ddtrace 1.5.0 → 1.5.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +43 -1
- data/LICENSE-3rdparty.csv +1 -0
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +1169 -275
- data/lib/datadog/appsec/assets/waf_rules/risky.json +78 -78
- data/lib/datadog/appsec/assets/waf_rules/strict.json +278 -88
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +25 -18
- data/lib/datadog/appsec/contrib/rack/reactive/request.rb +11 -11
- data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +11 -11
- data/lib/datadog/appsec/contrib/rack/reactive/response.rb +11 -11
- data/lib/datadog/appsec/contrib/rack/request.rb +3 -0
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +42 -19
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +7 -6
- data/lib/datadog/appsec/contrib/rails/reactive/action.rb +11 -11
- data/lib/datadog/appsec/contrib/rails/request.rb +3 -0
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +14 -12
- data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +11 -11
- data/lib/datadog/appsec/event.rb +2 -12
- data/lib/datadog/appsec/instrumentation/gateway.rb +16 -2
- data/lib/datadog/appsec/processor.rb +18 -2
- data/lib/datadog/core/configuration/settings.rb +19 -5
- data/lib/datadog/tracing/client_ip.rb +11 -0
- data/lib/datadog/tracing/configuration/ext.rb +2 -1
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +3 -1
- data/lib/datadog/tracing/contrib/utils/quantization/http.rb +14 -6
- data/lib/ddtrace/transport/traces.rb +2 -0
- data/lib/ddtrace/version.rb +1 -1
- metadata +3 -3
@@ -31,7 +31,7 @@ module Datadog
|
|
31
31
|
def run(*args)
|
32
32
|
start_ns = Core::Utils::Time.get_time(:nanosecond)
|
33
33
|
|
34
|
-
|
34
|
+
_code, res = @context.run(*args)
|
35
35
|
|
36
36
|
stop_ns = Core::Utils::Time.get_time(:nanosecond)
|
37
37
|
|
@@ -39,7 +39,11 @@ module Datadog
|
|
39
39
|
@time_ext_ns += (stop_ns - start_ns)
|
40
40
|
@timeouts += 1 if res.timeout
|
41
41
|
|
42
|
-
|
42
|
+
res
|
43
|
+
end
|
44
|
+
|
45
|
+
def finalize
|
46
|
+
@context.finalize
|
43
47
|
end
|
44
48
|
end
|
45
49
|
|
@@ -64,6 +68,18 @@ module Datadog
|
|
64
68
|
Context.new(self)
|
65
69
|
end
|
66
70
|
|
71
|
+
def update_rule_data(data)
|
72
|
+
@handle.update_rule_data(data)
|
73
|
+
end
|
74
|
+
|
75
|
+
def toggle_rules(map)
|
76
|
+
@handle.toggle_rules(map)
|
77
|
+
end
|
78
|
+
|
79
|
+
def finalize
|
80
|
+
@handle.finalize
|
81
|
+
end
|
82
|
+
|
67
83
|
protected
|
68
84
|
|
69
85
|
attr_reader :handle
|
@@ -323,8 +323,8 @@ module Datadog
|
|
323
323
|
|
324
324
|
# Parse tags from environment
|
325
325
|
env_to_list(Core::Environment::Ext::ENV_TAGS, comma_separated_only: false).each do |tag|
|
326
|
-
|
327
|
-
tags[
|
326
|
+
key, value = tag.split(':', 2)
|
327
|
+
tags[key] = value if value && !value.empty?
|
328
328
|
end
|
329
329
|
|
330
330
|
# Override tags if defined
|
@@ -667,13 +667,27 @@ module Datadog
|
|
667
667
|
# Whether client IP collection is enabled. When enabled client IPs from HTTP requests will
|
668
668
|
# be reported in traces.
|
669
669
|
#
|
670
|
+
# Usage of the DD_TRACE_CLIENT_IP_HEADER_DISABLED environment variable is deprecated.
|
671
|
+
#
|
670
672
|
# @see https://docs.datadoghq.com/tracing/configure_data_security#configuring-a-client-ip-header
|
671
673
|
#
|
672
|
-
# @default
|
673
|
-
# variable or `true` if it doesn't exist.
|
674
|
+
# @default `DD_TRACE_CLIENT_IP_ENABLED` environment variable, otherwise `false`.
|
674
675
|
# @return [Boolean]
|
675
676
|
option :enabled do |o|
|
676
|
-
o.default
|
677
|
+
o.default do
|
678
|
+
disabled = env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_DISABLED)
|
679
|
+
|
680
|
+
enabled = if disabled.nil?
