ddtrace 1.12.1 → 1.23.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (509) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +613 -9
  3. data/LICENSE-3rdparty.csv +1 -1
  4. data/bin/ddprofrb +15 -0
  5. data/bin/ddtracerb +3 -1
  6. data/ext/{ddtrace_profiling_loader/ddtrace_profiling_loader.c → datadog_profiling_loader/datadog_profiling_loader.c} +2 -2
  7. data/ext/{ddtrace_profiling_loader → datadog_profiling_loader}/extconf.rb +3 -3
  8. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/NativeExtensionDesign.md +3 -5
  9. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id.h +0 -3
  10. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id_from_pthread.c +3 -22
  11. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id_noop.c +0 -1
  12. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_cpu_and_wall_time_worker.c +338 -108
  13. data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +422 -0
  14. data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +101 -0
  15. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_dynamic_sampling_rate.c +22 -14
  16. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_dynamic_sampling_rate.h +4 -0
  17. data/ext/datadog_profiling_native_extension/collectors_gc_profiling_helper.c +156 -0
  18. data/ext/datadog_profiling_native_extension/collectors_gc_profiling_helper.h +5 -0
  19. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_idle_sampling_helper.c +3 -0
  20. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_stack.c +111 -118
  21. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_stack.h +11 -4
  22. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_thread_context.c +545 -144
  23. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_thread_context.h +3 -2
  24. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/extconf.rb +68 -17
  25. data/ext/datadog_profiling_native_extension/heap_recorder.c +1047 -0
  26. data/ext/datadog_profiling_native_extension/heap_recorder.h +166 -0
  27. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/helpers.h +6 -0
  28. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/http_transport.c +60 -32
  29. data/ext/datadog_profiling_native_extension/libdatadog_helpers.c +62 -0
  30. data/ext/datadog_profiling_native_extension/libdatadog_helpers.h +42 -0
  31. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/native_extension_helpers.rb +50 -4
  32. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/private_vm_api_access.c +155 -32
  33. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/private_vm_api_access.h +16 -0
  34. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/profiling.c +19 -3
  35. data/ext/datadog_profiling_native_extension/ruby_helpers.c +267 -0
  36. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/ruby_helpers.h +33 -0
  37. data/ext/datadog_profiling_native_extension/stack_recorder.c +1040 -0
  38. data/ext/datadog_profiling_native_extension/stack_recorder.h +27 -0
  39. data/ext/datadog_profiling_native_extension/time_helpers.c +53 -0
  40. data/ext/datadog_profiling_native_extension/time_helpers.h +26 -0
  41. data/lib/datadog/appsec/assets/waf_rules/processors.json +92 -0
  42. data/lib/datadog/appsec/assets/waf_rules/recommended.json +698 -75
  43. data/lib/datadog/appsec/assets/waf_rules/scanners.json +114 -0
  44. data/lib/datadog/appsec/assets/waf_rules/strict.json +98 -8
  45. data/lib/datadog/appsec/assets.rb +8 -0
  46. data/lib/datadog/appsec/component.rb +21 -2
  47. data/lib/datadog/appsec/configuration/settings.rb +167 -189
  48. data/lib/datadog/appsec/configuration.rb +0 -79
  49. data/lib/datadog/appsec/contrib/auto_instrument.rb +2 -4
  50. data/lib/datadog/appsec/contrib/devise/event.rb +57 -0
  51. data/lib/datadog/appsec/contrib/devise/ext.rb +13 -0
  52. data/lib/datadog/appsec/contrib/devise/integration.rb +42 -0
  53. data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +76 -0
  54. data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +54 -0
  55. data/lib/datadog/appsec/contrib/devise/patcher.rb +45 -0
  56. data/lib/datadog/appsec/contrib/devise/resource.rb +35 -0
  57. data/lib/datadog/appsec/contrib/devise/tracking.rb +57 -0
  58. data/lib/datadog/appsec/contrib/rack/ext.rb +2 -1
  59. data/lib/datadog/appsec/contrib/rack/gateway/request.rb +6 -2
  60. data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +8 -6
  61. data/lib/datadog/appsec/contrib/rack/reactive/request.rb +3 -8
  62. data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +3 -6
  63. data/lib/datadog/appsec/contrib/rack/reactive/response.rb +3 -6
  64. data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +3 -2
  65. data/lib/datadog/appsec/contrib/rack/request_middleware.rb +77 -27
  66. data/lib/datadog/appsec/contrib/rails/ext.rb +3 -2
  67. data/lib/datadog/appsec/contrib/rails/framework.rb +1 -3
  68. data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +3 -2
  69. data/lib/datadog/appsec/contrib/rails/patcher.rb +17 -11
  70. data/lib/datadog/appsec/contrib/rails/reactive/action.rb +3 -6
  71. data/lib/datadog/appsec/contrib/sinatra/ext.rb +2 -1
  72. data/lib/datadog/appsec/contrib/sinatra/framework.rb +1 -3
  73. data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +6 -4
  74. data/lib/datadog/appsec/contrib/sinatra/patcher.rb +13 -7
  75. data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +3 -6
  76. data/lib/datadog/appsec/event.rb +106 -50
  77. data/lib/datadog/appsec/extensions.rb +1 -130
  78. data/lib/datadog/appsec/monitor/gateway/watcher.rb +3 -3
  79. data/lib/datadog/appsec/monitor/reactive/set_user.rb +3 -6
  80. data/lib/datadog/appsec/processor/actions.rb +49 -0
  81. data/lib/datadog/appsec/processor/rule_loader.rb +60 -0
  82. data/lib/datadog/appsec/processor/rule_merger.rb +22 -2
  83. data/lib/datadog/appsec/processor.rb +35 -7
  84. data/lib/datadog/appsec/rate_limiter.rb +1 -1
  85. data/lib/datadog/appsec/remote.rb +17 -11
  86. data/lib/datadog/appsec/response.rb +82 -4
  87. data/lib/datadog/appsec/sample_rate.rb +21 -0
  88. data/lib/datadog/appsec.rb +3 -4
  89. data/lib/datadog/auto_instrument.rb +3 -0
  90. data/lib/datadog/core/backport.rb +51 -0
  91. data/lib/datadog/core/configuration/agent_settings_resolver.rb +38 -29
  92. data/lib/datadog/core/configuration/base.rb +6 -16
  93. data/lib/datadog/core/configuration/components.rb +20 -7
  94. data/lib/datadog/core/configuration/ext.rb +28 -5
  95. data/lib/datadog/core/configuration/option.rb +271 -21
  96. data/lib/datadog/core/configuration/option_definition.rb +73 -32
  97. data/lib/datadog/core/configuration/options.rb +27 -15
  98. data/lib/datadog/core/configuration/settings.rb +398 -119
  99. data/lib/datadog/core/configuration.rb +24 -4
  100. data/lib/datadog/core/diagnostics/environment_logger.rb +132 -235
  101. data/lib/datadog/core/environment/class_count.rb +6 -6
  102. data/lib/datadog/core/environment/execution.rb +103 -0
  103. data/lib/datadog/core/environment/ext.rb +13 -11
  104. data/lib/datadog/core/environment/git.rb +25 -0
  105. data/lib/datadog/core/environment/identity.rb +18 -48
  106. data/lib/datadog/core/environment/platform.rb +7 -1
  107. data/lib/datadog/core/environment/variable_helpers.rb +0 -69
  108. data/lib/datadog/core/environment/yjit.rb +58 -0
  109. data/lib/datadog/core/error.rb +1 -0
  110. data/lib/datadog/core/git/ext.rb +6 -23
  111. data/lib/datadog/core/logging/ext.rb +3 -1
  112. data/lib/datadog/core/metrics/ext.rb +7 -5
  113. data/lib/datadog/core/remote/client/capabilities.rb +7 -2
  114. data/lib/datadog/core/remote/client.rb +3 -0
  115. data/lib/datadog/core/remote/component.rb +52 -48
  116. data/lib/datadog/core/remote/configuration/content.rb +28 -1
  117. data/lib/datadog/core/remote/configuration/repository.rb +3 -1
  118. data/lib/datadog/core/remote/ext.rb +2 -1
  119. data/lib/datadog/core/remote/negotiation.rb +20 -7
  120. data/lib/datadog/core/remote/tie/tracing.rb +39 -0
  121. data/lib/datadog/core/remote/tie.rb +27 -0
  122. data/lib/datadog/core/remote/transport/config.rb +60 -0
  123. data/lib/datadog/core/remote/transport/http/api/instance.rb +39 -0
  124. data/lib/datadog/core/remote/transport/http/api/spec.rb +21 -0
  125. data/lib/datadog/core/remote/transport/http/api.rb +58 -0
  126. data/lib/datadog/core/remote/transport/http/builder.rb +219 -0
  127. data/lib/datadog/core/remote/transport/http/client.rb +48 -0
  128. data/lib/datadog/core/remote/transport/http/config.rb +280 -0
  129. data/lib/datadog/core/remote/transport/http/negotiation.rb +146 -0
  130. data/lib/datadog/core/remote/transport/http.rb +179 -0
  131. data/lib/datadog/core/{transport → remote/transport}/negotiation.rb +25 -23
  132. data/lib/datadog/core/remote/worker.rb +11 -5
  133. data/lib/datadog/core/runtime/ext.rb +22 -12
  134. data/lib/datadog/core/runtime/metrics.rb +43 -0
  135. data/lib/datadog/core/telemetry/client.rb +28 -10
  136. data/lib/datadog/core/telemetry/emitter.rb +9 -11
  137. data/lib/datadog/core/telemetry/event.rb +250 -44
  138. data/lib/datadog/core/telemetry/ext.rb +8 -1
  139. data/lib/datadog/core/telemetry/heartbeat.rb +3 -7
  140. data/lib/datadog/core/telemetry/http/ext.rb +13 -8
  141. data/lib/datadog/core/telemetry/http/response.rb +4 -0
  142. data/lib/datadog/core/telemetry/http/transport.rb +10 -3
  143. data/lib/datadog/core/telemetry/request.rb +59 -0
  144. data/lib/datadog/core/transport/ext.rb +49 -0
  145. data/lib/datadog/core/transport/http/adapters/net.rb +168 -0
  146. data/lib/datadog/core/transport/http/adapters/registry.rb +29 -0
  147. data/lib/datadog/core/transport/http/adapters/test.rb +89 -0
  148. data/lib/datadog/core/transport/http/adapters/unix_socket.rb +83 -0
  149. data/lib/datadog/core/transport/http/api/endpoint.rb +31 -0
  150. data/lib/datadog/core/transport/http/api/fallbacks.rb +26 -0
  151. data/lib/datadog/core/transport/http/api/map.rb +18 -0
  152. data/lib/datadog/core/transport/http/env.rb +62 -0
  153. data/lib/datadog/core/transport/http/response.rb +60 -0
  154. data/lib/datadog/core/transport/parcel.rb +22 -0
  155. data/lib/datadog/core/transport/request.rb +17 -0
  156. data/lib/datadog/core/transport/response.rb +64 -0
  157. data/lib/datadog/core/utils/duration.rb +52 -0
  158. data/lib/datadog/core/utils/hash.rb +47 -0
  159. data/lib/datadog/core/utils/network.rb +1 -1
  160. data/lib/datadog/core/utils/safe_dup.rb +27 -20
  161. data/lib/datadog/core/utils/url.rb +25 -0
  162. data/lib/datadog/core/utils.rb +1 -1
  163. data/lib/datadog/core/workers/async.rb +3 -2
  164. data/lib/datadog/core/workers/polling.rb +2 -2
  165. data/lib/datadog/kit/appsec/events.rb +139 -89
  166. data/lib/datadog/kit/enable_core_dumps.rb +5 -6
  167. data/lib/datadog/kit/identity.rb +80 -65
  168. data/lib/datadog/opentelemetry/api/context.rb +10 -3
  169. data/lib/datadog/opentelemetry/sdk/propagator.rb +5 -3
  170. data/lib/datadog/opentelemetry/sdk/span_processor.rb +48 -5
  171. data/lib/datadog/opentelemetry/sdk/trace/span.rb +167 -0
  172. data/lib/datadog/opentelemetry/trace.rb +58 -0
  173. data/lib/datadog/opentelemetry.rb +4 -0
