ddtrace 1.5.0 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +43 -1
  3. data/LICENSE-3rdparty.csv +1 -0
  4. data/lib/datadog/appsec/assets/waf_rules/recommended.json +1169 -275
  5. data/lib/datadog/appsec/assets/waf_rules/risky.json +78 -78
  6. data/lib/datadog/appsec/assets/waf_rules/strict.json +278 -88
  7. data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +25 -18
  8. data/lib/datadog/appsec/contrib/rack/reactive/request.rb +11 -11
  9. data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +11 -11
  10. data/lib/datadog/appsec/contrib/rack/reactive/response.rb +11 -11
  11. data/lib/datadog/appsec/contrib/rack/request.rb +3 -0
  12. data/lib/datadog/appsec/contrib/rack/request_middleware.rb +42 -19
  13. data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +7 -6
  14. data/lib/datadog/appsec/contrib/rails/reactive/action.rb +11 -11
  15. data/lib/datadog/appsec/contrib/rails/request.rb +3 -0
  16. data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +14 -12
  17. data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +11 -11
  18. data/lib/datadog/appsec/event.rb +2 -12
  19. data/lib/datadog/appsec/instrumentation/gateway.rb +16 -2
  20. data/lib/datadog/appsec/processor.rb +18 -2
  21. data/lib/datadog/core/configuration/settings.rb +19 -5
  22. data/lib/datadog/tracing/client_ip.rb +11 -0
  23. data/lib/datadog/tracing/configuration/ext.rb +2 -1
  24. data/lib/datadog/tracing/contrib/rack/middlewares.rb +3 -1
  25. data/lib/datadog/tracing/contrib/utils/quantization/http.rb +14 -6
  26. data/lib/ddtrace/transport/traces.rb +2 -0
  27. data/lib/ddtrace/version.rb +1 -1
  28. metadata +3 -3
@@ -31,7 +31,7 @@ module Datadog
31
31
  def run(*args)
32
32
  start_ns = Core::Utils::Time.get_time(:nanosecond)
33
33
 
34
- ret, res = @context.run(*args)
34
+ _code, res = @context.run(*args)
35
35
 
36
36
  stop_ns = Core::Utils::Time.get_time(:nanosecond)
37
37
 
@@ -39,7 +39,11 @@ module Datadog
39
39
  @time_ext_ns += (stop_ns - start_ns)
40
40
  @timeouts += 1 if res.timeout
41
41
 
42
- [ret, res]
42
+ res
43
+ end
44
+
45
+ def finalize
46
+ @context.finalize
43
47
  end
44
48
  end
45
49
 
@@ -64,6 +68,18 @@ module Datadog
64
68
  Context.new(self)
65
69
  end
66
70
 
71
+ def update_rule_data(data)
72
+ @handle.update_rule_data(data)
73
+ end
74
+
75
+ def toggle_rules(map)
76
+ @handle.toggle_rules(map)
77
+ end
78
+
79
+ def finalize
80
+ @handle.finalize
81
+ end
82
+
67
83
  protected
68
84
 
69
85
  attr_reader :handle
@@ -323,8 +323,8 @@ module Datadog
323
323
 
324
324
  # Parse tags from environment
325
325
  env_to_list(Core::Environment::Ext::ENV_TAGS, comma_separated_only: false).each do |tag|
326
- pair = tag.split(':')
327
- tags[pair.first] = pair.last if pair.length == 2
326
+ key, value = tag.split(':', 2)
327
+ tags[key] = value if value && !value.empty?
328
328
  end
329
329
 
330
330
  # Override tags if defined
@@ -667,13 +667,27 @@ module Datadog
667
667
  # Whether client IP collection is enabled. When enabled client IPs from HTTP requests will
668
668
  # be reported in traces.
669
669
  #
670
+ # Usage of the DD_TRACE_CLIENT_IP_HEADER_DISABLED environment variable is deprecated.
671
+ #
670
672
  # @see https://docs.datadoghq.com/tracing/configure_data_security#configuring-a-client-ip-header
671
673
  #
672
- # @default The negated value of the `DD_TRACE_CLIENT_IP_HEADER_DISABLED` environment
673
- # variable or `true` if it doesn't exist.
674
+ # @default `DD_TRACE_CLIENT_IP_ENABLED` environment variable, otherwise `false`.
674
675
  # @return [Boolean]
675
676
  option :enabled do |o|
676
- o.default { !env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_DISABLED, false) }
677
+ o.default do
678
+ disabled = env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_DISABLED)
679
+
680
+ enabled = if disabled.nil?
681
+ false
682
+ else
683
+ Datadog.logger.warn { "#{Tracing::Configuration::Ext::ClientIp::ENV_DISABLED} environment variable is deprecated, found set to #{disabled}, use #{Tracing::Configuration::Ext::ClientIp::ENV_ENABLED}=#{!disabled}" }
684
+
685
+ !disabled
686
+ end
687
+
688
+ # ENABLED env var takes precedence over deprecated DISABLED
689
+ env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_ENABLED, enabled)
690
+ end
677
691
  o.lazy
678
692
  end
679
693
 
