RubyGems - ddtrace - Versions diffs - 1.7.0 → 1.9.0 - Mend

ddtrace 1.7.0 → 1.9.0

Files changed (182) hide show

data/lib/datadog/appsec/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 module Datadog
   module AppSec
@@ -8,7 +8,8 @@ module Datadog
       class Settings
         class << self
           def boolean
-            lambda do |v|
+            # @type ^(::String) -> bool
+            ->(v) do # rubocop:disable Style/Lambda
               case v
               when /(1|true)/i
                 true
@@ -22,14 +23,16 @@ module Datadog
           # TODO: allow symbols
           def string
+            # @type ^(::String) -> ::String
             ->(v) { v.to_s }
           end
           def integer
-            lambda do |v|
+            # @type ^(::String) -> ::Integer
+            ->(v) do # rubocop:disable Style/Lambda
               case v
               when /(\d+)/
-                Integer(Regexp.last_match[1])
+                Regexp.last_match(1).to_i
               else
                 raise ArgumentError, "invalid integer: #{v.inspect}"
               end
@@ -38,7 +41,8 @@ module Datadog
           # rubocop:disable Metrics/MethodLength
           def duration(base = :ns, type = :integer)
-            lambda do |v|
+            # @type ^(::String) -> ::Integer | ::Float
+            ->(v) do # rubocop:disable Style/Lambda
               cast = case type
                      when :integer, Integer
                        method(:Integer)
@@ -63,19 +67,19 @@ module Datadog
               case v
               when /^(\d+)h$/
-                cast.call(Regexp.last_match[1]) * 1_000_000_000 * 60 * 60 / scale
+                cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 * 60 / scale
               when /^(\d+)m$/
-                cast.call(Regexp.last_match[1]) * 1_000_000_000 * 60 / scale
+                cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 / scale
               when /^(\d+)s$/
-                cast.call(Regexp.last_match[1]) * 1_000_000_000 / scale
+                cast.call(Regexp.last_match(1)) * 1_000_000_000 / scale
               when /^(\d+)ms$/
-                cast.call(Regexp.last_match[1]) * 1_000_000 / scale
+                cast.call(Regexp.last_match(1)) * 1_000_000 / scale
               when /^(\d+)us$/
-                cast.call(Regexp.last_match[1]) * 1_000 / scale
+                cast.call(Regexp.last_match(1)) * 1_000 / scale
               when /^(\d+)ns$/
-                cast.call(Regexp.last_match[1]) / scale
+                cast.call(Regexp.last_match(1)) / scale
               when /^(\d+)$/
-                cast.call(Regexp.last_match[1])
+                cast.call(Regexp.last_match(1))
               else
                 raise ArgumentError, "invalid duration: #{v.inspect}"
               end
@@ -109,7 +113,8 @@ module Datadog
           'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP' => [:obfuscator_value_regex, Settings.string],
         }.freeze
-        Integration = Struct.new(:integration, :options)
+        # Struct constant whisker cast for Steep
+        Integration = _ = Struct.new(:integration, :options) # rubocop:disable Naming/ConstantName
         def initialize
           @integrations = []
@@ -121,37 +126,45 @@ module Datadog
         end
         def enabled
-          @options[:enabled]
+          # Cast for Steep
+          _ = @options[:enabled]
         end
         def ruleset
-          @options[:ruleset]
+          # Cast for Steep
+          _ = @options[:ruleset]
         end
         # EXPERIMENTAL: This configurable is not meant to be publicly used, but
         #               is very useful for testing. It may change at any point in time.
         def ip_denylist
-          @options[:ip_denylist]
+          # Cast for Steep
+          _ = @options[:ip_denylist]
         end
         def waf_timeout
-          @options[:waf_timeout]
+          # Cast for Steep
+          _ = @options[:waf_timeout]
         end
         def waf_debug
-          @options[:waf_debug]
+          # Cast for Steep
+          _ = @options[:waf_debug]
         end
         def trace_rate_limit
-          @options[:trace_rate_limit]
+          # Cast for Steep
+          _ = @options[:trace_rate_limit]
         end
         def obfuscator_key_regex
-          @options[:obfuscator_key_regex]
+          # Cast for Steep
+          _ = @options[:obfuscator_key_regex]
         end
         def obfuscator_value_regex
-          @options[:obfuscator_value_regex]
+          # Cast for Steep
+          _ = @options[:obfuscator_value_regex]
         end
         def [](integration_name)
@@ -159,7 +172,7 @@ module Datadog
           raise ArgumentError, "'#{integration_name}' is not a valid integration." unless integration
-          integration.options if integration
+          integration.options
         end
         def merge(dsl)