  174. data/lib/datadog/opentracer/text_map_propagator.rb +2 -1
  175. data/lib/datadog/opentracer.rb +9 -0
  176. data/lib/datadog/profiling/collectors/code_provenance.rb +10 -4
  177. data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +43 -20
  178. data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +3 -1
  179. data/lib/datadog/profiling/collectors/info.rb +101 -0
  180. data/lib/datadog/profiling/collectors/thread_context.rb +17 -2
  181. data/lib/datadog/profiling/component.rb +248 -97
  182. data/lib/datadog/profiling/exporter.rb +26 -5
  183. data/lib/datadog/profiling/ext.rb +2 -12
  184. data/lib/datadog/profiling/flush.rb +10 -5
  185. data/lib/datadog/profiling/http_transport.rb +23 -6
  186. data/lib/datadog/profiling/load_native_extension.rb +25 -6
  187. data/lib/datadog/profiling/native_extension.rb +1 -22
  188. data/lib/datadog/profiling/profiler.rb +36 -13
  189. data/lib/datadog/profiling/scheduler.rb +20 -15
  190. data/lib/datadog/profiling/stack_recorder.rb +19 -4
  191. data/lib/datadog/profiling/tag_builder.rb +5 -0
  192. data/lib/datadog/profiling/tasks/exec.rb +3 -3
  193. data/lib/datadog/profiling/tasks/help.rb +3 -3
  194. data/lib/datadog/profiling.rb +28 -79
  195. data/lib/datadog/tracing/component.rb +70 -11
  196. data/lib/datadog/tracing/configuration/agent_settings_resolver.rb +13 -0
  197. data/lib/datadog/tracing/configuration/dynamic/option.rb +71 -0
  198. data/lib/datadog/tracing/configuration/dynamic.rb +64 -0
  199. data/lib/datadog/tracing/configuration/ext.rb +40 -33
  200. data/lib/datadog/tracing/configuration/http.rb +74 -0
  201. data/lib/datadog/tracing/configuration/settings.rb +136 -99
  202. data/lib/datadog/tracing/contrib/action_cable/configuration/settings.rb +10 -6
  203. data/lib/datadog/tracing/contrib/action_cable/ext.rb +21 -18
  204. data/lib/datadog/tracing/contrib/action_mailer/configuration/settings.rb +10 -6
  205. data/lib/datadog/tracing/contrib/action_mailer/events/deliver.rb +1 -1
  206. data/lib/datadog/tracing/contrib/action_mailer/ext.rb +21 -18
  207. data/lib/datadog/tracing/contrib/action_pack/configuration/settings.rb +10 -7
  208. data/lib/datadog/tracing/contrib/action_pack/ext.rb +11 -8
  209. data/lib/datadog/tracing/contrib/action_view/configuration/settings.rb +10 -6
  210. data/lib/datadog/tracing/contrib/action_view/ext.rb +13 -10
  211. data/lib/datadog/tracing/contrib/active_job/configuration/settings.rb +14 -7
  212. data/lib/datadog/tracing/contrib/active_job/ext.rb +26 -23
  213. data/lib/datadog/tracing/contrib/active_job/log_injection.rb +1 -1
  214. data/lib/datadog/tracing/contrib/active_job/patcher.rb +1 -1
  215. data/lib/datadog/tracing/contrib/active_model_serializers/configuration/settings.rb +10 -6
  216. data/lib/datadog/tracing/contrib/active_model_serializers/ext.rb +13 -10
  217. data/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +29 -15
  218. data/lib/datadog/tracing/contrib/active_record/configuration/settings.rb +10 -7
  219. data/lib/datadog/tracing/contrib/active_record/events/sql.rb +2 -6
  220. data/lib/datadog/tracing/contrib/active_record/ext.rb +18 -15
  221. data/lib/datadog/tracing/contrib/active_record/utils.rb +1 -1
  222. data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +106 -202
  223. data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +3 -0
  224. data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -7
  225. data/lib/datadog/tracing/contrib/active_support/ext.rb +19 -16
  226. data/lib/datadog/tracing/contrib/analytics.rb +0 -1
  227. data/lib/datadog/tracing/contrib/aws/configuration/settings.rb +15 -7
  228. data/lib/datadog/tracing/contrib/aws/ext.rb +38 -24
  229. data/lib/datadog/tracing/contrib/aws/instrumentation.rb +16 -5
  230. data/lib/datadog/tracing/contrib/concurrent_ruby/async_patch.rb +20 -0
  231. data/lib/datadog/tracing/contrib/concurrent_ruby/configuration/settings.rb +3 -2
  232. data/lib/datadog/tracing/contrib/concurrent_ruby/context_composite_executor_service.rb +14 -14
  233. data/lib/datadog/tracing/contrib/concurrent_ruby/ext.rb +4 -2
  234. data/lib/datadog/tracing/contrib/concurrent_ruby/future_patch.rb +3 -10
  235. data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +2 -1
  236. data/lib/datadog/tracing/contrib/concurrent_ruby/patcher.rb +19 -2
  237. data/lib/datadog/tracing/contrib/concurrent_ruby/promises_future_patch.rb +22 -0
  238. data/lib/datadog/tracing/contrib/configurable.rb +1 -1
  239. data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
  240. data/lib/datadog/tracing/contrib/dalli/configuration/settings.rb +21 -7
  241. data/lib/datadog/tracing/contrib/dalli/ext.rb +27 -11
  242. data/lib/datadog/tracing/contrib/dalli/instrumentation.rb +17 -8
  243. data/lib/datadog/tracing/contrib/delayed_job/configuration/settings.rb +14 -7
  244. data/lib/datadog/tracing/contrib/delayed_job/ext.rb +17 -14
  245. data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +15 -7
  246. data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +22 -15
  247. data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +104 -99
  248. data/lib/datadog/tracing/contrib/ethon/configuration/settings.rb +17 -9
  249. data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +48 -3
  250. data/lib/datadog/tracing/contrib/ethon/ext.rb +20 -11
  251. data/lib/datadog/tracing/contrib/ethon/multi_patch.rb +6 -3
  252. data/lib/datadog/tracing/contrib/excon/configuration/settings.rb +20 -10
  253. data/lib/datadog/tracing/contrib/excon/ext.rb +17 -8
  254. data/lib/datadog/tracing/contrib/excon/middleware.rb +25 -5
  255. data/lib/datadog/tracing/contrib/ext.rb +26 -1
  256. data/lib/datadog/tracing/contrib/extensions.rb +38 -2
  257. data/lib/datadog/tracing/contrib/faraday/configuration/settings.rb +27 -10
  258. data/lib/datadog/tracing/contrib/faraday/ext.rb +17 -8
  259. data/lib/datadog/tracing/contrib/faraday/middleware.rb +22 -6
  260. data/lib/datadog/tracing/contrib/grape/configuration/settings.rb +9 -6
  261. data/lib/datadog/tracing/contrib/grape/ext.rb +17 -14
  262. data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +9 -6
  263. data/lib/datadog/tracing/contrib/graphql/ext.rb +8 -5
  264. data/lib/datadog/tracing/contrib/grpc/configuration/settings.rb +40 -9
  265. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +39 -20
  266. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +37 -18
  267. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor.rb +0 -4
  268. data/lib/datadog/tracing/contrib/grpc/ext.rb +17 -13
  269. data/lib/datadog/tracing/contrib/grpc/formatting.rb +127 -0
  270. data/lib/datadog/tracing/contrib/hanami/configuration/settings.rb +3 -2
  271. data/lib/datadog/tracing/contrib/hanami/ext.rb +10 -8
  272. data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +5 -8
  273. data/lib/datadog/tracing/contrib/http/configuration/settings.rb +34 -11
  274. data/lib/datadog/tracing/contrib/http/distributed/fetcher.rb +2 -2
  275. data/lib/datadog/tracing/contrib/http/ext.rb +17 -9
  276. data/lib/datadog/tracing/contrib/http/instrumentation.rb +27 -7
  277. data/lib/datadog/tracing/contrib/httpclient/configuration/settings.rb +34 -11
  278. data/lib/datadog/tracing/contrib/httpclient/ext.rb +18 -9
  279. data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +22 -5
  280. data/lib/datadog/tracing/contrib/httprb/configuration/settings.rb +34 -11
  281. data/lib/datadog/tracing/contrib/httprb/ext.rb +17 -9
  282. data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +22 -5
  283. data/lib/datadog/tracing/contrib/kafka/configuration/settings.rb +10 -6
  284. data/lib/datadog/tracing/contrib/kafka/ext.rb +43 -39
  285. data/lib/datadog/tracing/contrib/lograge/configuration/settings.rb +3 -2
  286. data/lib/datadog/tracing/contrib/lograge/ext.rb +3 -1
  287. data/lib/datadog/tracing/contrib/lograge/instrumentation.rb +2 -17
  288. data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +15 -7
  289. data/lib/datadog/tracing/contrib/mongodb/ext.rb +21 -16
  290. data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +16 -5
  291. data/lib/datadog/tracing/contrib/mysql2/configuration/settings.rb +22 -14
  292. data/lib/datadog/tracing/contrib/mysql2/ext.rb +16 -10
  293. data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +22 -7
  294. data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +53 -0
  295. data/lib/datadog/tracing/contrib/opensearch/ext.rb +38 -0
  296. data/lib/datadog/tracing/contrib/opensearch/integration.rb +44 -0
  297. data/lib/datadog/tracing/contrib/opensearch/patcher.rb +135 -0
  298. data/lib/datadog/tracing/contrib/opensearch/quantize.rb +81 -0
  299. data/lib/datadog/tracing/contrib/pg/configuration/settings.rb +23 -14
  300. data/lib/datadog/tracing/contrib/pg/ext.rb +23 -19
  301. data/lib/datadog/tracing/contrib/pg/instrumentation.rb +49 -9
  302. data/lib/datadog/tracing/contrib/presto/configuration/settings.rb +15 -7
  303. data/lib/datadog/tracing/contrib/presto/ext.rb +26 -20
  304. data/lib/datadog/tracing/contrib/presto/instrumentation.rb +14 -5
  305. data/lib/datadog/tracing/contrib/propagation/sql_comment/ext.rb +12 -10
  306. data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +1 -1
  307. data/lib/datadog/tracing/contrib/qless/configuration/settings.rb +13 -8
  308. data/lib/datadog/tracing/contrib/qless/ext.rb +15 -12
  309. data/lib/datadog/tracing/contrib/que/configuration/settings.rb +22 -12
  310. data/lib/datadog/tracing/contrib/que/ext.rb +1 -0
  311. data/lib/datadog/tracing/contrib/racecar/configuration/settings.rb +10 -7
  312. data/lib/datadog/tracing/contrib/racecar/event.rb +5 -5
  313. data/lib/datadog/tracing/contrib/racecar/ext.rb +21 -18
  314. data/lib/datadog/tracing/contrib/rack/configuration/settings.rb +17 -12
  315. data/lib/datadog/tracing/contrib/rack/ext.rb +19 -16
  316. data/lib/datadog/tracing/contrib/rack/header_collection.rb +3 -0
  317. data/lib/datadog/tracing/contrib/rack/header_tagging.rb +63 -0
  318. data/lib/datadog/tracing/contrib/rack/middlewares.rb +16 -50
  319. data/lib/datadog/tracing/contrib/rails/auto_instrument_railtie.rb +0 -2
  320. data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +20 -15
  321. data/lib/datadog/tracing/contrib/rails/ext.rb +8 -5
  322. data/lib/datadog/tracing/contrib/rails/log_injection.rb +7 -10
  323. data/lib/datadog/tracing/contrib/rails/patcher.rb +10 -41
  324. data/lib/datadog/tracing/contrib/rails/railtie.rb +3 -3
  325. data/lib/datadog/tracing/contrib/rake/configuration/settings.rb +14 -10
  326. data/lib/datadog/tracing/contrib/rake/ext.rb +15 -12
  327. data/lib/datadog/tracing/contrib/redis/configuration/settings.rb +18 -9
  328. data/lib/datadog/tracing/contrib/redis/ext.rb +23 -15
  329. data/lib/datadog/tracing/contrib/redis/instrumentation.rb +5 -40
  330. data/lib/datadog/tracing/contrib/redis/patcher.rb +34 -21
  331. data/lib/datadog/tracing/contrib/redis/tags.rb +16 -7
  332. data/lib/datadog/tracing/contrib/redis/trace_middleware.rb +46 -33
  333. data/lib/datadog/tracing/contrib/resque/configuration/settings.rb +14 -7
  334. data/lib/datadog/tracing/contrib/resque/ext.rb +10 -7