|
681
|
+
false
|
682
|
+
else
|
683
|
+
Datadog.logger.warn { "#{Tracing::Configuration::Ext::ClientIp::ENV_DISABLED} environment variable is deprecated, found set to #{disabled}, use #{Tracing::Configuration::Ext::ClientIp::ENV_ENABLED}=#{!disabled}" }
|
684
|
+
|
685
|
+
!disabled
|
686
|
+
end
|
687
|
+
|
688
|
+
# ENABLED env var takes precedence over deprecated DISABLED
|
689
|
+
env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_ENABLED, enabled)
|
690
|
+
end
|
677
691
|
o.lazy
|
678
692
|
end
|
679
693
|
|
@@ -39,6 +39,17 @@ module Datadog
|
|
39
39
|
def self.set_client_ip_tag(span, headers: nil, remote_ip: nil)
|
40
40
|
return unless configuration.enabled
|
41
41
|
|
42
|
+
set_client_ip_tag!(span, headers: headers, remote_ip: remote_ip)
|
43
|
+
end
|
44
|
+
|
45
|
+
# Forcefully sets the `http.client_ip` tag on the given span.
|
46
|
+
#
|
47
|
+
# This function ignores the user's `enabled` setting.
|
48
|
+
#
|
49
|
+
# @param [Span] span The span that's associated with the request.
|
50
|
+
# @param [HeaderCollection, #get, nil] headers A collection with the request headers.
|
51
|
+
# @param [String, nil] remote_ip The remote IP the request associated with the span is sent to.
|
52
|
+
def self.set_client_ip_tag!(span, headers: nil, remote_ip: nil)
|
42
53
|
result = raw_ip_from_request(headers, remote_ip)
|
43
54
|
|
44
55
|
if result.raw_ip
|
@@ -54,7 +54,8 @@ module Datadog
|
|
54
54
|
|
55
55
|
# @public_api
|
56
56
|
module ClientIp
|
57
|
-
|
57
|
+
ENV_ENABLED = 'DD_TRACE_CLIENT_IP_ENABLED'.freeze
|
58
|
+
ENV_DISABLED = 'DD_TRACE_CLIENT_IP_HEADER_DISABLED'.freeze # TODO: deprecated, remove later
|
58
59
|
ENV_HEADER_NAME = 'DD_TRACE_CLIENT_IP_HEADER'.freeze
|
59
60
|
end
|
60
61
|
end
|
@@ -268,7 +268,9 @@ module Datadog
|
|
268
268
|
|
269
269
|
query_string.empty? ? path : "#{path}?#{query_string}"
|
270
270
|
else
|
271
|
-
|
271
|
+
# normally REQUEST_URI starts at the path, but it
|
272
|
+
# might contain the full URL in some cases (e.g WEBrick)
|
273
|
+
request_uri.sub(/^#{base_url}/, '')
|
272
274
|
end
|
273
275
|
|
274
276
|
base_url + fullpath
|
@@ -14,20 +14,28 @@ module Datadog
|
|
14
14
|
|
15
15
|
PLACEHOLDER = '?'.freeze
|
16
16
|
|
17
|
+
# taken from Ruby https://github.com/ruby/uri/blob/ffbab83de6d8748c9454414e02db5317609166eb/lib/uri/rfc3986_parser.rb
|
18
|
+
# but adjusted to parse only <scheme>://<host>:<port>/ components
|
19
|
+
# and stop there, since we don't care about the path, query string,
|
20
|
+
# and fragment components
|
21
|
+
RFC3986_URL_BASE = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*))(?::(?<port>\d*))?)))(?:\/|\z)/.freeze # rubocop:disable Style/RegexpLiteral, Layout/LineLength
|
22
|
+
|
17
23
|
module_function
|
18
24
|
|
19
25
|
def url(url, options = {})
|
20
26
|
url!(url, options)
|
21
27
|
rescue StandardError
|
22
|
-
options[:placeholder] || PLACEHOLDER
|
28
|
+
placeholder = options[:placeholder] || PLACEHOLDER
|
29
|
+
|
30
|
+
options[:base] == :exclude ? placeholder : "#{base_url(url)}/#{placeholder}"
|
23
31
|
end
|
24
32
|
|
25
33
|
def base_url(url, options = {})
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
end
|
34
|
+
if (m = RFC3986_URL_BASE.match(url))
|
35
|
+
m[1]
|
36
|
+
else
|
37
|
+
''
|
38
|
+
end
|
31
39
|
end
|
32
40
|
|
33
41
|
def url!(url, options = {})
|
@@ -101,6 +101,8 @@ module Datadog
|
|
101
101
|
# Make the trace serializable
|
102
102
|
serializable_trace = SerializableTrace.new(trace)
|
103
103
|
|
104
|
+
Datadog.logger.debug { "Flushing trace: #{JSON.dump(serializable_trace)}" }
|
105
|
+
|
104
106
|
# Encode the trace
|
105
107
|
encoder.encode(serializable_trace)
|
106
108
|
end
|
data/lib/ddtrace/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ddtrace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.5.
|
4
|
+
version: 1.5.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Datadog, Inc.
|
@@ -50,14 +50,14 @@ dependencies:
|
|
50
50
|
requirements:
|
51
51
|
- - "~>"
|
52
52
|
- !ruby/object:Gem::Version
|
53
|
-
version: 1.
|
53
|
+
version: 1.5.1.0.0
|
54
54
|
type: :runtime
|
55
55
|
prerelease: false
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
57
|
requirements:
|
58
58
|
- - "~>"
|
59
59
|
- !ruby/object:Gem::Version
|
60
|
-
version: 1.
|
60
|
+
version: 1.5.1.0.0
|
61
61
|
- !ruby/object:Gem::Dependency
|
62
62
|
name: libdatadog
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|