RubyGems - ddtrace - Versions diffs - 1.8.0 → 1.9.0 - Mend

ddtrace 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (101) hide show

data/lib/datadog/appsec/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 module Datadog
   module AppSec
@@ -8,7 +8,8 @@ module Datadog
       class Settings
         class << self
           def boolean
-            lambda do |v|
+            # @type ^(::String) -> bool
+            ->(v) do # rubocop:disable Style/Lambda
               case v
               when /(1|true)/i
                 true
@@ -22,14 +23,16 @@ module Datadog
           # TODO: allow symbols
           def string
+            # @type ^(::String) -> ::String
             ->(v) { v.to_s }
           end
           def integer
-            lambda do |v|
+            # @type ^(::String) -> ::Integer
+            ->(v) do # rubocop:disable Style/Lambda
               case v
               when /(\d+)/
-                Integer(Regexp.last_match[1])
+                Regexp.last_match(1).to_i
               else
                 raise ArgumentError, "invalid integer: #{v.inspect}"
               end
@@ -38,7 +41,8 @@ module Datadog
           # rubocop:disable Metrics/MethodLength
           def duration(base = :ns, type = :integer)
-            lambda do |v|
+            # @type ^(::String) -> ::Integer | ::Float
+            ->(v) do # rubocop:disable Style/Lambda
               cast = case type
                      when :integer, Integer
                        method(:Integer)
@@ -63,19 +67,19 @@ module Datadog
               case v
               when /^(\d+)h$/
-                cast.call(Regexp.last_match[1]) * 1_000_000_000 * 60 * 60 / scale
+                cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 * 60 / scale
               when /^(\d+)m$/
-                cast.call(Regexp.last_match[1]) * 1_000_000_000 * 60 / scale
+                cast.call(Regexp.last_match(1)) * 1_000_000_000 * 60 / scale
               when /^(\d+)s$/
-                cast.call(Regexp.last_match[1]) * 1_000_000_000 / scale
+                cast.call(Regexp.last_match(1)) * 1_000_000_000 / scale
               when /^(\d+)ms$/
-                cast.call(Regexp.last_match[1]) * 1_000_000 / scale
+                cast.call(Regexp.last_match(1)) * 1_000_000 / scale
               when /^(\d+)us$/
-                cast.call(Regexp.last_match[1]) * 1_000 / scale
+                cast.call(Regexp.last_match(1)) * 1_000 / scale
               when /^(\d+)ns$/
-                cast.call(Regexp.last_match[1]) / scale
+                cast.call(Regexp.last_match(1)) / scale
               when /^(\d+)$/
-                cast.call(Regexp.last_match[1])
+                cast.call(Regexp.last_match(1))
               else
                 raise ArgumentError, "invalid duration: #{v.inspect}"
               end
@@ -109,7 +113,8 @@ module Datadog
           'DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP' => [:obfuscator_value_regex, Settings.string],
         }.freeze
-        Integration = Struct.new(:integration, :options)
+        # Struct constant whisker cast for Steep
+        Integration = _ = Struct.new(:integration, :options) # rubocop:disable Naming/ConstantName
         def initialize
           @integrations = []
@@ -121,37 +126,45 @@ module Datadog
         end
         def enabled
-          @options[:enabled]
+          # Cast for Steep
+          _ = @options[:enabled]
         end
         def ruleset
-          @options[:ruleset]
+          # Cast for Steep
+          _ = @options[:ruleset]
         end
         # EXPERIMENTAL: This configurable is not meant to be publicly used, but
         #               is very useful for testing. It may change at any point in time.
         def ip_denylist
-          @options[:ip_denylist]
+          # Cast for Steep
+          _ = @options[:ip_denylist]
         end
         def waf_timeout
-          @options[:waf_timeout]
+          # Cast for Steep
+          _ = @options[:waf_timeout]
         end
         def waf_debug
-          @options[:waf_debug]
+          # Cast for Steep
+          _ = @options[:waf_debug]
         end
         def trace_rate_limit
-          @options[:trace_rate_limit]
+          # Cast for Steep
+          _ = @options[:trace_rate_limit]
         end
         def obfuscator_key_regex
-          @options[:obfuscator_key_regex]
+          # Cast for Steep
+          _ = @options[:obfuscator_key_regex]
         end
         def obfuscator_value_regex
-          @options[:obfuscator_value_regex]
+          # Cast for Steep
+          _ = @options[:obfuscator_value_regex]
         end
         def [](integration_name)
@@ -159,7 +172,7 @@ module Datadog
           raise ArgumentError, "'#{integration_name}' is not a valid integration." unless integration
-          integration.options if integration
+          integration.options
         end
         def merge(dsl)