  335. data/lib/datadog/tracing/contrib/rest_client/configuration/settings.rb +17 -9
  336. data/lib/datadog/tracing/contrib/rest_client/ext.rb +16 -8
  337. data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +25 -5
  338. data/lib/datadog/tracing/contrib/roda/configuration/settings.rb +10 -6
  339. data/lib/datadog/tracing/contrib/roda/ext.rb +1 -0
  340. data/lib/datadog/tracing/contrib/semantic_logger/configuration/settings.rb +3 -2
  341. data/lib/datadog/tracing/contrib/semantic_logger/ext.rb +3 -1
  342. data/lib/datadog/tracing/contrib/semantic_logger/instrumentation.rb +4 -20
  343. data/lib/datadog/tracing/contrib/sequel/configuration/settings.rb +10 -6
  344. data/lib/datadog/tracing/contrib/sequel/ext.rb +11 -8
  345. data/lib/datadog/tracing/contrib/sequel/utils.rb +7 -7
  346. data/lib/datadog/tracing/contrib/shoryuken/configuration/settings.rb +15 -8
  347. data/lib/datadog/tracing/contrib/shoryuken/ext.rb +15 -12
  348. data/lib/datadog/tracing/contrib/sidekiq/configuration/settings.rb +19 -11
  349. data/lib/datadog/tracing/contrib/sidekiq/ext.rb +33 -30
  350. data/lib/datadog/tracing/contrib/sinatra/configuration/settings.rb +12 -9
  351. data/lib/datadog/tracing/contrib/sinatra/env.rb +0 -17
  352. data/lib/datadog/tracing/contrib/sinatra/ext.rb +22 -19
  353. data/lib/datadog/tracing/contrib/sinatra/tracer_middleware.rb +3 -14
  354. data/lib/datadog/tracing/contrib/sneakers/configuration/settings.rb +15 -8
  355. data/lib/datadog/tracing/contrib/sneakers/ext.rb +2 -0
  356. data/lib/datadog/tracing/contrib/sneakers/tracer.rb +1 -1
  357. data/lib/datadog/tracing/contrib/span_attribute_schema.rb +74 -10
  358. data/lib/datadog/tracing/contrib/stripe/configuration/settings.rb +10 -6
  359. data/lib/datadog/tracing/contrib/stripe/ext.rb +1 -0
  360. data/lib/datadog/tracing/contrib/sucker_punch/configuration/settings.rb +10 -6
  361. data/lib/datadog/tracing/contrib/sucker_punch/ext.rb +16 -13
  362. data/lib/datadog/tracing/contrib/trilogy/configuration/settings.rb +58 -0
  363. data/lib/datadog/tracing/contrib/trilogy/ext.rb +27 -0
  364. data/lib/datadog/tracing/contrib/trilogy/instrumentation.rb +94 -0
  365. data/lib/datadog/tracing/contrib/trilogy/integration.rb +43 -0
  366. data/lib/datadog/{ci/contrib/cucumber → tracing/contrib/trilogy}/patcher.rb +10 -6
  367. data/lib/datadog/tracing/contrib/utils/database.rb +5 -3
  368. data/lib/datadog/tracing/contrib/utils/quantization/http.rb +11 -11
  369. data/lib/datadog/tracing/contrib.rb +2 -0
  370. data/lib/datadog/tracing/correlation.rb +29 -12
  371. data/lib/datadog/tracing/diagnostics/environment_logger.rb +165 -0
  372. data/lib/datadog/tracing/diagnostics/ext.rb +21 -19
  373. data/lib/datadog/tracing/distributed/b3_multi.rb +2 -2
  374. data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
  375. data/lib/datadog/tracing/distributed/datadog.rb +0 -1
  376. data/lib/datadog/tracing/distributed/propagation.rb +35 -34
  377. data/lib/datadog/tracing/distributed/trace_context.rb +52 -17
  378. data/lib/datadog/tracing/metadata/ext.rb +9 -6
  379. data/lib/datadog/tracing/metadata/tagging.rb +3 -3
  380. data/lib/datadog/tracing/remote.rb +78 -0
  381. data/lib/datadog/tracing/sampling/matcher.rb +23 -3
  382. data/lib/datadog/tracing/sampling/rule.rb +7 -2
  383. data/lib/datadog/tracing/sampling/rule_sampler.rb +31 -0
  384. data/lib/datadog/tracing/span_operation.rb +3 -15
  385. data/lib/datadog/tracing/sync_writer.rb +3 -3
  386. data/lib/datadog/tracing/trace_digest.rb +31 -0
  387. data/lib/datadog/tracing/trace_operation.rb +17 -5
  388. data/lib/datadog/tracing/trace_segment.rb +5 -2
  389. data/lib/datadog/tracing/tracer.rb +12 -1
  390. data/lib/datadog/{core → tracing}/transport/http/api/instance.rb +1 -1
  391. data/lib/datadog/{core → tracing}/transport/http/api/spec.rb +1 -1
  392. data/lib/datadog/tracing/transport/http/api.rb +43 -0
  393. data/lib/datadog/{core → tracing}/transport/http/builder.rb +13 -68
  394. data/lib/datadog/tracing/transport/http/client.rb +57 -0
  395. data/lib/datadog/tracing/transport/http/statistics.rb +47 -0
  396. data/lib/datadog/tracing/transport/http/traces.rb +152 -0
  397. data/lib/datadog/tracing/transport/http.rb +125 -0
  398. data/lib/datadog/tracing/transport/io/client.rb +89 -0
  399. data/lib/datadog/tracing/transport/io/response.rb +27 -0
  400. data/lib/datadog/tracing/transport/io/traces.rb +101 -0
  401. data/lib/datadog/tracing/transport/io.rb +30 -0
  402. data/lib/datadog/tracing/transport/serializable_trace.rb +126 -0
  403. data/lib/datadog/tracing/transport/statistics.rb +77 -0
  404. data/lib/datadog/tracing/transport/trace_formatter.rb +240 -0
  405. data/lib/datadog/tracing/transport/traces.rb +224 -0
  406. data/lib/datadog/tracing/workers/trace_writer.rb +6 -4
  407. data/lib/datadog/tracing/workers.rb +4 -2
  408. data/lib/datadog/tracing/writer.rb +5 -2
  409. data/lib/datadog/tracing.rb +8 -2
  410. data/lib/ddtrace/transport/ext.rb +22 -14
  411. data/lib/ddtrace/version.rb +9 -12
  412. data/lib/ddtrace.rb +1 -1
  413. metadata +157 -139
  414. data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.h +0 -25
  415. data/ext/ddtrace_profiling_native_extension/ruby_helpers.c +0 -110
  416. data/ext/ddtrace_profiling_native_extension/stack_recorder.c +0 -591
  417. data/ext/ddtrace_profiling_native_extension/stack_recorder.h +0 -14
  418. data/ext/ddtrace_profiling_native_extension/time_helpers.c +0 -17
  419. data/ext/ddtrace_profiling_native_extension/time_helpers.h +0 -10
  420. data/lib/datadog/ci/configuration/components.rb +0 -32
  421. data/lib/datadog/ci/configuration/settings.rb +0 -53
  422. data/lib/datadog/ci/contrib/cucumber/configuration/settings.rb +0 -33
  423. data/lib/datadog/ci/contrib/cucumber/ext.rb +0 -20
  424. data/lib/datadog/ci/contrib/cucumber/formatter.rb +0 -94
  425. data/lib/datadog/ci/contrib/cucumber/instrumentation.rb +0 -28
  426. data/lib/datadog/ci/contrib/cucumber/integration.rb +0 -47
  427. data/lib/datadog/ci/contrib/rspec/configuration/settings.rb +0 -33
  428. data/lib/datadog/ci/contrib/rspec/example.rb +0 -68
  429. data/lib/datadog/ci/contrib/rspec/ext.rb +0 -19
  430. data/lib/datadog/ci/contrib/rspec/integration.rb +0 -48
  431. data/lib/datadog/ci/contrib/rspec/patcher.rb +0 -27
  432. data/lib/datadog/ci/ext/app_types.rb +0 -9
  433. data/lib/datadog/ci/ext/environment.rb +0 -575
  434. data/lib/datadog/ci/ext/settings.rb +0 -10
  435. data/lib/datadog/ci/ext/test.rb +0 -35
  436. data/lib/datadog/ci/extensions.rb +0 -19
  437. data/lib/datadog/ci/flush.rb +0 -38
  438. data/lib/datadog/ci/test.rb +0 -81
  439. data/lib/datadog/ci.rb +0 -20
  440. data/lib/datadog/core/configuration/dependency_resolver.rb +0 -28
  441. data/lib/datadog/core/configuration/option_definition_set.rb +0 -22
  442. data/lib/datadog/core/configuration/option_set.rb +0 -10
  443. data/lib/datadog/core/telemetry/collector.rb +0 -231
  444. data/lib/datadog/core/telemetry/v1/app_event.rb +0 -52
  445. data/lib/datadog/core/telemetry/v1/application.rb +0 -92
  446. data/lib/datadog/core/telemetry/v1/configuration.rb +0 -25
  447. data/lib/datadog/core/telemetry/v1/dependency.rb +0 -43
  448. data/lib/datadog/core/telemetry/v1/host.rb +0 -59
  449. data/lib/datadog/core/telemetry/v1/integration.rb +0 -64
  450. data/lib/datadog/core/telemetry/v1/product.rb +0 -36
  451. data/lib/datadog/core/telemetry/v1/telemetry_request.rb +0 -106
  452. data/lib/datadog/core/transport/config.rb +0 -58
  453. data/lib/datadog/core/transport/http/api.rb +0 -57
  454. data/lib/datadog/core/transport/http/client.rb +0 -45
  455. data/lib/datadog/core/transport/http/config.rb +0 -268
  456. data/lib/datadog/core/transport/http/negotiation.rb +0 -144
  457. data/lib/datadog/core/transport/http.rb +0 -169
  458. data/lib/datadog/core/utils/object_set.rb +0 -43
  459. data/lib/datadog/core/utils/string_table.rb +0 -47
  460. data/lib/datadog/profiling/backtrace_location.rb +0 -34
  461. data/lib/datadog/profiling/buffer.rb +0 -43
  462. data/lib/datadog/profiling/collectors/old_stack.rb +0 -301
  463. data/lib/datadog/profiling/encoding/profile.rb +0 -41
  464. data/lib/datadog/profiling/event.rb +0 -15
  465. data/lib/datadog/profiling/events/stack.rb +0 -82
  466. data/lib/datadog/profiling/old_recorder.rb +0 -107
  467. data/lib/datadog/profiling/pprof/builder.rb +0 -125
  468. data/lib/datadog/profiling/pprof/converter.rb +0 -102
  469. data/lib/datadog/profiling/pprof/message_set.rb +0 -16
  470. data/lib/datadog/profiling/pprof/payload.rb +0 -20
  471. data/lib/datadog/profiling/pprof/pprof.proto +0 -212
  472. data/lib/datadog/profiling/pprof/pprof_pb.rb +0 -81
  473. data/lib/datadog/profiling/pprof/stack_sample.rb +0 -139
  474. data/lib/datadog/profiling/pprof/string_table.rb +0 -12
  475. data/lib/datadog/profiling/pprof/template.rb +0 -118
  476. data/lib/datadog/profiling/trace_identifiers/ddtrace.rb +0 -43
  477. data/lib/datadog/profiling/trace_identifiers/helper.rb +0 -45
  478. data/lib/datadog/tracing/contrib/sinatra/headers.rb +0 -35
  479. data/lib/ddtrace/transport/http/adapters/net.rb +0 -168
  480. data/lib/ddtrace/transport/http/adapters/registry.rb +0 -27
  481. data/lib/ddtrace/transport/http/adapters/test.rb +0 -85
  482. data/lib/ddtrace/transport/http/adapters/unix_socket.rb +0 -77
  483. data/lib/ddtrace/transport/http/api/endpoint.rb +0 -29
  484. data/lib/ddtrace/transport/http/api/fallbacks.rb +0 -24
  485. data/lib/ddtrace/transport/http/api/instance.rb +0 -35
  486. data/lib/ddtrace/transport/http/api/map.rb +0 -16
  487. data/lib/ddtrace/transport/http/api/spec.rb +0 -17
  488. data/lib/ddtrace/transport/http/api.rb +0 -39
  489. data/lib/ddtrace/transport/http/builder.rb +0 -176
  490. data/lib/ddtrace/transport/http/client.rb +0 -52
  491. data/lib/ddtrace/transport/http/env.rb +0 -58
  492. data/lib/ddtrace/transport/http/response.rb +0 -58
  493. data/lib/ddtrace/transport/http/statistics.rb +0 -43
  494. data/lib/ddtrace/transport/http/traces.rb +0 -144
  495. data/lib/ddtrace/transport/http.rb +0 -117
  496. data/lib/ddtrace/transport/io/client.rb +0 -85
  497. data/lib/ddtrace/transport/io/response.rb +0 -25
  498. data/lib/ddtrace/transport/io/traces.rb +0 -99
  499. data/lib/ddtrace/transport/io.rb +0 -28
  500. data/lib/ddtrace/transport/parcel.rb +0 -20
  501. data/lib/ddtrace/transport/request.rb +0 -15
  502. data/lib/ddtrace/transport/response.rb +0 -60
  503. data/lib/ddtrace/transport/serializable_trace.rb +0 -122
  504. data/lib/ddtrace/transport/statistics.rb +0 -75
  505. data/lib/ddtrace/transport/trace_formatter.rb +0 -198
  506. data/lib/ddtrace/transport/traces.rb +0 -216
  507. /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_idle_sampling_helper.h +0 -0
  508. /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/setup_signal_handler.c +0 -0
  509. /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/setup_signal_handler.h +0 -0
data/lib/datadog/appsec/configuration/settings.rb CHANGED
@@ -1,223 +1,201 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'set'
3
+ require_relative '../../core/utils/duration'
4
+ require_relative '../sample_rate'
4
5
 
