Skip to content

Commit

Permalink
Merge branch 'master' into munir/uds-should-take-precedence-over-http…
Browse files Browse the repository at this point in the history 
…-if-both-defined
  • Loading branch information
@mabdinur
mabdinur authored Oct 28, 2024
2 parents 2a8330f + 7e397db commit 57ea8f7
Show file tree
Hide file tree
Showing 37 changed files with 527 additions and 450 deletions.
8 changes: 8 additions & 0 deletions .gitlab/benchmarks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,14 @@ only-profiling-heap-clean-after-gc:
DD_PROFILING_HEAP_CLEAN_AFTER_GC_ENABLED: "true"
ADD_TO_GEMFILE: "gem 'datadog', github: 'datadog/dd-trace-rb', ref: '$CI_COMMIT_SHA'"

only-profiling-gvl:
extends: .benchmarks
variables:
DD_BENCHMARKS_CONFIGURATION: only-profiling
DD_PROFILING_ENABLED: "true"
DD_PROFILING_PREVIEW_GVL_ENABLED: "true"
ADD_TO_GEMFILE: "gem 'datadog', github: 'datadog/dd-trace-rb', ref: '$CI_COMMIT_SHA'"

profiling-and-tracing:
extends: .benchmarks
variables:
Expand Down
6 changes: 2 additions & 4 deletions datadog.gemspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,8 @@ Gem::Specification.new do |spec|
# rubies, see #1739 and #1336 for an extended discussion about this
spec.add_dependency 'msgpack'

# Used by the profiler native extension to support Ruby < 2.6 and > 3.2
#
# We decided to pin it at the latest available version and will manually bump the dependency as needed.
spec.add_dependency 'datadog-ruby_core_source', '= 3.3.6'
# Used by the profiler native extension to support Ruby 2.5 and > 3.2, see NativeExtensionDesign.md for details
spec.add_dependency 'datadog-ruby_core_source', '~> 3.3'

# Used by appsec
spec.add_dependency 'libddwaf', '~> 1.14.0.0.0'
Expand Down
2 changes: 1 addition & 1 deletion gemfiles/jruby_9.2_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/jruby_9.3_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/jruby_9.4_elasticsearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/jruby_9.4_opensearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/jruby_9.4_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_2.5_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_2.6_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_2.7_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.0_elasticsearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.0_opensearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.0_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.1_elasticsearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.1_opensearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.1_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.2_elasticsearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.2_opensearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.2_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.3_elasticsearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.3_opensearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.3_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.4_elasticsearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.4_opensearch_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion gemfiles/ruby_3.4_stripe_latest.gemfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

78 changes: 7 additions & 71 deletions lib/datadog/appsec/processor.rb
View file
Original file line number Diff line number Diff line change
@@ -1,83 +1,19 @@
# frozen_string_literal: true

require_relative 'processor/context'

module Datadog
module AppSec
# Processor integrates libddwaf into datadog/appsec
class Processor
# Context manages a sequence of runs
class Context
attr_reader :time_ns, :time_ext_ns, :timeouts, :events

def initialize(processor)
@context = Datadog::AppSec::WAF::Context.new(processor.send(:handle))
@time_ns = 0.0
@time_ext_ns = 0.0
@timeouts = 0
@events = []
@run_mutex = Mutex.new
end

def run(input, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
@run_mutex.lock

start_ns = Core::Utils::Time.get_time(:nanosecond)

input.reject! do |_, v|
case v
when TrueClass, FalseClass
false
else
v.nil? ? true : v.empty?
end
end

_code, res = @context.run(input, timeout)

stop_ns = Core::Utils::Time.get_time(:nanosecond)

# these updates are not thread safe and should be protected
@time_ns += res.total_runtime
@time_ext_ns += (stop_ns - start_ns)
@timeouts += 1 if res.timeout

res
ensure
@run_mutex.unlock
end

def extract_schema
return unless extract_schema?

input = {
'waf.context.processor' => {
'extract-schema' => true
}
}

_code, res = @context.run(input, WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)

res
end

def finalize
@context.finalize
end

private

def extract_schema?
Datadog.configuration.appsec.api_security.enabled &&
Datadog.configuration.appsec.api_security.sample_rate.sample?
end
end

attr_reader :diagnostics, :addresses

def initialize(ruleset:, telemetry:)
@telemetry = telemetry
@diagnostics = nil
@addresses = []

settings = Datadog.configuration.appsec
@telemetry = telemetry

# TODO: Refactor to make it easier to test
unless require_libddwaf && libddwaf_provides_waf? && create_waf_handle(settings, ruleset)
Expand All @@ -93,9 +29,9 @@ def finalize
@handle.finalize
end

protected

attr_reader :handle
def new_context
Context.new(@handle, telemetry: @telemetry)
end

private

Expand Down
Loading

0 comments on commit 57ea8f7

Please sign in to comment.