ddtrace 1.12.1 → 1.23.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (509) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +613 -9
  3. data/LICENSE-3rdparty.csv +1 -1
  4. data/bin/ddprofrb +15 -0
  5. data/bin/ddtracerb +3 -1
  6. data/ext/{ddtrace_profiling_loader/ddtrace_profiling_loader.c → datadog_profiling_loader/datadog_profiling_loader.c} +2 -2
  7. data/ext/{ddtrace_profiling_loader → datadog_profiling_loader}/extconf.rb +3 -3
  8. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/NativeExtensionDesign.md +3 -5
  9. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id.h +0 -3
  10. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id_from_pthread.c +3 -22
  11. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id_noop.c +0 -1
  12. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_cpu_and_wall_time_worker.c +338 -108
  13. data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +422 -0
  14. data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +101 -0
  15. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_dynamic_sampling_rate.c +22 -14
  16. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_dynamic_sampling_rate.h +4 -0
  17. data/ext/datadog_profiling_native_extension/collectors_gc_profiling_helper.c +156 -0
  18. data/ext/datadog_profiling_native_extension/collectors_gc_profiling_helper.h +5 -0
  19. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_idle_sampling_helper.c +3 -0
  20. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_stack.c +111 -118
  21. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_stack.h +11 -4
  22. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_thread_context.c +545 -144
  23. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_thread_context.h +3 -2
  24. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/extconf.rb +68 -17
  25. data/ext/datadog_profiling_native_extension/heap_recorder.c +1047 -0
  26. data/ext/datadog_profiling_native_extension/heap_recorder.h +166 -0
  27. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/helpers.h +6 -0
  28. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/http_transport.c +60 -32
  29. data/ext/datadog_profiling_native_extension/libdatadog_helpers.c +62 -0
  30. data/ext/datadog_profiling_native_extension/libdatadog_helpers.h +42 -0
  31. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/native_extension_helpers.rb +50 -4
  32. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/private_vm_api_access.c +155 -32
  33. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/private_vm_api_access.h +16 -0
  34. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/profiling.c +19 -3
  35. data/ext/datadog_profiling_native_extension/ruby_helpers.c +267 -0
  36. data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/ruby_helpers.h +33 -0
  37. data/ext/datadog_profiling_native_extension/stack_recorder.c +1040 -0
  38. data/ext/datadog_profiling_native_extension/stack_recorder.h +27 -0
  39. data/ext/datadog_profiling_native_extension/time_helpers.c +53 -0
  40. data/ext/datadog_profiling_native_extension/time_helpers.h +26 -0
  41. data/lib/datadog/appsec/assets/waf_rules/processors.json +92 -0
  42. data/lib/datadog/appsec/assets/waf_rules/recommended.json +698 -75
  43. data/lib/datadog/appsec/assets/waf_rules/scanners.json +114 -0
  44. data/lib/datadog/appsec/assets/waf_rules/strict.json +98 -8
  45. data/lib/datadog/appsec/assets.rb +8 -0
  46. data/lib/datadog/appsec/component.rb +21 -2
  47. data/lib/datadog/appsec/configuration/settings.rb +167 -189
  48. data/lib/datadog/appsec/configuration.rb +0 -79
  49. data/lib/datadog/appsec/contrib/auto_instrument.rb +2 -4
  50. data/lib/datadog/appsec/contrib/devise/event.rb +57 -0
  51. data/lib/datadog/appsec/contrib/devise/ext.rb +13 -0
  52. data/lib/datadog/appsec/contrib/devise/integration.rb +42 -0
  53. data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +76 -0
  54. data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +54 -0
  55. data/lib/datadog/appsec/contrib/devise/patcher.rb +45 -0
  56. data/lib/datadog/appsec/contrib/devise/resource.rb +35 -0
  57. data/lib/datadog/appsec/contrib/devise/tracking.rb +57 -0
  58. data/lib/datadog/appsec/contrib/rack/ext.rb +2 -1
  59. data/lib/datadog/appsec/contrib/rack/gateway/request.rb +6 -2
  60. data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +8 -6
  61. data/lib/datadog/appsec/contrib/rack/reactive/request.rb +3 -8
  62. data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +3 -6
  63. data/lib/datadog/appsec/contrib/rack/reactive/response.rb +3 -6
  64. data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +3 -2
  65. data/lib/datadog/appsec/contrib/rack/request_middleware.rb +77 -27
  66. data/lib/datadog/appsec/contrib/rails/ext.rb +3 -2
  67. data/lib/datadog/appsec/contrib/rails/framework.rb +1 -3
  68. data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +3 -2
  69. data/lib/datadog/appsec/contrib/rails/patcher.rb +17 -11
  70. data/lib/datadog/appsec/contrib/rails/reactive/action.rb +3 -6
  71. data/lib/datadog/appsec/contrib/sinatra/ext.rb +2 -1
  72. data/lib/datadog/appsec/contrib/sinatra/framework.rb +1 -3
  73. data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +6 -4
  74. data/lib/datadog/appsec/contrib/sinatra/patcher.rb +13 -7
  75. data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +3 -6
  76. data/lib/datadog/appsec/event.rb +106 -50
  77. data/lib/datadog/appsec/extensions.rb +1 -130
  78. data/lib/datadog/appsec/monitor/gateway/watcher.rb +3 -3
  79. data/lib/datadog/appsec/monitor/reactive/set_user.rb +3 -6
  80. data/lib/datadog/appsec/processor/actions.rb +49 -0
  81. data/lib/datadog/appsec/processor/rule_loader.rb +60 -0
  82. data/lib/datadog/appsec/processor/rule_merger.rb +22 -2
  83. data/lib/datadog/appsec/processor.rb +35 -7
  84. data/lib/datadog/appsec/rate_limiter.rb +1 -1
  85. data/lib/datadog/appsec/remote.rb +17 -11
  86. data/lib/datadog/appsec/response.rb +82 -4
  87. data/lib/datadog/appsec/sample_rate.rb +21 -0
  88. data/lib/datadog/appsec.rb +3 -4
  89. data/lib/datadog/auto_instrument.rb +3 -0
  90. data/lib/datadog/core/backport.rb +51 -0
  91. data/lib/datadog/core/configuration/agent_settings_resolver.rb +38 -29
  92. data/lib/datadog/core/configuration/base.rb +6 -16
  93. data/lib/datadog/core/configuration/components.rb +20 -7
  94. data/lib/datadog/core/configuration/ext.rb +28 -5
  95. data/lib/datadog/core/configuration/option.rb +271 -21
  96. data/lib/datadog/core/configuration/option_definition.rb +73 -32
  97. data/lib/datadog/core/configuration/options.rb +27 -15
  98. data/lib/datadog/core/configuration/settings.rb +398 -119
  99. data/lib/datadog/core/configuration.rb +24 -4
  100. data/lib/datadog/core/diagnostics/environment_logger.rb +132 -235
  101. data/lib/datadog/core/environment/class_count.rb +6 -6
  102. data/lib/datadog/core/environment/execution.rb +103 -0
  103. data/lib/datadog/core/environment/ext.rb +13 -11
  104. data/lib/datadog/core/environment/git.rb +25 -0
  105. data/lib/datadog/core/environment/identity.rb +18 -48
  106. data/lib/datadog/core/environment/platform.rb +7 -1
  107. data/lib/datadog/core/environment/variable_helpers.rb +0 -69
  108. data/lib/datadog/core/environment/yjit.rb +58 -0
  109. data/lib/datadog/core/error.rb +1 -0
  110. data/lib/datadog/core/git/ext.rb +6 -23
  111. data/lib/datadog/core/logging/ext.rb +3 -1
  112. data/lib/datadog/core/metrics/ext.rb +7 -5
  113. data/lib/datadog/core/remote/client/capabilities.rb +7 -2
  114. data/lib/datadog/core/remote/client.rb +3 -0
  115. data/lib/datadog/core/remote/component.rb +52 -48
  116. data/lib/datadog/core/remote/configuration/content.rb +28 -1
  117. data/lib/datadog/core/remote/configuration/repository.rb +3 -1
  118. data/lib/datadog/core/remote/ext.rb +2 -1
  119. data/lib/datadog/core/remote/negotiation.rb +20 -7
  120. data/lib/datadog/core/remote/tie/tracing.rb +39 -0
  121. data/lib/datadog/core/remote/tie.rb +27 -0
  122. data/lib/datadog/core/remote/transport/config.rb +60 -0
  123. data/lib/datadog/core/remote/transport/http/api/instance.rb +39 -0
  124. data/lib/datadog/core/remote/transport/http/api/spec.rb +21 -0
  125. data/lib/datadog/core/remote/transport/http/api.rb +58 -0
  126. data/lib/datadog/core/remote/transport/http/builder.rb +219 -0
  127. data/lib/datadog/core/remote/transport/http/client.rb +48 -0
  128. data/lib/datadog/core/remote/transport/http/config.rb +280 -0
  129. data/lib/datadog/core/remote/transport/http/negotiation.rb +146 -0
  130. data/lib/datadog/core/remote/transport/http.rb +179 -0
  131. data/lib/datadog/core/{transport → remote/transport}/negotiation.rb +25 -23
  132. data/lib/datadog/core/remote/worker.rb +11 -5
  133. data/lib/datadog/core/runtime/ext.rb +22 -12
  134. data/lib/datadog/core/runtime/metrics.rb +43 -0
  135. data/lib/datadog/core/telemetry/client.rb +28 -10
  136. data/lib/datadog/core/telemetry/emitter.rb +9 -11
  137. data/lib/datadog/core/telemetry/event.rb +250 -44
  138. data/lib/datadog/core/telemetry/ext.rb +8 -1
  139. data/lib/datadog/core/telemetry/heartbeat.rb +3 -7
  140. data/lib/datadog/core/telemetry/http/ext.rb +13 -8
  141. data/lib/datadog/core/telemetry/http/response.rb +4 -0
  142. data/lib/datadog/core/telemetry/http/transport.rb +10 -3
  143. data/lib/datadog/core/telemetry/request.rb +59 -0
  144. data/lib/datadog/core/transport/ext.rb +49 -0
  145. data/lib/datadog/core/transport/http/adapters/net.rb +168 -0
  146. data/lib/datadog/core/transport/http/adapters/registry.rb +29 -0
  147. data/lib/datadog/core/transport/http/adapters/test.rb +89 -0
  148. data/lib/datadog/core/transport/http/adapters/unix_socket.rb +83 -0
  149. data/lib/datadog/core/transport/http/api/endpoint.rb +31 -0
  150. data/lib/datadog/core/transport/http/api/fallbacks.rb +26 -0
  151. data/lib/datadog/core/transport/http/api/map.rb +18 -0
  152. data/lib/datadog/core/transport/http/env.rb +62 -0
  153. data/lib/datadog/core/transport/http/response.rb +60 -0
  154. data/lib/datadog/core/transport/parcel.rb +22 -0
  155. data/lib/datadog/core/transport/request.rb +17 -0
  156. data/lib/datadog/core/transport/response.rb +64 -0
  157. data/lib/datadog/core/utils/duration.rb +52 -0
  158. data/lib/datadog/core/utils/hash.rb +47 -0
  159. data/lib/datadog/core/utils/network.rb +1 -1
  160. data/lib/datadog/core/utils/safe_dup.rb +27 -20
  161. data/lib/datadog/core/utils/url.rb +25 -0
  162. data/lib/datadog/core/utils.rb +1 -1
  163. data/lib/datadog/core/workers/async.rb +3 -2
  164. data/lib/datadog/core/workers/polling.rb +2 -2
  165. data/lib/datadog/kit/appsec/events.rb +139 -89
  166. data/lib/datadog/kit/enable_core_dumps.rb +5 -6
  167. data/lib/datadog/kit/identity.rb +80 -65
  168. data/lib/datadog/opentelemetry/api/context.rb +10 -3
  169. data/lib/datadog/opentelemetry/sdk/propagator.rb +5 -3
  170. data/lib/datadog/opentelemetry/sdk/span_processor.rb +48 -5
  171. data/lib/datadog/opentelemetry/sdk/trace/span.rb +167 -0
  172. data/lib/datadog/opentelemetry/trace.rb +58 -0
  173. data/lib/datadog/opentelemetry.rb +4 -0