5
6
  module Datadog
6
7
  module AppSec
7
8
  module Configuration
8
- # Configuration settings, acting as an integration registry
9
- # TODO: as with Configuration, this is a trivial implementation
10
- class Settings
11
- class << self
12
- def boolean
13
- # @type ^(::String) -> bool
14
- ->(v) do # rubocop:disable Style/Lambda
15
- case v
16
- when /(1|true)/i
17
- true
18
- when /(0|false)/i, nil
19
- false
20
- else
21
- raise ArgumentError, "invalid boolean: #{v.inspect}"
22
- end
23
- end
24
- end
9
+ # Settings
10
+ module Settings
11
+ # rubocop:disable Layout/LineLength
12
+ DEFAULT_OBFUSCATOR_KEY_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization'
13
+ DEFAULT_OBFUSCATOR_VALUE_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}'
14
+ # rubocop:enable Layout/LineLength
15
+ APPSEC_VALID_TRACK_USER_EVENTS_MODE = [
16
+ 'safe',
17
+ 'extended'
18
+ ].freeze
19
+ APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES = [
20
+ '1',
21
+ 'true'
22
+ ].concat(APPSEC_VALID_TRACK_USER_EVENTS_MODE).freeze
23
+
24
+ def self.extended(base)
25
+ base = base.singleton_class unless base.is_a?(Class)
26
+ add_settings!(base)
27
+ end
25
28
 
