ddtrace 1.7.0 → 1.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +100 -1
- data/README.md +2 -2
- data/ext/ddtrace_profiling_loader/extconf.rb +4 -1
- data/ext/ddtrace_profiling_native_extension/NativeExtensionDesign.md +1 -1
- data/ext/ddtrace_profiling_native_extension/clock_id_from_pthread.c +3 -2
- data/ext/ddtrace_profiling_native_extension/collectors_cpu_and_wall_time.c +24 -50
- data/ext/ddtrace_profiling_native_extension/collectors_cpu_and_wall_time.h +1 -1
- data/ext/ddtrace_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +284 -74
- data/ext/ddtrace_profiling_native_extension/collectors_dynamic_sampling_rate.c +142 -0
- data/ext/ddtrace_profiling_native_extension/collectors_dynamic_sampling_rate.h +14 -0
- data/ext/ddtrace_profiling_native_extension/collectors_idle_sampling_helper.c +241 -0
- data/ext/ddtrace_profiling_native_extension/collectors_idle_sampling_helper.h +3 -0
- data/ext/ddtrace_profiling_native_extension/collectors_stack.c +32 -32
- data/ext/ddtrace_profiling_native_extension/collectors_stack.h +2 -2
- data/ext/ddtrace_profiling_native_extension/extconf.rb +21 -7
- data/ext/ddtrace_profiling_native_extension/helpers.h +5 -0
- data/ext/ddtrace_profiling_native_extension/http_transport.c +50 -49
- data/ext/ddtrace_profiling_native_extension/libdatadog_helpers.h +5 -1
- data/ext/ddtrace_profiling_native_extension/native_extension_helpers.rb +42 -12
- data/ext/ddtrace_profiling_native_extension/private_vm_api_access.c +116 -22
- data/ext/ddtrace_profiling_native_extension/private_vm_api_access.h +9 -0
- data/ext/ddtrace_profiling_native_extension/profiling.c +205 -0
- data/ext/ddtrace_profiling_native_extension/ruby_helpers.c +86 -0
- data/ext/ddtrace_profiling_native_extension/ruby_helpers.h +28 -6
- data/ext/ddtrace_profiling_native_extension/setup_signal_handler.c +23 -4
- data/ext/ddtrace_profiling_native_extension/setup_signal_handler.h +4 -0
- data/ext/ddtrace_profiling_native_extension/stack_recorder.c +47 -50
- data/ext/ddtrace_profiling_native_extension/stack_recorder.h +4 -4
- data/ext/ddtrace_profiling_native_extension/time_helpers.c +17 -0
- data/ext/ddtrace_profiling_native_extension/time_helpers.h +10 -0
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +75 -8
- data/lib/datadog/appsec/assets/waf_rules/risky.json +1 -1
- data/lib/datadog/appsec/assets/waf_rules/strict.json +1 -1
- data/lib/datadog/appsec/assets.rb +1 -1
- data/lib/datadog/appsec/configuration/settings.rb +35 -22
- data/lib/datadog/appsec/configuration.rb +4 -2
- data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
- data/lib/datadog/appsec/contrib/configuration/settings.rb +1 -1
- data/lib/datadog/appsec/contrib/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/patcher.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/configuration/settings.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/ext.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/reactive/request.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/reactive/response.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/request.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/response.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/configuration/settings.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/ext.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/framework.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/reactive/action.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/request.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/request_middleware.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/configuration/settings.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/ext.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/framework.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/request_middleware.rb +1 -1
- data/lib/datadog/appsec/event.rb +1 -1
- data/lib/datadog/appsec/extensions.rb +36 -26
- data/lib/datadog/appsec/instrumentation/gateway.rb +3 -3
- data/lib/datadog/appsec/processor.rb +15 -19
- data/lib/datadog/appsec/rate_limiter.rb +1 -1
- data/lib/datadog/appsec/reactive/address_hash.rb +1 -1
- data/lib/datadog/appsec/reactive/engine.rb +1 -1
- data/lib/datadog/appsec/reactive/operation.rb +2 -2
- data/lib/datadog/appsec/reactive/subscriber.rb +1 -1
- data/lib/datadog/appsec/response.rb +18 -9
- data/lib/datadog/appsec/utils/http/media_range.rb +201 -0
- data/lib/datadog/appsec/utils/http/media_type.rb +87 -0
- data/lib/datadog/appsec/utils/http.rb +9 -0
- data/lib/datadog/appsec/utils.rb +7 -0
- data/lib/datadog/appsec.rb +1 -1
- data/lib/datadog/ci/ext/environment.rb +57 -13
- data/lib/datadog/core/configuration/agent_settings_resolver.rb +2 -2
- data/lib/datadog/core/configuration/base.rb +3 -0
- data/lib/datadog/core/configuration/components.rb +27 -6
- data/lib/datadog/core/configuration/ext.rb +26 -0
- data/lib/datadog/core/configuration/option_definition.rb +11 -2
- data/lib/datadog/core/configuration/settings.rb +16 -341
- data/lib/datadog/core/diagnostics/environment_logger.rb +4 -3
- data/lib/datadog/core/diagnostics/health.rb +4 -22
- data/lib/datadog/core/environment/variable_helpers.rb +58 -10
- data/lib/datadog/core/metrics/client.rb +3 -2
- data/lib/datadog/core/metrics/ext.rb +0 -2
- data/lib/datadog/core/telemetry/collector.rb +1 -0
- data/lib/datadog/core/utils.rb +0 -21
- data/lib/datadog/core.rb +21 -1
- data/lib/datadog/kit/appsec/events.rb +75 -0
- data/lib/datadog/kit/enable_core_dumps.rb +1 -0
- data/lib/datadog/kit/identity.rb +8 -7
- data/lib/datadog/opentelemetry/api/context.rb +187 -0
- data/lib/datadog/opentelemetry/api/trace/span.rb +15 -0
