ddtrace 1.12.1 → 1.23.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +613 -9
- data/LICENSE-3rdparty.csv +1 -1
- data/bin/ddprofrb +15 -0
- data/bin/ddtracerb +3 -1
- data/ext/{ddtrace_profiling_loader/ddtrace_profiling_loader.c → datadog_profiling_loader/datadog_profiling_loader.c} +2 -2
- data/ext/{ddtrace_profiling_loader → datadog_profiling_loader}/extconf.rb +3 -3
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/NativeExtensionDesign.md +3 -5
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id.h +0 -3
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id_from_pthread.c +3 -22
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/clock_id_noop.c +0 -1
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_cpu_and_wall_time_worker.c +338 -108
- data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +422 -0
- data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.h +101 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_dynamic_sampling_rate.c +22 -14
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_dynamic_sampling_rate.h +4 -0
- data/ext/datadog_profiling_native_extension/collectors_gc_profiling_helper.c +156 -0
- data/ext/datadog_profiling_native_extension/collectors_gc_profiling_helper.h +5 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_idle_sampling_helper.c +3 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_stack.c +111 -118
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_stack.h +11 -4
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_thread_context.c +545 -144
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_thread_context.h +3 -2
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/extconf.rb +68 -17
- data/ext/datadog_profiling_native_extension/heap_recorder.c +1047 -0
- data/ext/datadog_profiling_native_extension/heap_recorder.h +166 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/helpers.h +6 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/http_transport.c +60 -32
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.c +62 -0
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.h +42 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/native_extension_helpers.rb +50 -4
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/private_vm_api_access.c +155 -32
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/private_vm_api_access.h +16 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/profiling.c +19 -3
- data/ext/datadog_profiling_native_extension/ruby_helpers.c +267 -0
- data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/ruby_helpers.h +33 -0
- data/ext/datadog_profiling_native_extension/stack_recorder.c +1040 -0
- data/ext/datadog_profiling_native_extension/stack_recorder.h +27 -0
- data/ext/datadog_profiling_native_extension/time_helpers.c +53 -0
- data/ext/datadog_profiling_native_extension/time_helpers.h +26 -0
- data/lib/datadog/appsec/assets/waf_rules/processors.json +92 -0
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +698 -75
- data/lib/datadog/appsec/assets/waf_rules/scanners.json +114 -0
- data/lib/datadog/appsec/assets/waf_rules/strict.json +98 -8
- data/lib/datadog/appsec/assets.rb +8 -0
- data/lib/datadog/appsec/component.rb +21 -2
- data/lib/datadog/appsec/configuration/settings.rb +167 -189
- data/lib/datadog/appsec/configuration.rb +0 -79
- data/lib/datadog/appsec/contrib/auto_instrument.rb +2 -4
- data/lib/datadog/appsec/contrib/devise/event.rb +57 -0
- data/lib/datadog/appsec/contrib/devise/ext.rb +13 -0
- data/lib/datadog/appsec/contrib/devise/integration.rb +42 -0
- data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +76 -0
- data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +54 -0
- data/lib/datadog/appsec/contrib/devise/patcher.rb +45 -0
- data/lib/datadog/appsec/contrib/devise/resource.rb +35 -0
- data/lib/datadog/appsec/contrib/devise/tracking.rb +57 -0
- data/lib/datadog/appsec/contrib/rack/ext.rb +2 -1
- data/lib/datadog/appsec/contrib/rack/gateway/request.rb +6 -2
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +8 -6
- data/lib/datadog/appsec/contrib/rack/reactive/request.rb +3 -8
- data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +3 -6
- data/lib/datadog/appsec/contrib/rack/reactive/response.rb +3 -6
- data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +3 -2
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +77 -27
- data/lib/datadog/appsec/contrib/rails/ext.rb +3 -2
- data/lib/datadog/appsec/contrib/rails/framework.rb +1 -3
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +3 -2
- data/lib/datadog/appsec/contrib/rails/patcher.rb +17 -11
- data/lib/datadog/appsec/contrib/rails/reactive/action.rb +3 -6
- data/lib/datadog/appsec/contrib/sinatra/ext.rb +2 -1
- data/lib/datadog/appsec/contrib/sinatra/framework.rb +1 -3
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +6 -4
- data/lib/datadog/appsec/contrib/sinatra/patcher.rb +13 -7
- data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +3 -6
- data/lib/datadog/appsec/event.rb +106 -50
- data/lib/datadog/appsec/extensions.rb +1 -130
- data/lib/datadog/appsec/monitor/gateway/watcher.rb +3 -3
- data/lib/datadog/appsec/monitor/reactive/set_user.rb +3 -6
- data/lib/datadog/appsec/processor/actions.rb +49 -0
- data/lib/datadog/appsec/processor/rule_loader.rb +60 -0
- data/lib/datadog/appsec/processor/rule_merger.rb +22 -2
- data/lib/datadog/appsec/processor.rb +35 -7
- data/lib/datadog/appsec/rate_limiter.rb +1 -1
- data/lib/datadog/appsec/remote.rb +17 -11
- data/lib/datadog/appsec/response.rb +82 -4
- data/lib/datadog/appsec/sample_rate.rb +21 -0
- data/lib/datadog/appsec.rb +3 -4
- data/lib/datadog/auto_instrument.rb +3 -0
- data/lib/datadog/core/backport.rb +51 -0
- data/lib/datadog/core/configuration/agent_settings_resolver.rb +38 -29
- data/lib/datadog/core/configuration/base.rb +6 -16
- data/lib/datadog/core/configuration/components.rb +20 -7
- data/lib/datadog/core/configuration/ext.rb +28 -5
- data/lib/datadog/core/configuration/option.rb +271 -21
- data/lib/datadog/core/configuration/option_definition.rb +73 -32
- data/lib/datadog/core/configuration/options.rb +27 -15
