From 9be0d6db040c9a0130fb6ba06487a3d11b189882 Mon Sep 17 00:00:00 2001 From: Yury Lebedev Date: Fri, 6 Sep 2024 11:05:35 +0200 Subject: [PATCH 1/8] Update appsec waf rules to version 1.13.1 --- .../appsec/assets/waf_rules/recommended.json | 2292 ++++++++++++++++- .../appsec/assets/waf_rules/strict.json | 1432 +++++++++- 2 files changed, 3614 insertions(+), 110 deletions(-) diff --git a/lib/datadog/appsec/assets/waf_rules/recommended.json b/lib/datadog/appsec/assets/waf_rules/recommended.json index a6e01468548..d05b1e629b2 100644 --- a/lib/datadog/appsec/assets/waf_rules/recommended.json +++ b/lib/datadog/appsec/assets/waf_rules/recommended.json @@ -1,7 +1,7 @@ { "version": "2.2", "metadata": { - "rules_version": "1.8.0" + "rules_version": "1.13.1" }, "rules": [ { @@ -118,6 +118,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "list": [ @@ -138,7 +141,10 @@ "appscan_fingerprint", "w00tw00t.at.isc.sans.dfind", "w00tw00t.at.blackhats.romanian.anti-sec" - ] + ], + "options": { + "enforce_word_boundary": true + } }, "operator": "phrase_match" } @@ -346,6 +352,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "list": [ @@ -1772,7 +1781,10 @@ "windows\\win.ini", "default\\ntuser.dat", "/var/run/secrets/kubernetes.io/serviceaccount" - ] + ], + "options": { + "enforce_word_boundary": true + } }, "operator": "phrase_match" } @@ -1839,6 +1851,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "^(?i:file|ftps?)://.*?\\?+$", @@ -1881,8 +1896,14 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], + "options": { + "enforce_word_boundary": true + }, "list": [ "${cdpath}", "${dirstack}", @@ -1900,7 +1921,6 @@ "$ifs", "$oldpwd", "$ostype", - "$path", "$pwd", "dev/fd/", "dev/null", @@ -2391,6 +2411,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "^\\(\\s*\\)\\s+{", @@ -2456,7 +2479,10 @@ "settings.local.php", "local.xml", ".env" - ] + ], + "options": { + "enforce_word_boundary": true + } }, "operator": "phrase_match" } @@ -2547,8 +2573,14 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], + "options": { + "enforce_word_boundary": true + }, "list": [ "$globals", "$_cookie", @@ -2608,6 +2640,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)", @@ -2650,6 +2685,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)", @@ -2691,6 +2729,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "list": [ @@ -2738,7 +2779,10 @@ "wp_safe_remote_post", "wp_safe_remote_request", "zlib_decode" - ] + ], + "options": { + "enforce_word_boundary": true + } }, "operator": "phrase_match" } @@ -2775,6 +2819,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)", @@ -2820,6 +2867,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "[oOcC]:\\d+:\\\".+?\\\":\\d+:{[\\W\\w]*}", @@ -2861,6 +2911,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:(?:bzip|ssh)2|z(?:lib|ip)|(?:ph|r)ar|expect|glob|ogg)://", @@ -2904,6 +2957,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)", @@ -2942,10 +2998,10 @@ "address": "server.request.path_params" }, { - "address": "grpc.server.request.message" + "address": "graphql.server.all_resolvers" }, { - "address": "graphql.server.all_resolvers" + "address": "graphql.server.resolver" } ], "regex": "\\b(?:w(?:atch|rite)|(?:spaw|ope)n|exists|close|fork|read)\\s*\\(", @@ -2996,14 +3052,15 @@ "address": "server.request.path_params" }, { - "address": "grpc.server.request.message" + "address": "graphql.server.all_resolvers" }, { - "address": "graphql.server.all_resolvers" + "address": "graphql.server.resolver" } ], "regex": "]*>[\\s\\S]*?", "options": { + "case_sensitive": false, "min_length": 8 } }, @@ -3056,6 +3113,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\bon(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress|aste|ointer(?:cancel|down|enter|leave|move|out|over|rawupdate|up))|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t|uxclick|fterscriptexecute)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start|end)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]", @@ -3112,6 +3172,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url\\(javascript", @@ -3168,6 +3231,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\x5c\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\x5c[ux]\\d)))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|[^-]*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[^:]*?:\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(", @@ -3211,8 +3277,14 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], + "options": { + "enforce_word_boundary": true + }, "list": [ "document.cookie", "document.write", @@ -3259,6 +3331,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i:<.*[:]?vmlframe.*?[\\s/+]*?src[\\s/+]*=)", @@ -3303,6 +3378,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)", @@ -3347,6 +3425,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)", @@ -3391,6 +3472,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "]", @@ -3607,6 +3700,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": ")|<.*\\+AD4-", @@ -3691,6 +3790,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "![!+ ]\\[\\]", @@ -3733,6 +3835,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)[\\s+]*\\([^\\)]", @@ -3770,10 +3875,10 @@ "address": "server.request.path_params" }, { - "address": "grpc.server.request.message" + "address": "graphql.server.all_resolvers" }, { - "address": "graphql.server.all_resolvers" + "address": "graphql.server.resolver" } ] }, @@ -3813,6 +3918,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))", @@ -3855,6 +3963,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:[\\\"'`](?:;*?\\s*?waitfor\\s+(?:delay|time)\\s+[\\\"'`]|;.*?:\\s*?goto)|alter\\s*?\\w+.*?cha(?:racte)?r\\s+set\\s+\\w+)", @@ -3895,6 +4006,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i:merge.*?using\\s*?\\(|execute\\s*?immediate\\s*?[\\\"'`]|match\\s*?[\\w(?:),+-]+\\s*?against\\s*?\\()", @@ -3936,6 +4050,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "union.*?select.*?from", @@ -3977,6 +4094,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:;\\s*?shutdown\\s*?(?:[#;{]|\\/\\*|--)|waitfor\\s*?delay\\s?[\\\"'`]+\\s?\\d|select\\s*?pg_sleep)", @@ -4017,6 +4137,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)", @@ -4060,6 +4183,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|union\\s*(?:(?:distin|sele)ct|all))\\b|\\b(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\s+(?:group_concat|load_file|char)\\b\\s*\\(?|[\\s(]load_file\\s*?\\(|[\\\"'`]\\s+regexp\\W)", @@ -4100,6 +4226,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i:/\\*[!+](?:[\\w\\s=_\\-(?:)]+)?\\*/)", @@ -4142,6 +4271,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)", @@ -4187,6 +4319,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "java\\.lang\\.(?:runtime|processbuilder)", @@ -4207,7 +4342,6 @@ "name": "Remote Command Execution: Java process spawn (CVE-2017-9805)", "tags": { "type": "java_code_injection", - "crs_id": "944110", "category": "attack_attempt", "cwe": "94", "capec": "1000/152/242" @@ -4233,50 +4367,21 @@ }, { "address": "graphql.server.all_resolvers" - } - ], - "regex": "(?:runtime|processbuilder)", - "options": { - "case_sensitive": true, - "min_length": 7 - } - }, - "operator": "match_regex" - }, - { - "parameters": { - "inputs": [ - { - "address": "server.request.query" - }, - { - "address": "server.request.body" - }, - { - "address": "server.request.path_params" }, { - "address": "server.request.headers.no_cookies" - }, - { - "address": "grpc.server.request.message" - }, - { - "address": "graphql.server.all_resolvers" + "address": "graphql.server.resolver" } ], - "regex": "(?:unmarshaller|base64data|java\\.)", + "regex": "(?:unmarshaller|base64data|java\\.).*(?:runtime|processbuilder)", "options": { - "case_sensitive": true, - "min_length": 5 + "case_sensitive": false, + "min_length": 13 } }, "operator": "match_regex" } ], - "transformers": [ - "lowercase" - ] + "transformers": [] }, { "id": "crs-944-130", @@ -4309,6 +4414,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "list": [ @@ -4344,6 +4452,7 @@ "java.lang.object", "java.lang.process", "java.lang.reflect", + "java.lang.runtime", "java.lang.string", "java.lang.stringbuilder", "java.lang.system", @@ -4353,7 +4462,10 @@ "org.apache.struts2", "org.omg.corba", "java.beans.xmldecode" - ] + ], + "options": { + "enforce_word_boundary": true + } }, "operator": "phrase_match" } @@ -4394,6 +4506,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)", @@ -4435,6 +4550,9 @@ { "address": "graphql.server.all_resolvers" }, + { + "address": "graphql.server.resolver" + }, { "address": "server.request.headers.no_cookies" } @@ -4475,10 +4593,13 @@ "address": "server.request.path_params" }, { - "address": "grpc.server.request.message" + "address": "graphql.server.all_resolvers" }, { - "address": "graphql.server.all_resolvers" + "address": "graphql.server.resolver" + }, + { + "address": "server.request.headers.no_cookies" } ], "regex": "[#%$]{(?:[^}]+[^\\w\\s}\\-_][^}]+|\\d+-\\d+)}", @@ -4522,6 +4643,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "[@#]ognl", @@ -4668,6 +4792,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "#(?:set|foreach|macro|parse|if)\\(.*\\)|<#assign.