56
|
-
def trace_rate_limit=(value)
|
57
|
-
options[:trace_rate_limit] = value
|
58
|
-
end
|
59
|
-
|
60
|
-
def obfuscator_key_regex=(value)
|
61
|
-
options[:obfuscator_key_regex] = value
|
62
|
-
end
|
63
|
-
|
64
|
-
def obfuscator_value_regex=(value)
|
65
|
-
options[:obfuscator_value_regex] = value
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
# class-level methods for Configuration
|
70
|
-
module ClassMethods
|
71
|
-
def configure
|
72
|
-
dsl = DSL.new
|
73
|
-
yield dsl
|
74
|
-
settings.merge(dsl)
|
75
|
-
settings
|
76
|
-
end
|
77
|
-
|
78
|
-
def settings
|
79
|
-
@settings ||= Settings.new
|
80
|
-
end
|
81
|
-
|
82
|
-
private
|
83
|
-
|
84
|
-
def default_setting?(setting)
|
85
|
-
settings.send(:default?, setting)
|
86
|
-
end
|
87
|
-
end
|
88
9
|
end
|
89
10
|
end
|
90
11
|
end
|
@@ -15,10 +15,8 @@ module Datadog
|
|
15
15
|
integrations << integration.name
|
16
16
|
end
|
17
17
|
|
18
|
-
|
19
|
-
|
20
|
-
c.instrument integration_name
|
21
|
-
end
|
18
|
+
integrations.each do |integration_name|
|
19
|
+
Datadog.configuration.appsec.instrument integration_name
|
22
20
|
end
|
23
21
|
end
|
24
22
|
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Datadog
|
4
|
+
module AppSec
|
5
|
+
module Contrib
|
6
|
+
module Devise
|
7
|
+
# Class to extract event information from the resource
|
8
|
+
class Event
|
9
|
+
UUID_REGEX = /^\h{8}-\h{4}-\h{4}-\h{4}-\h{12}$/.freeze
|
10
|
+
|
11
|
+
SAFE_MODE = 'safe'
|
12
|
+
EXTENDED_MODE = 'extended'
|
13
|
+
|
14
|
+
attr_reader :user_id
|
15
|
+
|
16
|
+
def initialize(resource, mode)
|
17
|
+
@resource = resource
|
18
|
+
@mode = mode
|
19
|
+
@user_id = nil
|
20
|
+
@email = nil
|
21
|
+
@username = nil
|
22
|
+
|
23
|
+
extract if @resource
|
24
|
+
end
|
25
|
+
|
26
|
+
def to_h
|
27
|
+
return @event if defined?(@event)
|
28
|
+
|
29
|
+
@event = {}
|
30
|
+
@event[:email] = @email if @email
|
31
|
+
@event[:username] = @username if @username
|
32
|
+
@event
|
33
|
+
end
|
34
|
+
|
35
|
+
private
|
36
|
+
|
37
|
+
def extract
|
38
|
+
@user_id = @resource.id
|
39
|
+
|
40
|
+
case @mode
|
41
|
+
when EXTENDED_MODE
|
42
|
+
@email = @resource.email
|
43
|
+
@username = @resource.username
|
44
|
+
when SAFE_MODE
|
45
|
+
@user_id = nil unless @user_id && @user_id.to_s =~ UUID_REGEX
|
46
|
+
else
|
47
|
+
Datadog.logger.warn(
|
48
|
+
"Invalid automated user evenst mode: `#{@mode}`. "\
|
49
|
+
'Supported modes are: `safe` and `extended`.'
|
50
|
+
)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative '../integration'
|
4
|
+
|
5
|
+
require_relative 'patcher'
|
6
|
+
|
7
|
+
module Datadog
|
8
|
+
module AppSec
|
9
|
+
module Contrib
|
10
|
+
module Devise
|
11
|
+
# Description of Devise integration
|
12
|
+
class Integration
|
13
|
+
include Datadog::AppSec::Contrib::Integration
|
14
|
+
|
15
|
+
MINIMUM_VERSION = Gem::Version.new('3.2.1')
|
16
|
+
|
17
|
+
register_as :devise, auto_patch: true
|
18
|
+
|
19
|
+
def self.version
|
20
|
+
Gem.loaded_specs['devise'] && Gem.loaded_specs['devise'].version
|
21
|
+
end
|
22
|
+
|
23
|
+
def self.loaded?
|
24
|
+
!defined?(::Devise).nil?
|
25
|
+
end
|
26
|
+
|
27
|
+
def self.compatible?
|
28
|
+
super && version >= MINIMUM_VERSION
|
29
|
+
end
|
30
|
+
|
31
|
+
def self.auto_instrument?
|
32
|
+
true
|
33
|
+
end
|
34
|
+
|
35
|
+
def patcher
|
36
|
+
Patcher
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,76 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative '../tracking'
|
4
|
+
require_relative '../resource'
|
5
|
+
require_relative '../event'
|
6
|
+
|
7
|
+
module Datadog
|
8
|
+
module AppSec
|
9
|
+
module Contrib
|
10
|
+
module Devise
|
11
|
+
module Patcher
|
12
|
+
# Hook in devise validate method
|
13
|
+
module AuthenticatablePatch
|
14
|
+
# rubocop:disable Metrics/MethodLength
|
15
|
+
def validate(resource, &block)
|
16
|
+
result = super
|
17
|
+
return result unless AppSec.enabled?
|
18
|
+
|
19
|
+
track_user_events_configuration = Datadog.configuration.appsec.track_user_events
|
20
|
+
|
21
|
+
return result unless track_user_events_configuration.enabled
|
22
|
+
|
23
|
+
automated_track_user_events_mode = track_user_events_configuration.mode
|
24
|
+
|
25
|
+
appsec_scope = Datadog::AppSec.active_scope
|
26
|
+
|
27
|
+
return result unless appsec_scope
|
28
|
+
|
29
|
+
devise_resource = resource ? Resource.new(resource) : nil
|
30
|
+
|
31
|
+
event_information = Event.new(devise_resource, automated_track_user_events_mode)
|
32
|
+
|
33
|
+
if result
|
34
|
+
if event_information.user_id
|
35
|
+
Datadog.logger.debug { 'User Login Event success' }
|
36
|
+
else
|
37
|
+
Datadog.logger.debug { 'User Login Event success, but can\'t extract user ID. Tracking empty event' }
|
38
|
+
end
|
39
|
+
|
40
|
+
Tracking.track_login_success(
|
41
|
+
appsec_scope.trace,
|
42
|
+
appsec_scope.service_entry_span,
|
43
|
+
user_id: event_information.user_id,
|
44
|
+
**event_information.to_h
|
45
|
+
)
|
46
|
+
|
47
|
+
return result
|
48
|
+
end
|
49
|
+
|
50
|
+
user_exists = nil
|
51
|
+
|
52
|
+
if resource
|
53
|
+
user_exists = true
|
54
|
+
Datadog.logger.debug { 'User Login Event failure users exists' }
|
55
|
+
else
|
56
|
+
user_exists = false
|
57
|
+
Datadog.logger.debug { 'User Login Event failure user do not exists' }
|
58
|
+
end
|
59
|
+
|
60
|
+
Tracking.track_login_failure(
|
61
|
+
appsec_scope.trace,
|
62
|
+
appsec_scope.service_entry_span,
|
63
|
+
user_id: event_information.user_id,
|
64
|
+
user_exists: user_exists,
|
65
|
+
**event_information.to_h
|
66
|
+
)
|
67
|
+
|
68
|
+
result
|
69
|
+
end
|
70
|
+
# rubocop:enable Metrics/MethodLength
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|