  174. data/lib/datadog/opentracer/text_map_propagator.rb +2 -1
  175. data/lib/datadog/opentracer.rb +9 -0
  176. data/lib/datadog/profiling/collectors/code_provenance.rb +10 -4
  177. data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +43 -20
  178. data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +3 -1
  179. data/lib/datadog/profiling/collectors/info.rb +101 -0
  180. data/lib/datadog/profiling/collectors/thread_context.rb +17 -2
  181. data/lib/datadog/profiling/component.rb +248 -97
  182. data/lib/datadog/profiling/exporter.rb +26 -5
  183. data/lib/datadog/profiling/ext.rb +2 -12
  184. data/lib/datadog/profiling/flush.rb +10 -5
  185. data/lib/datadog/profiling/http_transport.rb +23 -6
  186. data/lib/datadog/profiling/load_native_extension.rb +25 -6
  187. data/lib/datadog/profiling/native_extension.rb +1 -22
  188. data/lib/datadog/profiling/profiler.rb +36 -13
  189. data/lib/datadog/profiling/scheduler.rb +20 -15
  190. data/lib/datadog/profiling/stack_recorder.rb +19 -4
  191. data/lib/datadog/profiling/tag_builder.rb +5 -0
  192. data/lib/datadog/profiling/tasks/exec.rb +3 -3
  193. data/lib/datadog/profiling/tasks/help.rb +3 -3
  194. data/lib/datadog/profiling.rb +28 -79
  195. data/lib/datadog/tracing/component.rb +70 -11
  196. data/lib/datadog/tracing/configuration/agent_settings_resolver.rb +13 -0
  197. data/lib/datadog/tracing/configuration/dynamic/option.rb +71 -0
  198. data/lib/datadog/tracing/configuration/dynamic.rb +64 -0
  199. data/lib/datadog/tracing/configuration/ext.rb +40 -33
  200. data/lib/datadog/tracing/configuration/http.rb +74 -0
  201. data/lib/datadog/tracing/configuration/settings.rb +136 -99
  202. data/lib/datadog/tracing/contrib/action_cable/configuration/settings.rb +10 -6
  203. data/lib/datadog/tracing/contrib/action_cable/ext.rb +21 -18
  204. data/lib/datadog/tracing/contrib/action_mailer/configuration/settings.rb +10 -6
  205. data/lib/datadog/tracing/contrib/action_mailer/events/deliver.rb +1 -1
  206. data/lib/datadog/tracing/contrib/action_mailer/ext.rb +21 -18
  207. data/lib/datadog/tracing/contrib/action_pack/configuration/settings.rb +10 -7
  208. data/lib/datadog/tracing/contrib/action_pack/ext.rb +11 -8
  209. data/lib/datadog/tracing/contrib/action_view/configuration/settings.rb +10 -6
  210. data/lib/datadog/tracing/contrib/action_view/ext.rb +13 -10
  211. data/lib/datadog/tracing/contrib/active_job/configuration/settings.rb +14 -7
  212. data/lib/datadog/tracing/contrib/active_job/ext.rb +26 -23
  213. data/lib/datadog/tracing/contrib/active_job/log_injection.rb +1 -1
  214. data/lib/datadog/tracing/contrib/active_job/patcher.rb +1 -1
  215. data/lib/datadog/tracing/contrib/active_model_serializers/configuration/settings.rb +10 -6
  216. data/lib/datadog/tracing/contrib/active_model_serializers/ext.rb +13 -10
  217. data/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +29 -15
  218. data/lib/datadog/tracing/contrib/active_record/configuration/settings.rb +10 -7
  219. data/lib/datadog/tracing/contrib/active_record/events/sql.rb +2 -6
  220. data/lib/datadog/tracing/contrib/active_record/ext.rb +18 -15
  221. data/lib/datadog/tracing/contrib/active_record/utils.rb +1 -1
  222. data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +106 -202
  223. data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +3 -0
  224. data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -7
  225. data/lib/datadog/tracing/contrib/active_support/ext.rb +19 -16
  226. data/lib/datadog/tracing/contrib/analytics.rb +0 -1
  227. data/lib/datadog/tracing/contrib/aws/configuration/settings.rb +15 -7
  228. data/lib/datadog/tracing/contrib/aws/ext.rb +38 -24
  229. data/lib/datadog/tracing/contrib/aws/instrumentation.rb +16 -5
  230. data/lib/datadog/tracing/contrib/concurrent_ruby/async_patch.rb +20 -0
  231. data/lib/datadog/tracing/contrib/concurrent_ruby/configuration/settings.rb +3 -2
  232. data/lib/datadog/tracing/contrib/concurrent_ruby/context_composite_executor_service.rb +14 -14
  233. data/lib/datadog/tracing/contrib/concurrent_ruby/ext.rb +4 -2
  234. data/lib/datadog/tracing/contrib/concurrent_ruby/future_patch.rb +3 -10
  235. data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +2 -1
  236. data/lib/datadog/tracing/contrib/concurrent_ruby/patcher.rb +19 -2
  237. data/lib/datadog/tracing/contrib/concurrent_ruby/promises_future_patch.rb +22 -0
  238. data/lib/datadog/tracing/contrib/configurable.rb +1 -1
  239. data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
  240. data/lib/datadog/tracing/contrib/dalli/configuration/settings.rb +21 -7
  241. data/lib/datadog/tracing/contrib/dalli/ext.rb +27 -11
  242. data/lib/datadog/tracing/contrib/dalli/instrumentation.rb +17 -8
  243. data/lib/datadog/tracing/contrib/delayed_job/configuration/settings.rb +14 -7
  244. data/lib/datadog/tracing/contrib/delayed_job/ext.rb +17 -14
  245. data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +15 -7
  246. data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +22 -15
  247. data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +104 -99
  248. data/lib/datadog/tracing/contrib/ethon/configuration/settings.rb +17 -9
  249. data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +48 -3
  250. data/lib/datadog/tracing/contrib/ethon/ext.rb +20 -11
  251. data/lib/datadog/tracing/contrib/ethon/multi_patch.rb +6 -3
  252. data/lib/datadog/tracing/contrib/excon/configuration/settings.rb +20 -10
  253. data/lib/datadog/tracing/contrib/excon/ext.rb +17 -8
  254. data/lib/datadog/tracing/contrib/excon/middleware.rb +25 -5
  255. data/lib/datadog/tracing/contrib/ext.rb +26 -1
  256. data/lib/datadog/tracing/contrib/extensions.rb +38 -2
  257. data/lib/datadog/tracing/contrib/faraday/configuration/settings.rb +27 -10
  258. data/lib/datadog/tracing/contrib/faraday/ext.rb +17 -8
  259. data/lib/datadog/tracing/contrib/faraday/middleware.rb +22 -6
  260. data/lib/datadog/tracing/contrib/grape/configuration/settings.rb +9 -6
  261. data/lib/datadog/tracing/contrib/grape/ext.rb +17 -14
  262. data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +9 -6
  263. data/lib/datadog/tracing/contrib/graphql/ext.rb +8 -5
  264. data/lib/datadog/tracing/contrib/grpc/configuration/settings.rb +40 -9
  265. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +39 -20
  266. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +37 -18
  267. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor.rb +0 -4
  268. data/lib/datadog/tracing/contrib/grpc/ext.rb +17 -13
  269. data/lib/datadog/tracing/contrib/grpc/formatting.rb +127 -0
  270. data/lib/datadog/tracing/contrib/hanami/configuration/settings.rb +3 -2
  271. data/lib/datadog/tracing/contrib/hanami/ext.rb +10 -8
  272. data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +5 -8
  273. data/lib/datadog/tracing/contrib/http/configuration/settings.rb +34 -11
  274. data/lib/datadog/tracing/contrib/http/distributed/fetcher.rb +2 -2
  275. data/lib/datadog/tracing/contrib/http/ext.rb +17 -9
  276. data/lib/datadog/tracing/contrib/http/instrumentation.rb +27 -7
  277. data/lib/datadog/tracing/contrib/httpclient/configuration/settings.rb +34 -11
  278. data/lib/datadog/tracing/contrib/httpclient/ext.rb +18 -9
  279. data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +22 -5
  280. data/lib/datadog/tracing/contrib/httprb/configuration/settings.rb +34 -11
  281. data/lib/datadog/tracing/contrib/httprb/ext.rb +17 -9
  282. data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +22 -5
  283. data/lib/datadog/tracing/contrib/kafka/configuration/settings.rb +10 -6
  284. data/lib/datadog/tracing/contrib/kafka/ext.rb +43 -39
  285. data/lib/datadog/tracing/contrib/lograge/configuration/settings.rb +3 -2
  286. data/lib/datadog/tracing/contrib/lograge/ext.rb +3 -1
  287. data/lib/datadog/tracing/contrib/lograge/instrumentation.rb +2 -17
  288. data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +15 -7
  289. data/lib/datadog/tracing/contrib/mongodb/ext.rb +21 -16
  290. data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +16 -5
  291. data/lib/datadog/tracing/contrib/mysql2/configuration/settings.rb +22 -14
  292. data/lib/datadog/tracing/contrib/mysql2/ext.rb +16 -10
  293. data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +22 -7
  294. data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +53 -0
  295. data/lib/datadog/tracing/contrib/opensearch/ext.rb +38 -0
  296. data/lib/datadog/tracing/contrib/opensearch/integration.rb +44 -0
  297. data/lib/datadog/tracing/contrib/opensearch/patcher.rb +135 -0
  298. data/lib/datadog/tracing/contrib/opensearch/quantize.rb +81 -0
  299. data/lib/datadog/tracing/contrib/pg/configuration/settings.rb +23 -14
  300. data/lib/datadog/tracing/contrib/pg/ext.rb +23 -19
  301. data/lib/datadog/tracing/contrib/pg/instrumentation.rb +49 -9
  302. data/lib/datadog/tracing/contrib/presto/configuration/settings.rb +15 -7
  303. data/lib/datadog/tracing/contrib/presto/ext.rb +26 -20
  304. data/lib/datadog/tracing/contrib/presto/instrumentation.rb +14 -5
  305. data/lib/datadog/tracing/contrib/propagation/sql_comment/ext.rb +12 -10
  306. data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +1 -1
  307. data/lib/datadog/tracing/contrib/qless/configuration/settings.rb +13 -8
  308. data/lib/datadog/tracing/contrib/qless/ext.rb +15 -12
  309. data/lib/datadog/tracing/contrib/que/configuration/settings.rb +22 -12
  310. data/lib/datadog/tracing/contrib/que/ext.rb +1 -0
  311. data/lib/datadog/tracing/contrib/racecar/configuration/settings.rb +10 -7
  312. data/lib/datadog/tracing/contrib/racecar/event.rb +5 -5
  313. data/lib/datadog/tracing/contrib/racecar/ext.rb +21 -18
  314. data/lib/datadog/tracing/contrib/rack/configuration/settings.rb +17 -12
  315. data/lib/datadog/tracing/contrib/rack/ext.rb +19 -16
  316. data/lib/datadog/tracing/contrib/rack/header_collection.rb +3 -0
  317. data/lib/datadog/tracing/contrib/rack/header_tagging.rb +63 -0
  318. data/lib/datadog/tracing/contrib/rack/middlewares.rb +16 -50
  319. data/lib/datadog/tracing/contrib/rails/auto_instrument_railtie.rb +0 -2
  320. data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +20 -15
  321. data/lib/datadog/tracing/contrib/rails/ext.rb +8 -5
  322. data/lib/datadog/tracing/contrib/rails/log_injection.rb +7 -10
  323. data/lib/datadog/tracing/contrib/rails/patcher.rb +10 -41
  324. data/lib/datadog/tracing/contrib/rails/railtie.rb +3 -3
  325. data/lib/datadog/tracing/contrib/rake/configuration/settings.rb +14 -10
  326. data/lib/datadog/tracing/contrib/rake/ext.rb +15 -12
  327. data/lib/datadog/tracing/contrib/redis/configuration/settings.rb +18 -9
  328. data/lib/datadog/tracing/contrib/redis/ext.rb +23 -15
  329. data/lib/datadog/tracing/contrib/redis/instrumentation.rb +5 -40
  330. data/lib/datadog/tracing/contrib/redis/patcher.rb +34 -21
  331. data/lib/datadog/tracing/contrib/redis/tags.rb +16 -7
  332. data/lib/datadog/tracing/contrib/redis/trace_middleware.rb +46 -33
  333. data/lib/datadog/tracing/contrib/resque/configuration/settings.rb +14 -7
  334. data/lib/datadog/tracing/contrib/resque/ext.rb +10 -7