data/lib/datadog/appsec/configuration.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative 'configuration/settings'
@@ -14,7 +14,9 @@ module Datadog
       # Configuration DSL implementation
       class DSL
-        Instrument = Struct.new(:name, :options)
+        # Struct constant whisker cast for Steep
+        Instrument = _ = Struct.new(:name, :options) # rubocop:disable Naming/ConstantName
         def initialize
           @instruments = []
           @options = {}

data/lib/datadog/appsec/contrib/auto_instrument.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../../core/configuration/base'

data/lib/datadog/appsec/contrib/integration.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/patcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: strict
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rack/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../configuration/settings'
 require_relative '../ext'

data/lib/datadog/appsec/contrib/rack/ext.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../../instrumentation/gateway'
 require_relative '../../../reactive/operation'

data/lib/datadog/appsec/contrib/rack/reactive/request.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../request'

data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../request'

data/lib/datadog/appsec/contrib/rack/reactive/response.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../response'

data/lib/datadog/appsec/contrib/rack/request.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../../../tracing/client_ip'
 require_relative '../../../tracing/contrib/rack/header_collection'

data/lib/datadog/appsec/contrib/rack/response.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rails/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../configuration/settings'
 require_relative '../ext'

data/lib/datadog/appsec/contrib/rails/ext.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rails/framework.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../../instrumentation/gateway'
 require_relative '../../../reactive/operation'

data/lib/datadog/appsec/contrib/rails/reactive/action.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../request'

data/lib/datadog/appsec/contrib/rails/request.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rails/request_middleware.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/sinatra/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../configuration/settings'
 require_relative '../ext'

data/lib/datadog/appsec/contrib/sinatra/ext.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/sinatra/framework.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../../instrumentation/gateway'
 require_relative '../../../reactive/operation'

data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/sinatra/request_middleware.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/event.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require 'json'

data/lib/datadog/appsec/extensions.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative 'configuration'
@@ -29,21 +29,16 @@ module Datadog
         end
         # Writer methods
-        def trace_rate_limit=(arg)
-          dsl = AppSec::Configuration::DSL.new
-          dsl.trace_rate_limit = arg
-          @settings.merge(dsl)
-        end
-        def options(arg)
+        def instrument(name, options = {})
           dsl = AppSec::Configuration::DSL.new
-          dsl.options arg
+          dsl.instrument(name, options)
           @settings.merge(dsl)
         end
-        def instruments(arg)
+        def enabled=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.instruments arg
+          dsl.enabled = arg
           @settings.merge(dsl)
         end
@@ -59,51 +54,58 @@ module Datadog
           @settings.merge(dsl)
         end
-        def instrument(*args)
+        def waf_timeout=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.instrument(*args)
+          dsl.waf_timeout = arg
           @settings.merge(dsl)
         end
-        def waf_timeout=(arg)
+        def waf_debug=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.waf_timeout = arg
+          dsl.waf_debug = arg
           @settings.merge(dsl)
         end
-        def enabled=(arg)
+        def trace_rate_limit=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.enabled = arg
+          dsl.trace_rate_limit = arg
           @settings.merge(dsl)
         end
-        def waf_debug=(arg)
+        def obfuscator_key_regex=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.waf_debug = arg
+          dsl.obfuscator_key_regex = arg
+          @settings.merge(dsl)
+        end
+        def obfuscator_value_regex=(arg)
+          dsl = AppSec::Configuration::DSL.new
+          dsl.obfuscator_value_regex = arg
           @settings.merge(dsl)
         end
         # Reader methods
-        def [](arg)
-          @settings[arg]
+        def [](key)
+          @settings[key]
+        end
+        def enabled
+          @settings.enabled
         end
         def ruleset
           @settings.ruleset
         end
-        def ruledata
-          @settings.ruledata
+        def ip_denylist
+          @settings.ip_denylist
         end
         def waf_timeout
           @settings.waf_timeout
         end
-        def enabled
-          @settings.enabled
-        end
         def waf_debug
           @settings.waf_debug
         end
@@ -112,6 +114,14 @@ module Datadog
           @settings.trace_rate_limit
         end
+        def obfuscator_key_regex
+          @settings.obfuscator_key_regex
+        end
+        def obfuscator_value_regex
+          @settings.obfuscator_key_regex
+        end
         def merge(arg)
           @settings.merge(arg)
         end

data/lib/datadog/appsec/instrumentation/gateway.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec
@@ -15,8 +15,8 @@ module Datadog
             @block = block
           end
-          def call(*args, **kwargs, &block)
-            @block.call(*args, **kwargs, &block)
+          def call(stack, env)
+            @block.call(stack, env)
           end
         end