- data/lib/datadog/opentelemetry/sdk/configurator.rb +38 -0
- data/lib/datadog/opentelemetry/sdk/id_generator.rb +27 -0
- data/lib/datadog/opentelemetry/sdk/propagator.rb +91 -0
- data/lib/datadog/opentelemetry/sdk/span_processor.rb +92 -0
- data/lib/datadog/opentelemetry.rb +48 -0
- data/lib/datadog/opentracer/distributed_headers.rb +2 -2
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +16 -5
- data/lib/datadog/profiling/collectors/dynamic_sampling_rate.rb +14 -0
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +68 -0
- data/lib/datadog/profiling/stack_recorder.rb +14 -0
- data/lib/datadog/profiling.rb +2 -0
- data/lib/datadog/tracing/configuration/ext.rb +33 -4
- data/lib/datadog/tracing/configuration/settings.rb +433 -0
- data/lib/datadog/tracing/contrib/aws/configuration/settings.rb +4 -1
- data/lib/datadog/tracing/contrib/aws/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/dalli/configuration/settings.rb +4 -1
- data/lib/datadog/tracing/contrib/dalli/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +5 -1
- data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/ethon/configuration/settings.rb +6 -1
- data/lib/datadog/tracing/contrib/ethon/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/excon/configuration/settings.rb +5 -1
- data/lib/datadog/tracing/contrib/excon/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/faraday/configuration/settings.rb +5 -1
- data/lib/datadog/tracing/contrib/faraday/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/grpc/configuration/settings.rb +6 -1
- data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +9 -4
- data/lib/datadog/tracing/contrib/grpc/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/http/configuration/settings.rb +11 -1
- data/lib/datadog/tracing/contrib/http/distributed/fetcher.rb +10 -3
- data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +9 -4
- data/lib/datadog/tracing/contrib/http/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +3 -6
- data/lib/datadog/tracing/contrib/httpclient/configuration/settings.rb +11 -1
- data/lib/datadog/tracing/contrib/httpclient/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +3 -4
- data/lib/datadog/tracing/contrib/httprb/configuration/settings.rb +11 -1
- data/lib/datadog/tracing/contrib/httprb/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +3 -4
- data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +5 -1
- data/lib/datadog/tracing/contrib/mongodb/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/mysql2/configuration/settings.rb +4 -1
- data/lib/datadog/tracing/contrib/mysql2/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +2 -2
- data/lib/datadog/tracing/contrib/patcher.rb +3 -2
- data/lib/datadog/tracing/contrib/pg/configuration/settings.rb +4 -1
- data/lib/datadog/tracing/contrib/pg/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/pg/instrumentation.rb +56 -33
- data/lib/datadog/tracing/contrib/presto/configuration/settings.rb +4 -1
- data/lib/datadog/tracing/contrib/presto/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/propagation/sql_comment/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +10 -12
- data/lib/datadog/tracing/contrib/redis/configuration/settings.rb +4 -1
- data/lib/datadog/tracing/contrib/redis/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/redis/instrumentation.rb +30 -23
- data/lib/datadog/tracing/contrib/redis/integration.rb +34 -2
- data/lib/datadog/tracing/contrib/redis/patcher.rb +18 -14
- data/lib/datadog/tracing/contrib/redis/quantize.rb +12 -9
- data/lib/datadog/tracing/contrib/redis/tags.rb +4 -6
- data/lib/datadog/tracing/contrib/redis/trace_middleware.rb +72 -0
- data/lib/datadog/tracing/contrib/rest_client/configuration/settings.rb +6 -1
- data/lib/datadog/tracing/contrib/rest_client/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/stripe/configuration/settings.rb +33 -0
- data/lib/datadog/tracing/contrib/stripe/ext.rb +26 -0
- data/lib/datadog/tracing/contrib/stripe/integration.rb +43 -0
- data/lib/datadog/tracing/contrib/stripe/patcher.rb +29 -0
- data/lib/datadog/tracing/contrib/stripe/request.rb +67 -0
- data/lib/datadog/tracing/contrib.rb +1 -0
- data/lib/datadog/{core → tracing}/diagnostics/ext.rb +1 -6
- data/lib/datadog/tracing/diagnostics/health.rb +40 -0
- data/lib/datadog/tracing/distributed/{b3.rb → b3_multi.rb} +2 -2
- data/lib/datadog/tracing/distributed/helpers.rb +2 -1
- data/lib/datadog/tracing/distributed/none.rb +19 -0
- data/lib/datadog/tracing/distributed/trace_context.rb +378 -0
- data/lib/datadog/tracing/metadata/ext.rb +1 -1
- data/lib/datadog/tracing/metadata/tagging.rb +6 -0
- data/lib/datadog/tracing/sampling/priority_sampler.rb +11 -0
- data/lib/datadog/tracing/sampling/rate_sampler.rb +3 -3
- data/lib/datadog/tracing/span.rb +3 -19
- data/lib/datadog/tracing/span_operation.rb +5 -4
- data/lib/datadog/tracing/trace_digest.rb +85 -2
- data/lib/datadog/tracing/trace_operation.rb +13 -4
- data/lib/datadog/tracing/utils.rb +50 -0
- data/lib/ddtrace/version.rb +1 -1
- metadata +41 -9
@@ -7,7 +7,7 @@
|
|
7
7
|
#include "libdatadog_helpers.h"
|
8
8
|
#include "ruby_helpers.h"
|
9
9
|
|
10
|
-
// Used to wrap a
|
10
|
+
// Used to wrap a ddog_prof_Profile in a Ruby object and expose Ruby-level serialization APIs
|
11
11
|
// This file implements the native bits of the Datadog::Profiling::StackRecorder class
|
12
12
|
|
13
13
|
// ---
|
@@ -24,7 +24,7 @@
|
|
24
24
|
// 2. The thread that serializes and reports profiles, let's call it the **serializer thread**. We enforce that there
|
25
25
|
// cannot be more than one thread attempting to serialize profiles at a time.