  335. data/lib/datadog/tracing/contrib/rest_client/configuration/settings.rb +17 -9
  336. data/lib/datadog/tracing/contrib/rest_client/ext.rb +16 -8
  337. data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +25 -5
  338. data/lib/datadog/tracing/contrib/roda/configuration/settings.rb +10 -6
  339. data/lib/datadog/tracing/contrib/roda/ext.rb +1 -0
  340. data/lib/datadog/tracing/contrib/semantic_logger/configuration/settings.rb +3 -2
  341. data/lib/datadog/tracing/contrib/semantic_logger/ext.rb +3 -1
  342. data/lib/datadog/tracing/contrib/semantic_logger/instrumentation.rb +4 -20
  343. data/lib/datadog/tracing/contrib/sequel/configuration/settings.rb +10 -6
  344. data/lib/datadog/tracing/contrib/sequel/ext.rb +11 -8
  345. data/lib/datadog/tracing/contrib/sequel/utils.rb +7 -7
  346. data/lib/datadog/tracing/contrib/shoryuken/configuration/settings.rb +15 -8
  347. data/lib/datadog/tracing/contrib/shoryuken/ext.rb +15 -12
  348. data/lib/datadog/tracing/contrib/sidekiq/configuration/settings.rb +19 -11
  349. data/lib/datadog/tracing/contrib/sidekiq/ext.rb +33 -30
  350. data/lib/datadog/tracing/contrib/sinatra/configuration/settings.rb +12 -9
  351. data/lib/datadog/tracing/contrib/sinatra/env.rb +0 -17
  352. data/lib/datadog/tracing/contrib/sinatra/ext.rb +22 -19
  353. data/lib/datadog/tracing/contrib/sinatra/tracer_middleware.rb +3 -14
  354. data/lib/datadog/tracing/contrib/sneakers/configuration/settings.rb +15 -8
  355. data/lib/datadog/tracing/contrib/sneakers/ext.rb +2 -0
  356. data/lib/datadog/tracing/contrib/sneakers/tracer.rb +1 -1
  357. data/lib/datadog/tracing/contrib/span_attribute_schema.rb +74 -10
  358. data/lib/datadog/tracing/contrib/stripe/configuration/settings.rb +10 -6
  359. data/lib/datadog/tracing/contrib/stripe/ext.rb +1 -0
  360. data/lib/datadog/tracing/contrib/sucker_punch/configuration/settings.rb +10 -6
  361. data/lib/datadog/tracing/contrib/sucker_punch/ext.rb +16 -13
  362. data/lib/datadog/tracing/contrib/trilogy/configuration/settings.rb +58 -0
  363. data/lib/datadog/tracing/contrib/trilogy/ext.rb +27 -0
  364. data/lib/datadog/tracing/contrib/trilogy/instrumentation.rb +94 -0
  365. data/lib/datadog/tracing/contrib/trilogy/integration.rb +43 -0
  366. data/lib/datadog/{ci/contrib/cucumber → tracing/contrib/trilogy}/patcher.rb +10 -6
  367. data/lib/datadog/tracing/contrib/utils/database.rb +5 -3
  368. data/lib/datadog/tracing/contrib/utils/quantization/http.rb +11 -11
  369. data/lib/datadog/tracing/contrib.rb +2 -0
  370. data/lib/datadog/tracing/correlation.rb +29 -12
  371. data/lib/datadog/tracing/diagnostics/environment_logger.rb +165 -0
  372. data/lib/datadog/tracing/diagnostics/ext.rb +21 -19
  373. data/lib/datadog/tracing/distributed/b3_multi.rb +2 -2
  374. data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
  375. data/lib/datadog/tracing/distributed/datadog.rb +0 -1
  376. data/lib/datadog/tracing/distributed/propagation.rb +35 -34
  377. data/lib/datadog/tracing/distributed/trace_context.rb +52 -17
  378. data/lib/datadog/tracing/metadata/ext.rb +9 -6
  379. data/lib/datadog/tracing/metadata/tagging.rb +3 -3
  380. data/lib/datadog/tracing/remote.rb +78 -0
  381. data/lib/datadog/tracing/sampling/matcher.rb +23 -3
  382. data/lib/datadog/tracing/sampling/rule.rb +7 -2
  383. data/lib/datadog/tracing/sampling/rule_sampler.rb +31 -0
  384. data/lib/datadog/tracing/span_operation.rb +3 -15
  385. data/lib/datadog/tracing/sync_writer.rb +3 -3
  386. data/lib/datadog/tracing/trace_digest.rb +31 -0
  387. data/lib/datadog/tracing/trace_operation.rb +17 -5
  388. data/lib/datadog/tracing/trace_segment.rb +5 -2
  389. data/lib/datadog/tracing/tracer.rb +12 -1
  390. data/lib/datadog/{core → tracing}/transport/http/api/instance.rb +1 -1
  391. data/lib/datadog/{core → tracing}/transport/http/api/spec.rb +1 -1
  392. data/lib/datadog/tracing/transport/http/api.rb +43 -0
  393. data/lib/datadog/{core → tracing}/transport/http/builder.rb +13 -68
  394. data/lib/datadog/tracing/transport/http/client.rb +57 -0
  395. data/lib/datadog/tracing/transport/http/statistics.rb +47 -0
  396. data/lib/datadog/tracing/transport/http/traces.rb +152 -0
  397. data/lib/datadog/tracing/transport/http.rb +125 -0
  398. data/lib/datadog/tracing/transport/io/client.rb +89 -0
  399. data/lib/datadog/tracing/transport/io/response.rb +27 -0
  400. data/lib/datadog/tracing/transport/io/traces.rb +101 -0
  401. data/lib/datadog/tracing/transport/io.rb +30 -0
  402. data/lib/datadog/tracing/transport/serializable_trace.rb +126 -0
  403. data/lib/datadog/tracing/transport/statistics.rb +77 -0
  404. data/lib/datadog/tracing/transport/trace_formatter.rb +240 -0
  405. data/lib/datadog/tracing/transport/traces.rb +224 -0
  406. data/lib/datadog/tracing/workers/trace_writer.rb +6 -4
  407. data/lib/datadog/tracing/workers.rb +4 -2
  408. data/lib/datadog/tracing/writer.rb +5 -2
  409. data/lib/datadog/tracing.rb +8 -2
  410. data/lib/ddtrace/transport/ext.rb +22 -14
  411. data/lib/ddtrace/version.rb +9 -12
  412. data/lib/ddtrace.rb +1 -1
  413. metadata +157 -139
  414. data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.h +0 -25
  415. data/ext/ddtrace_profiling_native_extension/ruby_helpers.c +0 -110
  416. data/ext/ddtrace_profiling_native_extension/stack_recorder.c +0 -591
  417. data/ext/ddtrace_profiling_native_extension/stack_recorder.h +0 -14
  418. data/ext/ddtrace_profiling_native_extension/time_helpers.c +0 -17
  419. data/ext/ddtrace_profiling_native_extension/time_helpers.h +0 -10
  420. data/lib/datadog/ci/configuration/components.rb +0 -32
  421. data/lib/datadog/ci/configuration/settings.rb +0 -53
  422. data/lib/datadog/ci/contrib/cucumber/configuration/settings.rb +0 -33
  423. data/lib/datadog/ci/contrib/cucumber/ext.rb +0 -20
  424. data/lib/datadog/ci/contrib/cucumber/formatter.rb +0 -94
  425. data/lib/datadog/ci/contrib/cucumber/instrumentation.rb +0 -28
  426. data/lib/datadog/ci/contrib/cucumber/integration.rb +0 -47
  427. data/lib/datadog/ci/contrib/rspec/configuration/settings.rb +0 -33
  428. data/lib/datadog/ci/contrib/rspec/example.rb +0 -68
  429. data/lib/datadog/ci/contrib/rspec/ext.rb +0 -19
  430. data/lib/datadog/ci/contrib/rspec/integration.rb +0 -48
  431. data/lib/datadog/ci/contrib/rspec/patcher.rb +0 -27
  432. data/lib/datadog/ci/ext/app_types.rb +0 -9
  433. data/lib/datadog/ci/ext/environment.rb +0 -575
  434. data/lib/datadog/ci/ext/settings.rb +0 -10
  435. data/lib/datadog/ci/ext/test.rb +0 -35
  436. data/lib/datadog/ci/extensions.rb +0 -19
  437. data/lib/datadog/ci/flush.rb +0 -38
  438. data/lib/datadog/ci/test.rb +0 -81
  439. data/lib/datadog/ci.rb +0 -20
  440. data/lib/datadog/core/configuration/dependency_resolver.rb +0 -28
  441. data/lib/datadog/core/configuration/option_definition_set.rb +0 -22
  442. data/lib/datadog/core/configuration/option_set.rb +0 -10
  443. data/lib/datadog/core/telemetry/collector.rb +0 -231
  444. data/lib/datadog/core/telemetry/v1/app_event.rb +0 -52
  445. data/lib/datadog/core/telemetry/v1/application.rb +0 -92
  446. data/lib/datadog/core/telemetry/v1/configuration.rb +0 -25
  447. data/lib/datadog/core/telemetry/v1/dependency.rb +0 -43
  448. data/lib/datadog/core/telemetry/v1/host.rb +0 -59
  449. data/lib/datadog/core/telemetry/v1/integration.rb +0 -64
  450. data/lib/datadog/core/telemetry/v1/product.rb +0 -36
  451. data/lib/datadog/core/telemetry/v1/telemetry_request.rb +0 -106
  452. data/lib/datadog/core/transport/config.rb +0 -58
  453. data/lib/datadog/core/transport/http/api.rb +0 -57
  454. data/lib/datadog/core/transport/http/client.rb +0 -45
  455. data/lib/datadog/core/transport/http/config.rb +0 -268
  456. data/lib/datadog/core/transport/http/negotiation.rb +0 -144
  457. data/lib/datadog/core/transport/http.rb +0 -169
  458. data/lib/datadog/core/utils/object_set.rb +0 -43
  459. data/lib/datadog/core/utils/string_table.rb +0 -47
  460. data/lib/datadog/profiling/backtrace_location.rb +0 -34
  461. data/lib/datadog/profiling/buffer.rb +0 -43
  462. data/lib/datadog/profiling/collectors/old_stack.rb +0 -301
  463. data/lib/datadog/profiling/encoding/profile.rb +0 -41
  464. data/lib/datadog/profiling/event.rb +0 -15
  465. data/lib/datadog/profiling/events/stack.rb +0 -82
  466. data/lib/datadog/profiling/old_recorder.rb +0 -107
  467. data/lib/datadog/profiling/pprof/builder.rb +0 -125
  468. data/lib/datadog/profiling/pprof/converter.rb +0 -102
  469. data/lib/datadog/profiling/pprof/message_set.rb +0 -16
  470. data/lib/datadog/profiling/pprof/payload.rb +0 -20
  471. data/lib/datadog/profiling/pprof/pprof.proto +0 -212
  472. data/lib/datadog/profiling/pprof/pprof_pb.rb +0 -81
  473. data/lib/datadog/profiling/pprof/stack_sample.rb +0 -139
  474. data/lib/datadog/profiling/pprof/string_table.rb +0 -12
  475. data/lib/datadog/profiling/pprof/template.rb +0 -118
  476. data/lib/datadog/profiling/trace_identifiers/ddtrace.rb +0 -43
  477. data/lib/datadog/profiling/trace_identifiers/helper.rb +0 -45
  478. data/lib/datadog/tracing/contrib/sinatra/headers.rb +0 -35
  479. data/lib/ddtrace/transport/http/adapters/net.rb +0 -168
  480. data/lib/ddtrace/transport/http/adapters/registry.rb +0 -27
  481. data/lib/ddtrace/transport/http/adapters/test.rb +0 -85
  482. data/lib/ddtrace/transport/http/adapters/unix_socket.rb +0 -77
  483. data/lib/ddtrace/transport/http/api/endpoint.rb +0 -29
  484. data/lib/ddtrace/transport/http/api/fallbacks.rb +0 -24
  485. data/lib/ddtrace/transport/http/api/instance.rb +0 -35
  486. data/lib/ddtrace/transport/http/api/map.rb +0 -16
  487. data/lib/ddtrace/transport/http/api/spec.rb +0 -17
  488. data/lib/ddtrace/transport/http/api.rb +0 -39
  489. data/lib/ddtrace/transport/http/builder.rb +0 -176
  490. data/lib/ddtrace/transport/http/client.rb +0 -52
  491. data/lib/ddtrace/transport/http/env.rb +0 -58
  492. data/lib/ddtrace/transport/http/response.rb +0 -58
  493. data/lib/ddtrace/transport/http/statistics.rb +0 -43
  494. data/lib/ddtrace/transport/http/traces.rb +0 -144
  495. data/lib/ddtrace/transport/http.rb +0 -117
  496. data/lib/ddtrace/transport/io/client.rb +0 -85
  497. data/lib/ddtrace/transport/io/response.rb +0 -25
  498. data/lib/ddtrace/transport/io/traces.rb +0 -99
  499. data/lib/ddtrace/transport/io.rb +0 -28
  500. data/lib/ddtrace/transport/parcel.rb +0 -20
  501. data/lib/ddtrace/transport/request.rb +0 -15
  502. data/lib/ddtrace/transport/response.rb +0 -60
  503. data/lib/ddtrace/transport/serializable_trace.rb +0 -122
  504. data/lib/ddtrace/transport/statistics.rb +0 -75
  505. data/lib/ddtrace/transport/trace_formatter.rb +0 -198
  506. data/lib/ddtrace/transport/traces.rb +0 -216
  507. /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_idle_sampling_helper.h +0 -0
  508. /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/setup_signal_handler.c +0 -0
  509. /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/setup_signal_handler.h +0 -0
data/lib/datadog/appsec/configuration/settings.rb CHANGED
@@ -1,223 +1,201 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'set'
3
+ require_relative '../../core/utils/duration'
4
+ require_relative '../sample_rate'
4
5
 
