ddtrace 1.5.1 → 1.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -1
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +40 -18
- data/lib/datadog/appsec/event.rb +2 -4
- data/lib/datadog/core/configuration/settings.rb +17 -3
- data/lib/datadog/tracing/client_ip.rb +11 -0
- data/lib/datadog/tracing/configuration/ext.rb +2 -1
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +4 -2
- data/lib/ddtrace/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5417d6aa2797b38bfe55167afa723cb2479bd3b7fae3ad3ee16020844084a48e
|
|
4
|
+
data.tar.gz: 3c63a3c9dcce6c180349814da8113ba8e9b6b3334f2a4ab13ceeef4cc006c70c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e82cadb7da0c30c4f22791fab2f1ef356cf33378756673a74fa2dbcf447a25530421f86d809a86dcab5ccd31d332bca5759a589e9dfdaebc47d3b3d8f201c662
|
|
7
|
+
data.tar.gz: b36eafe691e5808bc179e693549e7aa7747d400502d0d21f500dac0129c726a4b433498c6b41896fd3351a382ddede220540d8c0a14b12bf240d320d037ae786
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,20 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased]
|
|
4
4
|
|
|
5
|
+
## [1.5.2] - 2022-10-27
|
|
6
|
+
|
|
7
|
+
### Deprecation notice
|
|
8
|
+
|
|
9
|
+
- `DD_TRACE_CLIENT_IP_HEADER_DISABLED` was changed to `DD_TRACE_CLIENT_IP_ENABLED`. Although the former still works we encourage usage of the latter instead.
|
|
10
|
+
|
|
11
|
+
### Changed
|
|
12
|
+
|
|
13
|
+
- `http.client_ip` tag collection is made opt-in for APM. Note that `http.client_ip` is always collected when ASM is enabled as part of the security service provided ([#2321][], [#2331][])
|
|
14
|
+
|
|
15
|
+
### Fixed
|
|
16
|
+
|
|
17
|
+
- Handle REQUEST_URI with base url ([#2328][], [#2330][])
|
|
18
|
+
|
|
5
19
|
## [1.5.1] - 2022-10-19
|
|
6
20
|
|
|
7
21
|
### Changed
|
|
@@ -2145,7 +2159,8 @@ Release notes: https://github.com/DataDog/dd-trace-rb/releases/tag/v0.3.1
|
|
|
2145
2159
|
|
|
2146
2160
|
Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
|
|
2147
2161
|
|
|
2148
|
-
[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v1.5.
|
|
2162
|
+
[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v1.5.2...master
|
|
2163
|
+
[1.5.2]: https://github.com/DataDog/dd-trace-rb/compare/v1.5.1...v1.5.2
|
|
2149
2164
|
[1.5.1]: https://github.com/DataDog/dd-trace-rb/compare/v1.5.0...v1.5.1
|
|
2150
2165
|
[1.5.0]: https://github.com/DataDog/dd-trace-rb/compare/v1.4.2...v1.5.0
|
|
2151
2166
|
[1.4.1]: https://github.com/DataDog/dd-trace-rb/compare/v1.4.1...v1.4.2
|
|
@@ -3052,6 +3067,10 @@ Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
|
|
|
3052
3067
|
[#2311]: https://github.com/DataDog/dd-trace-rb/issues/2311
|
|
3053
3068
|
[#2318]: https://github.com/DataDog/dd-trace-rb/issues/2318
|
|
3054
3069
|
[#2319]: https://github.com/DataDog/dd-trace-rb/issues/2319
|
|
3070
|
+
[#2321]: https://github.com/DataDog/dd-trace-rb/issues/2321
|
|
3071
|
+
[#2328]: https://github.com/DataDog/dd-trace-rb/issues/2328
|
|
3072
|
+
[#2330]: https://github.com/DataDog/dd-trace-rb/issues/2330
|
|
3073
|
+
[#2331]: https://github.com/DataDog/dd-trace-rb/issues/2331
|
|
3055
3074
|
[@AdrianLC]: https://github.com/AdrianLC
|
|
3056
3075
|
[@Azure7111]: https://github.com/Azure7111
|
|
3057
3076
|
[@BabyGroot]: https://github.com/BabyGroot
|
|
@@ -6,6 +6,9 @@ require_relative '../../instrumentation/gateway'
|
|
|
6
6
|
require_relative '../../processor'
|
|
7
7
|
require_relative '../../assets'
|
|
8
8
|
|
|
9
|
+
require_relative '../../../tracing/client_ip'
|
|
10
|
+
require_relative '../../../tracing/contrib/rack/header_collection'
|
|
11
|
+
|
|
9
12
|
module Datadog
|
|
10
13
|
module AppSec
|
|
11
14
|
module Contrib
|
|
@@ -30,7 +33,7 @@ module Datadog
|
|
|
30
33
|
env['datadog.waf.context'] = context
|
|
31
34
|
request = ::Rack::Request.new(env)
|
|
32
35
|
|
|
33
|
-
add_appsec_tags
|
|
36
|
+
add_appsec_tags(active_trace, active_span, env)
|
|
34
37
|
|
|
35
38
|