- data/lib/datadog/core/configuration/settings.rb +398 -119
- data/lib/datadog/core/configuration.rb +24 -4
- data/lib/datadog/core/diagnostics/environment_logger.rb +132 -235
- data/lib/datadog/core/environment/class_count.rb +6 -6
- data/lib/datadog/core/environment/execution.rb +103 -0
- data/lib/datadog/core/environment/ext.rb +13 -11
- data/lib/datadog/core/environment/git.rb +25 -0
- data/lib/datadog/core/environment/identity.rb +18 -48
- data/lib/datadog/core/environment/platform.rb +7 -1
- data/lib/datadog/core/environment/variable_helpers.rb +0 -69
- data/lib/datadog/core/environment/yjit.rb +58 -0
- data/lib/datadog/core/error.rb +1 -0
- data/lib/datadog/core/git/ext.rb +6 -23
- data/lib/datadog/core/logging/ext.rb +3 -1
- data/lib/datadog/core/metrics/ext.rb +7 -5
- data/lib/datadog/core/remote/client/capabilities.rb +7 -2
- data/lib/datadog/core/remote/client.rb +3 -0
- data/lib/datadog/core/remote/component.rb +52 -48
- data/lib/datadog/core/remote/configuration/content.rb +28 -1
- data/lib/datadog/core/remote/configuration/repository.rb +3 -1
- data/lib/datadog/core/remote/ext.rb +2 -1
- data/lib/datadog/core/remote/negotiation.rb +20 -7
- data/lib/datadog/core/remote/tie/tracing.rb +39 -0
- data/lib/datadog/core/remote/tie.rb +27 -0
- data/lib/datadog/core/remote/transport/config.rb +60 -0
- data/lib/datadog/core/remote/transport/http/api/instance.rb +39 -0
- data/lib/datadog/core/remote/transport/http/api/spec.rb +21 -0
- data/lib/datadog/core/remote/transport/http/api.rb +58 -0
- data/lib/datadog/core/remote/transport/http/builder.rb +219 -0
- data/lib/datadog/core/remote/transport/http/client.rb +48 -0
- data/lib/datadog/core/remote/transport/http/config.rb +280 -0
- data/lib/datadog/core/remote/transport/http/negotiation.rb +146 -0
- data/lib/datadog/core/remote/transport/http.rb +179 -0
- data/lib/datadog/core/{transport → remote/transport}/negotiation.rb +25 -23
- data/lib/datadog/core/remote/worker.rb +11 -5
- data/lib/datadog/core/runtime/ext.rb +22 -12
- data/lib/datadog/core/runtime/metrics.rb +43 -0
- data/lib/datadog/core/telemetry/client.rb +28 -10
- data/lib/datadog/core/telemetry/emitter.rb +9 -11
- data/lib/datadog/core/telemetry/event.rb +250 -44
- data/lib/datadog/core/telemetry/ext.rb +8 -1
- data/lib/datadog/core/telemetry/heartbeat.rb +3 -7
- data/lib/datadog/core/telemetry/http/ext.rb +13 -8
- data/lib/datadog/core/telemetry/http/response.rb +4 -0
- data/lib/datadog/core/telemetry/http/transport.rb +10 -3
- data/lib/datadog/core/telemetry/request.rb +59 -0
- data/lib/datadog/core/transport/ext.rb +49 -0
- data/lib/datadog/core/transport/http/adapters/net.rb +168 -0
- data/lib/datadog/core/transport/http/adapters/registry.rb +29 -0
- data/lib/datadog/core/transport/http/adapters/test.rb +89 -0
- data/lib/datadog/core/transport/http/adapters/unix_socket.rb +83 -0
- data/lib/datadog/core/transport/http/api/endpoint.rb +31 -0
- data/lib/datadog/core/transport/http/api/fallbacks.rb +26 -0
- data/lib/datadog/core/transport/http/api/map.rb +18 -0
- data/lib/datadog/core/transport/http/env.rb +62 -0
- data/lib/datadog/core/transport/http/response.rb +60 -0
- data/lib/datadog/core/transport/parcel.rb +22 -0
- data/lib/datadog/core/transport/request.rb +17 -0
- data/lib/datadog/core/transport/response.rb +64 -0
- data/lib/datadog/core/utils/duration.rb +52 -0
- data/lib/datadog/core/utils/hash.rb +47 -0
- data/lib/datadog/core/utils/network.rb +1 -1
- data/lib/datadog/core/utils/safe_dup.rb +27 -20
- data/lib/datadog/core/utils/url.rb +25 -0
- data/lib/datadog/core/utils.rb +1 -1
- data/lib/datadog/core/workers/async.rb +3 -2
- data/lib/datadog/core/workers/polling.rb +2 -2
- data/lib/datadog/kit/appsec/events.rb +139 -89
- data/lib/datadog/kit/enable_core_dumps.rb +5 -6
- data/lib/datadog/kit/identity.rb +80 -65
- data/lib/datadog/opentelemetry/api/context.rb +10 -3
- data/lib/datadog/opentelemetry/sdk/propagator.rb +5 -3
- data/lib/datadog/opentelemetry/sdk/span_processor.rb +48 -5
- data/lib/datadog/opentelemetry/sdk/trace/span.rb +167 -0
- data/lib/datadog/opentelemetry/trace.rb +58 -0
- data/lib/datadog/opentelemetry.rb +4 -0
- data/lib/datadog/opentracer/text_map_propagator.rb +2 -1
- data/lib/datadog/opentracer.rb +9 -0
- data/lib/datadog/profiling/collectors/code_provenance.rb +10 -4
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +43 -20
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +3 -1
- data/lib/datadog/profiling/collectors/info.rb +101 -0
- data/lib/datadog/profiling/collectors/thread_context.rb +17 -2
- data/lib/datadog/profiling/component.rb +248 -97
- data/lib/datadog/profiling/exporter.rb +26 -5
- data/lib/datadog/profiling/ext.rb +2 -12
- data/lib/datadog/profiling/flush.rb +10 -5
- data/lib/datadog/profiling/http_transport.rb +23 -6
- data/lib/datadog/profiling/load_native_extension.rb +25 -6
- data/lib/datadog/profiling/native_extension.rb +1 -22
- data/lib/datadog/profiling/profiler.rb +36 -13
- data/lib/datadog/profiling/scheduler.rb +20 -15
- data/lib/datadog/profiling/stack_recorder.rb +19 -4
- data/lib/datadog/profiling/tag_builder.rb +5 -0
- data/lib/datadog/profiling/tasks/exec.rb +3 -3
- data/lib/datadog/profiling/tasks/help.rb +3 -3
- data/lib/datadog/profiling.rb +28 -79
- data/lib/datadog/tracing/component.rb +70 -11
- data/lib/datadog/tracing/configuration/agent_settings_resolver.rb +13 -0
- data/lib/datadog/tracing/configuration/dynamic/option.rb +71 -0
- data/lib/datadog/tracing/configuration/dynamic.rb +64 -0
- data/lib/datadog/tracing/configuration/ext.rb +40 -33
- data/lib/datadog/tracing/configuration/http.rb +74 -0
- data/lib/datadog/tracing/configuration/settings.rb +136 -99
- data/lib/datadog/tracing/contrib/action_cable/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/action_cable/ext.rb +21 -18
- data/lib/datadog/tracing/contrib/action_mailer/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/action_mailer/events/deliver.rb +1 -1
- data/lib/datadog/tracing/contrib/action_mailer/ext.rb +21 -18
- data/lib/datadog/tracing/contrib/action_pack/configuration/settings.rb +10 -7