5
6
  module Datadog
6
7
  module AppSec
7
8
  module Configuration
8
- # Configuration settings, acting as an integration registry
9
- # TODO: as with Configuration, this is a trivial implementation
10
- class Settings
11
- class << self
12
- def boolean
13
- # @type ^(::String) -> bool
14
- ->(v) do # rubocop:disable Style/Lambda
15
- case v
16
- when /(1|true)/i
17
- true
18
- when /(0|false)/i, nil
19
- false
20
- else
21
- raise ArgumentError, "invalid boolean: #{v.inspect}"
22
- end
23
- end
24
- end
9
+ # Settings
10
+ module Settings
11
+ # rubocop:disable Layout/LineLength
12
+ DEFAULT_OBFUSCATOR_KEY_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization'
13
+ DEFAULT_OBFUSCATOR_VALUE_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}'
14
+ # rubocop:enable Layout/LineLength
15
+ APPSEC_VALID_TRACK_USER_EVENTS_MODE = [
16
+ 'safe',
17
+ 'extended'
18
+ ].freeze
19
+ APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES = [
20
+ '1',
21
+ 'true'
22
+ ].concat(APPSEC_VALID_TRACK_USER_EVENTS_MODE).freeze
23
+
24
+ def self.extended(base)
25
+ base = base.singleton_class unless base.is_a?(Class)
26
+ add_settings!(base)
27
+ end
25
28
 