|
26
26
|
//
|
27
|
-
// If both the sampler and serializer threads are trying to access the same `
|
27
|
+
// If both the sampler and serializer threads are trying to access the same `ddog_prof_Profile` in parallel, we will
|
28
28
|
// have a concurrency issue. Thus, the StackRecorder has an added mechanism to avoid this.
|
29
29
|
//
|
30
30
|
// As an additional constraint, the **sampler thread** has absolute priority and must never block while
|
@@ -32,7 +32,7 @@
|
|
32
32
|
//
|
33
33
|
// ### The solution: Keep two profiles at the same time
|
34
34
|
//
|
35
|
-
// To solve for the constraints above, the StackRecorder keeps two `
|
35
|
+
// To solve for the constraints above, the StackRecorder keeps two `ddog_prof_Profile` profile instances inside itself.
|
36
36
|
// They are called the `slot_one_profile` and `slot_two_profile`.
|
37
37
|
//
|
38
38
|
// Each profile is paired with its own mutex. `slot_one_profile` is protected by `slot_one_mutex` and `slot_two_profile`
|
@@ -135,10 +135,10 @@ static VALUE stack_recorder_class = Qnil;
|
|
135
135
|
// Contains native state for each instance
|
136
136
|
struct stack_recorder_state {
|
137
137
|
pthread_mutex_t slot_one_mutex;
|
138
|
-
|
138
|
+
ddog_prof_Profile *slot_one_profile;
|
139
139
|
|
140
140
|
pthread_mutex_t slot_two_mutex;
|
141
|
-
|
141
|
+
ddog_prof_Profile *slot_two_profile;
|
142
142
|
|
143
143
|
short active_slot; // MUST NEVER BE ACCESSED FROM record_sample; this is NOT for the sampler thread to use.
|
144
144
|
};
|
@@ -146,7 +146,7 @@ struct stack_recorder_state {
|
|
146
146
|
// Used to return a pair of values from sampler_lock_active_profile()
|
147
147
|
struct active_slot_pair {
|
148
148
|
pthread_mutex_t *mutex;
|
149
|
-
|
149
|
+
ddog_prof_Profile *profile;
|
150
150
|
};
|
151
151
|
|
152
152
|
struct call_serialize_without_gvl_arguments {
|
@@ -155,8 +155,8 @@ struct call_serialize_without_gvl_arguments {
|
|
155
155
|
ddog_Timespec finish_timestamp;
|
156
156
|
|
157
157
|
// Set by callee
|
158
|
-
|
159
|
-
|
158
|
+
ddog_prof_Profile *profile;
|
159
|
+
ddog_prof_Profile_SerializeResult result;
|
160
160
|
|
161
161
|
// Set by both
|
162
162
|
bool serialize_ran;
|
@@ -170,12 +170,12 @@ static VALUE ruby_time_from(ddog_Timespec ddprof_time);
|
|
170
170
|
static void *call_serialize_without_gvl(void *call_args);
|
171
171
|
static struct active_slot_pair sampler_lock_active_profile();
|
172
172
|
static void sampler_unlock_active_profile(struct active_slot_pair active_slot);
|
173
|
-
static
|
173
|
+
static ddog_prof_Profile *serializer_flip_active_and_inactive_slots(struct stack_recorder_state *state);
|
174
174
|
static VALUE _native_active_slot(DDTRACE_UNUSED VALUE _self, VALUE recorder_instance);
|
175
175
|
static VALUE _native_is_slot_one_mutex_locked(DDTRACE_UNUSED VALUE _self, VALUE recorder_instance);
|
176
176
|
static VALUE _native_is_slot_two_mutex_locked(DDTRACE_UNUSED VALUE _self, VALUE recorder_instance);
|
177
177
|
static VALUE test_slot_mutex_state(VALUE recorder_instance, int slot);
|
178
|
-
static ddog_Timespec time_now();
|
178
|
+
static ddog_Timespec time_now(void);
|
179
179
|
static VALUE _native_reset_after_fork(DDTRACE_UNUSED VALUE self, VALUE recorder_instance);
|
180
180
|
static void serializer_set_start_timestamp_for_next_profile(struct stack_recorder_state *state, ddog_Timespec timestamp);
|
181
181
|
static VALUE _native_record_endpoint(DDTRACE_UNUSED VALUE _self, VALUE recorder_instance, VALUE local_root_span_id, VALUE endpoint);
|
@@ -207,7 +207,7 @@ void stack_recorder_init(VALUE profiling_module) {
|
|
207
207
|
ruby_time_from_id = rb_intern_const("ruby_time_from");
|
208
208
|
}
|
209
209
|
|
210
|
-
// This structure is used to define a Ruby object that stores a pointer to a
|
210
|
+
