RubyGems - ddtrace - Versions diffs - 1.16.1 → 1.16.2 - Mend

ddtrace 1.16.1 → 1.16.2

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -1
data/lib/datadog/appsec/configuration/settings.rb +0 -6
data/lib/datadog/appsec/contrib/rack/gateway/response.rb +0 -46
data/lib/datadog/appsec/contrib/rack/reactive/response.rb +0 -5
data/lib/datadog/appsec/contrib/rack/request_middleware.rb +0 -10
data/lib/datadog/core/configuration/settings.rb +1 -1
data/lib/ddtrace/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a4e85c12caf77e324eee9de8f9ddf143b0e49c3487230ff841ab7a5be05e4c7d
-  data.tar.gz: 44d799e085ae66280177800c136c656085d6f1fc5d32085c2852158c4290ef59
+  metadata.gz: 31833e75aea54c0952a8c9bce646f0e75e304a3d9124f372c022a6bb5c700ea6
+  data.tar.gz: 6c487891f51fb0ef0c196fab1135f20d99417db62d82ee985cac621fb584f00a
 SHA512:
-  metadata.gz: 8c651f6acbdff86fac984f61df4f2322eb449e3355220810a955496c51d33565ddbd6d15f3ca5049f9f0738c93508db9def7c24f046a51d3ef616b6182a1ca4d
-  data.tar.gz: 75fc3aa27da60ec0998087a814f77fe33a4f4c0bcbbda52b647cc00552945e412fa8d7e276d69d470b258da8c204db5186f24118cf4e0dc24bec9c1681ed1c33
+  metadata.gz: d410408162b5ac03f8f80b8a18f5bd1adbcdd70625a45d288bd2f83a38b3b4668514d70ffd57c829d2ecfc9d7c2ac147ed831ccc7f45843ab51676fe501af2be
+  data.tar.gz: a76c4aef579a961e0d588577d42ea23ee2ab28f08fa75d29de2fd422e3e8a5c3543e3ea63ae260ddee054c0b4ffa38c469ece4307abac92d36c08d32a971b3f2

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,13 @@
 ## [Unreleased]
+## [1.16.2] - 2023-11-10
+This release reverts a change to appsec response body parsing that was introduced in [1.16.0 ](https://github.com/DataDog/dd-trace-rb/releases/tag/v1.16.0) that may cause memory leaks.
+### Fixed
+*  Appsec: [Revert parse response body fix introduced in 1.16.0](https://github.com/DataDog/dd-trace-rb/pull/3153) ([#3252][])
 ## [1.16.1] - 2023-11-08
 ### Fixed
@@ -2627,7 +2634,8 @@ Release notes: https://github.com/DataDog/dd-trace-rb/releases/tag/v0.3.1
 Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
-[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v1.16.1...master
+[Unreleased]: https://github.com/DataDog/dd-trace-rb/compare/v1.16.2...master
+[1.16.2]: https://github.com/DataDog/dd-trace-rb/compare/v1.16.1...v1.16.2
 [1.16.1]: https://github.com/DataDog/dd-trace-rb/compare/v1.16.0...v1.16.1
 [1.16.0]: https://github.com/DataDog/dd-trace-rb/compare/v1.15.0...v1.16.0
 [1.15.0]: https://github.com/DataDog/dd-trace-rb/compare/v1.14.0...v1.15.0
@@ -3841,6 +3849,7 @@ Git diff: https://github.com/DataDog/dd-trace-rb/compare/v0.3.0...v0.3.1
 [#3235]: https://github.com/DataDog/dd-trace-rb/issues/3235
 [#3240]: https://github.com/DataDog/dd-trace-rb/issues/3240
 [#3242]: https://github.com/DataDog/dd-trace-rb/issues/3242
+[#3252]: https://github.com/DataDog/dd-trace-rb/issues/3252
 [@AdrianLC]: https://github.com/AdrianLC
 [@Azure7111]: https://github.com/Azure7111
 [@BabyGroot]: https://github.com/BabyGroot

data/lib/datadog/appsec/configuration/settings.rb CHANGED Viewed

@@ -188,12 +188,6 @@ module Datadog
                   end
                 end
               end
-              option :parse_response_body do |o|
-                o.type :bool
-                o.env 'DD_API_SECURITY_PARSE_RESPONSE_BODY'
-                o.default true
-              end
             end
           end
         end