26
- # TODO: allow symbols
27
- def string
28
- # @type ^(::String) -> ::String
29
- ->(v) { v.to_s }
30
- end
29
+ # rubocop:disable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
30
+ def self.add_settings!(base)
31
+ base.class_eval do
32
+ settings :appsec do
33
+ option :enabled do |o|
34
+ o.type :bool
35
+ o.env 'DD_APPSEC_ENABLED'
36
+ o.default false
37
+ end
31
38
 
32
- def integer
33
- # @type ^(::String) -> ::Integer
34
- ->(v) do # rubocop:disable Style/Lambda
35
- case v
36
- when /(\d+)/
37
- Regexp.last_match(1).to_i
38
- else
39
- raise ArgumentError, "invalid integer: #{v.inspect}"
39
+ define_method(:instrument) do |integration_name|
40
+ if enabled
41
+ registered_integration = Datadog::AppSec::Contrib::Integration.registry[integration_name]
42
+ if registered_integration
43
+ klass = registered_integration.klass
44
+ if klass.loaded? && klass.compatible?
45
+ instance = klass.new
46
+ instance.patcher.patch unless instance.patcher.patched?
47
+ end
48
+ end
49
+ end
40
50
  end
41
- end
42
- end
43
51
 
44
- # rubocop:disable Metrics/MethodLength
45
- def duration(base = :ns, type = :integer)
46
- # @type ^(::String) -> ::Integer | ::Float
47
- ->(v) do # rubocop:disable Style/Lambda
48
- cast = case type
49
- when :integer, Integer
50
- method(:Integer)
51
- when :float, Float
52
- method(:Float)
53
- else
54
- raise ArgumentError, "invalid type: #{v.inspect}"
55
- end
56
-
57
- scale = case base
58
- when :s
59
- 1_000_000_000
60
- when :ms
61
- 1_000_000
62
- when :us
63
- 1000
64
- when :ns
65
- 1
66
- else
67
- raise ArgumentError, "invalid base: #{v.inspect}"
68
- end
52
+ option :ruleset do |o|
53
+ o.env 'DD_APPSEC_RULES'
54
+ o.default :recommended
55
+ end
69
56
 