// This structure is used to define a Ruby object that stores a pointer to a ddog_prof_Profile instance
|
211
211
|
// See also https://github.com/ruby/ruby/blob/master/doc/extension.rdoc for how this works
|
212
212
|
static const rb_data_type_t stack_recorder_typed_data = {
|
213
213
|
.wrap_struct_name = "Datadog::Profiling::StackRecorder",
|
@@ -222,14 +222,14 @@ static const rb_data_type_t stack_recorder_typed_data = {
|
|
222
222
|
static VALUE _native_new(VALUE klass) {
|
223
223
|
struct stack_recorder_state *state = ruby_xcalloc(1, sizeof(struct stack_recorder_state));
|
224
224
|
|
225
|
-
|
225
|
+
ddog_prof_Slice_ValueType sample_types = {.ptr = enabled_value_types, .len = ENABLED_VALUE_TYPES_COUNT};
|
226
226
|
|
227
227
|
initialize_slot_concurrency_control(state);
|
228
228
|
|
229
229
|
// Note: Don't raise exceptions after this point, since it'll lead to libdatadog memory leaking!
|
230
230
|
|
231
|
-
state->slot_one_profile =
|
232
|
-
state->slot_two_profile =
|
231
|
+
state->slot_one_profile = ddog_prof_Profile_new(sample_types, NULL /* period is optional */, NULL /* start_time is optional */);
|
232
|
+
state->slot_two_profile = ddog_prof_Profile_new(sample_types, NULL /* period is optional */, NULL /* start_time is optional */);
|
233
233
|
|
234
234
|
return TypedData_Wrap_Struct(klass, &stack_recorder_typed_data, state);
|
235
235
|
}
|
@@ -239,8 +239,7 @@ static void initialize_slot_concurrency_control(struct stack_recorder_state *sta
|
|
239
239
|
state->slot_two_mutex = (pthread_mutex_t) PTHREAD_MUTEX_INITIALIZER;
|
240
240
|
|
241
241
|
// A newly-created StackRecorder starts with slot one being active for samples, so let's lock slot two
|
242
|
-
|
243
|
-
if (error) rb_syserr_fail(error, "Unexpected failure during pthread_mutex_lock");
|
242
|
+
ENFORCE_SUCCESS_GVL(pthread_mutex_lock(&state->slot_two_mutex));
|
244
243
|
|
245
244
|
state->active_slot = 1;
|
246
245
|
}
|
@@ -249,10 +248,10 @@ static void stack_recorder_typed_data_free(void *state_ptr) {
|
|
249
248
|
struct stack_recorder_state *state = (struct stack_recorder_state *) state_ptr;
|
250
249
|
|
251
250
|
pthread_mutex_destroy(&state->slot_one_mutex);
|
252
|
-
|
251
|
+
ddog_prof_Profile_drop(state->slot_one_profile);
|
253
252
|
|
254
253
|
pthread_mutex_destroy(&state->slot_two_mutex);
|
255
|
-
|
254
|
+
ddog_prof_Profile_drop(state->slot_two_profile);
|
256
255
|
|
257
256
|
ruby_xfree(state);
|
258
257
|
}
|
@@ -283,26 +282,26 @@ static VALUE _native_serialize(DDTRACE_UNUSED VALUE _self, VALUE recorder_instan
|
|
283
282
|
rb_thread_call_without_gvl2(call_serialize_without_gvl, &args, NULL /* No interruption function needed in this case */, NULL /* Not needed */);
|
284
283
|
}
|
285
284
|
|
286
|
-
|
285
|
+
ddog_prof_Profile_SerializeResult serialized_profile = args.result;
|
287
286
|
|
288
|
-
if (serialized_profile.tag ==
|
289
|
-
VALUE err_details =
|
290
|
-
|
287
|
+
if (serialized_profile.tag == DDOG_PROF_PROFILE_SERIALIZE_RESULT_ERR) {
|
288
|
+
VALUE err_details = ruby_string_from_prof_vec_u8(serialized_profile.err);
|
289
|
+
ddog_prof_Profile_SerializeResult_drop(serialized_profile);
|
291
290
|
return rb_ary_new_from_args(2, error_symbol, err_details);
|
292
291
|
}
|
293
292
|
|
294
|
-
VALUE encoded_pprof =
|
293
|
+
VALUE encoded_pprof = ruby_string_from_prof_vec_u8(serialized_profile.ok.buffer);
|
295
294
|
|
296
295
|
ddog_Timespec ddprof_start = serialized_profile.ok.start;
|
297
296
|
ddog_Timespec ddprof_finish = serialized_profile.ok.end;
|
298
297
|
|
299
298
|
// Clean up libdatadog object to avoid leaking in case ruby_time_from raises an exception
|
300
|
-
|
299
|
+
ddog_prof_Profile_SerializeResult_drop(serialized_profile);
|
301
300
|
|
302
301
|
VALUE start = ruby_time_from(ddprof_start);
|
303
302
|
VALUE finish = ruby_time_from(ddprof_finish);
|
304
303
|
|
305
|
-
if (!
