RubyGems - ddtrace - Versions diffs - 1.16.1 → 1.16.2 - Mend

ddtrace 1.16.1 → 1.16.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -1
data/lib/datadog/appsec/configuration/settings.rb +0 -6
data/lib/datadog/appsec/contrib/rack/gateway/response.rb +0 -46
data/lib/datadog/appsec/contrib/rack/reactive/response.rb +0 -5
data/lib/datadog/appsec/contrib/rack/request_middleware.rb +0 -10
data/lib/datadog/core/configuration/settings.rb +1 -1
data/lib/ddtrace/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a4e85c12caf77e324eee9de8f9ddf143b0e49c3487230ff841ab7a5be05e4c7d
-  data.tar.gz: 44d799e085ae66280177800c136c656085d6f1fc5d32085c2852158c4290ef59
+  metadata.gz: 31833e75aea54c0952a8c9bce646f0e75e304a3d9124f372c022a6bb5c700ea6
+  data.tar.gz: 6c487891f51fb0ef0c196fab1135f20d99417db62d82ee985cac621fb584f00a
 SHA512:
-  metadata.gz: 8c651f6acbdff86fac984f61df4f2322eb449e3355220810a955496c51d33565ddbd6d15f3ca5049f9f0738c93508db9def7c24f046a51d3ef616b6182a1ca4d
-  data.tar.gz: 75fc3aa27da60ec0998087a814f77fe33a4f4c0bcbbda52b647cc00552945e412fa8d7e276d69d470b258da8c204db5186f24118cf4e0dc24bec9c1681ed1c33
+  metadata.gz: d410408162b5ac03f8f80b8a18f5bd1adbcdd70625a45d288bd2f83a38b3b4668514d70ffd57c829d2ecfc9d7c2ac147ed831ccc7f45843ab51676fe501af2be
+  data.tar.gz: a76c4aef579a961e0d588577d42ea23ee2ab28f08fa75d29de2fd422e3e8a5c3543e3ea63ae260ddee054c0b4ffa38c469ece4307abac92d36c08d32a971b3f2

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,13 @@
 ## [Unreleased]
+## [1.16.2] - 2023-11-10
+This release reverts a change to appsec response body parsing that was introduced in [1.16.0 ](https://github.com/DataDog/dd-trace-rb/releases/tag/v1.16.0) that may cause memory leaks.
+### Fixed
+*  Appsec: [Revert parse response body fix introduced in 1.16.0](https://github.com/DataDog/dd-trace-rb/pull/3153) ([#3252][])
 ## [1.16.1] - 2023-11-08
 ### Fixed
@@ -2627,7 +2634,8 @@ Release notes: https://github.com/DataDog/dd-trace-rb/releases/tag/v0.3.1
 Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
-[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v1.16.1...master
+[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v1.16.2...master
+[1.16.2]: https://github.com/DataDog/dd-trace-rb/compare/v1.16.1...v1.16.2
 [1.16.1]: https://github.com/DataDog/dd-trace-rb/compare/v1.16.0...v1.16.1
 [1.16.0]: https://github.com/DataDog/dd-trace-rb/compare/v1.15.0...v1.16.0
 [1.15.0]: https://github.com/DataDog/dd-trace-rb/compare/v1.14.0...v1.15.0
@@ -3841,6 +3849,7 @@ Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
 [#3235]: https://github.com/DataDog/dd-trace-rb/issues/3235
 [#3240]: https://github.com/DataDog/dd-trace-rb/issues/3240
 [#3242]: https://github.com/DataDog/dd-trace-rb/issues/3242
+[#3252]: https://github.com/DataDog/dd-trace-rb/issues/3252
 [@AdrianLC]: https://github.com/AdrianLC
 [@Azure7111]: https://github.com/Azure7111
 [@BabyGroot]: https://github.com/BabyGroot

data/lib/datadog/appsec/configuration/settings.rb CHANGED Viewed

@@ -188,12 +188,6 @@ module Datadog
                   end
                 end
               end
-              option :parse_response_body do |o|
-                o.type :bool
-                o.env 'DD_API_SECURITY_PARSE_RESPONSE_BODY'
-                o.default true
-              end
             end
           end
         end