70
- case v
71
- when /^(\d+)h$/
72
- cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 * 60 / scale
73
- when /^(\d+)m$/
74
- cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 / scale
75
- when /^(\d+)s$/
76
- cast.call(Regexp.last_match(1)) * 1_000_000_000 / scale
77
- when /^(\d+)ms$/
78
- cast.call(Regexp.last_match(1)) * 1_000_000 / scale
79
- when /^(\d+)us$/
80
- cast.call(Regexp.last_match(1)) * 1_000 / scale
81
- when /^(\d+)ns$/
82
- cast.call(Regexp.last_match(1)) / scale
83
- when /^(\d+)$/
84
- cast.call(Regexp.last_match(1))
85
- else
86
- raise ArgumentError, "invalid duration: #{v.inspect}"
57
+ option :ip_passlist do |o|
58
+ o.default []
87
59
  end
88
- end
89
- end
90
- # rubocop:enable Metrics/MethodLength
91
- end
92
60
 
93
- # rubocop:disable Layout/LineLength
94
- DEFAULT_OBFUSCATOR_KEY_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization'
95
- DEFAULT_OBFUSCATOR_VALUE_REGEX = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}'
96
- # rubocop:enable Layout/LineLength
61
+ option :ip_denylist do |o|
62
+ o.type :array
63
+ o.default []
64
+ end
97
65
 
98
- DEFAULTS = {
99
- enabled: false,
100
- ruleset: :recommended,
101
- waf_timeout: 5_000, # us
102
- waf_debug: false,
103
- trace_rate_limit: 100, # traces/s
104
- obfuscator_key_regex: DEFAULT_OBFUSCATOR_KEY_REGEX,
105
- obfuscator_value_regex: DEFAULT_OBFUSCATOR_VALUE_REGEX,
106
- }.freeze
107
-
108
- ENVS = {
109
- 'DD_APPSEC_ENABLED' => [:enabled, Settings.boolean],
110
- 'DD_APPSEC_RULES' => [:ruleset, Settings.string],
111
- 'DD_APPSEC_WAF_TIMEOUT' => [:waf_timeout, Settings.duration(:us)],
112
- 'DD_APPSEC_WAF_DEBUG' => [:waf_debug, Settings.boolean],
113
- 'DD_APPSEC_TRACE_RATE_LIMIT' => [:trace_rate_limit, Settings.integer],
114
- 'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP' => [:obfuscator_key_regex, Settings.string],
115
- 'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP' => [:obfuscator_value_regex, Settings.string],
116
- }.freeze
117
-
118
- # Struct constant whisker cast for Steep
119
- Integration = _ = Struct.new(:integration) # rubocop:disable Naming/ConstantName
120
-
121
- def initialize
122
- @integrations = []
123
- # Stores which options have been configured using Datadog.configure block or ENV variables
124
- @configured = Set.new
125
- @options = DEFAULTS.dup.tap do |options|
126
- ENVS.each do |env, (key, conv)|
127
- if ENV[env]
128
- options[key] = conv.call(ENV[env])
129
- @configured << key
66
+ option :user_id_denylist do |o|
67
+ o.type :array
68
+ o.default []
130
69
  end
131
- end
132
- end
133
- end
134
70
 