|
304
|
+
if (!ddog_prof_Profile_reset(args.profile, NULL /* start_time is optional */ )) {
|
306
305
|
return rb_ary_new_from_args(2, error_symbol, rb_str_new_cstr("Failed to reset profile"));
|
307
306
|
}
|
308
307
|
|
@@ -319,13 +318,13 @@ static VALUE ruby_time_from(ddog_Timespec ddprof_time) {
|
|
319
318
|
#endif
|
320
319
|
}
|
321
320
|
|
322
|
-
void record_sample(VALUE recorder_instance,
|
321
|
+
void record_sample(VALUE recorder_instance, ddog_prof_Sample sample) {
|
323
322
|
struct stack_recorder_state *state;
|
324
323
|
TypedData_Get_Struct(recorder_instance, struct stack_recorder_state, &stack_recorder_typed_data, state);
|
325
324
|
|
326
325
|
struct active_slot_pair active_slot = sampler_lock_active_profile(state);
|
327
326
|
|
328
|
-
|
327
|
+
ddog_prof_Profile_add(active_slot.profile, sample);
|
329
328
|
|
330
329
|
sampler_unlock_active_profile(active_slot);
|
331
330
|
}
|
@@ -336,7 +335,7 @@ void record_endpoint(VALUE recorder_instance, ddog_CharSlice local_root_span_id,
|
|
336
335
|
|
337
336
|
struct active_slot_pair active_slot = sampler_lock_active_profile(state);
|
338
337
|
|
339
|
-
|
338
|
+
ddog_prof_Profile_set_endpoint(active_slot.profile, local_root_span_id, endpoint);
|
340
339
|
|
341
340
|
sampler_unlock_active_profile(active_slot);
|
342
341
|
}
|
@@ -345,7 +344,7 @@ static void *call_serialize_without_gvl(void *call_args) {
|
|
345
344
|
struct call_serialize_without_gvl_arguments *args = (struct call_serialize_without_gvl_arguments *) call_args;
|
346
345
|
|
347
346
|
args->profile = serializer_flip_active_and_inactive_slots(args->state);
|
348
|
-
args->result =
|
347
|
+
args->result = ddog_prof_Profile_serialize(args->profile, &args->finish_timestamp, NULL /* duration_nanos is optional */);
|
349
348
|
args->serialize_ran = true;
|
350
349
|
|
351
350
|
return NULL; // Unused
|
@@ -361,7 +360,7 @@ static struct active_slot_pair sampler_lock_active_profile(struct stack_recorder
|
|
361
360
|
|
362
361
|
for (int attempts = 0; attempts < 2; attempts++) {
|
363
362
|
error = pthread_mutex_trylock(&state->slot_one_mutex);
|
364
|
-
if (error && error != EBUSY)
|
363
|
+
if (error && error != EBUSY) ENFORCE_SUCCESS_GVL(error);
|
365
364
|
|
366
365
|
// Slot one is active
|
367
366
|
if (!error) return (struct active_slot_pair) {.mutex = &state->slot_one_mutex, .profile = state->slot_one_profile};
|
@@ -369,7 +368,7 @@ static struct active_slot_pair sampler_lock_active_profile(struct stack_recorder
|
|
369
368
|
// If we got here, slot one was not active, let's try slot two
|
370
369
|
|
371
370
|
error = pthread_mutex_trylock(&state->slot_two_mutex);
|
372
|
-
if (error && error != EBUSY)
|
371
|
+
if (error && error != EBUSY) ENFORCE_SUCCESS_GVL(error);
|
373
372
|
|
374
373
|
// Slot two is active
|
375
374
|
if (!error) return (struct active_slot_pair) {.mutex = &state->slot_two_mutex, .profile = state->slot_two_profile};
|
@@ -380,28 +379,24 @@ static struct active_slot_pair sampler_lock_active_profile(struct stack_recorder
|
|
380
379
|
}
|
381
380
|
|
382
381
|
static void sampler_unlock_active_profile(struct active_slot_pair active_slot) {
|
383
|
-
|
384
|
-
if (error != 0) rb_syserr_fail(error, "Unexpected failure in sampler_unlock_active_profile");
|
382
|
+
ENFORCE_SUCCESS_GVL(pthread_mutex_unlock(active_slot.mutex));
|
385
383
|
}
|
386
384
|
|
387
|
-
static
|
388
|
-
int error;
|
385
|
+
static ddog_prof_Profile *serializer_flip_active_and_inactive_slots(struct stack_recorder_state *state) {
|
389
386
|
int previously_active_slot = state->active_slot;
|
390
387
|
|
391
388
|
if (previously_active_slot != 1 && previously_active_slot != 2) {
|
392
|
-
|
389
|
+
