Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into florian/fix-actions-cache
Browse files Browse the repository at this point in the history
realFlowControl committed Oct 21, 2024
2 parents 9bf2123 + 5b44290 commit 89cfe08
Showing 9 changed files with 44 additions and 20 deletions.
5 changes: 2 additions & 3 deletions appsec/src/extension/configuration.h
Original file line number Diff line number Diff line change
@@ -21,11 +21,10 @@ extern bool runtime_config_first_init;

// clang-format off
#define DEFAULT_OBFUSCATOR_KEY_REGEX \
"(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization"
"(?i)pass|pw(?:or)?d|secret|(?:api|private|public|access)[_-]?key|token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization|jsessionid|phpsessid|asp\\.net[_-]sessionid|sid|jwt"

#define DEFAULT_OBFUSCATOR_VALUE_REGEX \
"(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\\s*=[^;]|\"\\s*:\\s*\"[^\"]+\")|bearer\\s+[a-z0-9\\._\\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(?:\\.[\\w.+\\/=-]+)?|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*[a-z0-9\\/\\.+]{100,}"
// clang-format on
"(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\\.net(?:[_-]|-)sessionid|sid|jwt)(?:\\s*=[^;]|\"\\s*:\\s*\"[^\"]+\")|bearer\\s+[a-z0-9\\._\\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(?:\\.[\\w.+\\/=-]+)?|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*[a-z0-9\\/\\.+]{100,}"

#define DD_BASE(path) "/opt/datadog-php/"

2 changes: 2 additions & 0 deletions appsec/src/helper/main.cpp
Original file line number Diff line number Diff line change
@@ -125,6 +125,8 @@ int appsec_helper_main_impl()

runner->run();

runner->unregister_for_rc_notifications();

finished.store(true, std::memory_order_release);
}};
thread_id = thr.native_handle();
12 changes: 8 additions & 4 deletions appsec/src/helper/runner.cpp
Original file line number Diff line number Diff line change
@@ -123,7 +123,7 @@ void runner::register_for_rc_notifications()
std::atomic_load(&RUNNER_FOR_NOTIFICATIONS);
if (!runner) {
// NOLINTNEXTLINE(bugprone-lambda-function-name)
SPDLOG_ERROR("No runner to notify of remote config updates");
SPDLOG_WARN("No runner to notify of remote config updates");
ddog_remote_config_path_free(path);
return;
}
@@ -136,15 +136,19 @@ void runner::register_for_rc_notifications()
});
}

runner::~runner() noexcept
void runner::unregister_for_rc_notifications()
{
SPDLOG_INFO("Unregister runner for RC update callback");
try {
std::shared_ptr<runner> expected = shared_from_this();
std::atomic_compare_exchange_strong(&RUNNER_FOR_NOTIFICATIONS,
&expected, std::shared_ptr<runner>(nullptr));
} catch (...) {
// can only happened if there is no shared_ptr for the runner
// in this case a std::bad_weak_ptr is thrown
// can only happen if there is no shared_ptr for the runner
// in this case a std::bad_weak_ptr is thrown.
// But we only expose runner through a shared pointer, so this would
// require extraordinary actions to destroy the shared pointer but not
// the object.
std::abort();
}
}
4 changes: 3 additions & 1 deletion appsec/src/helper/runner.hpp
Original file line number Diff line number Diff line change
@@ -26,14 +26,16 @@ class runner : public std::enable_shared_from_this<runner> {
runner &operator=(const runner &) = delete;
runner(runner &&) = delete;
runner &operator=(runner &&) = delete;
~runner() noexcept;
~runner() = default;

static void resolve_symbols();

void run() noexcept(false);

void register_for_rc_notifications();

void unregister_for_rc_notifications();

[[nodiscard]] bool interrupted() const
{
return interrupted_.load(std::memory_order_acquire);
7 changes: 7 additions & 0 deletions ext/configuration.c
Original file line number Diff line number Diff line change
@@ -180,6 +180,13 @@ bool ddtrace_config_minit(int module_number) {
config_entries[DDTRACE_CONFIG_DD_TRACE_AUTO_FLUSH_ENABLED].default_encoded_value = (zai_str) ZAI_STR_FROM_CSTR("true");
}