data/lib/datadog/appsec/configuration.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative 'configuration/settings'
@@ -14,7 +14,9 @@ module Datadog
       # Configuration DSL implementation
       class DSL
-        Instrument = Struct.new(:name, :options)
+        # Struct constant whisker cast for Steep
+        Instrument = _ = Struct.new(:name, :options) # rubocop:disable Naming/ConstantName
         def initialize
           @instruments = []
           @options = {}

data/lib/datadog/appsec/contrib/auto_instrument.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../../core/configuration/base'

data/lib/datadog/appsec/contrib/integration.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/patcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: strict
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rack/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../configuration/settings'
 require_relative '../ext'

data/lib/datadog/appsec/contrib/rack/ext.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../../instrumentation/gateway'
 require_relative '../../../reactive/operation'

data/lib/datadog/appsec/contrib/rack/reactive/request.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../request'

data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../request'

data/lib/datadog/appsec/contrib/rack/reactive/response.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../response'

data/lib/datadog/appsec/contrib/rack/request.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../../../tracing/client_ip'
 require_relative '../../../tracing/contrib/rack/header_collection'

data/lib/datadog/appsec/contrib/rack/response.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rails/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../configuration/settings'
 require_relative '../ext'

data/lib/datadog/appsec/contrib/rails/ext.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rails/framework.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../../instrumentation/gateway'
 require_relative '../../../reactive/operation'

data/lib/datadog/appsec/contrib/rails/reactive/action.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative '../request'

data/lib/datadog/appsec/contrib/rails/request.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/rails/request_middleware.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/sinatra/configuration/settings.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../configuration/settings'
 require_relative '../ext'

data/lib/datadog/appsec/contrib/sinatra/ext.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/sinatra/framework.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative '../../../instrumentation/gateway'
 require_relative '../../../reactive/operation'

data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/contrib/sinatra/request_middleware.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/event.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require 'json'

data/lib/datadog/appsec/extensions.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 require_relative 'configuration'
@@ -29,21 +29,16 @@ module Datadog
         end
         # Writer methods
-        def trace_rate_limit=(arg)
-          dsl = AppSec::Configuration::DSL.new
-          dsl.trace_rate_limit = arg
-          @settings.merge(dsl)
-        end
-        def options(arg)
+        def instrument(name, options = {})
           dsl = AppSec::Configuration::DSL.new
-          dsl.options arg
+          dsl.instrument(name, options)
           @settings.merge(dsl)
         end
-        def instruments(arg)
+        def enabled=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.instruments arg
+          dsl.enabled = arg
           @settings.merge(dsl)
         end
@@ -59,51 +54,58 @@ module Datadog
           @settings.merge(dsl)
         end
-        def instrument(*args)
+        def waf_timeout=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.instrument(*args)
+          dsl.waf_timeout = arg
           @settings.merge(dsl)
         end
-        def waf_timeout=(arg)
+        def waf_debug=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.waf_timeout = arg
+          dsl.waf_debug = arg
           @settings.merge(dsl)
         end
-        def enabled=(arg)
+        def trace_rate_limit=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.enabled = arg
+          dsl.trace_rate_limit = arg
           @settings.merge(dsl)
         end
-        def waf_debug=(arg)
+        def obfuscator_key_regex=(arg)
           dsl = AppSec::Configuration::DSL.new
-          dsl.waf_debug = arg
+          dsl.obfuscator_key_regex = arg
+          @settings.merge(dsl)
+        end
+        def obfuscator_value_regex=(arg)
+          dsl = AppSec::Configuration::DSL.new
+          dsl.obfuscator_value_regex = arg
           @settings.merge(dsl)
         end
         # Reader methods
-        def [](arg)
-          @settings[arg]
+        def [](key)
+          @settings[key]
+        end
+        def enabled
+          @settings.enabled
         end
         def ruleset
           @settings.ruleset
         end
-        def ruledata
-          @settings.ruledata
+        def ip_denylist
+          @settings.ip_denylist
         end
         def waf_timeout
           @settings.waf_timeout
         end
-        def enabled
-          @settings.enabled
-        end
         def waf_debug
           @settings.waf_debug
         end
@@ -112,6 +114,14 @@ module Datadog
           @settings.trace_rate_limit
         end
+        def obfuscator_key_regex
+          @settings.obfuscator_key_regex
+        end
+        def obfuscator_value_regex
+          @settings.obfuscator_key_regex
+        end
         def merge(arg)
           @settings.merge(arg)
         end

data/lib/datadog/appsec/instrumentation/gateway.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec
@@ -15,8 +15,8 @@ module Datadog
             @block = block
           end
-          def call(*args, **kwargs, &block)
-            @block.call(*args, **kwargs, &block)
+          def call(stack, env)
+            @block.call(stack, env)
           end
         end