data/lib/datadog/appsec/contrib/rack/gateway/response.rb CHANGED Viewed

@@ -19,55 +19,9 @@ module Datadog
               @scope = scope
             end
-            def parsed_body
-              return unless Datadog.configuration.appsec.parse_response_body
-              unless body.instance_of?(Array)
-                Datadog.logger.debug do
-                  "Response body type unsupported: #{body.class}"
-                end
-                return
-              end
-              return unless json_content_type?
-              result = ''.dup
-              all_body_parts_are_string = true
-              body.each do |body_part|
-                if body_part.is_a?(String)
-                  result.concat(body_part)
-                else
-                  all_body_parts_are_string = false
-                  break
-                end
-              end
-              return unless all_body_parts_are_string
-              begin
-                JSON.parse(result)
-              rescue JSON::ParserError => e
-                Datadog.logger.debug { "Failed to parse response body. Error #{e.class}. Message #{e.message}" }
-                nil
-              end
-            end
             def response
               @response ||= ::Rack::Response.new(body, status, headers)
             end
-            private
-            VALID_JSON_TYPES = [
-              'application/json',
-              'text/json'
-            ].freeze
-            def json_content_type?
-              content_type = headers['content-type']
-              VALID_JSON_TYPES.include?(content_type)
-            end
           end
         end
       end

data/lib/datadog/appsec/contrib/rack/reactive/response.rb CHANGED Viewed

@@ -10,7 +10,6 @@ module Datadog
             ADDRESSES = [
               'response.status',
               'response.headers',
-              'response.body',
             ].freeze
             private_constant :ADDRESSES
@@ -18,7 +17,6 @@ module Datadog
               catch(:block) do
                 op.publish('response.status', gateway_response.status)
                 op.publish('response.headers', gateway_response.headers)
-                op.publish('response.body', gateway_response.parsed_body)
                 nil
               end
@@ -31,7 +29,6 @@ module Datadog
                 response_status = values[0]
                 response_headers = values[1]
                 response_headers_no_cookies = response_headers.dup.tap { |h| h.delete('set-cookie') }
-                response_body = values[2]
                 waf_args = {
                   'server.response.status' => response_status.to_s,
@@ -39,8 +36,6 @@ module Datadog
                   'server.response.headers.no_cookies' => response_headers_no_cookies,
                 }
-                waf_args['server.response.body'] = response_body if response_body
                 waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)

data/lib/datadog/appsec/contrib/rack/request_middleware.rb CHANGED Viewed

@@ -66,16 +66,6 @@ module Datadog
               request_return = AppSec::Response.negotiate(env, blocked_event.last[:actions]).to_rack if blocked_event
             end
-            if request_return[2].respond_to?(:to_ary)
-              # Following the Rack specification. The response body should only call :each once.
-              # Calling :to_ary returns an array with identical content as the produced when calling :each
-              # replacing request_return[2] with that new value allow us to safely operate on the response body.
-              # On Gateway::Response#parsed_body we might iterate over the reposne body using :each
-              # https://github.com/rack/rack/blob/main/SPEC.rdoc#enumerable-body-
-              consumed_body = request_return[2].to_ary
-              request_return[2] = consumed_body if consumed_body
-            end
             gateway_response = Gateway::Response.new(
               request_return[2],
               request_return[0],

data/lib/datadog/core/configuration/settings.rb CHANGED Viewed

@@ -330,7 +330,7 @@ module Datadog
             # Caveat 3 (severe):
             # Ruby 3.2.0 to 3.2.2 have a bug in the newobj tracepoint (https://bugs.ruby-lang.org/issues/19482,
             # https://github.com/ruby/ruby/pull/7464) so that's an extra reason why it's not safe on those Rubies.
-            # This bug is fixed on Ruby versions 3.2.2 and 3.3.0.
+            # This bug is fixed on Ruby versions 3.2.3 and 3.3.0.
             #
             # @default `true` on Ruby 2.x and 3.1.4+, 3.2.3+ and 3.3.0+; `false` for Ruby 3.0 and unpatched Rubies.
             option :allocation_counting_enabled do |o|

data/lib/ddtrace/version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module DDTrace
   module VERSION
     MAJOR = 1
     MINOR = 16
-    PATCH = 1
+    PATCH = 2
     PRE = nil
     BUILD = nil
     # PRE and BUILD above are modified for dev gems during gem build GHA workflow

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ddtrace
 version: !ruby/object:Gem::Version
-  version: 1.16.1
+  version: 1.16.2
 platform: ruby
 authors:
 - Datadog, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-08 00:00:00.000000000 Z
+date: 2023-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: msgpack
@@ -890,7 +890,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
 summary: Datadog tracing code for your Ruby applications