26
- # TODO: allow symbols
27
- def string
28
- # @type ^(::String) -> ::String
29
- ->(v) { v.to_s }
30
- end
29
+ # rubocop:disable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
30
+ def self.add_settings!(base)
31
+ base.class_eval do
32
+ settings :appsec do
33
+ option :enabled do |o|
34
+ o.type :bool
35
+ o.env 'DD_APPSEC_ENABLED'
36
+ o.default false
37
+ end
31
38
 
32
- def integer
33
- # @type ^(::String) -> ::Integer
34
- ->(v) do # rubocop:disable Style/Lambda
35
- case v
36
- when /(\d+)/
37
- Regexp.last_match(1).to_i
38
- else
39
- raise ArgumentError, "invalid integer: #{v.inspect}"
39
+ define_method(:instrument) do |integration_name|
40
+ if enabled
41
+ registered_integration = Datadog::AppSec::Contrib::Integration.registry[integration_name]
42
+ if registered_integration
43
+ klass = registered_integration.klass
44
+ if klass.loaded? && klass.compatible?
45
+ instance = klass.new
46
+ instance.patcher.patch unless instance.patcher.patched?
47
+ end
48
+ end
49
+ end
40
50
  end
41
- end
42
- end
43
51
 
44
- # rubocop:disable Metrics/MethodLength
45
- def duration(base = :ns, type = :integer)
46
- # @type ^(::String) -> ::Integer | ::Float
47
- ->(v) do # rubocop:disable Style/Lambda
48
- cast = case type
49
- when :integer, Integer
50
- method(:Integer)
51
- when :float, Float
52
- method(:Float)
53
- else
54
- raise ArgumentError, "invalid type: #{v.inspect}"
55
- end
56
-
57
- scale = case base
58
- when :s
59
- 1_000_000_000
60
- when :ms
61
- 1_000_000
62
- when :us
63
- 1000
64
- when :ns
65
- 1
66
- else
67
- raise ArgumentError, "invalid base: #{v.inspect}"
68
- end
52
+ option :ruleset do |o|
53
+ o.env 'DD_APPSEC_RULES'
54
+ o.default :recommended
55
+ end
69
56
 