data/lib/datadog/appsec/processor.rb CHANGED Viewed

@@ -6,16 +6,6 @@ module Datadog
   module AppSec
     # Processor integrates libddwaf into datadog/appsec
     class Processor
-      # Interface object to check using case .. when
-      module IOLike
-        def read; end
-        def rewind; end
-        def self.===(other)
-          instance_methods.all? { |meth| other.respond_to?(meth) }
-        end
-      end
       # Context manages a sequence of runs
       class Context
         attr_reader :time_ns, :time_ext_ns, :timeouts, :events
@@ -28,10 +18,12 @@ module Datadog
           @events = []
         end
-        def run(*args)
+        def run(input, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
           start_ns = Core::Utils::Time.get_time(:nanosecond)
-          _code, res = @context.run(*args)
+          # TODO: remove multiple assignment
+          _code, res = _ = @context.run(input, timeout)
+          # @type var res: WAF::Result
           stop_ns = Core::Utils::Time.get_time(:nanosecond)
@@ -50,10 +42,8 @@ module Datadog
       attr_reader :ruleset_info, :addresses
       def initialize
-        @ruleset = nil
-        @handle = nil
         @ruleset_info = nil
-        @addresses = nil
+        @addresses = []
         unless load_libddwaf && load_ruleset && create_waf_handle
           Datadog.logger.warn { 'AppSec is disabled, see logged errors above' }
@@ -117,8 +107,8 @@ module Datadog
                        JSON.parse(Datadog::AppSec::Assets.waf_rules(ruleset_setting))
                      when String
                        JSON.parse(File.read(ruleset_setting))
-                     when IOLike
-                       JSON.parse(ruleset_setting.read).tap { ruleset_setting.rewind }
+                     when File, StringIO
+                       JSON.parse(ruleset_setting.read || '').tap { ruleset_setting.rewind }
                      when Hash
                        ruleset_setting
                      else
@@ -148,12 +138,18 @@ module Datadog
         @addresses = @handle.required_addresses
         true
-      rescue StandardError => e
+      rescue WAF::LibDDWAF::Error => e
         Datadog.logger.error do
           "libddwaf failed to initialize, error: #{e.inspect}"
         end
-        @ruleset_info = e.ruleset_info if e.respond_to?(:ruleset_info)
+        @ruleset_info = e.ruleset_info if e.ruleset_info
+        false
+      rescue StandardError => e
+        Datadog.logger.error do
+          "libddwaf failed to initialize, error: #{e.inspect}"
+        end
         false
       end

data/lib/datadog/appsec/rate_limiter.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/reactive/address_hash.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/reactive/engine.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative 'address_hash'
 require_relative 'subscriber'

data/lib/datadog/appsec/reactive/operation.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 require_relative 'engine'
@@ -15,7 +15,7 @@ module Datadog
           Datadog.logger.debug { "operation: #{name} initialize" }
           @name = name
           @parent = parent
-          @reactive = reactive_engine || parent && parent.reactive || Reactive::Engine.new
+          @reactive = reactive_engine || (parent.reactive unless parent.nil?) || Reactive::Engine.new
           # TODO: concurrent store
           # TODO: constant

data/lib/datadog/appsec/reactive/subscriber.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 module Datadog
   module AppSec

data/lib/datadog/appsec/response.rb CHANGED Viewed

@@ -1,6 +1,7 @@
-# typed: false
+# typed: ignore
 require_relative 'assets'
+require_relative 'utils/http/media_range'
 module Datadog
   module AppSec
@@ -37,16 +38,24 @@ module Datadog
         private
+        FORMAT_MAP = {
+          'text/html' => :html,
+          'application/json' => :json,
+          'text/plain' => :text,
+        }.freeze
+        DEFAULT_FORMAT = :text
         def format(env)
-          format = env['HTTP_ACCEPT'] && env['HTTP_ACCEPT'].split(',').any? do |accept|
-            if accept.start_with?('text/html')
-              break :html
-            elsif accept.start_with?('application/json')
-              break :json
-            end
-          end
+          return DEFAULT_FORMAT unless env.key?('HTTP_ACCEPT')
-          format || :text
+          accepted = env['HTTP_ACCEPT'].split(',').map { |m| Utils::HTTP::MediaRange.new(m) }.sort
+          accepted.each_with_object(DEFAULT_FORMAT) do |_default, range|
+            format = FORMAT_MAP.keys.find { |type, _format| range === type }
+            return FORMAT_MAP[format] if format
+          end
         end
       end
     end