*>" @@ -4709,6 +4836,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\b(?:burpcollaborator\\.net|oastify\\.com)\\b" @@ -4750,9 +4880,12 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], - "regex": "\\bqualysperiscope\\.com\\b" + "regex": "\\bqualysperiscope\\.com\\b|\\.oscomm\\." }, "operator": "match_regex" } @@ -4791,6 +4924,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\bprbly\\.win\\b" @@ -4831,9 +4967,12 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], - "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com)\\b" + "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com|arcticwolf\\.net|oob\\.li|htbiw\\.com|h4\\.vc|mochan\\.cloud|imshopping\\.com|bootstrapnodejs\\.com|mooo-ng\\.com|securitytrails\\.com|canyouhackit\\.io|7bae\\.xyz)\\b" }, "operator": "match_regex" } @@ -4871,6 +5010,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\b(?:\\.ngrok\\.io|requestbin\\.com|requestbin\\.net)\\b" @@ -4912,6 +5054,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\bappspidered\\.rapid7\\." @@ -4953,9 +5098,12 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], - "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me))\\b" + "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me)|indusfacefinder\\.in|where\\.land|syhunt\\.net|tssrt\\.de|boardofcyber\\.io|assetnote-callback\\.com|praetorianlabs\\.dev|netspi\\.sh)\\b" }, "operator": "match_regex" } @@ -4994,9 +5142,12 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], - "regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b", + "regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)?r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b", "options": { "case_sensitive": false, "min_length": 7 @@ -5008,14 +5159,15 @@ "transformers": [] }, { - "id": "dog-931-001", - "name": "RFI: URL Payload to well known RFI target", + "id": "dog-913-009", + "name": "WhiteHat Security OOB domain", "tags": { - "type": "rfi", + "type": "commercial_scanner", "category": "attack_attempt", - "cwe": "98", - "capec": "1000/152/175/253/193", - "confidence": "1" + "tool_name": "WhiteHatSecurity", + "cwe": "200", + "capec": "1000/118/169", + "confidence": "0" }, "conditions": [ { @@ -5030,17 +5182,23 @@ { "address": "server.request.path_params" }, + { + "address": "server.request.headers.no_cookies" + }, { "address": "grpc.server.request.message" }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], - "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$", + "regex": "\\bwhsec(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)us\\b", "options": { - "case_sensitive": true, - "min_length": 17 + "case_sensitive": false, + "min_length": 8 } }, "operator": "match_regex" @@ -5049,33 +5207,46 @@ "transformers": [] }, { - "id": "dog-934-001", - "name": "XXE - XML file loads external entity", + "id": "dog-913-010", + "name": "Nessus OOB domain", "tags": { - "type": "xxe", + "type": "commercial_scanner", "category": "attack_attempt", - "cwe": "91", - "capec": "1000/152/248/250", + "tool_name": "Nessus", + "cwe": "200", + "capec": "1000/118/169", "confidence": "0" }, "conditions": [ { "parameters": { "inputs": [ + { + "address": "server.request.query" + }, { "address": "server.request.body" }, + { + "address": "server.request.path_params" + }, + { + "address": "server.request.headers.no_cookies" + }, { "address": "grpc.server.request.message" }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], - "regex": "(?:<\\?xml[^>]*>.*)]+SYSTEM\\s+[^>]+>", + "regex": "\\b\\.nessus\\.org\\b", "options": { "case_sensitive": false, - "min_length": 24 + "min_length": 8 } }, "operator": "match_regex" @@ -5084,31 +5255,20 @@ "transformers": [] }, { - "id": "dog-941-001", - "name": "XSS in source property", + "id": "dog-913-011", + "name": "Watchtowr OOB domain", "tags": { - "type": "xss", + "type": "commercial_scanner", "category": "attack_attempt", - "cwe": "83", - "capec": "1000/152/242/63/591/243", + "tool_name": "Watchtowr", + "cwe": "200", + "capec": "1000/118/169", "confidence": "0" }, "conditions": [ { "parameters": { "inputs": [ - { - "address": "server.request.headers.no_cookies", - "key_path": [ - "user-agent" - ] - }, - { - "address": "server.request.headers.no_cookies", - "key_path": [ - "referer" - ] - }, { "address": "server.request.query" }, @@ -5118,28 +5278,301 @@ { "address": "server.request.path_params" }, + { + "address": "server.request.headers.no_cookies" + }, { "address": "grpc.server.request.message" }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], - "regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|//)[^\\s'\"]+['\"]?", + "regex": "\\bwatchtowr\\.com\\b", "options": { - "min_length": 14 + "case_sensitive": false, + "min_length": 8 } }, "operator": "match_regex" } ], - "transformers": [ - "removeNulls", - "urlDecodeUni" - ] + "transformers": [] }, { - "id": "dog-942-001", + "id": "dog-913-012", + "name": "AppCheck NG OOB domain", + "tags": { + "type": "commercial_scanner", + "category": "attack_attempt", + "tool_name": "AppCheckNG", + "cwe": "200", + "capec": "1000/118/169", + "confidence": "0" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.query" + }, + { + "address": "server.request.body" + }, + { + "address": "server.request.path_params" + }, + { + "address": "server.request.headers.no_cookies" + }, + { + "address": "grpc.server.request.message" + }, + { + "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" + } + ], + "regex": "\\bptst\\.io\\b", + "options": { + "case_sensitive": false, + "min_length": 7 + } + }, + "operator": "match_regex" + } + ], + "transformers": [] + }, + { + "id": "dog-920-001", + "name": "JWT authentication bypass", + "tags": { + "type": "http_protocol_violation", + "category": "attack_attempt", + "cwe": "287", + "capec": "1000/225/115", + "confidence": "0" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.cookies" + }, + { + "address": "server.request.headers.no_cookies", + "key_path": [ + "authorization" + ] + } + ], + "regex": "^(?:Bearer )?ey[A-Za-z0-9+_\\-/]*([QY][UW]x[Hn]Ij([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]Ij([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDogI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]IiA6ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]Ij([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciIDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgOiJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]IiA6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]Ij([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciOiJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]IjogI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]IiA6I[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6I[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6I[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciIDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]IiA6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]IiA6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6I[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]IiA6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6I[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]Ijoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f])[A-Za-z0-9+-/]*\\.[A-Za-z0-9+_\\-/]+\\.(?:[A-Za-z0-9+_\\-/]+)?$", + "options": { + "case_sensitive": true + } + }, + "operator": "match_regex" + } + ], + "transformers": [] + }, + { + "id": "dog-931-001", + "name": "RFI: URL Payload to well known RFI target", + "tags": { + "type": "rfi", + "category": "attack_attempt", + "cwe": "98", + "capec": "1000/152/175/253/193", + "confidence": "1" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.query" + }, + { + "address": "server.request.body" + }, + { + "address": "server.request.path_params" + }, + { + "address": "grpc.server.request.message" + }, + { + "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" + } + ], + "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$", + "options": { + "case_sensitive": true, + "min_length": 17 + } + }, + "operator": "match_regex" + } + ], + "transformers": [] + }, + { + "id": "dog-932-100", + "name": "Shell spawn executing network command", + "tags": { + "type": "command_injection", + "category": "attack_attempt", + "cwe": "77", + "capec": "1000/152/248/88", + "confidence": "0" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.query" + }, + { + "address": "server.request.body" + }, + { + "address": "server.request.path_params" + }, + { + "address": "server.request.headers.no_cookies" + }, + { + "address": "grpc.server.request.message" + }, + { + "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" + } + ], + "regex": "(?:(?:['\"\\x60({|;&]|(?:^|['\"\\x60({|;&])(?:cmd(?:\\.exe)?\\s+(?:/\\w(?::\\w+)?\\s+)*))(?:ping|curl|wget|telnet)|\\bnslookup)[\\s,]", + "options": { + "case_sensitive": true, + "min_length": 5 + } + }, + "operator": "match_regex" + } + ], + "transformers": [] + }, + { + "id": "dog-934-001", + "name": "XXE - XML file loads external entity", + "tags": { + "type": "xxe", + "category": "attack_attempt", + "cwe": "91", + "capec": "1000/152/248/250", + "confidence": "1" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.body" + }, + { + "address": "grpc.server.request.message" + }, + { + "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" + } + ], + "regex": "(?:<\\?xml[^>]*>.*)]+SYSTEM\\s+[^>]+>", + "options": { + "case_sensitive": false, + "min_length": 24 + } + }, + "operator": "match_regex" + } + ], + "transformers": [] + }, + { + "id": "dog-941-001", + "name": "XSS in source property", + "tags": { + "type": "xss", + "category": "attack_attempt", + "cwe": "83", + "capec": "1000/152/242/63/591/243", + "confidence": "1" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.headers.no_cookies", + "key_path": [ + "user-agent" + ] + }, + { + "address": "server.request.headers.no_cookies", + "key_path": [ + "referer" + ] + }, + { + "address": "server.request.query" + }, + { + "address": "server.request.body" + }, + { + "address": "server.request.path_params" + }, + { + "address": "grpc.server.request.message" + }, + { + "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" + } + ], + "regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|dns:|//)[^\\s'\"]+['\"]?", + "options": { + "min_length": 14 + } + }, + "operator": "match_regex" + } + ], + "transformers": [ + "removeNulls", + "urlDecodeUni" + ] + }, + { + "id": "dog-942-001", "name": "Blind XSS callback domains", "tags": { "type": "xss", @@ -5169,9 +5602,12 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], - "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)", + "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.