#ifndef _WIN32
// Sidecar is currently broken - no traces sent. Investigation pending, background sender just works though.
if (getenv("AWS_LAMBDA_FUNCTION_NAME")) {
config_entries[DDTRACE_CONFIG_DD_TRACE_SIDECAR_TRACE_SENDER].default_encoded_value = (zai_str) ZAI_STR_FROM_CSTR("false");
}
#endif

if (!zai_config_minit(config_entries, (sizeof config_entries / sizeof *config_entries), dd_ini_env_to_ini_name,
module_number)) {
ddtrace_log_ginit();
11 changes: 9 additions & 2 deletions ext/handlers_exception.c
Original file line number Diff line number Diff line change
@@ -546,8 +546,15 @@ void ddtrace_exception_handlers_startup(void) {

zend_property_info *property_info;
ZEND_HASH_MAP_FOREACH_PTR(&ce->properties_info, property_info) {
if (property_info->offset >= parent_info->offset && property_info->ce != base_ce && (property_info->flags & ZEND_ACC_STATIC) == 0) {
property_info->offset += sizeof(zval);
if (property_info->offset >= parent_info->offset && (property_info->flags & ZEND_ACC_STATIC) == 0) {
#if PHP_VERSION_ID >= 80100
if (property_info->ce == ce)
#else
if (property_info->ce != base_ce)
#endif
{
property_info->offset += sizeof(zval);
}
}
} ZEND_HASH_FOREACH_END();

4 changes: 2 additions & 2 deletions ext/serializer.c
Original file line number Diff line number Diff line change
@@ -1236,9 +1236,9 @@ static void _serialize_meta(zval *el, ddtrace_span_data *span, zend_string *serv
if (Z_TYPE_P(tag) == IS_STRING) { // Use the first tag that is found in the span, if any
zval *peer_service = zend_hash_find(Z_ARRVAL_P(meta), Z_STR_P(tag));
if (peer_service && Z_TYPE_P(peer_service) == IS_STRING) {
add_assoc_str(meta, "_dd.peer.service.source", zend_string_copy(Z_STR_P(tag)));

zend_string *peer = zval_get_string(peer_service);

add_assoc_str(meta, "_dd.peer.service.source", zend_string_copy(Z_STR_P(tag)));
if (!dd_set_mapped_peer_service(meta, peer)) {
add_assoc_str(meta, "peer.service", peer);
}
17 changes: 10 additions & 7 deletions src/DDTrace/Integrations/LaravelQueue/LaravelQueueIntegration.php
Original file line number Diff line number Diff line change
@@ -150,21 +150,21 @@ function ($worker, $scope, $args, $retval) use ($integration) {
]
);

hook_method(
'Illuminate\Queue\Jobs\Job',
'fire',
function ($job, $scope, $args) use ($integration) {
$payload = $job->payload();
install_hook(
'Illuminate\Queue\Jobs\Job::fire',
function (HookData $fireHook) use ($integration) {
/** @var \Illuminate\Queue\Jobs\Job $this */
$payload = $this->payload();
list($class, $method) = JobName::parse($payload['job']);

if ($class == 'Illuminate\\Queue\\CallQueuedHandler') {
$class = $payload['data']['commandName'];
$method = 'handle';
}

install_hook(
$fireHook->data['id'] = install_hook(
"$class::$method",
function (HookData $hook) use ($integration, $class, $method) {
function (HookData $hook) use ($integration, $class, $method, $fireHook) {
$span = $hook->span();
$span->name = 'laravel.queue.action';
$span->type = 'queue';
@@ -191,6 +191,9 @@ function (HookData $hook) use ($integration, $class, $method) {
remove_hook($hook->id);
}
);
},
function (HookData $fireHook) {
remove_hook($fireHook->data['id']);
}
);

0 comments on commit 89cfe08

Please sign in to comment.