ddtrace 1.5.0 → 1.5.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +43 -1
  3. data/LICENSE-3rdparty.csv +1 -0
  4. data/lib/datadog/appsec/assets/waf_rules/recommended.json +1169 -275
  5. data/lib/datadog/appsec/assets/waf_rules/risky.json +78 -78
  6. data/lib/datadog/appsec/assets/waf_rules/strict.json +278 -88
  7. data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +25 -18
  8. data/lib/datadog/appsec/contrib/rack/reactive/request.rb +11 -11
  9. data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +11 -11
  10. data/lib/datadog/appsec/contrib/rack/reactive/response.rb +11 -11
  11. data/lib/datadog/appsec/contrib/rack/request.rb +3 -0
  12. data/lib/datadog/appsec/contrib/rack/request_middleware.rb +42 -19
  13. data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +7 -6
  14. data/lib/datadog/appsec/contrib/rails/reactive/action.rb +11 -11
  15. data/lib/datadog/appsec/contrib/rails/request.rb +3 -0
  16. data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +14 -12
  17. data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +11 -11
  18. data/lib/datadog/appsec/event.rb +2 -12
  19. data/lib/datadog/appsec/instrumentation/gateway.rb +16 -2
  20. data/lib/datadog/appsec/processor.rb +18 -2
  21. data/lib/datadog/core/configuration/settings.rb +19 -5
  22. data/lib/datadog/tracing/client_ip.rb +11 -0
  23. data/lib/datadog/tracing/configuration/ext.rb +2 -1
  24. data/lib/datadog/tracing/contrib/rack/middlewares.rb +3 -1
  25. data/lib/datadog/tracing/contrib/utils/quantization/http.rb +14 -6
  26. data/lib/ddtrace/transport/traces.rb +2 -0
  27. data/lib/ddtrace/version.rb +1 -1
  28. metadata +3 -3
@@ -31,7 +31,7 @@ module Datadog
31
31
  def run(*args)
32
32
  start_ns = Core::Utils::Time.get_time(:nanosecond)
33
33
 
34
- ret, res = @context.run(*args)
34
+ _code, res = @context.run(*args)
35
35
 
36
36
  stop_ns = Core::Utils::Time.get_time(:nanosecond)
37
37
 
@@ -39,7 +39,11 @@ module Datadog
39
39
  @time_ext_ns += (stop_ns - start_ns)
40
40
  @timeouts += 1 if res.timeout
41
41
 
42
- [ret, res]
42
+ res
43
+ end
44
+
45
+ def finalize
46
+ @context.finalize
43
47
  end
44
48
  end
45
49
 
@@ -64,6 +68,18 @@ module Datadog
64
68
  Context.new(self)
65
69
  end
66
70
 
71
+ def update_rule_data(data)
72
+ @handle.update_rule_data(data)
73
+ end
74
+
75
+ def toggle_rules(map)
76
+ @handle.toggle_rules(map)
77
+ end
78
+
79
+ def finalize
80
+ @handle.finalize
81
+ end
82
+
67
83
  protected
68
84
 
69
85
  attr_reader :handle
@@ -323,8 +323,8 @@ module Datadog
323
323
 
324
324
  # Parse tags from environment
325
325
  env_to_list(Core::Environment::Ext::ENV_TAGS, comma_separated_only: false).each do |tag|
326
- pair = tag.split(':')
327
- tags[pair.first] = pair.last if pair.length == 2
326
+ key, value = tag.split(':', 2)
327
+ tags[key] = value if value && !value.empty?
328
328
  end
329
329
 
330
330
  # Override tags if defined
@@ -667,13 +667,27 @@ module Datadog
667
667
  # Whether client IP collection is enabled. When enabled client IPs from HTTP requests will
668
668
  # be reported in traces.
669
669
  #
670
+ # Usage of the DD_TRACE_CLIENT_IP_HEADER_DISABLED environment variable is deprecated.
671
+ #
670
672
  # @see https://docs.datadoghq.com/tracing/configure_data_security#configuring-a-client-ip-header
671
673
  #
672
- # @default The negated value of the `DD_TRACE_CLIENT_IP_HEADER_DISABLED` environment
673
- # variable or `true` if it doesn't exist.
674
+ # @default `DD_TRACE_CLIENT_IP_ENABLED` environment variable, otherwise `false`.
674
675
  # @return [Boolean]
675
676
  option :enabled do |o|
676
- o.default { !env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_DISABLED, false) }
677
+ o.default do
678
+ disabled = env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_DISABLED)
679
+
680
+ enabled = if disabled.nil?
681
+ false
682
+ else
683
+ Datadog.logger.warn { "#{Tracing::Configuration::Ext::ClientIp::ENV_DISABLED} environment variable is deprecated, found set to #{disabled}, use #{Tracing::Configuration::Ext::ClientIp::ENV_ENABLED}=#{!disabled}" }
684
+
685
+ !disabled
686
+ end
687
+
688
+ # ENABLED env var takes precedence over deprecated DISABLED
689
+ env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_ENABLED, enabled)
690
+ end
677
691
  o.lazy
678
692
  end
679
693
 