(?:in|me)|xss\\.ht|js\\.rip)", "options": { "case_sensitive": false } @@ -5209,6 +5645,9 @@ { "operator": "phrase_match", "parameters": { + "options": { + "enforce_word_boundary": true + }, "inputs": [ { "address": "server.request.uri.raw" @@ -5409,7 +5848,8 @@ "/website.php", "/stats.php", "/assets/plugins/mp3_id/mp3_id.php", - "/siteminderagent/forms/smpwservices.fcc" + "/siteminderagent/forms/smpwservices.fcc", + "/eval-stdin.php" ] } } @@ -5755,10 +6195,246 @@ "transformers": [] }, { - "id": "sqr-000-001", - "name": "SSRF: Try to access the credential manager of the main cloud services", + "id": "nfd-000-010", + "name": "Detect failed attempts to find API documentation", "tags": { - "type": "ssrf", + "type": "security_scanner", + "category": "attack_attempt", + "cwe": "200", + "capec": "1000/118/169", + "confidence": "0" + }, + "conditions": [ + { + "operator": "match_regex", + "parameters": { + "inputs": [ + { + "address": "server.response.status" + } + ], + "regex": "^404$", + "options": { + "case_sensitive": true + } + } + }, + { + "operator": "match_regex", + "parameters": { + "inputs": [ + { + "address": "server.request.uri.raw" + } + ], + "regex": "(?:/swagger\\b|/api[-/]docs?\\b)", + "options": { + "case_sensitive": false + } + } + } + ], + "transformers": [] + }, + { + "id": "rasp-930-100", + "name": "Local file inclusion exploit", + "tags": { + "type": "lfi", + "category": "vulnerability_trigger", + "cwe": "22", + "capec": "1000/255/153/126", + "confidence": "0", + "module": "rasp" + }, + "conditions": [ + { + "parameters": { + "resource": [ + { + "address": "server.io.fs.file" + } + ], + "params": [ + { + "address": "server.request.query" + }, + { + "address": "server.request.body" + }, + { + "address": "server.request.path_params" + }, + { + "address": "grpc.server.request.message" + }, + { + "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" + } + ] + }, + "operator": "lfi_detector" + } + ], + "transformers": [], + "on_match": [ + "stack_trace" + ] + }, + { + "id": "rasp-932-100", + "name": "Shell injection exploit", + "tags": { + "type": "command_injection", + "category": "vulnerability_trigger", + "cwe": "77", + "capec": "1000/152/248/88", + "confidence": "0", + "module": "rasp" + }, + "conditions": [ + { + "parameters": { + "resource": [ + { + "address": "server.sys.shell.cmd" + } + ], + "params": [ + { + "address": "server.request.query" + }, + { + "address": "server.request.body" + }, + { + "address": "server.request.path_params" + }, + { + "address": "grpc.server.request.message" + }, + { + "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" + } + ] + }, + "operator": "shi_detector" + } + ], + "transformers": [], + "on_match": [ + "stack_trace" + ] + }, + { + "id": "rasp-934-100", + "name": "Server-side request forgery exploit", + "tags": { + "type": "ssrf", + "category": "vulnerability_trigger", + "cwe": "918", + "capec": "1000/225/115/664", + "confidence": "0", + "module": "rasp" + }, + "conditions": [ + { + "parameters": { + "resource": [ + { + "address": "server.io.net.url" + } + ], + "params": [ + { + "address": "server.request.query" + }, + { + "address": "server.request.body" + }, + { + "address": "server.request.path_params" + }, + { + "address": "grpc.server.request.message" + }, + { + "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" + } + ] + }, + "operator": "ssrf_detector" + } + ], + "transformers": [], + "on_match": [ + "stack_trace" + ] + }, + { + "id": "rasp-942-100", + "name": "SQL injection exploit", + "tags": { + "type": "sql_injection", + "category": "vulnerability_trigger", + "cwe": "89", + "capec": "1000/152/248/66", + "confidence": "0", + "module": "rasp" + }, + "conditions": [ + { + "parameters": { + "resource": [ + { + "address": "server.db.statement" + } + ], + "params": [ + { + "address": "server.request.query" + }, + { + "address": "server.request.body" + }, + { + "address": "server.request.path_params" + }, + { + "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" + } + ], + "db_type": [ + { + "address": "server.db.system" + } + ] + }, + "operator": "sqli_detector" + } + ], + "transformers": [], + "on_match": [ + "stack_trace" + ] + }, + { + "id": "sqr-000-001", + "name": "SSRF: Try to access the credential manager of the main cloud services", + "tags": { + "type": "ssrf", "category": "attack_attempt", "cwe": "918", "capec": "1000/225/115/664", @@ -5782,6 +6458,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i)^\\W*((http|ftp)s?://)?\\W*((::f{4}:)?(169|(0x)?0*a9|0+251)\\.?(254|(0x)?0*fe|0+376)[0-9a-fx\\.:]+|metadata\\.google\\.internal|metadata\\.goog)\\W*/", @@ -5823,6 +6502,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "require\\(['\"][\\w\\.]+['\"]\\)|process\\.\\w+\\([\\w\\.]*\\)|\\.toString\\(\\)", @@ -5868,6 +6550,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i)[&|]\\s*type\\s+%\\w+%\\\\+\\w+\\.ini\\s*[&|]" @@ -5908,6 +6593,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i)[&|]\\s*cat\\s*\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]" @@ -5950,6 +6638,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i)[&|]\\s*timeout\\s+/t\\s+\\d+\\s*[&|]" @@ -5987,6 +6678,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "http(s?):\\/\\/([A-Za-z0-9\\.\\-\\_]+|\\[[A-Fa-f0-9\\:]+\\]|):5986\\/wsman", @@ -6027,6 +6721,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$" @@ -6066,6 +6763,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$" @@ -6108,9 +6808,12 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], - "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii.one|act1on3.ru)" + "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii\\.one|act1on3\\.ru)" }, "operator": "match_regex" } @@ -6144,10 +6847,10 @@ "address": "server.request.headers.no_cookies" }, { - "address": "grpc.server.request.message" + "address": "graphql.server.all_resolvers" }, { - "address": "graphql.server.all_resolvers" + "address": "graphql.server.resolver" } ], "regex": "^(jar:)?((file|netdoc):\\/\\/[\\\\\\/]+|(dict|gopher|ldap|sftp|tftp):\\/\\/.*:[0-9]{1,5})" @@ -6189,10 +6892,10 @@ "address": "server.request.headers.no_cookies" }, { - "address": "grpc.server.request.message" + "address": "graphql.server.all_resolvers" }, { - "address": "graphql.server.all_resolvers" + "address": "graphql.server.resolver" } ], "regex": "\\${[^j]*j[^n]*n[^d]*d[^i]*i[^:]*:[^}]*}" @@ -7610,6 +8313,35 @@ ], "transformers": [] }, + { + "id": "ua0-600-63x", + "name": "FeroxBuster", + "tags": { + "type": "attack_tool", + "category": "attack_attempt", + "cwe": "200", + "capec": "1000/118/169", + "tool_name": "feroxbuster", + "confidence": "1" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.headers.no_cookies", + "key_path": [ + "user-agent" + ] + } + ], + "regex": "^feroxbuster/" + }, + "operator": "match_regex" + } + ], + "transformers": [] + }, { "id": "ua0-600-6xx", "name": "Stealthy scanner", @@ -7631,7 +8363,7 @@ ] } ], - "regex": "mozilla/4\\.0 \\(compatible(; msie (?:6\\.0; win32|4\\.0; Windows NT))?\\)", + "regex": "mozilla/4\\.0 \\(compatible(; msie (?:6\\.0; (?:win32|Windows NT 5\\.0)|4\\.0; Windows NT))?\\)", "options": { "case_sensitive": false } @@ -7699,5 +8431,1349 @@ ], "transformers": [] } + ], + "processors": [ + { + "id": "http-endpoint-fingerprint", + "generator": "http_endpoint_fingerprint", + "conditions": [ + { + "operator": "exists", + "parameters": { + "inputs": [ + { + "address": "waf.context.event" + }, + { + "address": "server.business_logic.users.login.failure" + }, + { + "address": "server.business_logic.users.login.success" + } + ] + } + } + ], + "parameters": { + "mappings": [ + { + "method": [ + { + "address": "server.request.method" + } + ], + "uri_raw": [ + { + "address": "server.request.uri.raw" + } + ], + "body": [ + { + "address": "server.request.body" + } + ], + "query": [ + { + "address": "server.request.query" + } + ], + "output": "_dd.appsec.fp.http.endpoint" + } + ] + }, + "evaluate": false, + "output": true + }, + { + "id": "extract-content", + "generator": "extract_schema", + "conditions": [ + { + "operator": "equals", + "parameters": { + "inputs": [ + { + "address": "waf.context.processor", + "key_path": [ + "extract-schema" + ] + } + ], + "type": "boolean", + "value": true + } + } + ], + "parameters": { + "mappings": [ + { + "inputs": [ + { + "address": "server.request.body" + } + ], + "output": "_dd.appsec.s.req.body" + }, + { + "inputs": [ + { + "address": "server.request.cookies" + } + ], + "output": "_dd.appsec.s.req.cookies" + }, + { + "inputs": [ + { + "address": "server.request.query" + } + ], + "output": "_dd.appsec.s.req.query" + }, + { + "inputs": [ + { + "address": "server.request.path_params" + } + ], + "output": "_dd.appsec.s.req.params" + }, + { + "inputs": [ + { + "address": "server.response.body" + } + ], + "output": "_dd.appsec.s.res.body" + }, + { + "inputs": [ + { + "address": "graphql.server.all_resolvers" + } + ], + "output": "_dd.appsec.s.graphql.all_resolvers" + }, + { + "inputs": [ + { + "address": "graphql.server.resolver" + } + ], + "output": "_dd.appsec.s.graphql.resolver" + } + ], + "scanners": [ + { + "tags": { + "category": "payment" + } + }, + { + "tags": { + "category": "pii" + } + } + ] + }, + "evaluate": false, + "output": true + }, + { + "id": "extract-headers", + "generator": "extract_schema", + "conditions": [ + { + "operator": "equals", + "parameters": { + "inputs": [ + { + "address": "waf.context.processor", + "key_path": [ + "extract-schema" + ] + } + ], + "type": "boolean", + "value": true + } + } + ], + "parameters": { + "mappings": [ + { + "inputs": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "output": "_dd.appsec.s.req.headers" + }, + { + "inputs": [ + { + "address": "server.response.headers.no_cookies" + } + ], + "output": "_dd.appsec.s.res.headers" + } + ], + "scanners": [ + { + "tags": { + "category": "credentials" + } + }, + { + "tags": { + "category": "pii" + } + } + ] + }, + "evaluate": false, + "output": true + }, + { + "id": "http-header-fingerprint", + "generator": "http_header_fingerprint", + "conditions": [ + { + "operator": "exists", + "parameters": { + "inputs": [ + { + "address": "waf.context.event" + }, + { + "address": "server.business_logic.users.login.failure" + }, + { + "address": "server.business_logic.users.login.success" + } + ] + } + } + ], + "parameters": { + "mappings": [ + { + "headers": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "output": "_dd.appsec.fp.http.header" + } + ] + }, + "evaluate": false, + "output": true + }, + { + "id": "http-network-fingerprint", + "generator": "http_network_fingerprint", + "conditions": [ + { + "operator": "exists", + "parameters": { + "inputs": [ + { + "address": "waf.context.event" + }, + { + "address": "server.business_logic.users.login.failure" + }, + { + "address": "server.business_logic.users.login.success" + } + ] + } + } + ], + "parameters": { + "mappings": [ + { + "headers": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "output": "_dd.appsec.fp.http.network" + } + ] + }, + "evaluate": false, + "output": true + }, + { + "id": "session-fingerprint", + "generator": "session_fingerprint", + "conditions": [ + { + "operator": "exists", + "parameters": { + "inputs": [ + { + "address": "waf.context.event" + }, + { + "address": "server.business_logic.users.login.failure" + }, + { + "address": "server.business_logic.users.login.success" + } + ] + } + } + ], + "parameters": { + "mappings": [ + { + "cookies": [ + { + "address": "server.request.cookies" + } + ], + "session_id": [ + { + "address": "usr.session_id" + } + ], + "user_id": [ + { + "address": "usr.id" + } + ], + "output": "_dd.appsec.fp.session" + } + ] + }, + "evaluate": false, + "output": true + } + ], + "scanners": [ + { + "id": "406f8606-52c4-4663-8db9-df70f9e8766c", + "name": "ZIP Code", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:zip|postal)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "^[0-9]{5}(?:-[0-9]{4})?$", + "options": { + "case_sensitive": true, + "min_length": 5 + } + } + }, + "tags": { + "type": "zipcode", + "category": "address" + } + }, + { + "id": "JU1sRk3mSzqSUJn6GrVn7g", + "name": "American Express Card Scanner (4+4+4+3 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b3[47]\\d{2}(?:(?:\\s\\d{4}\\s\\d{4}\\s\\d{3})|(?:\\,\\d{4}\\,\\d{4}\\,\\d{3})|(?:-\\d{4}-\\d{4}-\\d{3})|(?:\\.\\d{4}\\.\\d{4}\\.\\d{3}))\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "amex", + "category": "payment" + } + }, + { + "id": "edmH513UTQWcRiQ9UnzHlw-mod", + "name": "American Express Card Scanner (4+6|5+5|6 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b3[47]\\d{2}(?:(?:\\s\\d{5,6}\\s\\d{5,6})|(?:\\.\\d{5,6}\\.\\d{5,6})|(?:-\\d{5,6}-\\d{5,6})|(?:,\\d{5,6},\\d{5,6}))\\b", + "options": { + "case_sensitive": false, + "min_length": 17 + } + } + }, + "tags": { + "type": "card", + "card_type": "amex", + "category": "payment" + } + }, + { + "id": "e6K4h_7qTLaMiAbaNXoSZA", + "name": "American Express Card Scanner (8+7 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b3[47]\\d{6}(?:(?:\\s\\d{7})|(?:\\,\\d{7})|(?:-\\d{7})|(?:\\.\\d{7}))\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "amex", + "category": "payment" + } + }, + { + "id": "K2rZflWzRhGM9HiTc6whyQ", + "name": "American Express Card Scanner (1x15 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b3[47]\\d{13}\\b", + "options": { + "case_sensitive": false, + "min_length": 15 + } + } + }, + "tags": { + "type": "card", + "card_type": "amex", + "category": "payment" + } + }, + { + "id": "9d7756e343cefa22a5c098e1092590f806eb5446", + "name": "Basic Authentication Scanner", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\bauthorization\\b", + "options": { + "case_sensitive": false, + "min_length": 13 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "^basic\\s+[A-Za-z0-9+/=]+", + "options": { + "case_sensitive": false, + "min_length": 7 + } + } + }, + "tags": { + "type": "basic_auth", + "category": "credentials" + } + }, + { + "id": "mZy8XjZLReC9smpERXWnnw", + "name": "Bearer Authentication Scanner", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\bauthorization\\b", + "options": { + "case_sensitive": false, + "min_length": 13 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "^bearer\\s+[-a-z0-9._~+/]{4,}", + "options": { + "case_sensitive": false, + "min_length": 11 + } + } + }, + "tags": { + "type": "bearer_token", + "category": "credentials" + } + }, + { + "id": "450239afc250a19799b6c03dc0e16fd6a4b2a1af", + "name": "Canadian Social Insurance Number Scanner", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:social[\\s_]?(?:insurance(?:\\s+number)?)?|SIN|Canadian[\\s_]?(?:social[\\s_]?(?:insurance)?|insurance[\\s_]?number)?)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b\\d{3}-\\d{3}-\\d{3}\\b", + "options": { + "case_sensitive": false, + "min_length": 11 + } + } + }, + "tags": { + "type": "canadian_sin", + "category": "pii" + } + }, + { + "id": "87a879ff33693b46c8a614d8211f5a2c289beca0", + "name": "Digest Authentication Scanner", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\bauthorization\\b", + "options": { + "case_sensitive": false, + "min_length": 13 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "^digest\\s+", + "options": { + "case_sensitive": false, + "min_length": 7 + } + } + }, + "tags": { + "type": "digest_auth", + "category": "credentials" + } + }, + { + "id": "qWumeP1GQUa_E4ffAnT-Yg", + "name": "American Express Card Scanner (1x14 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "(?:30[0-59]\\d|3[689]\\d{2})(?:\\d{10})", + "options": { + "case_sensitive": false, + "min_length": 14 + } + } + }, + "tags": { + "type": "card", + "card_type": "diners", + "category": "payment" + } + }, + { + "id": "NlTWWM5LS6W0GSqBLuvtRw", + "name": "Diners Card Scanner (4+4+4+2 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:30[0-59]\\d|3[689]\\d{2})(?:(?:\\s\\d{4}\\s\\d{4}\\s\\d{2})|(?:\\,\\d{4}\\,\\d{4}\\,\\d{2})|(?:-\\d{4}-\\d{4}-\\d{2})|(?:\\.\\d{4}\\.\\d{4}\\.\\d{2}))\\b", + "options": { + "case_sensitive": false, + "min_length": 17 + } + } + }, + "tags": { + "type": "card", + "card_type": "diners", + "category": "payment" + } + }, + { + "id": "Xr5VdbQSTXitYGGiTfxBpw", + "name": "Diners Card Scanner (4+6+4 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:30[0-59]\\d|3[689]\\d{2})(?:(?:\\s\\d{6}\\s\\d{4})|(?:\\.\\d{6}\\.\\d{4})|(?:-\\d{6}-\\d{4})|(?:,\\d{6},\\d{4}))\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "diners", + "category": "payment" + } + }, + { + "id": "gAbunN_WQNytxu54DjcbAA-mod", + "name": "Diners Card Scanner (8+6 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:30[0-59]\\d{5}|3[689]\\d{6})\\s?(?:(?:\\s\\d{6})|(?:\\,\\d{6})|(?:-\\d{6})|(?:\\.\\d{6}))\\b", + "options": { + "case_sensitive": false, + "min_length": 14 + } + } + }, + "tags": { + "type": "card", + "card_type": "diners", + "category": "payment" + } + }, + { + "id": "9cs4qCfEQBeX17U7AepOvQ", + "name": "MasterCard Scanner (2x8 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:6221(?:2[6-9]|[3-9][0-9])\\d{2}(?:,\\d{8}|\\s\\d{8}|-\\d{8}|\\.\\d{8})|6229(?:[01][0-9]|2[0-5])\\d{2}(?:,\\d{8}|\\s\\d{8}|-\\d{8}|\\.\\d{8})|(?:6011|65\\d{2}|64[4-9]\\d|622[2-8])\\d{4}(?:,\\d{8}|\\s\\d{8}|-\\d{8}|\\.\\d{8}))\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "discover", + "category": "payment" + } + }, + { + "id": "YBIDWJIvQWW_TFOyU0CGJg", + "name": "Discover Card Scanner (4x4 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:(?:(?:6221(?:2[6-9]|[3-9][0-9])\\d{2}(?:,\\d{4}){2})|(?:6221\\s(?:2[6-9]|[3-9][0-9])\\d{2}(?:\\s\\d{4}){2})|(?:6221\\.(?:2[6-9]|[3-9][0-9])\\d{2}(?:\\.\\d{4}){2})|(?:6221-(?:2[6-9]|[3-9][0-9])\\d{2}(?:-\\d{4}){2}))|(?:(?:6229(?:[01][0-9]|2[0-5])\\d{2}(?:,\\d{4}){2})|(?:6229\\s(?:[01][0-9]|2[0-5])\\d{2}(?:\\s\\d{4}){2})|(?:6229\\.(?:[01][0-9]|2[0-5])\\d{2}(?:\\.\\d{4}){2})|(?:6229-(?:[01][0-9]|2[0-5])\\d{2}(?:-\\d{4}){2}))|(?:(?:6011|65\\d{2}|64[4-9]\\d|622[2-8])(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})))\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "discover", + "category": "payment" + } + }, + { + "id": "12cpbjtVTMaMutFhh9sojQ", + "name": "Discover Card Scanner (1x16 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:6221(?:2[6-9]|[3-9][0-9])\\d{10}|6229(?:[01][0-9]|2[0-5])\\d{10}|(?:6011|65\\d{2}|64[4-9]\\d|622[2-8])\\d{12})\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "discover", + "category": "payment" + } + }, + { + "id": "PuXiVTCkTHOtj0Yad1ppsw", + "name": "Standard E-mail Address", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:(?:e[-\\s]?)?mail|address|sender|\\bto\\b|from|recipient)\\b", + "options": { + "case_sensitive": false, + "min_length": 2 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b[\\w!#$%&'*+/=?`{|}~^-]+(?:\\.[\\w!#$%&'*+/=?`{|}~^-]+)*(%40|@)(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,6}\\b", + "options": { + "case_sensitive": false, + "min_length": 5 + } + } + }, + "tags": { + "type": "email", + "category": "pii" + } + }, + { + "id": "8VS2RKxzR8a_95L5fuwaXQ", + "name": "IBAN", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:iban|account|sender|receiver)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:NO\\d{2}(?:[ \\-]?\\d{4}){2}[ \\-]?\\d{3}|BE\\d{2}(?:[ \\-]?\\d{4}){3}|(?:DK|FO|FI|GL|SD)\\d{2}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{2}|NL\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){2}[ \\-]?\\d{2}|MK\\d{2}[ \\-]?\\d{3}[A-Z0-9](?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]\\d{2}|SI\\d{17}|(?:AT|BA|EE|LT|XK)\\d{18}|(?:LU|KZ|EE|LT)\\d{5}[A-Z0-9]{13}|LV\\d{2}[A-Z]{4}[A-Z0-9]{13}|(?:LI|CH)\\d{2}[ \\-]?\\d{4}[ \\-]?\\d[A-Z0-9]{3}(?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]|HR\\d{2}(?:[ \\-]?\\d{4}){4}[ \\-]?\\d|GE\\d{2}[ \\-]?[A-Z0-9]{2}\\d{2}\\d{14}|VA\\d{20}|BG\\d{2}[A-Z]{4}\\d{6}[A-Z0-9]{8}|BH\\d{2}[A-Z]{4}[A-Z0-9]{14}|GB\\d{2}[A-Z]{4}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{2}|IE\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{2}|(?:CR|DE|ME|RS)\\d{2}(?:[ \\-]?\\d{4}){4}[ \\-]?\\d{2}|(?:AE|TL|IL)\\d{2}(?:[ \\-]?\\d{4}){4}[ \\-]?\\d{3}|GI\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){3}[ \\-]?[A-Z0-9]{3}|IQ\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{3}|MD\\d{2}(?:[ \\-]?