- data/lib/datadog/tracing/contrib/action_pack/ext.rb +11 -8
- data/lib/datadog/tracing/contrib/action_view/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/action_view/ext.rb +13 -10
- data/lib/datadog/tracing/contrib/active_job/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/active_job/ext.rb +26 -23
- data/lib/datadog/tracing/contrib/active_job/log_injection.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/active_model_serializers/ext.rb +13 -10
- data/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +29 -15
- data/lib/datadog/tracing/contrib/active_record/configuration/settings.rb +10 -7
- data/lib/datadog/tracing/contrib/active_record/events/sql.rb +2 -6
- data/lib/datadog/tracing/contrib/active_record/ext.rb +18 -15
- data/lib/datadog/tracing/contrib/active_record/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +106 -202
- data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +3 -0
- data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +10 -7
- data/lib/datadog/tracing/contrib/active_support/ext.rb +19 -16
- data/lib/datadog/tracing/contrib/analytics.rb +0 -1
- data/lib/datadog/tracing/contrib/aws/configuration/settings.rb +15 -7
- data/lib/datadog/tracing/contrib/aws/ext.rb +38 -24
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +16 -5
- data/lib/datadog/tracing/contrib/concurrent_ruby/async_patch.rb +20 -0
- data/lib/datadog/tracing/contrib/concurrent_ruby/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/concurrent_ruby/context_composite_executor_service.rb +14 -14
- data/lib/datadog/tracing/contrib/concurrent_ruby/ext.rb +4 -2
- data/lib/datadog/tracing/contrib/concurrent_ruby/future_patch.rb +3 -10
- data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +2 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/patcher.rb +19 -2
- data/lib/datadog/tracing/contrib/concurrent_ruby/promises_future_patch.rb +22 -0
- data/lib/datadog/tracing/contrib/configurable.rb +1 -1
- data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/dalli/configuration/settings.rb +21 -7
- data/lib/datadog/tracing/contrib/dalli/ext.rb +27 -11
- data/lib/datadog/tracing/contrib/dalli/instrumentation.rb +17 -8
- data/lib/datadog/tracing/contrib/delayed_job/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/delayed_job/ext.rb +17 -14
- data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +15 -7
- data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +22 -15
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +104 -99
- data/lib/datadog/tracing/contrib/ethon/configuration/settings.rb +17 -9
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +48 -3
- data/lib/datadog/tracing/contrib/ethon/ext.rb +20 -11
- data/lib/datadog/tracing/contrib/ethon/multi_patch.rb +6 -3
- data/lib/datadog/tracing/contrib/excon/configuration/settings.rb +20 -10
- data/lib/datadog/tracing/contrib/excon/ext.rb +17 -8
- data/lib/datadog/tracing/contrib/excon/middleware.rb +25 -5
- data/lib/datadog/tracing/contrib/ext.rb +26 -1
- data/lib/datadog/tracing/contrib/extensions.rb +38 -2
- data/lib/datadog/tracing/contrib/faraday/configuration/settings.rb +27 -10
- data/lib/datadog/tracing/contrib/faraday/ext.rb +17 -8
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +22 -6
- data/lib/datadog/tracing/contrib/grape/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/grape/ext.rb +17 -14
- data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +9 -6
- data/lib/datadog/tracing/contrib/graphql/ext.rb +8 -5
- data/lib/datadog/tracing/contrib/grpc/configuration/settings.rb +40 -9
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +39 -20
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +37 -18
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor.rb +0 -4
- data/lib/datadog/tracing/contrib/grpc/ext.rb +17 -13
- data/lib/datadog/tracing/contrib/grpc/formatting.rb +127 -0
- data/lib/datadog/tracing/contrib/hanami/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/hanami/ext.rb +10 -8
- data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +5 -8
- data/lib/datadog/tracing/contrib/http/configuration/settings.rb +34 -11
- data/lib/datadog/tracing/contrib/http/distributed/fetcher.rb +2 -2
- data/lib/datadog/tracing/contrib/http/ext.rb +17 -9
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +27 -7
- data/lib/datadog/tracing/contrib/httpclient/configuration/settings.rb +34 -11
- data/lib/datadog/tracing/contrib/httpclient/ext.rb +18 -9
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +22 -5
- data/lib/datadog/tracing/contrib/httprb/configuration/settings.rb +34 -11
- data/lib/datadog/tracing/contrib/httprb/ext.rb +17 -9
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +22 -5
- data/lib/datadog/tracing/contrib/kafka/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/kafka/ext.rb +43 -39
- data/lib/datadog/tracing/contrib/lograge/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/lograge/ext.rb +3 -1
- data/lib/datadog/tracing/contrib/lograge/instrumentation.rb +2 -17
- data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +15 -7
- data/lib/datadog/tracing/contrib/mongodb/ext.rb +21 -16
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +16 -5
- data/lib/datadog/tracing/contrib/mysql2/configuration/settings.rb +22 -14
- data/lib/datadog/tracing/contrib/mysql2/ext.rb +16 -10
- data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +22 -7
- data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +53 -0
- data/lib/datadog/tracing/contrib/opensearch/ext.rb +38 -0
- data/lib/datadog/tracing/contrib/opensearch/integration.rb +44 -0
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +135 -0
- data/lib/datadog/tracing/contrib/opensearch/quantize.rb +81 -0
- data/lib/datadog/tracing/contrib/pg/configuration/settings.rb +23 -14
- data/lib/datadog/tracing/contrib/pg/ext.rb +23 -19
- data/lib/datadog/tracing/contrib/pg/instrumentation.rb +49 -9
- data/lib/datadog/tracing/contrib/presto/configuration/settings.rb +15 -7
- data/lib/datadog/tracing/contrib/presto/ext.rb +26 -20
- data/lib/datadog/tracing/contrib/presto/instrumentation.rb +14 -5
- data/lib/datadog/tracing/contrib/propagation/sql_comment/ext.rb +12 -10