request_return, request_response = Instrumentation.gateway.push('rack.request', request) do
|
|
36
39
|
@app.call(env)
|
|
@@ -56,7 +59,7 @@ module Datadog
|
|
|
56
59
|
|
|
57
60
|
request_return
|
|
58
61
|
ensure
|
|
59
|
-
add_waf_runtime_tags(context) if context
|
|
62
|
+
add_waf_runtime_tags(active_trace, context) if context
|
|
60
63
|
context.finalize if context
|
|
61
64
|
end
|
|
62
65
|
|
|
@@ -70,41 +73,60 @@ module Datadog
|
|
|
70
73
|
Datadog::Tracing.active_trace
|
|
71
74
|
end
|
|
72
75
|
|
|
73
|
-
def
|
|
74
|
-
|
|
76
|
+
def active_span
|
|
77
|
+
# TODO: factor out tracing availability detection
|
|
78
|
+
|
|
79
|
+
return unless defined?(Datadog::Tracing)
|
|
80
|
+
|
|
81
|
+
Datadog::Tracing.active_span
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
def add_appsec_tags(trace, span, env)
|
|
85
|
+
return unless trace
|
|
86
|
+
|
|
87
|
+
trace.set_tag('_dd.appsec.enabled', 1)
|
|
88
|
+
trace.set_tag('_dd.runtime_family', 'ruby')
|
|
89
|
+
trace.set_tag('_dd.appsec.waf.version', Datadog::AppSec::WAF::VERSION::BASE_STRING)
|
|
75
90
|
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
91
|
+
if span && span.get_tag(Tracing::Metadata::Ext::HTTP::TAG_CLIENT_IP).nil?
|
|
92
|
+
request_header_collection = Datadog::Tracing::Contrib::Rack::Header::RequestHeaderCollection.new(env)
|
|
93
|
+
|
|
94
|
+
# always collect client ip, as this is part of AppSec provided functionality
|
|
95
|
+
Datadog::Tracing::ClientIp.set_client_ip_tag!(
|
|
96
|
+
span,
|
|
97
|
+
headers: request_header_collection,
|
|
98
|
+
remote_ip: env['REMOTE_ADDR']
|
|
99
|
+
)
|
|
100
|
+
end
|
|
79
101
|
|
|
80
102
|
if @processor.ruleset_info
|
|
81
|
-
|
|
103
|
+
trace.set_tag('_dd.appsec.event_rules.version', @processor.ruleset_info[:version])
|
|
82
104
|
|
|
83
105
|
unless @oneshot_tags_sent
|
|
84
106
|
# Small race condition, but it's inoccuous: worst case the tags
|
|
85
107
|
# are sent a couple of times more than expected
|
|
86
108
|
@oneshot_tags_sent = true
|
|
87
109
|
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
110
|
+
trace.set_tag('_dd.appsec.event_rules.loaded', @processor.ruleset_info[:loaded].to_f)
|
|
111
|
+
trace.set_tag('_dd.appsec.event_rules.error_count', @processor.ruleset_info[:failed].to_f)
|
|
112
|
+
trace.set_tag('_dd.appsec.event_rules.errors', JSON.dump(@processor.ruleset_info[:errors]))
|
|
113
|
+
trace.set_tag('_dd.appsec.event_rules.addresses', JSON.dump(@processor.addresses))
|
|
92
114
|
|
|
93
115
|
# Ensure these tags reach the backend
|
|
94
|
-
|
|
116
|
+
trace.keep!
|
|
95
117
|
end
|
|
96
118
|
end
|
|
97
119
|
end
|
|
98
120
|
|
|
99
|
-
def add_waf_runtime_tags(context)
|
|
100
|
-
return unless
|
|
121
|
+
def add_waf_runtime_tags(trace, context)
|
|
122
|
+
return unless trace
|
|
101
123
|
return unless context
|
|
102
124
|
|
|
103
|
-
|
|
125
|
+
trace.set_tag('_dd.appsec.waf.timeouts', context.timeouts)
|
|
104
126
|
|
|
105
127
|
# these tags expect time in us
|
|
106
|
-
|
|
107
|
-
|
|
128
|
+
trace.set_tag('_dd.appsec.waf.duration', context.time_ns / 1000.0)
|
|
129
|
+
trace.set_tag('_dd.appsec.waf.duration_ext', context.time_ext_ns / 1000.0)
|
|
108
130
|
end
|
|
109
131
|
end
|
|
110
132
|
end
|
data/lib/datadog/appsec/event.rb
CHANGED
|
@@ -51,7 +51,7 @@ module Datadog
|
|
|
51
51
|
end
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
-
def self.record_via_span(*events)
|
|
54
|
+
def self.record_via_span(*events) # rubocop:disable Metrics/AbcSize
|
|
55
55
|
events.group_by { |e| e[:trace] }.each do |trace, event_group|
|
|
56
56
|
unless trace
|
|
57
57
|
Datadog.logger.debug { "{ error: 'no trace: cannot record', event_group: #{event_group.inspect}}" }
|
|
@@ -75,9 +75,7 @@ module Datadog
|
|
|
75
75
|
|
|
76
76
|
tags['http.host'] = request.host
|
|
77
77
|
tags['http.useragent'] = request.user_agent
|
|
78
|
-
tags['network.client.ip'] = request.