@@ -39,6 +39,17 @@ module Datadog
39
39
  def self.set_client_ip_tag(span, headers: nil, remote_ip: nil)
40
40
  return unless configuration.enabled
41
41
 
42
+ set_client_ip_tag!(span, headers: headers, remote_ip: remote_ip)
43
+ end
44
+
45
+ # Forcefully sets the `http.client_ip` tag on the given span.
46
+ #
47
+ # This function ignores the user's `enabled` setting.
48
+ #
49
+ # @param [Span] span The span that's associated with the request.
50
+ # @param [HeaderCollection, #get, nil] headers A collection with the request headers.
51
+ # @param [String, nil] remote_ip The remote IP the request associated with the span is sent to.
52
+ def self.set_client_ip_tag!(span, headers: nil, remote_ip: nil)
42
53
  result = raw_ip_from_request(headers, remote_ip)
43
54
 
44
55
  if result.raw_ip
@@ -54,7 +54,8 @@ module Datadog
54
54
 
55
55
  # @public_api
56
56
  module ClientIp
57
- ENV_DISABLED = 'DD_TRACE_CLIENT_IP_HEADER_DISABLED'.freeze
57
+ ENV_ENABLED = 'DD_TRACE_CLIENT_IP_ENABLED'.freeze
58
+ ENV_DISABLED = 'DD_TRACE_CLIENT_IP_HEADER_DISABLED'.freeze # TODO: deprecated, remove later
58
59
  ENV_HEADER_NAME = 'DD_TRACE_CLIENT_IP_HEADER'.freeze
59
60
  end
60
61
  end
@@ -268,7 +268,9 @@ module Datadog
268
268
 
269
269
  query_string.empty? ? path : "#{path}?#{query_string}"
270
270
  else
271
- request_uri
271
+ # normally REQUEST_URI starts at the path, but it
272
+ # might contain the full URL in some cases (e.g WEBrick)
273
+ request_uri.sub(/^#{base_url}/, '')
272
274
  end
273
275
 
274
276
  base_url + fullpath
@@ -14,20 +14,28 @@ module Datadog
14
14
 
15
15
  PLACEHOLDER = '?'.freeze
16
16
 
17
+ # taken from Ruby https://github.com/ruby/uri/blob/ffbab83de6d8748c9454414e02db5317609166eb/lib/uri/rfc3986_parser.rb
18
+ # but adjusted to parse only <scheme>://<host>:<port>/ components
19
+ # and stop there, since we don't care about the path, query string,
20
+ # and fragment components
21
+ RFC3986_URL_BASE = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*))(?::(?<port>\d*))?)))(?:\/|\z)/.freeze # rubocop:disable Style/RegexpLiteral, Layout/LineLength
22
+
17
23
  module_function
18
24
 
19
25
  def url(url, options = {})
20
26
  url!(url, options)
21
27
  rescue StandardError
22
- options[:placeholder] || PLACEHOLDER
28
+ placeholder = options[:placeholder] || PLACEHOLDER
29
+
30
+ options[:base] == :exclude ? placeholder : "#{base_url(url)}/#{placeholder}"
23
31
  end
24
32
 
25
33
  def base_url(url, options = {})
26
- URI.parse(url).tap do |uri|
27
- uri.path = ''
28
- uri.query = nil
29
- uri.fragment = nil
30
- end.to_s
34
+ if (m = RFC3986_URL_BASE.match(url))
35
+ m[1]
36
+ else
37
+ ''
38
+ end
31
39
  end
32
40
 
33
41
  def url!(url, options = {})
@@ -101,6 +101,8 @@ module Datadog
101
101
  # Make the trace serializable
102
102
  serializable_trace = SerializableTrace.new(trace)
103
103
 
104
+ Datadog.logger.debug { "Flushing trace: #{JSON.dump(serializable_trace)}" }
105
+
104
106
  # Encode the trace
105
107
  encoder.encode(serializable_trace)
106
108
  end
@@ -4,7 +4,7 @@ module DDTrace
4
4
  module VERSION
5
5
  MAJOR = 1
6
6
  MINOR = 5
7
- PATCH = 0
7
+ PATCH = 2
8
8
  PRE = nil
9
9
 
10
10
  STRING = [MAJOR, MINOR, PATCH, PRE].compact.join('.')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ddtrace
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Datadog, Inc.
@@ -50,14 +50,14 @@ dependencies:
50
50
  requirements:
51
51
  - - "~>"
52
52
  - !ruby/object:Gem::Version
53
- version: 1.3.0.2.0
53
+ version: 1.5.1.0.0
54
54
  type: :runtime
55
55
  prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - "~>"
59
59
  - !ruby/object:Gem::Version
60
- version: 1.3.0.2.0
60
+ version: 1.5.1.0.0
61
61
  - !ruby/object:Gem::Dependency
62
62
  name: libdatadog
63
63
  requirement: !ruby/object:Gem::Requirement