- data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +1 -1
- data/lib/datadog/tracing/contrib/qless/configuration/settings.rb +13 -8
- data/lib/datadog/tracing/contrib/qless/ext.rb +15 -12
- data/lib/datadog/tracing/contrib/que/configuration/settings.rb +22 -12
- data/lib/datadog/tracing/contrib/que/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/racecar/configuration/settings.rb +10 -7
- data/lib/datadog/tracing/contrib/racecar/event.rb +5 -5
- data/lib/datadog/tracing/contrib/racecar/ext.rb +21 -18
- data/lib/datadog/tracing/contrib/rack/configuration/settings.rb +17 -12
- data/lib/datadog/tracing/contrib/rack/ext.rb +19 -16
- data/lib/datadog/tracing/contrib/rack/header_collection.rb +3 -0
- data/lib/datadog/tracing/contrib/rack/header_tagging.rb +63 -0
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +16 -50
- data/lib/datadog/tracing/contrib/rails/auto_instrument_railtie.rb +0 -2
- data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +20 -15
- data/lib/datadog/tracing/contrib/rails/ext.rb +8 -5
- data/lib/datadog/tracing/contrib/rails/log_injection.rb +7 -10
- data/lib/datadog/tracing/contrib/rails/patcher.rb +10 -41
- data/lib/datadog/tracing/contrib/rails/railtie.rb +3 -3
- data/lib/datadog/tracing/contrib/rake/configuration/settings.rb +14 -10
- data/lib/datadog/tracing/contrib/rake/ext.rb +15 -12
- data/lib/datadog/tracing/contrib/redis/configuration/settings.rb +18 -9
- data/lib/datadog/tracing/contrib/redis/ext.rb +23 -15
- data/lib/datadog/tracing/contrib/redis/instrumentation.rb +5 -40
- data/lib/datadog/tracing/contrib/redis/patcher.rb +34 -21
- data/lib/datadog/tracing/contrib/redis/tags.rb +16 -7
- data/lib/datadog/tracing/contrib/redis/trace_middleware.rb +46 -33
- data/lib/datadog/tracing/contrib/resque/configuration/settings.rb +14 -7
- data/lib/datadog/tracing/contrib/resque/ext.rb +10 -7
- data/lib/datadog/tracing/contrib/rest_client/configuration/settings.rb +17 -9
- data/lib/datadog/tracing/contrib/rest_client/ext.rb +16 -8
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +25 -5
- data/lib/datadog/tracing/contrib/roda/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/roda/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/semantic_logger/configuration/settings.rb +3 -2
- data/lib/datadog/tracing/contrib/semantic_logger/ext.rb +3 -1
- data/lib/datadog/tracing/contrib/semantic_logger/instrumentation.rb +4 -20
- data/lib/datadog/tracing/contrib/sequel/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/sequel/ext.rb +11 -8
- data/lib/datadog/tracing/contrib/sequel/utils.rb +7 -7
- data/lib/datadog/tracing/contrib/shoryuken/configuration/settings.rb +15 -8
- data/lib/datadog/tracing/contrib/shoryuken/ext.rb +15 -12
- data/lib/datadog/tracing/contrib/sidekiq/configuration/settings.rb +19 -11
- data/lib/datadog/tracing/contrib/sidekiq/ext.rb +33 -30
- data/lib/datadog/tracing/contrib/sinatra/configuration/settings.rb +12 -9
- data/lib/datadog/tracing/contrib/sinatra/env.rb +0 -17
- data/lib/datadog/tracing/contrib/sinatra/ext.rb +22 -19
- data/lib/datadog/tracing/contrib/sinatra/tracer_middleware.rb +3 -14
- data/lib/datadog/tracing/contrib/sneakers/configuration/settings.rb +15 -8
- data/lib/datadog/tracing/contrib/sneakers/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/sneakers/tracer.rb +1 -1
- data/lib/datadog/tracing/contrib/span_attribute_schema.rb +74 -10
- data/lib/datadog/tracing/contrib/stripe/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/stripe/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/sucker_punch/configuration/settings.rb +10 -6
- data/lib/datadog/tracing/contrib/sucker_punch/ext.rb +16 -13
- data/lib/datadog/tracing/contrib/trilogy/configuration/settings.rb +58 -0
- data/lib/datadog/tracing/contrib/trilogy/ext.rb +27 -0
- data/lib/datadog/tracing/contrib/trilogy/instrumentation.rb +94 -0
- data/lib/datadog/tracing/contrib/trilogy/integration.rb +43 -0
- data/lib/datadog/{ci/contrib/cucumber → tracing/contrib/trilogy}/patcher.rb +10 -6
- data/lib/datadog/tracing/contrib/utils/database.rb +5 -3
- data/lib/datadog/tracing/contrib/utils/quantization/http.rb +11 -11
- data/lib/datadog/tracing/contrib.rb +2 -0
- data/lib/datadog/tracing/correlation.rb +29 -12
- data/lib/datadog/tracing/diagnostics/environment_logger.rb +165 -0
- data/lib/datadog/tracing/diagnostics/ext.rb +21 -19
- data/lib/datadog/tracing/distributed/b3_multi.rb +2 -2
- data/lib/datadog/tracing/distributed/b3_single.rb +1 -1
- data/lib/datadog/tracing/distributed/datadog.rb +0 -1
- data/lib/datadog/tracing/distributed/propagation.rb +35 -34
- data/lib/datadog/tracing/distributed/trace_context.rb +52 -17
- data/lib/datadog/tracing/metadata/ext.rb +9 -6
- data/lib/datadog/tracing/metadata/tagging.rb +3 -3
- data/lib/datadog/tracing/remote.rb +78 -0
- data/lib/datadog/tracing/sampling/matcher.rb +23 -3
- data/lib/datadog/tracing/sampling/rule.rb +7 -2
- data/lib/datadog/tracing/sampling/rule_sampler.rb +31 -0
- data/lib/datadog/tracing/span_operation.rb +3 -15
- data/lib/datadog/tracing/sync_writer.rb +3 -3
- data/lib/datadog/tracing/trace_digest.rb +31 -0
- data/lib/datadog/tracing/trace_operation.rb +17 -5
- data/lib/datadog/tracing/trace_segment.rb +5 -2
- data/lib/datadog/tracing/tracer.rb +12 -1
- data/lib/datadog/{core → tracing}/transport/http/api/instance.rb +1 -1
- data/lib/datadog/{core → tracing}/transport/http/api/spec.rb +1 -1
- data/lib/datadog/tracing/transport/http/api.rb +43 -0
- data/lib/datadog/{core → tracing}/transport/http/builder.rb +13 -68
- data/lib/datadog/tracing/transport/http/client.rb +57 -0
- data/lib/datadog/tracing/transport/http/statistics.rb +47 -0
- data/lib/datadog/tracing/transport/http/traces.rb +152 -0
- data/lib/datadog/tracing/transport/http.rb +125 -0
- data/lib/datadog/tracing/transport/io/client.rb +89 -0
- data/lib/datadog/tracing/transport/io/response.rb +27 -0
- data/lib/datadog/tracing/transport/io/traces.rb +101 -0
- data/lib/datadog/tracing/transport/io.rb +30 -0
- data/lib/datadog/tracing/transport/serializable_trace.rb +126 -0
- data/lib/datadog/tracing/transport/statistics.rb +77 -0