@@ -39,6 +39,17 @@ module Datadog
39
39
  def self.set_client_ip_tag(span, headers: nil, remote_ip: nil)
40
40
  return unless configuration.enabled
41
41
 
42
+ set_client_ip_tag!(span, headers: headers, remote_ip: remote_ip)
43
+ end
44
+
45
+ # Forcefully sets the `http.client_ip` tag on the given span.
46
+ #
47
+ # This function ignores the user's `enabled` setting.
48
+ #
49
+ # @param [Span] span The span that's associated with the request.
50
+ # @param [HeaderCollection, #get, nil] headers A collection with the request headers.
51
+ # @param [String, nil] remote_ip The remote IP the request associated with the span is sent to.
52
+ def self.set_client_ip_tag!(span, headers: nil, remote_ip: nil)
42
53
  result = raw_ip_from_request(headers, remote_ip)
43
54
 
44
55
  if result.raw_ip
@@ -54,7 +54,8 @@ module Datadog
54
54
 
55
55
  # @public_api
56
56
  module ClientIp
57
- ENV_DISABLED = 'DD_TRACE_CLIENT_IP_HEADER_DISABLED'.freeze
57
+ ENV_ENABLED = 'DD_TRACE_CLIENT_IP_ENABLED'.freeze
58
+ ENV_DISABLED = 'DD_TRACE_CLIENT_IP_HEADER_DISABLED'.freeze # TODO: deprecated, remove later
58
59
  ENV_HEADER_NAME = 'DD_TRACE_CLIENT_IP_HEADER'.freeze
59
60
  end
60
61
  end
@@ -268,7 +268,9 @@ module Datadog
268
268
 
269
269
  query_string.empty? ? path : "#{path}?#{query_string}"
270
270
  else
271
- request_uri
271
+ # normally REQUEST_URI starts at the path, but it
272
+ # might contain the full URL in some cases (e.g WEBrick)
273
+ request_uri.sub(/^#{base_url}/, '')
272
274
  end
273
275
 
274
276
  base_url + fullpath
@@ -14,20 +14,28 @@ module Datadog
14
14
 
15
15
  PLACEHOLDER = '?'.freeze
16
16
 
17
+ # taken from Ruby https://github.com/ruby/uri/blob/ffbab83de6d8748c9454414e02db5317609166eb/lib/uri/rfc3986_parser.rb
18
+ # but adjusted to parse only <scheme>://<host>:<port>/ components
19
+ # and stop there, since we don't care about the path, query string,
20
+ # and fragment components
21
+ RFC3986_URL_BASE = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*))(?::(?<port>\d*))?)))(?:\/|\z)/.freeze # rubocop:disable Style/RegexpLiteral, Layout/LineLength
22
+
17
23
  module_function
18
24
 
19
25
  def url(url, options = {})
20
26
  url!(url, options)
21
27
  rescue StandardError
22
- options[:placeholder] || PLACEHOLDER
28
+ placeholder = options[:placeholder] || PLACEHOLDER
29
+
30
+ options[:base] == :exclude ? placeholder : "#{base_url(url)}/#{placeholder}"
23
31
  end
24
32
 
25
33
  def base_url(url, options = {})
26
- URI.parse(url).tap do |uri|
27
- uri.path = ''
28
- uri.query = nil
29
- uri.fragment = nil
30
- end.to_s
34
+ if (m = RFC3986_URL_BASE.match(url))
35
+ m[1]
36
+ else
37
+ ''
38
+ end
31
39
  end
32
40
 
33
41
  def url!(url, options = {})
@@ -101,6 +101,8 @@ module Datadog
101
101
  # Make the trace serializable
102
102
  serializable_trace = SerializableTrace.new(trace)
103
103
 
104
+ Datadog.logger.debug { "Flushing trace: #{JSON.dump(serializable_trace)}" }
105
+
104
106
  # Encode the trace
105
107
  encoder.encode(serializable_trace)
106
108
  end
@@ -4,7 +4,7 @@ module DDTrace
4
4
  module VERSION
5
5
  MAJOR = 1
6
6
  MINOR = 5
7
- PATCH = 0
7
+ PATCH = 2
8
8
  PRE = nil
9
9
 
10
10
  STRING = [MAJOR, MINOR, PATCH, PRE].compact.join('.')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ddtrace
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Datadog, Inc.
@@ -50,14 +50,14 @@ dependencies:
50
50
  requirements:
51
51
  - - "~>"
52
52
  - !ruby/object:Gem::Version
53
- version: 1.3.0.2.0
53
+ version: 1.5.1.0.0
54
54
  type: :runtime
55
55
  prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - "~>"
59
59
  - !ruby/object:Gem::Version
60
- version: 1.3.0.2.0
60
+ version: 1.5.1.0.0
61
61
  - !ruby/object:Gem::Dependency
62
62
  name: libdatadog
63
63
  requirement: !ruby/object:Gem::Requirement