[A-Z0-9]{4}){5}|SA\\d{2}[ \\-]?\\d{2}[A-Z0-9]{2}(?:[ \\-]?[A-Z0-9]{4}){4}|RO\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){4}|(?:PK|VG)\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{4}){4}|AD\\d{2}(?:[ \\-]?\\d{4}){2}(?:[ \\-]?[A-Z0-9]{4}){3}|(?:CZ|SK|ES|SE|TN)\\d{2}(?:[ \\-]?\\d{4}){5}|(?:LY|PT|ST)\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d|TR\\d{2}[ \\-]?\\d{4}[ \\-]?\\d[A-Z0-9]{3}(?:[ \\-]?[A-Z0-9]{4}){3}[ \\-]?[A-Z0-9]{2}|IS\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d{2}|(?:IT|SM)\\d{2}[ \\-]?[A-Z]\\d{3}[ \\-]?\\d{4}[ \\-]?\\d{3}[A-Z0-9](?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]{3}|GR\\d{2}[ \\-]?\\d{4}[ \\-]?\\d{3}[A-Z0-9](?:[ \\-]?[A-Z0-9]{4}){3}[A-Z0-9]{3}|(?:FR|MC)\\d{2}(?:[ \\-]?\\d{4}){2}[ \\-]?\\d{2}[A-Z0-9]{2}(?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]\\d{2}|MR\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d{3}|(?:SV|DO)\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){5}|BY\\d{2}[ \\-]?[A-Z]{4}[ \\-]?\\d{4}(?:[ \\-]?[A-Z0-9]{4}){4}|GT\\d{2}(?:[ \\-]?[A-Z0-9]{4}){6}|AZ\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{5}){4}|LB\\d{2}[ \\-]?\\d{4}(?:[ \\-]?[A-Z0-9]{5}){4}|(?:AL|CY)\\d{2}(?:[ \\-]?\\d{4}){2}(?:[ \\-]?[A-Z0-9]{4}){4}|(?:HU|PL)\\d{2}(?:[ \\-]?\\d{4}){6}|QA\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){5}[ \\-]?[A-Z0-9]|PS\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d|UA\\d{2}[ \\-]?\\d{4}[ \\-]?\\d{2}[A-Z0-9]{2}(?:[ \\-]?[A-Z0-9]{4}){4}[ \\-]?[A-Z0-9]|BR\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d{3}[A-Z0-9][ \\-]?[A-Z0-9]|EG\\d{2}(?:[ \\-]?\\d{4}){6}\\d|MU\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){4}\\d{3}[A-Z][ \\-]?[A-Z]{2}|(?:KW|JO)\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){5}[ \\-]?[A-Z0-9]{2}|MT\\d{2}[ \\-]?[A-Z]{4}[ \\-]?\\d{4}[ \\-]?\\d[A-Z0-9]{3}(?:[ \\-]?[A-Z0-9]{3}){4}[ \\-]?[A-Z0-9]{3}|SC\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){5}[ \\-]?[A-Z]{3}|LC\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){6})\\b", + "options": { + "case_sensitive": false, + "min_length": 15 + } + } + }, + "tags": { + "type": "iban", + "category": "payment" + } + }, + { + "id": "h6WJcecQTwqvN9KeEtwDvg", + "name": "JCB Card Scanner (1x16 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b35(?:2[89]|[3-9][0-9])(?:\\d{12})\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "jcb", + "category": "payment" + } + }, + { + "id": "gcEaMu_VSJ2-bGCEkgyC0w", + "name": "JCB Card Scanner (2x8 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b35(?:2[89]|[3-9][0-9])\\d{4}(?:(?:,\\d{8})|(?:-\\d{8})|(?:\\s\\d{8})|(?:\\.\\d{8}))\\b", + "options": { + "case_sensitive": false, + "min_length": 17 + } + } + }, + "tags": { + "type": "card", + "card_type": "jcb", + "category": "payment" + } + }, + { + "id": "imTliuhXT5GAeRNhqChXQQ", + "name": "JCB Card Scanner (4x4 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b35(?:2[89]|[3-9][0-9])(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "jcb", + "category": "payment" + } + }, + { + "id": "9osY3xc9Q7ONAV0zw9Uz4A", + "name": "JSON Web Token", + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\bey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(\\.[\\w.+\\/=-]+)?\\b", + "options": { + "case_sensitive": false, + "min_length": 20 + } + } + }, + "tags": { + "type": "json_web_token", + "category": "credentials" + } + }, + { + "id": "d1Q9D3YMRxuVKf6CZInJPw", + "name": "Maestro Card Scanner (1x16 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:5[06-9]\\d{2}|6\\d{3})(?:\\d{12})\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "maestro", + "category": "payment" + } + }, + { + "id": "M3YIQKKjRVmoeQuM3pjzrw", + "name": "Maestro Card Scanner (2x8 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:5[06-9]\\d{6}|6\\d{7})(?:\\s\\d{8}|\\.\\d{8}|-\\d{8}|,\\d{8})\\b", + "options": { + "case_sensitive": false, + "min_length": 17 + } + } + }, + "tags": { + "type": "card", + "card_type": "maestro", + "category": "payment" + } + }, + { + "id": "hRxiQBlSSVKcjh5U7LZYLA", + "name": "Maestro Card Scanner (4x4 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:5[06-9]\\d{2}|6\\d{3})(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "maestro", + "category": "payment" + } + }, + { + "id": "NwhIYNS4STqZys37WlaIKA", + "name": "MasterCard Scanner (2x8 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:(?:5[1-5]\\d{2})|(?:222[1-9])|(?:22[3-9]\\d)|(?:2[3-6]\\d{2})|(?:27[0-1]\\d)|(?:2720))(?:(?:\\d{4}(?:(?:,\\d{8})|(?:-\\d{8})|(?:\\s\\d{8})|(?:\\.\\d{8}))))\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "mastercard", + "category": "payment" + } + }, + { + "id": "axxJkyjhRTOuhjwlsA35Vw", + "name": "MasterCard Scanner (4x4 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:(?:5[1-5]\\d{2})|(?:222[1-9])|(?:22[3-9]\\d)|(?:2[3-6]\\d{2})|(?:27[0-1]\\d)|(?:2720))(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "mastercard", + "category": "payment" + } + }, + { + "id": "76EhmoK3TPqJcpM-fK0pLw", + "name": "MasterCard Scanner (1x16 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:(?:5[1-5]\\d{2})|(?:222[1-9])|(?:22[3-9]\\d)|(?:2[3-6]\\d{2})|(?:27[0-1]\\d)|(?:2720))(?:\\d{12})\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "mastercard", + "category": "payment" + } + }, + { + "id": "18b608bd7a764bff5b2344c0", + "name": "Phone number", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\bphone|number|mobile\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "^(?:\\(\\+\\d{1,3}\\)|\\+\\d{1,3}|00\\d{1,3})?[-\\s\\.]?(?:\\(\\d{3}\\)[-\\s\\.]?)?(?:\\d[-\\s\\.]?){6,10}$", + "options": { + "case_sensitive": false, + "min_length": 6 + } + } + }, + "tags": { + "type": "phone", + "category": "pii" + } + }, + { + "id": "de0899e0cbaaa812bb624cf04c912071012f616d-mod", + "name": "UK National Insurance Number Scanner", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "^nin$|\\binsurance\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b[A-Z]{2}[\\s-]?\\d{6}[\\s-]?[A-Z]?\\b", + "options": { + "case_sensitive": false, + "min_length": 8 + } + } + }, + "tags": { + "type": "uk_nin", + "category": "pii" + } + }, + { + "id": "d962f7ddb3f55041e39195a60ff79d4814a7c331", + "name": "US Passport Scanner", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\bpassport\\b", + "options": { + "case_sensitive": false, + "min_length": 8 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b[0-9A-Z]{9}\\b|\\b[0-9]{6}[A-Z][0-9]{2}\\b", + "options": { + "case_sensitive": false, + "min_length": 8 + } + } + }, + "tags": { + "type": "passport_number", + "category": "pii" + } + }, + { + "id": "7771fc3b-b205-4b93-bcef-28608c5c1b54", + "name": "United States Social Security Number Scanner", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:SSN|(?:(?:social)?[\\s_]?(?:security)?[\\s_]?(?:number)?)?)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b\\d{3}[-\\s\\.]{1}\\d{2}[-\\s\\.]{1}\\d{4}\\b", + "options": { + "case_sensitive": false, + "min_length": 11 + } + } + }, + "tags": { + "type": "us_ssn", + "category": "pii" + } + }, + { + "id": "ac6d683cbac77f6e399a14990793dd8fd0fca333", + "name": "US Vehicle Identification Number Scanner", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:vehicle[_\\s-]*identification[_\\s-]*number|vin)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b[A-HJ-NPR-Z0-9]{17}\\b", + "options": { + "case_sensitive": false, + "min_length": 17 + } + } + }, + "tags": { + "type": "vin", + "category": "pii" + } + }, + { + "id": "wJIgOygRQhKkR69b_9XbRQ", + "name": "Visa Card Scanner (2x8 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b4\\d{3}(?:(?:\\d{4}(?:(?:,\\d{8})|(?:-\\d{8})|(?:\\s\\d{8})|(?:\\.\\d{8}))))\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "visa", + "category": "payment" + } + }, + { + "id": "0o71SJxXQNK7Q6gMbBesFQ", + "name": "Visa Card Scanner (4x4 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "\\b4\\d{3}(?:(?:,\\d{4}){3}|(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3})\\b", + "options": { + "case_sensitive": false, + "min_length": 16 + } + } + }, + "tags": { + "type": "card", + "card_type": "visa", + "category": "payment" + } + }, + { + "id": "QrHD6AfgQm6z-j0wStxTvA", + "name": "Visa Card Scanner (1x15 & 1x16 & 1x19 digits)", + "key": { + "operator": "match_regex", + "parameters": { + "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b", + "options": { + "case_sensitive": false, + "min_length": 3 + } + } + }, + "value": { + "operator": "match_regex", + "parameters": { + "regex": "4[0-9]{12}(?:[0-9]{3})?", + "options": { + "case_sensitive": false, + "min_length": 13 + } + } + }, + "tags": { + "type": "card", + "card_type": "visa", + "category": "payment" + } + } ] -} \ No newline at end of file +} diff --git a/lib/datadog/appsec/assets/waf_rules/strict.json b/lib/datadog/appsec/assets/waf_rules/strict.json index f316a003f54..91b99a81902 100644 --- a/lib/datadog/appsec/assets/waf_rules/strict.json +++ b/lib/datadog/appsec/assets/waf_rules/strict.json @@ -1,7 +1,7 @@ { "version": "2.2", "metadata": { - "rules_version": "1.8.0" + "rules_version": "1.13.1" }, "rules": [ { @@ -101,6 +101,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "[\\r\\n]\\W*?(?:content-(?:type|length)|set-cookie|location):\\s*\\w", @@ -168,6 +171,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:[;\\n\\r`]|\\$(?:\\(?\\(|{)|(?:\\|)?\\||\\(\\s*\\)|[<>]\\(|&?&|\\{)\\s*(?:(?:\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|(?:\\s*\\(|!)\\s*|\\{|\\$))*\\s*(?:['\\\"])*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\x5c]+/)?[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*(?:w[\\x5c'\\\"]*p[\\x5c'\\\"]*-[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*w[\\x5c'\\\"]*n[\\x5c'\\\"]*l[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*d|u[\\x5c'\\\"]*m[\\x5c'\\\"]*p)|r[\\x5c'\\\"]*e[\\x5c'\\\"]*q[\\x5c'\\\"]*u[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|m[\\x5c'\\\"]*i[\\x5c'\\\"]*r[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*r)|s(?:[\\x5c'\\\"]*(?:b[\\x5c'\\\"]*_[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*e|c[\\x5c'\\\"]*p[\\x5c'\\\"]*u|m[\\x5c'\\\"]*o[\\x5c'\\\"]*d|p[\\x5c'\\\"]*c[\\x5c'\\\"]*i|u[\\x5c'\\\"]*s[\\x5c'\\\"]*b|-[\\x5c'\\\"]*F|h[\\x5c'\\\"]*w|o[\\x5c'\\\"]*f))?