grab_gvl_and_raise(rb_eRuntimeError, "Unexpected active_slot state %d in serializer_flip_active_and_inactive_slots", previously_active_slot);
|
393
390
|
}
|
394
391
|
|
395
392
|
pthread_mutex_t *previously_active = (previously_active_slot == 1) ? &state->slot_one_mutex : &state->slot_two_mutex;
|
396
393
|
pthread_mutex_t *previously_inactive = (previously_active_slot == 1) ? &state->slot_two_mutex : &state->slot_one_mutex;
|
397
394
|
|
398
395
|
// Release the lock, thus making this slot active
|
399
|
-
|
400
|
-
if (error) rb_syserr_fail(error, "Unexpected failure during serializer_flip_active_and_inactive_slots for previously_inactive");
|
396
|
+
ENFORCE_SUCCESS_NO_GVL(pthread_mutex_unlock(previously_inactive));
|
401
397
|
|
402
398
|
// Grab the lock, thus making this slot inactive
|
403
|
-
|
404
|
-
if (error) rb_syserr_fail(error, "Unexpected failure during serializer_flip_active_and_inactive_slots for previously_active");
|
399
|
+
ENFORCE_SUCCESS_NO_GVL(pthread_mutex_lock(previously_active));
|
405
400
|
|
406
401
|
// Update active_slot
|
407
402
|
state->active_slot = (previously_active_slot == 1) ? 2 : 1;
|
@@ -438,21 +433,23 @@ static VALUE test_slot_mutex_state(VALUE recorder_instance, int slot) {
|
|
438
433
|
|
439
434
|
if (error == 0) {
|
440
435
|
// Mutex was unlocked
|
441
|
-
pthread_mutex_unlock(slot_mutex);
|
436
|
+
ENFORCE_SUCCESS_GVL(pthread_mutex_unlock(slot_mutex));
|
442
437
|
return Qfalse;
|
443
438
|
} else if (error == EBUSY) {
|
444
439
|
// Mutex was locked
|
445
440
|
return Qtrue;
|
446
441
|
} else {
|
447
|
-
|
442
|
+
ENFORCE_SUCCESS_GVL(error);
|
443
|
+
rb_raise(rb_eRuntimeError, "Failed to raise exception in test_slot_mutex_state; this should never happen");
|
448
444
|
}
|
449
445
|
}
|
450
446
|
|
451
|
-
// Note that this is using CLOCK_REALTIME (e.g. actual time since unix epoch) and not the CLOCK_MONOTONIC as we use in
|
452
|
-
|
447
|
+
// Note that this is using CLOCK_REALTIME (e.g. actual time since unix epoch) and not the CLOCK_MONOTONIC as we use in
|
448
|
+
// monotonic_wall_time_now_ns (used in other parts of the codebase)
|
449
|
+
static ddog_Timespec time_now(void) {
|
453
450
|
struct timespec current_time;
|
454
451
|
|
455
|
-
if (clock_gettime(CLOCK_REALTIME, ¤t_time) != 0)
|
452
|
+
if (clock_gettime(CLOCK_REALTIME, ¤t_time) != 0) ENFORCE_SUCCESS_GVL(errno);
|
456
453
|
|
457
454
|
return (ddog_Timespec) {.seconds = current_time.tv_sec, .nanoseconds = (uint32_t) current_time.tv_nsec};
|
458
455
|
}
|
@@ -469,19 +466,19 @@ static VALUE _native_reset_after_fork(DDTRACE_UNUSED VALUE self, VALUE recorder_
|
|
469
466
|
// resulting state is inconsistent, we make sure to reset it back to the initial state.
|
470
467
|
initialize_slot_concurrency_control(state);
|
471
468
|
|
472
|
-
|
473
|
-
|
469
|
+
ddog_prof_Profile_reset(state->slot_one_profile, /* start_time: */ NULL);
|
470
|
+
ddog_prof_Profile_reset(state->slot_two_profile, /* start_time: */ NULL);
|
474
471
|
|
475
472
|
return Qtrue;
|
476
473
|
}
|
477
474
|
|
478
|
-
// Assumption 1: This method is called with the GVL being held, because `
|
475
|
+
// Assumption 1: This method is called with the GVL being held, because `ddog_prof_Profile_reset` mutates the profile and should
|
479
476
|
// not be interrupted part-way through by a VM fork.
|
480
477
|
static void serializer_set_start_timestamp_for_next_profile(struct stack_recorder_state *state, ddog_Timespec timestamp) {
|
481
478
|
// Before making this profile active, we reset it so that it uses the correct timestamp for its start
|
482
|
-
|
479
|
+
ddog_prof_Profile *next_profile = (state->active_slot == 1) ? state->slot_two_profile : state->slot_one_profile;
|
483
480
|
|
484
|
-
if (!