- data/lib/datadog/tracing/transport/trace_formatter.rb +240 -0
- data/lib/datadog/tracing/transport/traces.rb +224 -0
- data/lib/datadog/tracing/workers/trace_writer.rb +6 -4
- data/lib/datadog/tracing/workers.rb +4 -2
- data/lib/datadog/tracing/writer.rb +5 -2
- data/lib/datadog/tracing.rb +8 -2
- data/lib/ddtrace/transport/ext.rb +22 -14
- data/lib/ddtrace/version.rb +9 -12
- data/lib/ddtrace.rb +1 -1
- metadata +157 -139
- data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.h +0 -25
- data/ext/ddtrace_profiling_native_extension/ruby_helpers.c +0 -110
- data/ext/ddtrace_profiling_native_extension/stack_recorder.c +0 -591
- data/ext/ddtrace_profiling_native_extension/stack_recorder.h +0 -14
- data/ext/ddtrace_profiling_native_extension/time_helpers.c +0 -17
- data/ext/ddtrace_profiling_native_extension/time_helpers.h +0 -10
- data/lib/datadog/ci/configuration/components.rb +0 -32
- data/lib/datadog/ci/configuration/settings.rb +0 -53
- data/lib/datadog/ci/contrib/cucumber/configuration/settings.rb +0 -33
- data/lib/datadog/ci/contrib/cucumber/ext.rb +0 -20
- data/lib/datadog/ci/contrib/cucumber/formatter.rb +0 -94
- data/lib/datadog/ci/contrib/cucumber/instrumentation.rb +0 -28
- data/lib/datadog/ci/contrib/cucumber/integration.rb +0 -47
- data/lib/datadog/ci/contrib/rspec/configuration/settings.rb +0 -33
- data/lib/datadog/ci/contrib/rspec/example.rb +0 -68
- data/lib/datadog/ci/contrib/rspec/ext.rb +0 -19
- data/lib/datadog/ci/contrib/rspec/integration.rb +0 -48
- data/lib/datadog/ci/contrib/rspec/patcher.rb +0 -27
- data/lib/datadog/ci/ext/app_types.rb +0 -9
- data/lib/datadog/ci/ext/environment.rb +0 -575
- data/lib/datadog/ci/ext/settings.rb +0 -10
- data/lib/datadog/ci/ext/test.rb +0 -35
- data/lib/datadog/ci/extensions.rb +0 -19
- data/lib/datadog/ci/flush.rb +0 -38
- data/lib/datadog/ci/test.rb +0 -81
- data/lib/datadog/ci.rb +0 -20
- data/lib/datadog/core/configuration/dependency_resolver.rb +0 -28
- data/lib/datadog/core/configuration/option_definition_set.rb +0 -22
- data/lib/datadog/core/configuration/option_set.rb +0 -10
- data/lib/datadog/core/telemetry/collector.rb +0 -231
- data/lib/datadog/core/telemetry/v1/app_event.rb +0 -52
- data/lib/datadog/core/telemetry/v1/application.rb +0 -92
- data/lib/datadog/core/telemetry/v1/configuration.rb +0 -25
- data/lib/datadog/core/telemetry/v1/dependency.rb +0 -43
- data/lib/datadog/core/telemetry/v1/host.rb +0 -59
- data/lib/datadog/core/telemetry/v1/integration.rb +0 -64
- data/lib/datadog/core/telemetry/v1/product.rb +0 -36
- data/lib/datadog/core/telemetry/v1/telemetry_request.rb +0 -106
- data/lib/datadog/core/transport/config.rb +0 -58
- data/lib/datadog/core/transport/http/api.rb +0 -57
- data/lib/datadog/core/transport/http/client.rb +0 -45
- data/lib/datadog/core/transport/http/config.rb +0 -268
- data/lib/datadog/core/transport/http/negotiation.rb +0 -144
- data/lib/datadog/core/transport/http.rb +0 -169
- data/lib/datadog/core/utils/object_set.rb +0 -43
- data/lib/datadog/core/utils/string_table.rb +0 -47
- data/lib/datadog/profiling/backtrace_location.rb +0 -34
- data/lib/datadog/profiling/buffer.rb +0 -43
- data/lib/datadog/profiling/collectors/old_stack.rb +0 -301
- data/lib/datadog/profiling/encoding/profile.rb +0 -41
- data/lib/datadog/profiling/event.rb +0 -15
- data/lib/datadog/profiling/events/stack.rb +0 -82
- data/lib/datadog/profiling/old_recorder.rb +0 -107
- data/lib/datadog/profiling/pprof/builder.rb +0 -125
- data/lib/datadog/profiling/pprof/converter.rb +0 -102
- data/lib/datadog/profiling/pprof/message_set.rb +0 -16
- data/lib/datadog/profiling/pprof/payload.rb +0 -20
- data/lib/datadog/profiling/pprof/pprof.proto +0 -212
- data/lib/datadog/profiling/pprof/pprof_pb.rb +0 -81
- data/lib/datadog/profiling/pprof/stack_sample.rb +0 -139
- data/lib/datadog/profiling/pprof/string_table.rb +0 -12
- data/lib/datadog/profiling/pprof/template.rb +0 -118
- data/lib/datadog/profiling/trace_identifiers/ddtrace.rb +0 -43
- data/lib/datadog/profiling/trace_identifiers/helper.rb +0 -45
- data/lib/datadog/tracing/contrib/sinatra/headers.rb +0 -35
- data/lib/ddtrace/transport/http/adapters/net.rb +0 -168
- data/lib/ddtrace/transport/http/adapters/registry.rb +0 -27
- data/lib/ddtrace/transport/http/adapters/test.rb +0 -85
- data/lib/ddtrace/transport/http/adapters/unix_socket.rb +0 -77
- data/lib/ddtrace/transport/http/api/endpoint.rb +0 -29
- data/lib/ddtrace/transport/http/api/fallbacks.rb +0 -24
- data/lib/ddtrace/transport/http/api/instance.rb +0 -35
- data/lib/ddtrace/transport/http/api/map.rb +0 -16
- data/lib/ddtrace/transport/http/api/spec.rb +0 -17
- data/lib/ddtrace/transport/http/api.rb +0 -39
- data/lib/ddtrace/transport/http/builder.rb +0 -176
- data/lib/ddtrace/transport/http/client.rb +0 -52
- data/lib/ddtrace/transport/http/env.rb +0 -58
- data/lib/ddtrace/transport/http/response.rb +0 -58
- data/lib/ddtrace/transport/http/statistics.rb +0 -43
- data/lib/ddtrace/transport/http/traces.rb +0 -144
- data/lib/ddtrace/transport/http.rb +0 -117
- data/lib/ddtrace/transport/io/client.rb +0 -85
- data/lib/ddtrace/transport/io/response.rb +0 -25
- data/lib/ddtrace/transport/io/traces.rb +0 -99
- data/lib/ddtrace/transport/io.rb +0 -28
- data/lib/ddtrace/transport/parcel.rb +0 -20
- data/lib/ddtrace/transport/request.rb +0 -15
- data/lib/ddtrace/transport/response.rb +0 -60
- data/lib/ddtrace/transport/serializable_trace.rb +0 -122
- data/lib/ddtrace/transport/statistics.rb +0 -75
- data/lib/ddtrace/transport/trace_formatter.rb +0 -198
- data/lib/ddtrace/transport/traces.rb +0 -216
- /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/collectors_idle_sampling_helper.h +0 -0
- /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/setup_signal_handler.c +0 -0
- /data/ext/{ddtrace_profiling_native_extension → datadog_profiling_native_extension}/setup_signal_handler.h +0 -0
@@ -47,6 +47,13 @@ module Datadog
|
|
47
47
|
data
|
48
48
|
end
|
49
49
|
|
50
|
+
def load_exclusions(ip_passlist: [])
|
51
|
+
exclusions = []
|
52
|
+
exclusions << [passlist_exclusions(ip_passlist)] if ip_passlist.any?