data/lib/datadog/appsec/processor.rb CHANGED Viewed

@@ -6,16 +6,6 @@ module Datadog
   module AppSec
     # Processor integrates libddwaf into datadog/appsec
     class Processor
-      # Interface object to check using case .. when
-      module IOLike
-        def read; end
-        def rewind; end
-        def self.===(other)
-          instance_methods.all? { |meth| other.respond_to?(meth) }
-        end
-      end
       # Context manages a sequence of runs
       class Context
         attr_reader :time_ns, :time_ext_ns, :timeouts, :events
@@ -28,10 +18,12 @@ module Datadog
           @events = []
         end
-        def run(*args)
+        def run(input, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
           start_ns = Core::Utils::Time.get_time(:nanosecond)
-          _code, res = @context.run(*args)
+          # TODO: remove multiple assignment
+          _code, res = _ = @context.run(input, timeout)
+          # @type var res: WAF::Result
           stop_ns = Core::Utils::Time.get_time(:nanosecond)
@@ -50,10 +42,8 @@ module Datadog
       attr_reader :ruleset_info, :addresses
       def initialize
-        @ruleset = nil
-        @handle = nil
         @ruleset_info = nil
-        @addresses = nil
+        @addresses = []
         unless load_libddwaf && load_ruleset && create_waf_handle
           Datadog.logger.warn { 'AppSec is disabled, see logged errors above' }
@@ -117,8 +107,8 @@ module Datadog
                        JSON.parse(Datadog::AppSec::Assets.waf_rules(ruleset_setting))
                      when String
                        JSON.parse(File.read(ruleset_setting))
-                     when IOLike
-                       JSON.parse(ruleset_setting.read).tap { ruleset_setting.rewind }
+                     when File, StringIO
+                       JSON.parse(ruleset_setting.read || '').tap { ruleset_setting.rewind }
                      when Hash
                        ruleset_setting
                      else
@@ -148,12 +138,18 @@ module Datadog
         @addresses = @handle.required_addresses
         true
-      rescue StandardError => e
+      rescue WAF::LibDDWAF::Error => e
         Datadog.logger.error do
           "libddwaf failed to initialize, error: #{e.inspect}"
         end
-        @ruleset_info = e.ruleset_info if e.respond_to?(:ruleset_info)
+        @ruleset_info = e.ruleset_info if e.ruleset_info
+        false
+      rescue StandardError => e
+        Datadog.logger.error do
+          "libddwaf failed to initialize, error: #{e.inspect}"
+        end
         false
       end

data/lib/datadog/appsec/rate_limiter.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/reactive/address_hash.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/reactive/engine.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative 'address_hash'
 require_relative 'subscriber'

data/lib/datadog/appsec/reactive/operation.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative 'engine'
@@ -15,7 +15,7 @@ module Datadog
           Datadog.logger.debug { "operation: #{name} initialize" }
           @name = name
           @parent = parent
-          @reactive = reactive_engine || parent && parent.reactive || Reactive::Engine.new
+          @reactive = reactive_engine || (parent.reactive unless parent.nil?) || Reactive::Engine.new
           # TODO: concurrent store
           # TODO: constant

data/lib/datadog/appsec/reactive/subscriber.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/response.rb CHANGED Viewed

@@ -1,6 +1,7 @@
-# typed: false
+# typed: ignore
 require_relative 'assets'
+require_relative 'utils/http/media_range'
 module Datadog
   module AppSec
@@ -37,16 +38,24 @@ module Datadog
         private
+        FORMAT_MAP = {
+          'text/html' => :html,
+          'application/json' => :json,
+          'text/plain' => :text,
+        }.freeze
+        DEFAULT_FORMAT = :text
         def format(env)
-          format = env['HTTP_ACCEPT'] && env['HTTP_ACCEPT'].split(',').any? do |accept|
-            if accept.start_with?('text/html')
-              break :html
-            elsif accept.start_with?('application/json')
-              break :json
-            end
-          end
+          return DEFAULT_FORMAT unless env.key?('HTTP_ACCEPT')
-          format || :text
+          accepted = env['HTTP_ACCEPT'].split(',').map { |m| Utils::HTTP::MediaRange.new(m) }.sort
+          accepted.each_with_object(DEFAULT_FORMAT) do |_default, range|
+            format = FORMAT_MAP.keys.find { |type, _format| range === type }
+            return FORMAT_MAP[format] if format
+          end
         end
       end
     end