|
481
|
+
if (!ddog_prof_Profile_reset(next_profile, ×tamp)) rb_raise(rb_eRuntimeError, "Failed to reset profile");
|
485
482
|
}
|
486
483
|
|
487
484
|
static VALUE _native_record_endpoint(DDTRACE_UNUSED VALUE _self, VALUE recorder_instance, VALUE local_root_span_id, VALUE endpoint) {
|
@@ -10,7 +10,7 @@
|
|
10
10
|
// ```
|
11
11
|
// compiling ../../../../ext/ddtrace_profiling_native_extension/stack_recorder.c
|
12
12
|
// ../../../../ext/ddtrace_profiling_native_extension/stack_recorder.c:23:1: error: initializer element is not constant
|
13
|
-
// static const
|
13
|
+
// static const ddog_prof_ValueType enabled_value_types[] = {CPU_TIME_VALUE, CPU_SAMPLES_VALUE, WALL_TIME_VALUE};
|
14
14
|
// ^
|
15
15
|
// ```
|
16
16
|
#define VALUE_STRING(string) {.ptr = "" string, .len = sizeof(string) - 1}
|
@@ -23,7 +23,7 @@
|
|
23
23
|
#define HEAP_LIVE_SIZE_VALUE {.type_ = VALUE_STRING("heap-live-size"), .unit = VALUE_STRING("bytes")}
|
24
24
|
#define HEAP_LIVE_SAMPLES_VALUE {.type_ = VALUE_STRING("heap-live-samples"), .unit = VALUE_STRING("count")}
|
25
25
|
|
26
|
-
static const
|
26
|
+
static const ddog_prof_ValueType enabled_value_types[] = {
|
27
27
|
#define CPU_TIME_VALUE_POS 0
|
28
28
|
CPU_TIME_VALUE,
|
29
29
|
#define CPU_SAMPLES_VALUE_POS 1
|
@@ -32,8 +32,8 @@ static const ddog_ValueType enabled_value_types[] = {
|
|
32
32
|
WALL_TIME_VALUE
|
33
33
|
};
|
34
34
|
|
35
|
-
#define ENABLED_VALUE_TYPES_COUNT (sizeof(enabled_value_types) / sizeof(
|
35
|
+
#define ENABLED_VALUE_TYPES_COUNT (sizeof(enabled_value_types) / sizeof(ddog_prof_ValueType))
|
36
36
|
|
37
|
-
void record_sample(VALUE recorder_instance,
|
37
|
+
void record_sample(VALUE recorder_instance, ddog_prof_Sample sample);
|
38
38
|
void record_endpoint(VALUE recorder_instance, ddog_CharSlice local_root_span_id, ddog_CharSlice endpoint);
|
39
39
|
VALUE enforce_recorder_instance(VALUE object);
|
@@ -0,0 +1,17 @@
|
|
1
|
+
#include <errno.h>
|
2
|
+
#include <time.h>
|
3
|
+
|
4
|
+
#include "ruby_helpers.h"
|
5
|
+
#include "time_helpers.h"
|
6
|
+
|
7
|
+
// Safety: This function is assumed never to raise exceptions by callers when raise_on_failure == false
|
8
|
+
long monotonic_wall_time_now_ns(bool raise_on_failure) {
|
9
|
+
struct timespec current_monotonic;
|
10
|
+
|
11
|
+
if (clock_gettime(CLOCK_MONOTONIC, ¤t_monotonic) != 0) {
|
12
|
+
if (raise_on_failure) ENFORCE_SUCCESS_GVL(errno);
|
13
|
+
return 0;
|
14
|
+
}
|
15
|
+
|
16
|
+
return current_monotonic.tv_nsec + SECONDS_AS_NS(current_monotonic.tv_sec);
|
17
|
+
}
|
@@ -0,0 +1,10 @@
|
|
1
|
+
#pragma once
|
2
|
+
|
3
|
+
#define SECONDS_AS_NS(value) (value * 1000 * 1000 * 1000L)
|
4
|
+
#define MILLIS_AS_NS(value) (value * 1000 * 1000L)
|
5
|
+
|
6
|
+
#define RAISE_ON_FAILURE true
|
7
|
+
#define DO_NOT_RAISE_ON_FAILURE false
|
8
|
+
|
9
|
+
// Safety: This function is assumed never to raise exceptions by callers when raise_on_failure == false
|
10
|
+
long monotonic_wall_time_now_ns(bool raise_on_failure);
|
@@ -1,7 +1,7 @@
|
|
1
1
|
{
|
2
2
|
"version": "2.2",
|
3
3
|
"metadata": {
|
4
|
-
"rules_version": "1.4.