|
53
|
+
|
54
|
+
exclusions
|
55
|
+
end
|
56
|
+
|
50
57
|
private
|
51
58
|
|
52
59
|
def denylist_data(id, denylist)
|
@@ -56,6 +63,59 @@ module Datadog
|
|
56
63
|
'data' => denylist.map { |v| { 'value' => v.to_s, 'expiration' => 2**63 } }
|
57
64
|
}
|
58
65
|
end
|
66
|
+
|
67
|
+
def passlist_exclusions(ip_passlist) # rubocop:disable Metrics/MethodLength
|
68
|
+
case ip_passlist
|
69
|
+
when Array
|
70
|
+
pass = ip_passlist
|
71
|
+
monitor = []
|
72
|
+
when Hash
|
73
|
+
pass = ip_passlist[:pass]
|
74
|
+
monitor = ip_passlist[:monitor]
|
75
|
+
else
|
76
|
+
pass = []
|
77
|
+
monitor = []
|
78
|
+
end
|
79
|
+
|
80
|
+
exclusions = []
|
81
|
+
|
82
|
+
exclusions << {
|
83
|
+
'conditions' => [
|
84
|
+
{
|
85
|
+
'operator' => 'ip_match',
|
86
|
+
'parameters' => {
|
87
|
+
'inputs' => [
|
88
|
+
{
|
89
|
+
'address' => 'http.client_ip'
|
90
|
+
}
|
91
|
+
],
|
92
|
+
'list' => pass
|
93
|
+
}
|
94
|
+
}
|
95
|
+
],
|
96
|
+
'id' => SecureRandom.uuid,
|
97
|
+
}
|
98
|
+
|
99
|
+
exclusions << {
|
100
|
+
'conditions' => [
|
101
|
+
{
|
102
|
+
'operator' => 'ip_match',
|
103
|
+
'parameters' => {
|
104
|
+
'inputs' => [
|
105
|
+
{
|
106
|
+
'address' => 'http.client_ip'
|
107
|
+
}
|
108
|
+
],
|
109
|
+
'list' => monitor
|
110
|
+
}
|
111
|
+
}
|
112
|
+
],
|
113
|
+
'id' => SecureRandom.uuid,
|
114
|
+
'on_match' => 'monitor'
|
115
|
+
}
|
116
|
+
|
117
|
+
exclusions
|
118
|
+
end
|
59
119
|
end
|
60
120
|
end
|
61
121
|
end
|
@@ -1,5 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require_relative '../assets'
|
4
|
+
|
3
5
|
module Datadog
|
4
6
|
module AppSec
|
5
7
|
class Processor
|
@@ -16,8 +18,25 @@ module Datadog
|
|
16
18
|
end
|
17
19
|
end
|
18
20
|
|
21
|
+
DEFAULT_WAF_PROCESSORS = begin
|
22
|
+
JSON.parse(Datadog::AppSec::Assets.waf_processors)
|
23
|
+
rescue StandardError => e
|
24
|
+
Datadog.logger.error { "libddwaf rulemerger failed to parse default waf processors. Error: #{e.inspect}" }
|
25
|
+
[]
|
26
|
+
end
|
27
|
+
|
28
|
+
DEFAULT_WAF_SCANNERS = begin
|
29
|
+
JSON.parse(Datadog::AppSec::Assets.waf_scanners)
|
30
|
+
rescue StandardError => e
|
31
|
+
Datadog.logger.error { "libddwaf rulemerger failed to parse default waf scanners. Error: #{e.inspect}" }
|
32
|
+
[]
|
33
|
+
end
|
34
|
+
|
19
35
|
class << self
|
20
|
-
def merge(
|
36
|
+
def merge(
|
37
|
+
rules:, data: [], overrides: [], exclusions: [], custom_rules: [],
|
38
|
+
processors: DEFAULT_WAF_PROCESSORS, scanners: DEFAULT_WAF_SCANNERS
|
39
|
+
)
|
21
40
|
combined_rules = combine_rules(rules)
|
22
41
|
|
23
42
|
combined_data = combine_data(data) if data.any?
|
@@ -29,7 +48,8 @@ module Datadog
|
|
29
48
|
combined_rules['rules_override'] = combined_overrides if combined_overrides
|
30
49
|
combined_rules['exclusions'] = combined_exclusions if combined_exclusions
|
31
50
|
combined_rules['custom_rules'] = combined_custom_rules if combined_custom_rules
|
32
|
-
|
51
|
+
combined_rules['processors'] = processors
|
52
|
+
combined_rules['scanners'] = scanners
|
33
53
|
combined_rules
|
34
54
|
end
|
35
55
|
|
@@ -22,8 +22,15 @@ module Datadog
|
|
22
22
|
|
23
23
|
start_ns = Core::Utils::Time.get_time(:nanosecond)
|
24
24
|
|
25
|
-
|
26
|
-
|
25
|
+
input.reject! do |_, v|
|
26
|
+
case v
|
27
|
+
when TrueClass, FalseClass
|
28
|
+
false
|
29
|
+
else
|
30
|
+
v.nil? ? true : v.empty?
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
27
34
|
_code, res = @context.run(input, timeout)
|
28
35
|
|
29
36
|
stop_ns = Core::Utils::Time.get_time(:nanosecond)
|
@@ -38,17 +45,38 @@ module Datadog
|
|
38
45
|
@run_mutex.unlock
|
39
46
|
end
|
40
47
|
|
48
|
+
def extract_schema
|
49
|
+
return unless extract_schema?
|
50
|
+
|
51
|
+
input = {
|
52
|
+
'waf.context.processor' => {
|
53
|
+
'extract-schema' => true
|
54
|
+
}
|
55
|
+
}
|
56
|
+
|
57
|
+
_code, res = @context.run(input, WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
|
58
|
+
|
59
|
+
res
|
60
|
+
end
|
61
|
+
|
41
62
|
def finalize
|
42
63
|
@context.finalize
|
43
64
|
end
|
65
|
+
|
66
|
+
private
|
67
|
+
|
68
|
+
def extract_schema?
|
69
|
+
Datadog.configuration.appsec.api_security.enabled &&
|
70
|
+
Datadog.configuration.appsec.api_security.sample_rate.sample?