|
|
79
|
-
|
|
80
|
-
# tags['actor.ip'] = request.ip # TODO: uses client IP resolution algorithm
|
|
78
|
+
tags['network.client.ip'] = request.env['REMOTE_ADDR'] if request.env['REMOTE_ADDR']
|
|
81
79
|
end
|
|
82
80
|
|
|
83
81
|
if (response = event[:response])
|
|
@@ -667,13 +667,27 @@ module Datadog
|
|
|
667
667
|
# Whether client IP collection is enabled. When enabled client IPs from HTTP requests will
|
|
668
668
|
# be reported in traces.
|
|
669
669
|
#
|
|
670
|
+
# Usage of the DD_TRACE_CLIENT_IP_HEADER_DISABLED environment variable is deprecated.
|
|
671
|
+
#
|
|
670
672
|
# @see https://docs.datadoghq.com/tracing/configure_data_security#configuring-a-client-ip-header
|
|
671
673
|
#
|
|
672
|
-
# @default
|
|
673
|
-
# variable or `true` if it doesn't exist.
|
|
674
|
+
# @default `DD_TRACE_CLIENT_IP_ENABLED` environment variable, otherwise `false`.
|
|
674
675
|
# @return [Boolean]
|
|
675
676
|
option :enabled do |o|
|
|
676
|
-
o.default
|
|
677
|
+
o.default do
|
|
678
|
+
disabled = env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_DISABLED)
|
|
679
|
+
|
|
680
|
+
enabled = if disabled.nil?
|
|
681
|
+
false
|
|
682
|
+
else
|
|
683
|
+
Datadog.logger.warn { "#{Tracing::Configuration::Ext::ClientIp::ENV_DISABLED} environment variable is deprecated, found set to #{disabled}, use #{Tracing::Configuration::Ext::ClientIp::ENV_ENABLED}=#{!disabled}" }
|
|
684
|
+
|
|
685
|
+
!disabled
|
|
686
|
+
end
|
|
687
|
+
|
|
688
|
+
# ENABLED env var takes precedence over deprecated DISABLED
|
|
689
|
+
env_to_bool(Tracing::Configuration::Ext::ClientIp::ENV_ENABLED, enabled)
|
|
690
|
+
end
|
|
677
691
|
o.lazy
|
|
678
692
|
end
|
|
679
693
|
|
|
@@ -39,6 +39,17 @@ module Datadog
|
|
|
39
39
|
def self.set_client_ip_tag(span, headers: nil, remote_ip: nil)
|
|
40
40
|
return unless configuration.enabled
|
|
41
41
|
|
|
42
|
+
set_client_ip_tag!(span, headers: headers, remote_ip: remote_ip)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
# Forcefully sets the `http.client_ip` tag on the given span.
|
|
46
|
+
#
|
|
47
|
+
# This function ignores the user's `enabled` setting.
|
|
48
|
+
#
|
|
49
|
+
# @param [Span] span The span that's associated with the request.
|
|
50
|
+
# @param [HeaderCollection, #get, nil] headers A collection with the request headers.
|
|
51
|
+
# @param [String, nil] remote_ip The remote IP the request associated with the span is sent to.
|
|
52
|
+
def self.set_client_ip_tag!(span, headers: nil, remote_ip: nil)
|
|
42
53
|
result = raw_ip_from_request(headers, remote_ip)
|
|
43
54
|
|
|
44
55
|
if result.raw_ip
|
|
@@ -54,7 +54,8 @@ module Datadog
|
|
|
54
54
|
|
|
55
55
|
# @public_api
|
|
56
56
|
module ClientIp
|
|
57
|
-
|
|
57
|
+
ENV_ENABLED = 'DD_TRACE_CLIENT_IP_ENABLED'.freeze
|
|
58
|
+
ENV_DISABLED = 'DD_TRACE_CLIENT_IP_HEADER_DISABLED'.freeze # TODO: deprecated, remove later
|
|
58
59
|
ENV_HEADER_NAME = 'DD_TRACE_CLIENT_IP_HEADER'.freeze
|
|
59
60
|
end
|
|
60
61
|
end
|
|
@@ -268,10 +268,12 @@ module Datadog
|
|
|
268
268
|
|
|
269
269
|
query_string.empty? ? path : "#{path}?#{query_string}"
|
|
270
270
|
else
|
|
271
|
-
|
|
271
|
+
# normally REQUEST_URI starts at the path, but it
|
|
272
|
+
# might contain the full URL in some cases (e.g WEBrick)
|
|
273
|
+
request_uri.sub(/^#{base_url}/, '')
|
|
272
274
|
end
|
|
273
275
|
|
|
274
|
-
|
|
276
|
+
base_url + fullpath
|
|
275
277
|
end
|
|
276
278
|
|
|
277
279
|
def parse_user_agent_header(headers)
|
data/lib/ddtrace/version.rb
CHANGED