70
- case v
71
- when /^(\d+)h$/
72
- cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 * 60 / scale
73
- when /^(\d+)m$/
74
- cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 / scale
75
- when /^(\d+)s$/
76
- cast.call(Regexp.last_match(1)) * 1_000_000_000 / scale
77
- when /^(\d+)ms$/
78
- cast.call(Regexp.last_match(1)) * 1_000_000 / scale
79
- when /^(\d+)us$/
80
- cast.call(Regexp.last_match(1)) * 1_000 / scale
81
- when /^(\d+)ns$/
82
- cast.call(Regexp.last_match(1)) / scale
83
- when /^(\d+)$/
84
- cast.call(Regexp.last_match(1))
85
- else
86
- raise ArgumentError, "invalid duration: #{v.inspect}"
57
+ option :ip_passlist do |o|
58
+ o.default []
87
59
  end
88
- end
89
- end
90
- # rubocop:enable Metrics/MethodLength
91
- end
92
60
 
93
- # rubocop:disable Layout/LineLength
94
- DEFAULT_OBFUSCATOR_KEY_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization'
95
- DEFAULT_OBFUSCATOR_VALUE_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}'
96
- # rubocop:enable Layout/LineLength
61
+ option :ip_denylist do |o|
62
+ o.type :array
63
+ o.default []
64
+ end
97
65
 
98
- DEFAULTS = {
99
- enabled: false,
100
- ruleset: :recommended,
101
- waf_timeout: 5_000, # us
102
- waf_debug: false,
103
- trace_rate_limit: 100, # traces/s
104
- obfuscator_key_regex: DEFAULT_OBFUSCATOR_KEY_REGEX,
105
- obfuscator_value_regex: DEFAULT_OBFUSCATOR_VALUE_REGEX,
106
- }.freeze
107
-
108
- ENVS = {
109
- 'DD_APPSEC_ENABLED' => [:enabled, Settings.boolean],
110
- 'DD_APPSEC_RULES' => [:ruleset, Settings.string],
111
- 'DD_APPSEC_WAF_TIMEOUT' => [:waf_timeout, Settings.duration(:us)],
112
- 'DD_APPSEC_WAF_DEBUG' => [:waf_debug, Settings.boolean],
113
- 'DD_APPSEC_TRACE_RATE_LIMIT' => [:trace_rate_limit, Settings.integer],
114
- 'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP' => [:obfuscator_key_regex, Settings.string],
115
- 'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP' => [:obfuscator_value_regex, Settings.string],
116
- }.freeze
117
-
118
- # Struct constant whisker cast for Steep
119
- Integration = _ = Struct.new(:integration) # rubocop:disable Naming/ConstantName
120
-
121
- def initialize
122
- @integrations = []
123
- # Stores which options have been configured using Datadog.configure block or ENV variables
124
- @configured = Set.new
125
- @options = DEFAULTS.dup.tap do |options|
126
- ENVS.each do |env, (key, conv)|
127
- if ENV[env]
128
- options[key] = conv.call(ENV[env])
129
- @configured << key
66
+ option :user_id_denylist do |o|
67
+ o.type :array
68
+ o.default []
130
69
  end
131
- end
132
- end
133
- end
134
70
 