135
- def enabled
136
- # Cast for Steep
137
- _ = @options[:enabled]
138
- end
71
+ option :waf_timeout do |o|
72
+ o.env 'DD_APPSEC_WAF_TIMEOUT' # us
73
+ o.default 5_000
74
+ o.setter do |v|
75
+ Datadog::Core::Utils::Duration.call(v.to_s, base: :us)
76
+ end
77
+ end
139
78
 
140
- def ruleset
141
- # Cast for Steep
142
- _ = @options[:ruleset]
143
- end
79
+ option :waf_debug do |o|
80
+ o.env 'DD_APPSEC_WAF_DEBUG'
81
+ o.default false
82
+ o.type :bool
83
+ end
144
84
 
145
- # EXPERIMENTAL: This configurable is not meant to be publicly used, but
146
- # is very useful for testing. It may change at any point in time.
147
- def ip_denylist
148
- # Cast for Steep
149
- _ = @options[:ip_denylist] || []
150
- end
85
+ option :trace_rate_limit do |o|
86
+ o.type :int
87
+ o.env 'DD_APPSEC_TRACE_RATE_LIMIT' # trace/s
88
+ o.default 100
89
+ end
151
90
 
152
- # EXPERIMENTAL: This configurable is not meant to be publicly used, but
153
- # is very useful for testing. It may change at any point in time.
154
- def user_id_denylist
155
- # Cast for Steep
156
- _ = @options[:user_id_denylist] || []
157
- end
91
+ option :obfuscator_key_regex do |o|
92
+ o.type :string
93
+ o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP'
94
+ o.default DEFAULT_OBFUSCATOR_KEY_REGEX
95
+ end
158
96
 
159
- def waf_timeout
160
- # Cast for Steep
161
- _ = @options[:waf_timeout]
162
- end
97
+ option :obfuscator_value_regex do |o|
98
+ o.type :string
99
+ o.env 'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP'
100
+ o.default DEFAULT_OBFUSCATOR_VALUE_REGEX
101
+ end
163
102
 
164
- def waf_debug
165
- # Cast for Steep
166
- _ = @options[:waf_debug]
167
- end
103
+ settings :block do
104
+ settings :templates do
105
+ option :html do |o|
106
+ o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML'
107
+ o.type :string, nilable: true
108
+ o.setter do |value|
109
+ if value
110
+ raise(ArgumentError, "appsec.templates.html: file not found: #{value}") unless File.exist?(value)
168
111
 
169
- def trace_rate_limit
170
- # Cast for Steep
171
- _ = @options[:trace_rate_limit]
172
- end
112
+ File.open(value, 'rb', &:read) || ''
113
+ end
114
+ end
115
+ end
173
116
 
174
- def obfuscator_key_regex
175
- # Cast for Steep
176
- _ = @options[:obfuscator_key_regex]
177
- end
117
+ option :json do |o|
118
+ o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON'
119
+ o.type :string, nilable: true
120
+ o.setter do |value|
121
+ if value
122
+ raise(ArgumentError, "appsec.templates.json: file not found: #{value}") unless File.exist?(value)
178
123
 
179
- def obfuscator_value_regex
180
- # Cast for Steep
181
- _ = @options[:obfuscator_value_regex]
182
- end
124
+ File.open(value, 'rb', &:read) || ''
125
+ end
126
+ end
127
+ end
183
128
 
184
- def merge(dsl)
185
- dsl.options.each do |k, v|
186
- unless v.nil?
187
- @options[k] = v
188
- @configured << k
189
- end
190
- end
129
+ option :text do |o|
130
+ o.env 'DD_APPSEC_HTTP_BLOCKED_TEMPLATE_TEXT'
131
+ o.type :string, nilable: true
132
+ o.setter do |value|
133
+ if value
134
+ raise(ArgumentError, "appsec.templates.text: file not found: #{value}") unless File.exist?(value)
191
135
 
192
- return self unless @options[:enabled]
136
+ File.open(value, 'rb', &:read) || ''
137
+ end
138
+ end
139
+ end
140
+ end
141
+ end
193
142
 
194
- # patcher.patch may call configure again, hence merge might be called again so it needs to be reentrant
195
- dsl.instruments.each do |instrument|
196
- # TODO: error handling
197
- registered_integration = Datadog::AppSec::Contrib::Integration.registry[instrument.name]
198
- @integrations << Integration.new(registered_integration)
143
+ settings :track_user_events do
144
+ option :enabled do |o|
145
+ o.default true
146
+ o.type :bool
147
+ o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
148
+ o.env_parser do |env_value|
149
+ if env_value == 'disabled'
150
+ false
151
+ else
152
+ APPSEC_VALID_TRACK_USER_EVENTS_ENABLED_VALUES.include?(env_value.strip.downcase)
153
+ end
154
+ end
155
+ end
156
+
157
+ option :mode do |o|
158
+ o.type :string
159
+ o.env 'DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING'
160
+ o.default 'safe'
161
+ o.setter do |v|
162
+ if APPSEC_VALID_TRACK_USER_EVENTS_MODE.include?(v)
163
+ v
164
+ elsif v == 'disabled'
165
+ 'safe'
166
+ else
167
+ Datadog.logger.warn(
168
+ 'The appsec.track_user_events.mode value provided is not supported.' \
169
+ 'Supported values are: safe | extended.' \
170
+ 'Using default value `safe`'
171
+ )
172
+ 'safe'
173
+ end
174
+ end
175
+ end
176
+ end
199
177
 