|z[\\x5c'\\\"]*(?:(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|m[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|a)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s)|o[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*(?:(?:n[\\x5c'\\\"]*a[\\x5c'\\\"]*m|s[\\x5c'\\\"]*a[\\x5c'\\\"]*v)[\\x5c'\\\"]*e|i[\\x5c'\\\"]*n[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*l)|c[\\x5c'\\\"]*a[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*e|l)[\\x5c'\\\"]*(?:\\s|<|>).*)|e[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:(?:f[\\x5c'\\\"]*i[\\x5c'\\\"]*l|p[\\x5c'\\\"]*i[\\x5c'\\\"]*p)[\\x5c'\\\"]*e|e[\\x5c'\\\"]*c[\\x5c'\\\"]*h[\\x5c'\\\"]*o|(?:\\s|<|>).*)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*o[\\x5c'\\\"]*g(?:[\\x5c'\\\"]*i[\\x5c'\\\"]*n)?|c[\\x5c'\\\"]*o[\\x5c'\\\"]*m[\\x5c'\\\"]*m|(?:\\s|<|>).*)|d[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*i[\\x5c'\\\"]*g|d[\\x5c'\\\"]*(?:\\s|<|>).*)|(?:[np]|i[\\x5c'\\\"]*n[\\x5c'\\\"]*k[\\x5c'\\\"]*s|y[\\x5c'\\\"]*n[\\x5c'\\\"]*x)[\\x5c'\\\"]*(?:\\s|<|>).*|u[\\x5c'\\\"]*a[\\x5c'\\\"]*(?:5[\\x5c'\\\"]*\\.[\\x5c'\\\"]*[1234]|(?:\\s|<|>).*)|f[\\x5c'\\\"]*t[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*t)?|t[\\x5c'\\\"]*r[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e)|c[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:r[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:\\s|<|>).*|o[\\x5c'\\\"]*s[\\x5c'\\\"]*e[\\x5c'\\\"]*r)|m[\\x5c'\\\"]*a[\\x5c'\\\"]*n[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:\\s|<|>).*)|p[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*c)|h[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*i[\\x5c'\\\"]*r[\\x5c'\\\"]*(?:\\s|<|>).*|f[\\x5c'\\\"]*l[\\x5c'\\\"]*a[\\x5c'\\\"]*g[\\x5c'\\\"]*s|a[\\x5c'\\\"]*t[\\x5c'\\\"]*t[\\x5c'\\\"]*r|m[\\x5c'\\\"]*o[\\x5c'\\\"]*d)|p[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*l[\\x5c'\\\"]*i[\\x5c'\\\"]*m[\\x5c'\\\"]*i[\\x5c'\\\"]*t|(?:\\s|<|>).*|a[\\x5c'\\\"]*n|i[\\x5c'\\\"]*o)|(?:a[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*s[\\x5c'\\\"]*h|t)|c)[\\x5c'\\\"]*(?:\\s|<|>).*|e[\\x5c'\\\"]*r[\\x5c'\\\"]*t[\\x5c'\\\"]*b[\\x5c'\\\"]*o[\\x5c'\\\"]*t|r[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*b|u[\\x5c'\\\"]*r[\\x5c'\\\"]*l|[89][\\x5c'\\\"]*9|s[\\x5c'\\\"]*h)|b[\\x5c'\\\"]*(?:z[\\x5c'\\\"]*(?:(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*p[\\x5c'\\\"]*2)|u[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*(?:y[\\x5c'\\\"]*b[\\x5c'\\\"]*o[\\x5c'\\\"]*x|c[\\x5c'\\\"]*t[\\x5c'\\\"]*l)|n[\\x5c'\\\"]*d[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*(?:\\s|<|>).*|i[\\x5c'\\\"]*l[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*n)|s[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|t[\\x5c'\\\"]*a[\\x5c'\\\"]*r)|a[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*c[\\x5c'\\\"]*h[\\x5c'\\\"]*(?:\\s|<|>).*|s[\\x5c'\\\"]*h)|r[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*k[\\x5c'\\\"]*s[\\x5c'\\\"]*w)|e[\\x5c'\\\"]*(?:x[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:\\s|<|>).*|a[\\x5c'\\\"]*n[\\x5c'\\\"]*d|o[\\x5c'\\\"]*r[\\x5c'\\\"]*t|r)|(?:e[\\x5c'\\\"]*c[\\x5c'\\\"]*)?(?:\\s|<|>).*)|n[\\x5c'\\\"]*(?:v(?:[\\x5c'\\\"]*-[\\x5c'\\\"]*u[\\x5c'\\\"]*p[\\x5c'\\\"]*d[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*e)?|d[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*f|s[\\x5c'\\\"]*w))|(?:a[\\x5c'\\\"]*s[\\x5c'\\\"]*y[\\x5c'\\\"]*_[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*l|v[\\x5c'\\\"]*a)[\\x5c'\\\"]*l|(?:c[\\x5c'\\\"]*h[\\x5c'\\\"]*o|d)[\\x5c'\\\"]*(?:\\s|<|>).*|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|m[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*s|s[\\x5c'\\\"]*a[\\x5c'\\\"]*c)|f[\\x5c'\\\"]*(?:i(?:[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*e[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|(?:\\s|<|>).*)|n[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:\\s|<|>).*|s[\\x5c'\\\"]*h))?|t[\\x5c'\\\"]*p[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*s|w[\\x5c'\\\"]*h[\\x5c'\\\"]*o|(?:\\s|<|>).*)|(?:e[\\x5c'\\\"]*t[\\x5c'\\\"]*c[\\x5c'\\\"]*h|l[\\x5c'\\\"]*o[\\x5c'\\\"]*c[\\x5c'\\\"]*k|c)[\\x5c'\\\"]*(?:\\s|<|>).*|u[\\x5c'\\\"]*n[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*o[\\x5c'\\\"]*n|o[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*h|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p)|i[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:(?:6[\\x5c'\\\"]*)?t[\\x5c'\\\"]*a[\\x5c'\\\"]*b[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*s|c[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*i[\\x5c'\\\"]*g)|r[\\x5c'\\\"]*b(?:[\\x5c'\\\"]*(?:2[\\x5c'\\\"]*[01234567]|1(?:[\\x5c'\\\"]*[89])?|3[\\x5c'\\\"]*0))?|f[\\x5c'\\\"]*c[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*i[\\x5c'\\\"]*g|o[\\x5c'\\\"]*n[\\x5c'\\\"]*i[\\x5c'\\\"]*c[\\x5c'\\\"]*e|d[\\x5c'\\\"]*(?:\\s|<|>).*)|h[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*i[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|p[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*w[\\x5c'\\\"]*d)|o[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:n[\\x5c'\\\"]*a[\\x5c'\\\"]*m[\\x5c'\\\"]*e|i[\\x5c'\\\"]*d)|(?:e[\\x5c'\\\"]*a[\\x5c'\\\"]*d|u[\\x5c'\\\"]*p)[\\x5c'\\\"]*(?:\\s|<|>).*|i[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*y)|a[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:\\s|<|>).*|p[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*e)|p[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:-[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*t|(?:\\s|<|>).*)|d[\\x5c'\\\"]*d[\\x5c'\\\"]*u[\\x5c'\\\"]*s[\\x5c'\\\"]*e[\\x5c'\\\"]*r|r[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*h[\\x5c'\\\"]*(?:\\s|<|>).*|p)|(?:w[\\x5c'\\\"]*[ks]|t)[\\x5c'\\\"]*(?:\\s|<|>).*)|g[\\x5c'\\\"]*(?:(?:e[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*f[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*l|m)|r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|o)[\\x5c'\\\"]*(?:\\s|<|>).*|z[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*p)|u[\\x5c'\\\"]*n[\\x5c'\\\"]*z[\\x5c'\\\"]*i[\\x5c'\\\"]*p|c[\\x5c'\\\"]*c(?:[\\x5c'\\\"]*(?:\\s|<|>).*)?|i[\\x5c'\\\"]*t(?:[\\x5c'\\\"]*(?:\\s|<|>).*)?|d[\\x5c'\\\"]*b)|d[\\x5c'\\\"]*(?:h[\\x5c'\\\"]*c[\\x5c'\\\"]*l[\\x5c'\\\"]*i[\\x5c'\\\"]*e[\\x5c'\\\"]*n[\\x5c'\\\"]*t|(?:i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|u)[\\x5c'\\\"]*(?:\\s|<|>).*|(?:m[\\x5c'\\\"]*e[\\x5c'\\\"]*s|p[\\x5c'\\\"]*k)[\\x5c'\\\"]*g|o[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*s|n[\\x5c'\\\"]*e)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*h)|j[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*r[\\x5c'\\\"]*n[\\x5c'\\\"]*a[\\x5c'\\\"]*l[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*l|b[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:\\s|<|>).*)|a[\\x5c'\\\"]*v[\\x5c'\\\"]*a[\\x5c'\\\"]*(?:\\s|<|>).*|e[\\x5c'\\\"]*x[\\x5c'\\\"]*e[\\x5c'\\\"]*c)|k[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*l[\\x5c'\\\"]*l[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*l[\\x5c'\\\"]*l|(?:\\s|<|>).*)|s[\\x5c'\\\"]*h)|G[\\x5c'\\\"]*E[\\x5c'\\\"]*T[\\x5c'\\\"]*(?:\\s|<|>).*|7[\\x5c'\\\"]*z(?:[\\x5c'\\\"]*[ar])?)\\b", @@ -204,6 +210,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:[;\\n\\r`]|(?:$\\(|<)\\(|(?:\\|)?\\||\\(\\s*\\)|\\$[(?:{]|&?&|>\\|\\{)\\s*(?:(?:\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|(?:\\s*\\(|!)\\s*|\\{|\\$))*\\s*(?:['\\\"])*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\x5c]+/)?[\\x5c'\\\"]*(?:s[\\\"\\^]*(?:y[\\\"\\^]*s[\\\"\\^]*(?:t[\\\"\\^]*e[\\\"\\^]*m[\\\"\\^]*(?:p[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*e[\\\"\\^]*s[\\\"\\^]*(?:d[\\\"\\^]*a[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*e[\\\"\\^]*x[\\\"\\^]*e[\\\"\\^]*c[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*p[\\\"\\^]*r[\\\"\\^]*e[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*o[\\\"\\^]*n|(?:p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*f[\\\"\\^]*o[\\\"\\^]*r[\\\"\\^]*m[\\\"\\^]*a[\\\"\\^]*n[\\\"\\^]*c|h[\\\"\\^]*a[\\\"\\^]*r[\\\"\\^]*d[\\\"\\^]*w[\\\"\\^]*a[\\\"\\^]*r)[\\\"\\^]*e|a[\\\"\\^]*d[\\\"\\^]*v[\\\"\\^]*a[\\\"\\^]*n[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*d)|i[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*o)|k[\\\"\\^]*e[\\\"\\^]*y|d[\\\"\\^]*m)|h[\\\"\\^]*(?:o[\\\"\\^]*(?:w[\\\"\\^]*(?:g[\\\"\\^]*r[\\\"\\^]*p|m[\\\"\\^]*b[\\\"\\^]*r)[\\\"\\^]*s|r[\\\"\\^]*t[\\\"\\^]*c[\\\"\\^]*u[\\\"\\^]*t)|e[\\\"\\^]*l[\\\"\\^]*l[\\\"\\^]*r[\\\"\\^]*u[\\\"\\^]*n[\\\"\\^]*a[\\\"\\^]*s|u[\\\"\\^]*t[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n|r[\\\"\\^]*p[\\\"\\^]*u[\\\"\\^]*b[\\\"\\^]*w|a[\\\"\\^]*r[\\\"\\^]*e|i[\\\"\\^]*f[\\\"\\^]*t)|e[\\\"\\^]*(?:t[\\\"\\^]*(?:(?:x[\\\"\\^]*)?(?:[\\s,;]|\\.|/|<|>).*|l[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*a[\\\"\\^]*l)|c[\\\"\\^]*p[\\\"\\^]*o[\\\"\\^]*l|l[\\\"\\^]*e[\\\"\\^]*c[\\\"\\^]*t)|c[\\\"\\^]*(?:h[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*s[\\\"\\^]*k[\\\"\\^]*s|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t)|u[\\\"\\^]*b[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*l|s[\\\"\\^]*t)|(?:t[\\\"\\^]*a|o)[\\\"\\^]*r[\\\"\\^]*t[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|i[\\\"\\^]*g[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*i[\\\"\\^]*f|l[\\\"\\^]*(?:e[\\\"\\^]*e[\\\"\\^]*p|m[\\\"\\^]*g[\\\"\\^]*r)|f[\\\"\\^]*c|v[\\\"\\^]*n)|p[\\\"\\^]*(?:s[\\\"\\^]*(?:s[\\\"\\^]*(?:h[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n|e[\\\"\\^]*r[\\\"\\^]*v[\\\"\\^]*i[\\\"\\^]*c[\\\"\\^]*e|u[\\\"\\^]*s[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*d)|l[\\\"\\^]*(?:o[\\\"\\^]*g[\\\"\\^]*(?:g[\\\"\\^]*e[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*n|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t)|i[\\\"\\^]*s[\\\"\\^]*t)|p[\\\"\\^]*(?:a[\\\"\\^]*s[\\\"\\^]*s[\\\"\\^]*w[\\\"\\^]*d|i[\\\"\\^]*n[\\\"\\^]*g)|g[\\\"\\^]*e[\\\"\\^]*t[\\\"\\^]*s[\\\"\\^]*i[\\\"\\^]*d|e[\\\"\\^]*x[\\\"\\^]*e[\\\"\\^]*c|f[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*e|i[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*o|k[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*l)|o[\\\"\\^]*(?:w[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*(?:s[\\\"\\^]*h[\\\"\\^]*e[\\\"\\^]*l[\\\"\\^]*l(?:[\\\"\\^]*_[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*e)?