135
- def enabled
136
- # Cast for Steep
137
- _ = @options[:enabled]
138
- end
71
+ option :waf_timeout do |o|
72
+ o.env 'DD_APPSEC_WAF_TIMEOUT' # us
73
+ o.default 5_000
74
+ o.setter do |v|
75
+ Datadog::Core::Utils::Duration.call(v.to_s, base: :us)
76
+ end
77
+ end
139
78
 
140
- def ruleset
141
- # Cast for Steep
142
- _ = @options[:ruleset]
143
- end
79
+ option :waf_debug do |o|
80
+ o.env 'DD_APPSEC_WAF_DEBUG'
81
+ o.default false
82
+ o.type :bool
83
+ end
144
84
 
145
- # EXPERIMENTAL: This configurable is not meant to be publicly used, but
146
- # is very useful for testing. It may change at any point in time.
147
- def ip_denylist
148
- # Cast for Steep
149
- _ = @options[:ip_denylist] || []
150
- end
85
+ option :trace_rate_limit do |o|
86
+ o.type :int
87
+ o.env 'DD_APPSEC_TRACE_RATE_LIMIT' # trace/s
88
+ o.default 100
89
+ end
151
90
 
152
- # EXPERIMENTAL: This configurable is not meant to be publicly used, but
153
- # is very useful for testing. It may change at any point in time.
154
- def user_id_denylist
155
- # Cast for Steep
156
- _ = @options[:user_id_denylist] || []
157
- end
91
+ option :obfuscator_key_regex do |o|
92
+ o.type :string
93
+ o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP'
94
+ o.default DEFAULT_OBFUSCATOR_KEY_REGEX
95
+ end
158
96
 
159
- def waf_timeout
160
- # Cast for Steep
161
- _ = @options[:waf_timeout]
162
- end
97
+ option :obfuscator_value_regex do |o|
98
+ o.type :string
99
+ o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP'
100
+ o.default DEFAULT_OBFUSCATOR_VALUE_REGEX
101
+ end
163
102
 
164
- def waf_debug
165
- # Cast for Steep
166
- _ = @options[:waf_debug]
167
- end
103
+ settings :block do
104
+ settings :templates do
105
+ option :html do |o|
106
+ o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML'
107
+ o.type :string, nilable: true
108
+ o.setter do |value|
109
+ if value
110
+ raise(ArgumentError, "appsec.templates.html: file not found: #{value}") unless File.exist?(value)
168
111
 
169
- def trace_rate_limit
170
- # Cast for Steep
171
- _ = @options[:trace_rate_limit]
172
- end
112
+ File.open(value, 'rb', &:read) || ''
113
+ end
114
+ end
115
+ end
173
116
 
174
- def obfuscator_key_regex
175
- # Cast for Steep
176
- _ = @options[:obfuscator_key_regex]
177
- end
117
+ option :json do |o|
118
+ o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON'
119
+ o.type :string, nilable: true
120
+ o.setter do |value|
121
+ if value
122
+ raise(ArgumentError, "appsec.templates.json: file not found: #{value}") unless File.exist?(value)
178
123
 
179
- def obfuscator_value_regex
180
- # Cast for Steep
181
- _ = @options[:obfuscator_value_regex]
182
- end
124
+ File.open(value, 'rb', &:read) || ''
125
+ end
126
+ end
127
+ end
183
128
 
184
- def merge(dsl)
185
- dsl.options.each do |k, v|
186
- unless v.nil?
187
- @options[k] = v
188
- @configured << k
189
- end
190
- end
129
+ option :text do |o|
130
+ o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_TEXT'
131
+ o.type :string, nilable: true
132
+ o.setter do |value|
133
+ if value
134
+ raise(ArgumentError, "appsec.templates.text: file not found: #{value}") unless File.exist?(value)
191
135
 
192
- return self unless @options[:enabled]
136
+ File.open(value, 'rb', &:read) || ''
137
+ end
138
+ end
139
+ end
140
+ end
141
+ end
193
142
 
194
- # patcher.patch may call configure again, hence merge might be called again so it needs to be reentrant
195
- dsl.instruments.each do |instrument|
196
- # TODO: error handling
197
- registered_integration = Datadog::AppSec::Contrib::Integration.registry[instrument.name]
198
- @integrations << Integration.new(registered_integration)
143
+ settings :track_user_events do
144
+ option :enabled do |o|
145
+ o.default true
146
+ o.type :bool
147
+ o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
148
+ o.env_parser do |env_value|
149
+ if env_value == 'disabled'
150
+ false
151
+ else
152
+ APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES.include?(env_value.strip.downcase)
153
+ end
154
+ end
155
+ end
156
+
157
+ option :mode do |o|
158
+ o.type :string
159
+ o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
160
+ o.default 'safe'
161
+ o.setter do |v|
162
+ if APPSEC_VALID_TRACK_USER_EVENTS_MODE.include?(v)
163
+ v
164
+ elsif v == 'disabled'
165
+ 'safe'
166
+ else
167
+ Datadog.logger.warn(
168
+ 'The appsec.track_user_events.mode value provided is not supported.' \
169
+ 'Supported values are: safe | extended.' \
170
+ 'Using default value `safe`'
171
+ )
172
+ 'safe'
173
+ end
174
+ end
175
+ end
176
+ end
199
177
 