|
71
|
+
end
|
44
72
|
end
|
45
73
|
|
46
|
-
attr_reader :
|
74
|
+
attr_reader :diagnostics, :addresses
|
47
75
|
|
48
76
|
def initialize(ruleset:)
|
49
|
-
@
|
77
|
+
@diagnostics = nil
|
50
78
|
@addresses = []
|
51
|
-
settings = Datadog
|
79
|
+
settings = Datadog.configuration.appsec
|
52
80
|
|
53
81
|
unless load_libddwaf && create_waf_handle(settings, ruleset)
|
54
82
|
Datadog.logger.warn { 'AppSec is disabled, see logged errors above' }
|
@@ -83,7 +111,7 @@ module Datadog
|
|
83
111
|
}
|
84
112
|
|
85
113
|
@handle = Datadog::AppSec::WAF::Handle.new(ruleset, obfuscator: obfuscator_config)
|
86
|
-
@
|
114
|
+
@diagnostics = @handle.diagnostics
|
87
115
|
@addresses = @handle.required_addresses
|
88
116
|
|
89
117
|
true
|
@@ -92,7 +120,7 @@ module Datadog
|
|
92
120
|
"libddwaf failed to initialize, error: #{e.inspect}"
|
93
121
|
end
|
94
122
|
|
95
|
-
@
|
123
|
+
@diagnostics = e.diagnostics if e.diagnostics
|
96
124
|
|
97
125
|
false
|
98
126
|
rescue StandardError => e
|
@@ -12,15 +12,17 @@ module Datadog
|
|
12
12
|
class NoRulesError < StandardError; end
|
13
13
|
|
14
14
|
class << self
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
15
|
+
CAP_ASM_RESERVED_1 = 1 << 0 # RESERVED
|
16
|
+
CAP_ASM_ACTIVATION = 1 << 1 # Remote activation via ASM_FEATURES product
|
17
|
+
CAP_ASM_IP_BLOCKING = 1 << 2 # accept IP blocking data from ASM_DATA product
|
18
|
+
CAP_ASM_DD_RULES = 1 << 3 # read ASM rules from ASM_DD product
|
19
|
+
CAP_ASM_EXCLUSIONS = 1 << 4 # exclusion filters (passlist) via ASM product
|
20
|
+
CAP_ASM_REQUEST_BLOCKING = 1 << 5 # can block on request info
|
21
|
+
CAP_ASM_RESPONSE_BLOCKING = 1 << 6 # can block on response info
|
22
|
+
CAP_ASM_USER_BLOCKING = 1 << 7 # accept user blocking data from ASM_DATA product
|
23
|
+
CAP_ASM_CUSTOM_RULES = 1 << 8 # accept custom rules
|
24
|
+
CAP_ASM_CUSTOM_BLOCKING_RESPONSE = 1 << 9 # supports custom http code or redirect sa blocking response
|
25
|
+
CAP_ASM_TRUSTED_IPS = 1 << 10 # supports trusted ip
|
24
26
|
|
25
27
|
# TODO: we need to dynamically add CAP_ASM_ACTIVATION once we support it
|
26
28
|
ASM_CAPABILITIES = [
|
@@ -31,6 +33,8 @@ module Datadog
|
|
31
33
|
CAP_ASM_RESPONSE_BLOCKING,
|
32
34
|
CAP_ASM_DD_RULES,
|
33
35
|
CAP_ASM_CUSTOM_RULES,
|
36
|
+
CAP_ASM_CUSTOM_BLOCKING_RESPONSE,
|
37
|
+
CAP_ASM_TRUSTED_IPS,
|
34
38
|
].freeze
|
35
39
|
|
36
40
|
ASM_PRODUCTS = [
|
@@ -63,6 +67,7 @@ module Datadog
|
|
63
67
|
data = []
|
64
68
|
overrides = []
|
65
69
|
exclusions = []
|
70
|
+
actions = []
|
66
71
|
|
67
72
|
repository.contents.each do |content|
|
68
73
|
parsed_content = parse_content(content)
|
@@ -76,6 +81,7 @@ module Datadog
|
|
76
81
|
overrides << parsed_content['rules_override'] if parsed_content['rules_override']
|
77
82
|
exclusions << parsed_content['exclusions'] if parsed_content['exclusions']
|
78
83
|
custom_rules << parsed_content['custom_rules'] if parsed_content['custom_rules']
|
84
|
+
actions.concat(parsed_content['actions']) if parsed_content['actions']
|
79
85
|
end
|
80
86
|
end
|
81
87
|
|
@@ -95,7 +101,7 @@ module Datadog
|
|
95
101
|
custom_rules: custom_rules,
|
96
102
|
)
|
97
103
|
|
98
|
-
Datadog::AppSec.reconfigure(ruleset: ruleset)
|
104
|
+
Datadog::AppSec.reconfigure(ruleset: ruleset, actions: actions)
|
99
105
|
end
|
100
106
|
|
101
107
|
[receiver]
|
@@ -105,7 +111,7 @@ module Datadog
|
|
105
111
|
private
|
106
112
|
|
107
113
|
def remote_features_enabled?
|
108
|
-
Datadog
|
114
|
+
Datadog.configuration.appsec.using_default?(:ruleset)
|
109
115
|
end
|
110
116
|
|
111
117
|
def parse_content(content)
|
@@ -28,19 +28,80 @@ module Datadog
|
|
28
28
|
end
|
29
29
|
|
30
30
|
class << self
|
31
|
-
def negotiate(env)
|
31
|
+
def negotiate(env, actions)
|
32
|
+
# @type var configured_response: Response?
|
33
|
+
configured_response = nil
|
34
|
+
actions.each do |action|
|
35
|
+
# Need to use next to make steep happy :(
|
36
|
+
# I rather use break to stop the execution
|
37
|
+
next if configured_response
|
38
|
+
|
39
|
+
action_configuration = AppSec::Processor::Actions.fecth_configuration(action)
|
40
|
+
next unless action_configuration
|
41
|
+
|
42
|
+
configured_response = case action_configuration['type']
|
43
|
+
when 'block_request'
|
44
|
+
block_response(env, action_configuration['parameters'])
|
45
|
+
when 'redirect_request'
|
46
|
+
redirect_response(env, action_configuration['parameters'])
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
configured_response || default_response(env)
|
51
|
+
end
|
52
|
+
|
53
|
+
private
|
54
|
+
|
55
|
+
def default_response(env)
|
32
56
|
content_type = content_type(env)
|
33
57
|
|
34
|
-
|
58
|
+
body = []
|
59
|
+
body << content(content_type)
|
35
60
|
|
36
61
|
Response.new(
|
37
62
|
status: 403,
|
38
63
|
headers: { 'Content-Type' => content_type },
|
39
|
-
body:
|
64
|
+
body: body,
|
40
65
|
)
|
41
66
|
end
|
42
67
|
|
43
|
-
|
68
|
+
def block_response(env, options)
|
69
|
+
content_type = if options['type'] == 'auto'
|
70
|
+
content_type(env)
|
71
|
+
else
|
72
|
+
FORMAT_TO_CONTENT_TYPE[options['type']]
|
73
|
+
end
|
74
|
+
|
75
|
+
body = []
|
76
|
+
body << content(content_type)
|
77
|
+
|
78
|
+
Response.new(
|
79
|
+
status: options['status_code'] || 403,
|
80
|
+
headers: { 'Content-Type' => content_type },
|
81
|
+
body: body,
|
82
|
+
)
|
83
|
+
end
|
84
|
+
|
85
|
+
def redirect_response(env, options)
|
86
|
+
if options['location'] && !options['location'].empty?