|c[\\\"\\^]*f[\\\"\\^]*g)|r[\\\"\\^]*t[\\\"\\^]*q[\\\"\\^]*r[\\\"\\^]*y|p[\\\"\\^]*d)|r[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*(?:(?:[\\s,;]|\\.|/|<|>).*|b[\\\"\\^]*r[\\\"\\^]*m)|n[\\\"\\^]*(?:c[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*g|m[\\\"\\^]*n[\\\"\\^]*g[\\\"\\^]*r)|o[\\\"\\^]*m[\\\"\\^]*p[\\\"\\^]*t)|a[\\\"\\^]*t[\\\"\\^]*h[\\\"\\^]*(?:p[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*g|(?:[\\s,;]|\\.|/|<|>).*)|e[\\\"\\^]*r[\\\"\\^]*(?:l(?:[\\\"\\^]*(?:s[\\\"\\^]*h|5))?|f[\\\"\\^]*m[\\\"\\^]*o[\\\"\\^]*n)|y[\\\"\\^]*t[\\\"\\^]*h[\\\"\\^]*o[\\\"\\^]*n(?:[\\\"\\^]*(?:3(?:[\\\"\\^]*m)?|2))?|k[\\\"\\^]*g[\\\"\\^]*m[\\\"\\^]*g[\\\"\\^]*r|h[\\\"\\^]*p(?:[\\\"\\^]*[57])?|u[\\\"\\^]*s[\\\"\\^]*h[\\\"\\^]*d|i[\\\"\\^]*n[\\\"\\^]*g)|r[\\\"\\^]*(?:e[\\\"\\^]*(?:(?:p[\\\"\\^]*l[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*e|n(?:[\\\"\\^]*a[\\\"\\^]*m[\\\"\\^]*e)?|s[\\\"\\^]*e[\\\"\\^]*t)[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|g[\\\"\\^]*(?:s[\\\"\\^]*v[\\\"\\^]*r[\\\"\\^]*3[\\\"\\^]*2|e[\\\"\\^]*d[\\\"\\^]*i[\\\"\\^]*t|(?:[\\s,;]|\\.|/|<|>).*|i[\\\"\\^]*n[\\\"\\^]*i)|c[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*c|o[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*r)|k[\\\"\\^]*e[\\\"\\^]*y[\\\"\\^]*w[\\\"\\^]*i[\\\"\\^]*z)|u[\\\"\\^]*(?:n[\\\"\\^]*(?:d[\\\"\\^]*l[\\\"\\^]*l[\\\"\\^]*3[\\\"\\^]*2|a[\\\"\\^]*s)|b[\\\"\\^]*y[\\\"\\^]*(?:1(?:[\\\"\\^]*[89])?|2[\\\"\\^]*[012]))|a[\\\"\\^]*(?:s[\\\"\\^]*(?:p[\\\"\\^]*h[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*e|d[\\\"\\^]*i[\\\"\\^]*a[\\\"\\^]*l)|r[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)|m[\\\"\\^]*(?:(?:d[\\\"\\^]*i[\\\"\\^]*r[\\\"\\^]*)?(?:[\\s,;]|\\.|/|<|>).*|t[\\\"\\^]*s[\\\"\\^]*h[\\\"\\^]*a[\\\"\\^]*r[\\\"\\^]*e)|o[\\\"\\^]*(?:u[\\\"\\^]*t[\\\"\\^]*e[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|b[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*p[\\\"\\^]*y)|s[\\\"\\^]*(?:t[\\\"\\^]*r[\\\"\\^]*u[\\\"\\^]*i|y[\\\"\\^]*n[\\\"\\^]*c)|d[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)|t[\\\"\\^]*(?:a[\\\"\\^]*(?:s[\\\"\\^]*k[\\\"\\^]*(?:k[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*l|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t|s[\\\"\\^]*c[\\\"\\^]*h[\\\"\\^]*d|m[\\\"\\^]*g[\\\"\\^]*r)|k[\\\"\\^]*e[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n)|(?:i[\\\"\\^]*m[\\\"\\^]*e[\\\"\\^]*o[\\\"\\^]*u|p[\\\"\\^]*m[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*i|e[\\\"\\^]*l[\\\"\\^]*n[\\\"\\^]*e|l[\\\"\\^]*i[\\\"\\^]*s)[\\\"\\^]*t|s[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*c[\\\"\\^]*o|s[\\\"\\^]*h[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*d)[\\\"\\^]*n|y[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*(?:p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*f|(?:[\\s,;]|\\.|/|<|>).*)|r[\\\"\\^]*(?:a[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*t|e[\\\"\\^]*e))|w[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*f[\\\"\\^]*f|m[\\\"\\^]*s[\\\"\\^]*d[\\\"\\^]*p|v[\\\"\\^]*a[\\\"\\^]*r|r[\\\"\\^]*[ms])|u[\\\"\\^]*(?:a[\\\"\\^]*(?:u[\\\"\\^]*c[\\\"\\^]*l[\\\"\\^]*t|p[\\\"\\^]*p)|s[\\\"\\^]*a)|s[\\\"\\^]*c[\\\"\\^]*(?:r[\\\"\\^]*i[\\\"\\^]*p[\\\"\\^]*t|u[\\\"\\^]*i)|e[\\\"\\^]*v[\\\"\\^]*t[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*l|m[\\\"\\^]*i[\\\"\\^]*(?:m[\\\"\\^]*g[\\\"\\^]*m[\\\"\\^]*t|c)|a[\\\"\\^]*i[\\\"\\^]*t[\\\"\\^]*f[\\\"\\^]*o[\\\"\\^]*r|h[\\\"\\^]*o[\\\"\\^]*a[\\\"\\^]*m[\\\"\\^]*i|g[\\\"\\^]*e[\\\"\\^]*t)|u[\\\"\\^]*(?:s[\\\"\\^]*(?:e[\\\"\\^]*r[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*u[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*l[\\\"\\^]*s[\\\"\\^]*e[\\\"\\^]*t[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*g[\\\"\\^]*s|r[\\\"\\^]*s[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*t)|n[\\\"\\^]*(?:r[\\\"\\^]*a[\\\"\\^]*r|z[\\\"\\^]*i[\\\"\\^]*p))|q[\\\"\\^]*(?:u[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*y[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|p[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*s[\\\"\\^]*s|w[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*s[\\\"\\^]*t[\\\"\\^]*a|g[\\\"\\^]*r[\\\"\\^]*e[\\\"\\^]*p)|o[\\\"\\^]*(?:d[\\\"\\^]*b[\\\"\\^]*c[\\\"\\^]*(?:a[\\\"\\^]*d[\\\"\\^]*3[\\\"\\^]*2|c[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*f)|p[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*e[\\\"\\^]*s)|v[\\\"\\^]*(?:o[\\\"\\^]*l[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|e[\\\"\\^]*r[\\\"\\^]*i[\\\"\\^]*f[\\\"\\^]*y)|x[\\\"\\^]*c[\\\"\\^]*(?:a[\\\"\\^]*c[\\\"\\^]*l[\\\"\\^]*s|o[\\\"\\^]*p[\\\"\\^]*y)|z[\\\"\\^]*i[\\\"\\^]*p[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)", @@ -239,8 +248,14 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], + "options": { + "enforce_word_boundary": true + }, "list": [ "powershell", "add-computer", @@ -692,6 +707,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:\\$(?:\\((?:\\(.*\\)|.*)\\)|\\{.*})|\\/\\w*\\[!?.+\\]|[<>]\\(.*\\))", @@ -728,6 +746,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:(?:^|=)\\s*(?:(?:\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|(?:\\s*\\(|!)\\s*|\\{|\\$))*\\s*(?:[\\\"'])*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\x5c]+/)?[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*(?:z(?:[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*(?:a(?:[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*o|d[\\x5c'\\\"]*e[\\x5c'\\\"]*c))?|o[\\x5c'\\\"]*r[\\x5c'\\\"]*e)|(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|4(?:[\\x5c'\\\"]*c(?:[\\x5c'\\\"]*a[\\x5c'\\\"]*t)?)?|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s))?|s(?:[\\x5c'\\\"]*(?:b[\\x5c'\\\"]*_[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*a[\\x5c'\\\"]*s[\\x5c'\\\"]*e|c[\\x5c'\\\"]*p[\\x5c'\\\"]*u|m[\\x5c'\\\"]*o[\\x5c'\\\"]*d|p[\\x5c'\\\"]*c[\\x5c'\\\"]*i|u[\\x5c'\\\"]*s[\\x5c'\\\"]*b|-[\\x5c'\\\"]*F|o[\\x5c'\\\"]*f))?|e[\\x5c'\\\"]*s[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:(?:f[\\x5c'\\\"]*i[\\x5c'\\\"]*l|p[\\x5c'\\\"]*i[\\x5c'\\\"]*p)[\\x5c'\\\"]*e|e[\\x5c'\\\"]*c[\\x5c'\\\"]*h[\\x5c'\\\"]*o)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*o[\\x5c'\\\"]*g(?:[\\x5c'\\\"]*i[\\x5c'\\\"]*n)?|c[\\x5c'\\\"]*o[\\x5c'\\\"]*m[\\x5c'\\\"]*m)|w[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*-[\\x5c'\\\"]*d[\\x5c'\\\"]*o[\\x5c'\\\"]*w[\\x5c'\\\"]*n[\\x5c'\\\"]*l[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*d)?|f[\\x5c'\\\"]*t[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*g[\\x5c'\\\"]*e[\\x5c'\\\"]*t)?|y[\\x5c'\\\"]*n[\\x5c'\\\"]*x)|z[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*(?:(?:m[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*g|n[\\x5c'\\\"]*o[\\x5c'\\\"]*t)[\\x5c'\\\"]*e|d[\\x5c'\\\"]*e[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*i[\\x5c'\\\"]*l[\\x5c'\\\"]*s|c[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*k|m[\\x5c'\\\"]*p)|s[\\x5c'\\\"]*p[\\x5c'\\\"]*l[\\x5c'\\\"]*i[\\x5c'\\\"]*t|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|i[\\x5c'\\\"]*n[\\x5c'\\\"]*f[\\x5c'\\\"]*o|t[\\x5c'\\\"]*o[\\x5c'\\\"]*o[\\x5c'\\\"]*l))?|s[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*d(?:[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|(?:c[\\x5c'\\\"]*a|m)[\\x5c'\\\"]*t))?|h)|(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|r[\\x5c'\\\"]*u[\\x5c'\\\"]*n)|b[\\x5c'\\\"]*(?:z[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*p[\\x5c'\\\"]*2(?:[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*c[\\x5c'\\\"]*o[\\x5c'\\\"]*v[\\x5c'\\\"]*e[\\x5c'\\\"]*r)?|e[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|x[\\x5c'\\\"]*e)|(?:f[\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e|z)|u[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*l[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*n|n[\\x5c'\\\"]*z[\\x5c'\\\"]*i[\\x5c'\\\"]*p[\\x5c'\\\"]*2|s[\\x5c'\\\"]*y[\\x5c'\\\"]*b[\\x5c'\\\"]*o[\\x5c'\\\"]*x)|s[\\x5c'\\\"]*d[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|t[\\x5c'\\\"]*a[\\x5c'\\\"]*r)|a[\\x5c'\\\"]*s[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*(?:3[\\x5c'\\\"]*2|6[\\x5c'\\\"]*4|n[\\x5c'\\\"]*c)|h))|s[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*n[\\x5c'\\\"]*v|s[\\x5c'\\\"]*i[\\x5c'\\\"]*d)|n[\\x5c'\\\"]*d[\\x5c'\\\"]*m[\\x5c'\\\"]*a[\\x5c'\\\"]*i[\\x5c'\\\"]*l|d)|h(?:[\\x5c'\\\"]*\\.[\\x5c'\\\"]*d[\\x5c'\\\"]*i[\\x5c'\\\"]*s[\\x5c'\\\"]*t[\\x5c'\\\"]*r[\\x5c'\\\"]*i[\\x5c'\\\"]*b)?|o[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*r[\\x5c'\\\"]*c[\\x5c'\\\"]*e|c[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|t[\\x5c'\\\"]*r[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*g[\\x5c'\\\"]*s|y[\\x5c'\\\"]*s[\\x5c'\\\"]*c[\\x5c'\\\"]*t[\\x5c'\\\"]*l|c[\\x5c'\\\"]*(?:h[\\x5c'\\\"]*e[\\x5c'\\\"]*d|p)|d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|f[\\x5c'\\\"]*t[\\x5c'\\\"]*p|u[\\x5c'\\\"]*d[\\x5c'\\\"]*o|s[\\x5c'\\\"]*h|v[\\x5c'\\\"]*n)|p[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*a[\\x5c'\\\"]*r(?:[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p))?|y[\\x5c'\\\"]*t[\\x5c'\\\"]*h[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*[23]?[\\x5c'\\\"]*(?:\\.[0-9.\\x5c'\\\"]+)?(?:[dmu]+)?