200
- # TODO: move to a separate apply step
201
- klass = registered_integration.klass
202
- if klass.loaded? && klass.compatible?
203
- instance = klass.new
204
- instance.patcher.patch
178
+ settings :api_security do
179
+ option :enabled do |o|
180
+ o.type :bool
181
+ o.env 'DD_EXPERIMENTAL_API_SECURITY_ENABLED'
182
+ o.default false
183
+ end
184
+
185
+ option :sample_rate do |o|
186
+ o.type :float
187
+ o.env 'DD_API_SECURITY_REQUEST_SAMPLE_RATE'
188
+ o.default 0.1
189
+ o.setter do |value|
190
+ value = 1 if value > 1
191
+ SampleRate.new(value)
192
+ end
193
+ end
194
+ end
205
195
  end
206
196
  end
207
-
208
- self
209
- end
210
-
211
- private
212
-
213
- def default?(option)
214
- !@configured.include?(option)
215
- end
216
-
217
- # Restore to original state, for testing only.
218
- def reset!
219
- initialize
220
197
  end
198
+ # rubocop:enable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
221
199
  end
222
200
  end
223
201
  end
data/lib/datadog/appsec/configuration.rb CHANGED
@@ -5,86 +5,7 @@ require_relative 'configuration/settings'
5
5
  module Datadog
6
6
  module AppSec
7
7
  # Configuration for AppSec
8
- # TODO: this is a trivial implementation, check with shareable code with
9
- # tracer and other products
10
8
  module Configuration
11
- def self.included(base)
12
- base.extend(ClassMethods)
13
- end
14
-
15
- # Configuration DSL implementation
16
- class DSL
17
- # Struct constant whisker cast for Steep
18
- Instrument = _ = Struct.new(:name) # rubocop:disable Naming/ConstantName
19
-
20
- def initialize
21
- @instruments = []
22
- @options = {}
23
- end
24
-
25
- attr_reader :instruments, :options
26
-
27
- def instrument(name)
28
- @instruments << Instrument.new(name)
29
- end
30
-
31
- def enabled=(value)
32
- options[:enabled] = value
33
- end
34
-
35
- def ruleset=(value)
36
- options[:ruleset] = value
37
- end
38
-
39
- def ip_denylist=(value)
40
- options[:ip_denylist] = value
41
- end
42
-
43
- def user_id_denylist=(value)
44
- options[:user_id_denylist] = value
45
- end
46
-
47
- # in microseconds
48
- def waf_timeout=(value)
49
- options[:waf_timeout] = value
50
- end
51
-
52
- def waf_debug=(value)
53
- options[:waf_debug] = value
54
- end
55
-
56
- def trace_rate_limit=(value)
57
- options[:trace_rate_limit] = value
58
- end
59
-
60
- def obfuscator_key_regex=(value)
61
- options[:obfuscator_key_regex] = value
62
- end
63
-
64
- def obfuscator_value_regex=(value)
65
- options[:obfuscator_value_regex] = value
66
- end
67
- end
68
-
69
- # class-level methods for Configuration
70
- module ClassMethods
71
- def configure
72
- dsl = DSL.new
73
- yield dsl
74
- settings.merge(dsl)
75
- settings
76
- end
77
-
78
- def settings
79
- @settings ||= Settings.new
80
- end
81
-
82
- private
83
-
84
- def default_setting?(setting)
85
- settings.send(:default?, setting)
86
- end
87
- end
88
9
  end
89
10
  end
90
11
  end
data/lib/datadog/appsec/contrib/auto_instrument.rb CHANGED
@@ -15,10 +15,8 @@ module Datadog
15
15
  integrations << integration.name
16
16
  end
17
17
 
18
- Datadog::AppSec.configure do |c|
19
- integrations.each do |integration_name|
20
- c.instrument integration_name
21
- end
18
+ integrations.each do |integration_name|
19
+ Datadog.configuration.appsec.instrument integration_name
22
20
  end
23
21
  end
24
22
  end
data/lib/datadog/appsec/contrib/devise/event.rb ADDED
@@ -0,0 +1,57 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Datadog
4
+ module AppSec
5
+ module Contrib
6
+ module Devise
7
+ # Class to extract event information from the resource
8
+ class Event
9
+ UUID_REGEX = /^\h{8}-\h{4}-\h{4}-\h{4}-\h{12}$/.freeze
10
+
11
+ SAFE_MODE = 'safe'
12
+ EXTENDED_MODE = 'extended'
13
+
14
+ attr_reader :user_id
15
+
16
+ def initialize(resource, mode)
17
+ @resource = resource
18
+ @mode = mode
19
+ @user_id = nil
20
+ @email = nil
21
+ @username = nil
22
+
23
+ extract if @resource
24
+ end
25
+
26
+ def to_h
27
+ return @event if defined?(@event)
28
+
29
+ @event = {}
30
+ @event[:email] = @email if @email
31
+ @event[:username] = @username if @username
32
+ @event
33
+ end
34
+
35
+ private
36
+
37
+ def extract
38
+ @user_id = @resource.id
39
+
40
+ case @mode
41
+ when EXTENDED_MODE
42
+ @email = @resource.email
43
+ @username = @resource.username
44
+ when SAFE_MODE
45
+ @user_id = nil unless @user_id && @user_id.to_s =~ UUID_REGEX
46
+ else
47
+ Datadog.logger.warn(
48
+ "Invalid automated user evenst mode: `#{@mode}`. "\
49
+ 'Supported modes are: `safe` and `extended`.'
50
+ )
51
+ end
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
57
+ end
data/lib/datadog/appsec/contrib/devise/ext.rb ADDED
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Datadog
4
+ module AppSec
5
+ module Contrib
6
+ module Devise
7
+ # Devise integration constants
8
+ module Ext
9
+ end
10
+ end
11
+ end
12
+ end
13
+ end
data/lib/datadog/appsec/contrib/devise/integration.rb ADDED
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative '../integration'
4
+
5
+ require_relative 'patcher'
6
+
7
+ module Datadog
8
+ module AppSec
9
+ module Contrib
10
+ module Devise
11
+ # Description of Devise integration
12
+ class Integration
13
+ include Datadog::AppSec::Contrib::Integration
14
+
15
+ MINIMUM_VERSION = Gem::Version.new('3.2.1')
16
+
17
+ register_as :devise, auto_patch: true
18
+
19
+ def self.version
20
+ Gem.loaded_specs['devise'] && Gem.loaded_specs['devise'].version
21
+ end
22
+
23
+ def self.loaded?
24
+ !defined?(::Devise).nil?
25
+ end
26
+
27
+ def self.compatible?
28
+ super && version >= MINIMUM_VERSION
29
+ end
30
+
31
+ def self.auto_instrument?
32
+ true
33
+ end
34
+
35
+ def patcher
36
+ Patcher
37
+ end
38
+ end
39
+ end
40
+ end
41
+ end
42
+ end
data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb ADDED
@@ -0,0 +1,76 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative '../tracking'
4
+ require_relative '../resource'
5
+ require_relative '../event'
6
+
7
+ module Datadog
8
+ module AppSec
9
+ module Contrib
10
+ module Devise
11
+ module Patcher
12
+ # Hook in devise validate method
13
+ module AuthenticatablePatch
14
+ # rubocop:disable Metrics/MethodLength
15
+ def validate(resource, &block)
16
+ result = super
17
+ return result unless AppSec.enabled?
18
+
19
+ track_user_events_configuration = Datadog.configuration.appsec.track_user_events
20
+
21
+ return result unless track_user_events_configuration.enabled
22
+
23
+ automated_track_user_events_mode = track_user_events_configuration.mode
24
+
25
+ appsec_scope = Datadog::AppSec.active_scope
26
+
27
+ return result unless appsec_scope
28
+
29
+ devise_resource = resource ? Resource.new(resource) : nil
30
+
31
+ event_information = Event.new(devise_resource, automated_track_user_events_mode)
32
+
33
+ if result
34
+ if event_information.user_id
35
+ Datadog.logger.debug { 'User Login Event success' }
36
+ else
37
+ Datadog.logger.debug { 'User Login Event success, but can\'t extract user ID. Tracking empty event' }
38
+ end
39
+
40
+ Tracking.track_login_success(
41
+ appsec_scope.trace,
42
+ appsec_scope.service_entry_span,
43
+ user_id: event_information.user_id,
44
+ **event_information.to_h
45
+ )
46
+
47
+ return result
48
+ end
49
+
50
+ user_exists = nil
51
+
52
+ if resource
53
+ user_exists = true
54
+ Datadog.logger.debug { 'User Login Event failure users exists' }
55
+ else
56
+ user_exists = false
57
+ Datadog.logger.debug { 'User Login Event failure user do not exists' }
58
+ end
59
+
60
+ Tracking.track_login_failure(
61
+ appsec_scope.trace,
62
+ appsec_scope.service_entry_span,
63
+ user_id: event_information.user_id,
64
+ user_exists: user_exists,
65
+ **event_information.to_h
66
+ )
67
+
68
+ result
69
+ end
70
+ # rubocop:enable Metrics/MethodLength
71
+ end
72
+ end
73
+ end
74
+ end
75
+ end
76
+ end