200
- # TODO: move to a separate apply step
201
- klass = registered_integration.klass
202
- if klass.loaded? && klass.compatible?
203
- instance = klass.new
204
- instance.patcher.patch
178
+ settings :api_security do
179
+ option :enabled do |o|
180
+ o.type :bool
181
+ o.env 'DD_EXPERIMENTAL_API_SECURITY_ENABLED'
182
+ o.default false
183
+ end
184
+
185
+ option :sample_rate do |o|
186
+ o.type :float
187
+ o.env 'DD_API_SECURITY_REQUEST_SAMPLE_RATE'
188
+ o.default 0.1
189
+ o.setter do |value|
190
+ value = 1 if value > 1
191
+ SampleRate.new(value)
192
+ end
193
+ end
194
+ end
205
195
  end
206
196
  end
207
-
208
- self
209
- end
210
-
211
- private
212
-
213
- def default?(option)
214
- !@configured.include?(option)
215
- end
216
-
217
- # Restore to original state, for testing only.
218
- def reset!
219
- initialize
220
197
  end
198
+ # rubocop:enable Metrics/AbcSize,Metrics/MethodLength,Metrics/BlockLength,Metrics/CyclomaticComplexity,Metrics/PerceivedComplexity
221
199
  end
222
200
  end
223
201
  end
data/lib/datadog/appsec/configuration.rb CHANGED
@@ -5,86 +5,7 @@ require_relative 'configuration/settings'
5
5
  module Datadog
6
6
  module AppSec
7
7
  # Configuration for AppSec
8
- # TODO: this is a trivial implementation, check with shareable code with
9
- # tracer and other products
10
8
  module Configuration
11
- def self.included(base)
12
- base.extend(ClassMethods)
13
- end
14
-
15
- # Configuration DSL implementation
16
- class DSL
17
- # Struct constant whisker cast for Steep
18
- Instrument = _ = Struct.new(:name) # rubocop:disable Naming/ConstantName
19
-
20
- def initialize
21
- @instruments = []
22
- @options = {}
23
- end
24
-
25
- attr_reader :instruments, :options
26
-
27
- def instrument(name)
28
- @instruments << Instrument.new(name)
29
- end
30
-
31
- def enabled=(value)
32
- options[:enabled] = value
33
- end
34
-
35
- def ruleset=(value)
36
- options[:ruleset] = value
37
- end
38
-
39
- def ip_denylist=(value)
40
- options[:ip_denylist] = value
41
- end
42
-
43
- def user_id_denylist=(value)
44
- options[:user_id_denylist] = value
45
- end
46
-
47
- # in microseconds
48
- def waf_timeout=(value)
49
- options[:waf_timeout] = value
50
- end
51
-
52
- def waf_debug=(value)
53
- options[:waf_debug] = value
54
- end
55
-
56
- def trace_rate_limit=(value)
57
- options[:trace_rate_limit] = value
58
- end
59
-
60
- def obfuscator_key_regex=(value)
61
- options[:obfuscator_key_regex] = value
62
- end
63
-
64
- def obfuscator_value_regex=(value)
65
- options[:obfuscator_value_regex] = value
66
- end
67
- end
68
-
69
- # class-level methods for Configuration
70
- module ClassMethods
71
- def configure
72
- dsl = DSL.new
73
- yield dsl
74
- settings.merge(dsl)
75
- settings
76
- end
77
-
78
- def settings
79
- @settings ||= Settings.new
80
- end
81
-
82
- private
83
-
84
- def default_setting?(setting)
85
- settings.send(:default?, setting)
86
- end
87
- end
88
9
  end
89
10
  end
90
11
  end
data/lib/datadog/appsec/contrib/auto_instrument.rb CHANGED
@@ -15,10 +15,8 @@ module Datadog
15
15
  integrations << integration.name
16
16
  end
17
17
 
18
- Datadog::AppSec.configure do |c|
19
- integrations.each do |integration_name|
20
- c.instrument integration_name
21
- end
18
+ integrations.each do |integration_name|
19
+ Datadog.configuration.appsec.instrument integration_name
22
20
  end
23
21
  end
24
22
  end
data/lib/datadog/appsec/contrib/devise/event.rb ADDED
@@ -0,0 +1,57 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Datadog
4
+ module AppSec
5
+ module Contrib
6
+ module Devise
7
+ # Class to extract event information from the resource
8
+ class Event
9
+ UUID_REGEX = /^\h{8}-\h{4}-\h{4}-\h{4}-\h{12}$/.freeze
10
+
11
+ SAFE_MODE = 'safe'
12
+ EXTENDED_MODE = 'extended'
13
+
14
+ attr_reader :user_id
15
+
16
+ def initialize(resource, mode)
17
+ @resource = resource
18
+ @mode = mode
19
+ @user_id = nil
20
+ @email = nil
21
+ @username = nil
22
+
23
+ extract if @resource
24
+ end
25
+
26
+ def to_h
27
+ return @event if defined?(@event)
28
+
29
+ @event = {}
30
+ @event[:email] = @email if @email
31
+ @event[:username] = @username if @username
32
+ @event
33
+ end
34
+
35
+ private
36
+
37
+ def extract
38
+ @user_id = @resource.id
39
+
40
+ case @mode
41
+ when EXTENDED_MODE
42
+ @email = @resource.email
43
+ @username = @resource.username
44
+ when SAFE_MODE
45
+ @user_id = nil unless @user_id && @user_id.to_s =~ UUID_REGEX
46
+ else
47
+ Datadog.logger.warn(
48
+ "Invalid automated user evenst mode: `#{@mode}`. "\
49
+ 'Supported modes are: `safe` and `extended`.'
50
+ )
51
+ end
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
57
+ end
data/lib/datadog/appsec/contrib/devise/ext.rb ADDED
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Datadog
4
+ module AppSec
5
+ module Contrib
6
+ module Devise
7
+ # Devise integration constants
8
+ module Ext
9
+ end
10
+ end
11
+ end
12
+ end
13
+ end
data/lib/datadog/appsec/contrib/devise/integration.rb ADDED
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative '../integration'
4
+
5
+ require_relative 'patcher'
6
+
7
+ module Datadog
8
+ module AppSec
9
+ module Contrib
10
+ module Devise
11
+ # Description of Devise integration
12
+ class Integration
13
+ include Datadog::AppSec::Contrib::Integration
14
+
15
+ MINIMUM_VERSION = Gem::Version.new('3.2.1')
16
+
17
+ register_as :devise, auto_patch: true
18
+
19
+ def self.version
20
+ Gem.loaded_specs['devise'] && Gem.loaded_specs['devise'].version
21
+ end
22
+
23
+ def self.loaded?
24
+ !defined?(::Devise).nil?
25
+ end
26
+
27
+ def self.compatible?
28
+ super && version >= MINIMUM_VERSION
29
+ end
30
+
31
+ def self.auto_instrument?
32
+ true
33
+ end
34
+
35
+ def patcher
36
+ Patcher
37
+ end
38
+ end
39
+ end
40
+ end
41
+ end
42
+ end
data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb ADDED
@@ -0,0 +1,76 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative '../tracking'
4
+ require_relative '../resource'
5
+ require_relative '../event'
6
+
7
+ module Datadog
8
+ module AppSec
9
+ module Contrib
10
+ module Devise
11
+ module Patcher
12
+ # Hook in devise validate method
13
+ module AuthenticatablePatch
14
+ # rubocop:disable Metrics/MethodLength
15
+ def validate(resource, &block)
16
+ result = super
17
+ return result unless AppSec.enabled?
18
+
19
+ track_user_events_configuration = Datadog.configuration.appsec.track_user_events
20
+
21
+ return result unless track_user_events_configuration.enabled
22
+
23
+ automated_track_user_events_mode = track_user_events_configuration.mode
24
+
25
+ appsec_scope = Datadog::AppSec.active_scope
26
+
27
+ return result unless appsec_scope
28
+
29
+ devise_resource = resource ? Resource.new(resource) : nil
30
+
31
+ event_information = Event.new(devise_resource, automated_track_user_events_mode)
32
+
33
+ if result
34
+ if event_information.user_id
35
+ Datadog.logger.debug { 'User Login Event success' }
36
+ else
37
+ Datadog.logger.debug { 'User Login Event success, but can\'t extract user ID. Tracking empty event' }
38
+ end
39
+
40
+ Tracking.track_login_success(
41
+ appsec_scope.trace,
42
+ appsec_scope.service_entry_span,
43
+ user_id: event_information.user_id,
44
+ **event_information.to_h
45
+ )
46
+
47
+ return result
48
+ end
49
+
50
+ user_exists = nil
51
+
52
+ if resource
53
+ user_exists = true
54
+ Datadog.logger.debug { 'User Login Event failure users exists' }
55
+ else
56
+ user_exists = false
57
+ Datadog.logger.debug { 'User Login Event failure user do not exists' }
58
+ end
59
+
60
+ Tracking.track_login_failure(
61
+ appsec_scope.trace,
62
+ appsec_scope.service_entry_span,
63
+ user_id: event_information.user_id,
64
+ user_exists: user_exists,
65
+ **event_information.to_h
66
+ )
67
+
68
+ result
69
+ end
70
+ # rubocop:enable Metrics/MethodLength
71
+ end
72
+ end
73
+ end
74
+ end
75
+ end
76
+ end