|
87
|
+
content_type = content_type(env)
|
88
|
+
|
89
|
+
status = options['status_code'] >= 300 && options['status_code'] < 400 ? options['status_code'] : 303
|
90
|
+
|
91
|
+
headers = {
|
92
|
+
'Content-Type' => content_type,
|
93
|
+
'Location' => options['location']
|
94
|
+
}
|
95
|
+
|
96
|
+
Response.new(
|
97
|
+
status: status,
|
98
|
+
headers: headers,
|
99
|
+
body: [],
|
100
|
+
)
|
101
|
+
else
|
102
|
+
default_response(env)
|
103
|
+
end
|
104
|
+
end
|
44
105
|
|
45
106
|
CONTENT_TYPE_TO_FORMAT = {
|
46
107
|
'application/json' => :json,
|
@@ -48,6 +109,11 @@ module Datadog
|
|
48
109
|
'text/plain' => :text,
|
49
110
|
}.freeze
|
50
111
|
|
112
|
+
FORMAT_TO_CONTENT_TYPE = {
|
113
|
+
'json' => 'application/json',
|
114
|
+
'html' => 'text/html',
|
115
|
+
}.freeze
|
116
|
+
|
51
117
|
DEFAULT_CONTENT_TYPE = 'application/json'
|
52
118
|
|
53
119
|
def content_type(env)
|
@@ -67,6 +133,18 @@ module Datadog
|
|
67
133
|
rescue Datadog::AppSec::Utils::HTTP::MediaRange::ParseError
|
68
134
|
DEFAULT_CONTENT_TYPE
|
69
135
|
end
|
136
|
+
|
137
|
+
def content(content_type)
|
138
|
+
content_format = CONTENT_TYPE_TO_FORMAT[content_type]
|
139
|
+
|
140
|
+
using_default = Datadog.configuration.appsec.block.templates.using_default?(content_format)
|
141
|
+
|
142
|
+
if using_default
|
143
|
+
Datadog::AppSec::Assets.blocked(format: content_format)
|
144
|
+
else
|
145
|
+
Datadog.configuration.appsec.block.templates.send(content_format)
|
146
|
+
end
|
147
|
+
end
|
70
148
|
end
|
71
149
|
end
|
72
150
|
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Datadog
|
4
|
+
module AppSec
|
5
|
+
# SampleRate basic sample rate
|
6
|
+
class SampleRate
|
7
|
+
attr_reader :rate
|
8
|
+
|
9
|
+
def initialize(rate)
|
10
|
+
@rate = rate
|
11
|
+
end
|
12
|
+
|
13
|
+
def sample?
|
14
|
+
return false if rate <= 0
|
15
|
+
return true if rate >= 1
|
16
|
+
|
17
|
+
Kernel.rand < rate
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
data/lib/datadog/appsec.rb
CHANGED
@@ -8,8 +8,6 @@ require_relative 'appsec/ext'
|
|
8
8
|
module Datadog
|
9
9
|
# Namespace for Datadog AppSec instrumentation
|
10
10
|
module AppSec
|
11
|
-
include Configuration
|
12
|
-
|
13
11
|
class << self
|
14
12
|
def enabled?
|
15
13
|
Datadog.configuration.appsec.enabled
|
@@ -25,12 +23,12 @@ module Datadog
|
|
25
23
|
appsec_component.processor if appsec_component
|
26
24
|
end
|
27
25
|
|
28
|
-
def reconfigure(ruleset:)
|
26
|
+
def reconfigure(ruleset:, actions:)
|
29
27
|
appsec_component = components.appsec
|
30
28
|
|
31
29
|
return unless appsec_component
|
32
30
|
|
33
|
-
appsec_component.reconfigure(ruleset: ruleset)
|
31
|
+
appsec_component.reconfigure(ruleset: ruleset, actions: actions)
|
34
32
|
end
|
35
33
|
|
36
34
|
def reconfigure_lock(&block)
|
@@ -57,5 +55,6 @@ end
|
|
57
55
|
require_relative 'appsec/contrib/rack/integration'
|
58
56
|
require_relative 'appsec/contrib/sinatra/integration'
|
59
57
|
require_relative 'appsec/contrib/rails/integration'
|
58
|
+
require_relative 'appsec/contrib/devise/integration'
|
60
59
|
|
61
60
|
require_relative 'appsec/autoload'
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Datadog
|
4
|
+
module Core
|
5
|
+
# This module is used to provide features from Ruby 2.5+ to older Rubies
|
6
|
+
module BackportFrom25
|
7
|
+
if ::String.method_defined?(:delete_prefix)
|
8
|
+
def self.string_delete_prefix(string, prefix)
|
9
|
+
string.delete_prefix(prefix)
|
10
|
+
end
|
11
|
+
else
|
12
|
+
def self.string_delete_prefix(string, prefix)
|
13
|
+
prefix = prefix.to_s
|
14
|
+
if string.start_with?(prefix)
|
15
|
+
string[prefix.length..-1] || raise('rbs-guard: String#[] is non-nil as `prefix` is guaranteed present')
|
16
|
+
else
|
17
|
+
string.dup
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
# This module is used to provide features from Ruby 2.4+ to older Rubies
|
24
|
+
module BackportFrom24
|
25
|
+
if RUBY_VERSION < '2.4'
|
26
|
+
def self.dup(value)
|
27
|
+
case value
|
28
|
+
when NilClass, TrueClass, FalseClass, Numeric
|
29
|
+
value
|
30
|
+
else
|
31
|
+
value.dup
|
32
|
+
end
|
33
|
+
end
|
34
|
+
else
|
35
|
+
def self.dup(value)
|
36
|
+
value.dup
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
if ::Hash.method_defined?(:compact!)
|
41
|
+
def self.hash_compact!(hash)
|
42
|
+
hash.compact!
|
43
|
+
end
|
44
|
+
else
|
45
|
+
def self.hash_compact!(hash)
|
46
|
+
hash.reject! { |_key, value| value.nil? }
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|