data/lib/datadog/appsec/contrib/rack/gateway/response.rb CHANGED Viewed

@@ -19,55 +19,9 @@ module Datadog
               @scope = scope
             end
-            def parsed_body
-              return unless Datadog.configuration.appsec.parse_response_body
-              unless body.instance_of?(Array)
-                Datadog.logger.debug do
-                  "Response body type unsupported: #{body.class}"
-                end
-                return
-              end
-              return unless json_content_type?
-              result = ''.dup
-              all_body_parts_are_string = true
-              body.each do |body_part|
-                if body_part.is_a?(String)
-                  result.concat(body_part)
-                else
-                  all_body_parts_are_string = false
-                  break
-                end
-              end
-              return unless all_body_parts_are_string
-              begin
-                JSON.parse(result)
-              rescue JSON::ParserError => e
-                Datadog.logger.debug { "Failed to parse response body. Error #{e.class}. Message #{e.message}" }
-                nil
-              end
-            end
             def response
               @response ||= ::Rack::Response.new(body, status, headers)
             end
-            private
-            VALID_JSON_TYPES = [
-              'application/json',
-              'text/json'
-            ].freeze
-            def json_content_type?
-              content_type = headers['content-type']
-              VALID_JSON_TYPES.include?(content_type)
-            end
           end
         end
       end

data/lib/datadog/appsec/contrib/rack/reactive/response.rb CHANGED Viewed

@@ -10,7 +10,6 @@ module Datadog
             ADDRESSES = [
               'response.status',
               'response.headers',
-              'response.body',
             ].freeze
             private_constant :ADDRESSES
@@ -18,7 +17,6 @@ module Datadog
               catch(:block) do
                 op.publish('response.status', gateway_response.status)
                 op.publish('response.headers', gateway_response.headers)
-                op.publish('response.body', gateway_response.parsed_body)
                 nil
               end
@@ -31,7 +29,6 @@ module Datadog
                 response_status = values[0]
                 response_headers = values[1]
                 response_headers_no_cookies = response_headers.dup.tap { |h| h.delete('set-cookie') }
-                response_body = values[2]
                 waf_args = {
                   'server.response.status' => response_status.to_s,
@@ -39,8 +36,6 @@ module Datadog
                   'server.response.headers.no_cookies' => response_headers_no_cookies,
                 }
-                waf_args['server.response.body'] = response_body if response_body
                 waf_timeout = Datadog.configuration.appsec.waf_timeout
                 result = waf_context.run(waf_args, waf_timeout)

data/lib/datadog/appsec/contrib/rack/request_middleware.rb CHANGED Viewed

@@ -66,16 +66,6 @@ module Datadog
               request_return = AppSec::Response.negotiate(env, blocked_event.last[:actions]).to_rack if blocked_event
             end
-            if request_return[2].respond_to?(:to_ary)
-              # Following the Rack specification. The response body should only call :each once.
-              # Calling :to_ary returns an array with identical content as the produced when calling :each
-              # replacing request_return[2] with that new value allow us to safely operate on the response body.
-              # On Gateway::Response#parsed_body we might iterate over the reposne body using :each
-              # https://github.com/rack/rack/blob/main/SPEC.rdoc#enumerable-body-
-              consumed_body = request_return[2].to_ary
-              request_return[2] = consumed_body if consumed_body
-            end
             gateway_response = Gateway::Response.new(
               request_return[2],
               request_return[0],

data/lib/datadog/core/configuration/settings.rb CHANGED Viewed

@@ -330,7 +330,7 @@ module Datadog
             # Caveat 3 (severe):
             # Ruby 3.2.0 to 3.2.2 have a bug in the newobj tracepoint (https://bugs.ruby-lang.org/issues/19482,
             # https://github.com/ruby/ruby/pull/7464) so that's an extra reason why it's not safe on those Rubies.
-            # This bug is fixed on Ruby versions 3.2.2 and 3.3.0.
+            # This bug is fixed on Ruby versions 3.2.3 and 3.3.0.
             #
             # @default `true` on Ruby 2.x and 3.1.4+, 3.2.3+ and 3.3.0+; `false` for Ruby 3.0 and unpatched Rubies.
             option :allocation_counting_enabled do |o|

data/lib/ddtrace/version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module DDTrace
   module VERSION
     MAJOR = 1
     MINOR = 16
-    PATCH = 1
+    PATCH = 2
     PRE = nil
     BUILD = nil
     # PRE and BUILD above are modified for dev gems during gem build GHA workflow

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ddtrace
 version: !ruby/object:Gem::Version
-  version: 1.16.1
+  version: 1.16.2
 platform: ruby
 authors:
 - Datadog, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-08 00:00:00.000000000 Z
+date: 2023-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: msgpack
@@ -890,7 +890,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
 summary: Datadog tracing code for your Ruby applications