|
4
|
+
"rules_version": "1.4.3"
|
5
5
|
},
|
6
6
|
"rules": [
|
7
7
|
{
|
@@ -1802,7 +1802,7 @@
|
|
1802
1802
|
"address": "server.request.path_params"
|
1803
1803
|
}
|
1804
1804
|
],
|
1805
|
-
"regex": "^(?i:file|ftps?|
|
1805
|
+
"regex": "^(?i:file|ftps?|http)://.*?\\?+$",
|
1806
1806
|
"options": {
|
1807
1807
|
"case_sensitive": true,
|
1808
1808
|
"min_length": 4
|
@@ -2694,8 +2694,9 @@
|
|
2694
2694
|
"address": "grpc.server.request.message"
|
2695
2695
|
}
|
2696
2696
|
],
|
2697
|
-
"regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|lert|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\")*\\(.*\\)",
|
2697
|
+
"regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|lert|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
|
2698
2698
|
"options": {
|
2699
|
+
"case_sensitive": true,
|
2699
2700
|
"min_length": 5
|
2700
2701
|
}
|
2701
2702
|
},
|
@@ -3524,7 +3525,7 @@
|
|
3524
3525
|
"address": "grpc.server.request.message"
|
3525
3526
|
}
|
3526
3527
|
],
|
3527
|
-
"regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function)\\s*\\(",
|
3528
|
+
"regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)\\s*\\([^\\)]",
|
3528
3529
|
"options": {
|
3529
3530
|
"case_sensitive": true,
|
3530
3531
|
"min_length": 5
|
@@ -3770,7 +3771,7 @@
|
|
3770
3771
|
"address": "grpc.server.request.message"
|
3771
3772
|
}
|
3772
3773
|
],
|
3773
|
-
"regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?))",
|
3774
|
+
"regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)",
|
3774
3775
|
"options": {
|
3775
3776
|
"case_sensitive": true,
|
3776
3777
|
"min_length": 3
|
@@ -3808,7 +3809,7 @@
|
|
3808
3809
|
"address": "grpc.server.request.message"
|
3809
3810
|
}
|
3810
3811
|
],
|
3811
|
-
"regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)
|
3812
|
+
"regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|union\\s*(?:(?:distin|sele)ct|all))\\b|\\b(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\s+(?:group_concat|load_file|char)\\b\\s*\\(?|[\\s(]load_file\\s*?\\(|[\\\"'`]\\s+regexp\\W)",
|
3812
3813
|
"options": {
|
3813
3814
|
"min_length": 5
|
3814
3815
|
}
|
@@ -4177,7 +4178,7 @@
|
|
4177
4178
|
"address": "grpc.server.request.message"
|
4178
4179
|
}
|
4179
4180
|
],
|
4180
|
-
"regex": "[#%$]{[^}]+[^\\w\\s][^}]+}",
|
4181
|
+
"regex": "[#%$]{(?:[^}]+[^\\w\\s}\\-_][^}]+|\\d+-\\d+)}",
|
4181
4182
|
"options": {
|
4182
4183
|
"case_sensitive": true
|
4183
4184
|
}
|
@@ -4352,6 +4353,38 @@
|
|
4352
4353
|
],
|
4353
4354
|
"transformers": []
|
4354
4355
|
},
|
4356
|
+
{
|
4357
|
+
"id": "dog-931-001",
|
4358
|
+
"name": "RFI: URL Payload to well known RFI target",
|
4359
|
+
"tags": {
|
4360
|
+
"type": "rfi",
|
4361
|
+
"category": "attack_attempt"
|
4362
|
+
},
|
4363
|
+
"conditions": [
|
4364
|
+
{
|
4365
|
+
"parameters": {
|
4366
|
+
"inputs": [
|
4367
|
+
{
|
4368
|
+
"address": "server.request.query"
|
4369
|
+
},
|
4370
|
+
{
|
4371
|
+
"address": "server.request.body"
|
4372
|
+
},
|
4373
|
+
{
|
4374
|
+
"address": "server.request.path_params"
|
4375
|
+
}
|
4376
|
+
],
|
4377
|
+
"regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
|
4378
|
+
"options": {
|
4379
|
+
"case_sensitive": true,
|
4380
|
+
"min_length": 17
|
4381
|
+
}
|
4382
|
+
},
|
4383
|
+
"operator": "match_regex"
|
4384
|
+
}
|
4385
|
+
],
|
4386
|
+
"transformers": []
|
4387
|
+
},
|
4355
4388
|
{
|
4356
4389
|
"id": "nfd-000-001",
|
4357
4390
|
"name": "Detect common directory discovery scans",
|
@@ -5160,7 +5193,7 @@
|
|
5160
5193
|
"address": "grpc.server.request.message"
|
5161
5194
|
}
|
5162
5195
|
],
|
5163
|
-
"regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10}
|
5196
|
+
"regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/.*|)$"
|
5164
5197
|
},
|
5165
5198
|
"operator": "match_regex"
|
5166
5199
|
}
|
@@ -6417,6 +6450,40 @@
|
|
6417
6450
|
],
|
6418
6451
|
"transformers": []
|
6419
6452
|
},
|
6453
|
+
{
|
6454
|
+
"id": "ua0-600-56x",
|
6455
|
+
"name": "Datadog test scanner - blocking version: user-agent",
|
6456
|
+
"tags": {
|
6457
|
+
"type": "security_scanner",
|
6458
|
+
"category": "attack_attempt"
|
6459
|
+
},
|
6460
|
+
"conditions": [
|
6461
|
+
{
|
6462
|
+
"parameters": {
|
6463
|
+
"inputs": [
|
6464
|
+
{
|
6465
|
+
"address": "server.request.headers.no_cookies",
|
6466
|
+
"key_path": [
|
6467
|
+
"user-agent"
|
6468
|
+
]
|
6469
|
+
},
|
6470
|
+
{
|
6471
|
+
"address": "grpc.server.request.metadata",
|
6472
|
+
"key_path": [
|
6473
|
+
"dd-canary"
|
6474
|
+
]
|
6475
|
+
}
|
6476
|
+
],
|
6477
|
+
"regex": "^dd-test-scanner-log-block$"
|
6478
|
+
},
|
6479
|
+
"operator": "match_regex"
|
6480
|
+
}
|
6481
|
+
],
|
6482
|
+
"transformers": [],
|
6483
|
+
"on_match": [
|
6484
|
+
"block"
|
6485
|
+
]
|
6486
|
+
},
|
6420
6487
|
{
|
6421
6488
|
"id": "ua0-600-5xx",
|
6422
6489
|
"name": "Blind SQL Injection Brute Forcer",
|