|k[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*x[\\x5c'\\\"]*e[\\x5c'\\\"]*c|i[\\x5c'\\\"]*l[\\x5c'\\\"]*l)|r[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*n[\\x5c'\\\"]*v|f)|(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e|f[\\x5c'\\\"]*t)[\\x5c'\\\"]*p|e[\\x5c'\\\"]*r[\\x5c'\\\"]*l(?:[\\x5c'\\\"]*5)?|h[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*[57])?|(?:i[\\x5c'\\\"]*g|x)[\\x5c'\\\"]*z|o[\\x5c'\\\"]*p[\\x5c'\\\"]*d)|n[\\x5c'\\\"]*(?:c(?:[\\x5c'\\\"]*(?:\\.[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*r[\\x5c'\\\"]*a[\\x5c'\\\"]*d[\\x5c'\\\"]*i[\\x5c'\\\"]*t[\\x5c'\\\"]*i[\\x5c'\\\"]*o[\\x5c'\\\"]*n[\\x5c'\\\"]*a[\\x5c'\\\"]*l|o[\\x5c'\\\"]*p[\\x5c'\\\"]*e[\\x5c'\\\"]*n[\\x5c'\\\"]*b[\\x5c'\\\"]*s[\\x5c'\\\"]*d)|a[\\x5c'\\\"]*t))?|e[\\x5c'\\\"]*t[\\x5c'\\\"]*(?:k[\\x5c'\\\"]*i[\\x5c'\\\"]*t[\\x5c'\\\"]*-[\\x5c'\\\"]*f[\\x5c'\\\"]*t[\\x5c'\\\"]*p|(?:s[\\x5c'\\\"]*t|c)[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|o[\\x5c'\\\"]*h[\\x5c'\\\"]*u[\\x5c'\\\"]*p|p[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*g|s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|t[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*r[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*u[\\x5c'\\\"]*t[\\x5c'\\\"]*e|i[\\x5c'\\\"]*n[\\x5c'\\\"]*g)|s[\\x5c'\\\"]*h)|r[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*u[\\x5c'\\\"]*t[\\x5c'\\\"]*e(?:[\\x5c'\\\"]*6)?|(?:i[\\x5c'\\\"]*m[\\x5c'\\\"]*e[\\x5c'\\\"]*o[\\x5c'\\\"]*u|e[\\x5c'\\\"]*l[\\x5c'\\\"]*n[\\x5c'\\\"]*e)[\\x5c'\\\"]*t|a[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*l(?:[\\x5c'\\\"]*f)?|r))|r[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*(?:p[\\x5c'\\\"]*(?:l[\\x5c'\\\"]*a[\\x5c'\\\"]*c[\\x5c'\\\"]*e|e[\\x5c'\\\"]*a[\\x5c'\\\"]*t)|a[\\x5c'\\\"]*l[\\x5c'\\\"]*p[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*h|n[\\x5c'\\\"]*a[\\x5c'\\\"]*m[\\x5c'\\\"]*e)|u[\\x5c'\\\"]*b[\\x5c'\\\"]*y(?:[\\x5c'\\\"]*(?:1(?:[\\x5c'\\\"]*[89])?|2[\\x5c'\\\"]*[012]))?|m[\\x5c'\\\"]*(?:u[\\x5c'\\\"]*s[\\x5c'\\\"]*e|d[\\x5c'\\\"]*i)[\\x5c'\\\"]*r|n[\\x5c'\\\"]*a[\\x5c'\\\"]*n[\\x5c'\\\"]*o|s[\\x5c'\\\"]*y[\\x5c'\\\"]*n[\\x5c'\\\"]*c|c[\\x5c'\\\"]*p)|u[\\x5c'\\\"]*(?:n[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*o[\\x5c'\\\"]*m[\\x5c'\\\"]*p[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|z[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*t[\\x5c'\\\"]*d|i[\\x5c'\\\"]*p)|(?:p[\\x5c'\\\"]*i[\\x5c'\\\"]*g|x)[\\x5c'\\\"]*z|l[\\x5c'\\\"]*z[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*a|4)|a[\\x5c'\\\"]*m[\\x5c'\\\"]*e|r[\\x5c'\\\"]*a[\\x5c'\\\"]*r|s[\\x5c'\\\"]*e[\\x5c'\\\"]*t)|s[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*(?:(?:a[\\x5c'\\\"]*d|m[\\x5c'\\\"]*o)[\\x5c'\\\"]*d|d[\\x5c'\\\"]*e[\\x5c'\\\"]*l))|m[\\x5c'\\\"]*(?:y[\\x5c'\\\"]*s[\\x5c'\\\"]*q[\\x5c'\\\"]*l[\\x5c'\\\"]*(?:d[\\x5c'\\\"]*u[\\x5c'\\\"]*m[\\x5c'\\\"]*p(?:[\\x5c'\\\"]*s[\\x5c'\\\"]*l[\\x5c'\\\"]*o[\\x5c'\\\"]*w)?|h[\\x5c'\\\"]*o[\\x5c'\\\"]*t[\\x5c'\\\"]*c[\\x5c'\\\"]*o[\\x5c'\\\"]*p[\\x5c'\\\"]*y|a[\\x5c'\\\"]*d[\\x5c'\\\"]*m[\\x5c'\\\"]*i[\\x5c'\\\"]*n|s[\\x5c'\\\"]*h[\\x5c'\\\"]*o[\\x5c'\\\"]*w)|l[\\x5c'\\\"]*o[\\x5c'\\\"]*c[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*e|a[\\x5c'\\\"]*i[\\x5c'\\\"]*l[\\x5c'\\\"]*q)|c[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*(?:r[\\x5c'\\\"]*e[\\x5c'\\\"]*_[\\x5c'\\\"]*p[\\x5c'\\\"]*e[\\x5c'\\\"]*r[\\x5c'\\\"]*l[\\x5c'\\\"]*\\/[\\x5c'\\\"]*z[\\x5c'\\\"]*i[\\x5c'\\\"]*p[\\x5c'\\\"]*d[\\x5c'\\\"]*e[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*i[\\x5c'\\\"]*l[\\x5c'\\\"]*s|m[\\x5c'\\\"]*m[\\x5c'\\\"]*a[\\x5c'\\\"]*n[\\x5c'\\\"]*d|p[\\x5c'\\\"]*r[\\x5c'\\\"]*o[\\x5c'\\\"]*c)|u[\\x5c'\\\"]*r[\\x5c'\\\"]*l|9[\\x5c'\\\"]*9|s[\\x5c'\\\"]*h|c)|x[\\x5c'\\\"]*(?:z(?:[\\x5c'\\\"]*(?:(?:[ef][\\x5c'\\\"]*)?g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|d[\\x5c'\\\"]*(?:i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|e[\\x5c'\\\"]*c)|c[\\x5c'\\\"]*(?:a[\\x5c'\\\"]*t|m[\\x5c'\\\"]*p)|l[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*s|m[\\x5c'\\\"]*o[\\x5c'\\\"]*r[\\x5c'\\\"]*e))?|a[\\x5c'\\\"]*r[\\x5c'\\\"]*g[\\x5c'\\\"]*s)|f[\\x5c'\\\"]*(?:t[\\x5c'\\\"]*p[\\x5c'\\\"]*(?:s[\\x5c'\\\"]*t[\\x5c'\\\"]*a[\\x5c'\\\"]*t[\\x5c'\\\"]*s|w[\\x5c'\\\"]*h[\\x5c'\\\"]*o)|i[\\x5c'\\\"]*l[\\x5c'\\\"]*e[\\x5c'\\\"]*t[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*t|e[\\x5c'\\\"]*t[\\x5c'\\\"]*c[\\x5c'\\\"]*h|g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p)|g[\\x5c'\\\"]*(?:z[\\x5c'\\\"]*(?:c[\\x5c'\\\"]*a[\\x5c'\\\"]*t|e[\\x5c'\\\"]*x[\\x5c'\\\"]*e|i[\\x5c'\\\"]*p)|(?:u[\\x5c'\\\"]*n[\\x5c'\\\"]*z[\\x5c'\\\"]*i|r[\\x5c'\\\"]*e)[\\x5c'\\\"]*p|c[\\x5c'\\\"]*c)|e[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r[\\x5c'\\\"]*e[\\x5c'\\\"]*p|c[\\x5c'\\\"]*h[\\x5c'\\\"]*o|v[\\x5c'\\\"]*a[\\x5c'\\\"]*l|x[\\x5c'\\\"]*e[\\x5c'\\\"]*c|n[\\x5c'\\\"]*v)|d[\\x5c'\\\"]*(?:m[\\x5c'\\\"]*e[\\x5c'\\\"]*s[\\x5c'\\\"]*g|a[\\x5c'\\\"]*s[\\x5c'\\\"]*h|i[\\x5c'\\\"]*f[\\x5c'\\\"]*f|o[\\x5c'\\\"]*a[\\x5c'\\\"]*s)|j[\\x5c'\\\"]*(?:o[\\x5c'\\\"]*b[\\x5c'\\\"]*s[\\x5c'\\\"]*\\s+[\\x5c'\\\"]*-[\\x5c'\\\"]*x|a[\\x5c'\\\"]*v[\\x5c'\\\"]*a)|w[\\x5c'\\\"]*(?:h[\\x5c'\\\"]*o[\\x5c'\\\"]*a[\\x5c'\\\"]*m[\\x5c'\\\"]*i|g[\\x5c'\\\"]*e[\\x5c'\\\"]*t|3[\\x5c'\\\"]*m)|i[\\x5c'\\\"]*r[\\x5c'\\\"]*b(?:[\\x5c'\\\"]*(?:1(?:[\\x5c'\\\"]*[89])?|2[\\x5c'\\\"]*[012]))?|o[\\x5c'\\\"]*n[\\x5c'\\\"]*i[\\x5c'\\\"]*n[\\x5c'\\\"]*t[\\x5c'\\\"]*r|h[\\x5c'\\\"]*(?:e[\\x5c'\\\"]*a[\\x5c'\\\"]*d|u[\\x5c'\\\"]*p)|v[\\x5c'\\\"]*i[\\x5c'\\\"]*(?:g[\\x5c'\\\"]*r|p[\\x5c'\\\"]*w)|7[\\x5c'\\\"]*z(?:[\\x5c'\\\"]*[ar])?|G[\\x5c'\\\"]*E[\\x5c'\\\"]*T|k[\\x5c'\\\"]*s[\\x5c'\\\"]*h)|\\$[\\x5c'\\\"]*(?:\\{[\\x5c'\\\"]*S[\\x5c'\\\"]*H[\\x5c'\\\"]*E[\\x5c'\\\"]*L[\\x5c'\\\"]*L[\\x5c'\\\"]*}|S[\\x5c'\\\"]*H[\\x5c'\\\"]*E[\\x5c'\\\"]*L[\\x5c'\\\"]*L))[\\x5c'\\\"]*(?:\\s|;|\\||&|<|>)", @@ -814,6 +835,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\$+(?:[a-zA-Z_\\x7f-\\xff][a-zA-Z0-9_\\x7f-\\xff]*|\\s*{.+})(?:\\s|\\[.+\\]|{.+}|/\\*.*\\*/|//.*|#.*)*\\(.*\\)", @@ -850,6 +874,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:\\(.+\\)\\(.+\\)|\\(.+\\)['\\\"][a-zA-Z-_0-9]+['\\\"]\\(.+\\)|\\[\\d+\\]\\(.+\\)|\\{\\d+\\}\\(.+\\)|\\$[^(?:\\),.;\\x5c/]+\\(.+\\)|[\\\"'][a-zA-Z0-9-_\\x5c]+[\\\"']\\(.+\\)|\\([^\\)]*string[^\\)]*\\)[a-zA-Z-_0-9\\\"'.{}\\[\\]\\s]+\\([^\\)]*\\));", @@ -902,6 +929,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ] }, @@ -941,6 +971,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "[\\s\\S](?:\\b(?:x(?:link:href|html|mlns)|data:text\\/html|pattern\\b.*?=|formaction)|!ENTITY\\s+(?:\\S+|%\\s+\\S+)\\s+(?:PUBLIC|SYSTEM)|;base64|@import)\\b", @@ -984,6 +1017,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "\\b(?:s(?:tyle|rc)|href)\\b\\s*?=", @@ -1034,6 +1070,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?:(?:<\\w[\\s\\S]*[\\s/]|['\\\"](?:[\\s\\S]*[\\s/])?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|(?:peech|ound)(?:start|end)|u(?:ccess|spend|bmit)|croll|how)|m(?:o(?:z(?:(?:pointerlock|fullscreen)(?:change|error)|(?:orientation|time)change|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|b(?:e(?:fore(?:(?:(?:de)?activa|scriptexecu)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ransition(?:cancel|end|run)|ime(?:update|out)|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom)|s(?:tyle|rc)|background|formaction|lowsrc|ping)[\\s\\x08]*?=|<[^\\w<>]*(?:[^<>\\\"'\\s]*:)?[^\\w<>]*\\W*?(?:(?:a\\W*?(?:n\\W*?i\\W*?m\\W*?a\\W*?t\\W*?e|p\\W*?p\\W*?l\\W*?e\\W*?t|u\\W*?d\\W*?i\\W*?o)|b\\W*?(?:i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g\\W*?s|a\\W*?s\\W*?e|o\\W*?d\\W*?y)|i?\\W*?f\\W*?r\\W*?a\\W*?m\\W*?e|o\\W*?b\\W*?j\\W*?e\\W*?c\\W*?t|i\\W*?m\\W*?a?\\W*?g\\W*?e?|e\\W*?m\\W*?b\\W*?e\\W*?d|p\\W*?a\\W*?r\\W*?a\\W*?m|v\\W*?i\\W*?d\\W*?e\\W*?o|l\\W*?i\\W*?n\\W*?k)[^>\\w]|s\\W*?(?:c\\W*?r\\W*?i\\W*?p\\W*?t|t\\W*?y\\W*?l\\W*?e|e\\W*?t[^>\\w]|v\\W*?g)|m\\W*?(?:a\\W*?r\\W*?q\\W*?u\\W*?e\\W*?e|e\\W*?t\\W*?a[^>\\w])|f\\W*?o\\W*?r\\W*?m))", @@ -1071,6 +1110,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i:.*?(?:@[i\\x5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(?:\\x5c]|&#x?0*(?:40|28|92|5C);?)))", @@ -1109,6 +1151,9 @@ }, { "address": "graphql.server.all_resolvers" + }, + { + "address": "graphql.server.resolver" } ], "regex": "(?i: Date: Thu, 22 Aug 2024 12:46:24 +0200 Subject: [PATCH 2/8] Add comments for TODOs --- lib/datadog/core/environment/cgroup.rb | 1 + lib/datadog/core/environment/container.rb | 1 + lib/datadog/core/metrics/client.rb | 5 +++++ lib/datadog/core/remote/component.rb | 2 ++ lib/datadog/core/remote/negotiation.rb | 6 ++++++ lib/datadog/core/runtime/metrics.rb | 2 ++ lib/datadog/opentelemetry/sdk/propagator.rb | 2 ++ .../contrib/action_cable/instrumentation.rb | 21 ++++++++++++------- .../action_controller/instrumentation.rb | 2 ++ .../active_record/configuration/resolver.rb | 5 ++--- .../tracing/contrib/elasticsearch/patcher.rb | 3 +-- lib/datadog/tracing/contrib/grape/endpoint.rb | 5 +++++ .../contrib/httpclient/instrumentation.rb | 9 +++++--- .../tracing/contrib/httpclient/patcher.rb | 16 +++++++++++++- .../tracing/contrib/httprb/instrumentation.rb | 1 + lib/datadog/tracing/contrib/httprb/patcher.rb | 16 +++++++++++++- .../tracing/contrib/lograge/patcher.rb | 3 ++- .../tracing/contrib/opensearch/patcher.rb | 1 + lib/datadog/tracing/contrib/patcher.rb | 4 ++-- lib/datadog/tracing/contrib/presto/patcher.rb | 15 ++++++++++++- .../tracing/distributed/propagation.rb | 2 ++ lib/datadog/tracing/sampling/rate_sampler.rb | 1 + lib/datadog/tracing/sampling/rule.rb | 1 + lib/datadog/tracing/sampling/rule_sampler.rb | 2 ++ lib/datadog/tracing/transport/http/client.rb | 1 + lib/datadog/tracing/transport/io/client.rb | 1 + lib/datadog/tracing/workers.rb | 2 ++ lib/datadog/tracing/workers/trace_writer.rb | 1 + 28 files changed, 109 insertions(+), 22 deletions(-) diff --git a/lib/datadog/core/environment/cgroup.rb b/lib/datadog/core/environment/cgroup.rb index 18971979c28..94ba65c2818 100644 --- a/lib/datadog/core/environment/cgroup.rb +++ b/lib/datadog/core/environment/cgroup.rb @@ -33,6 +33,7 @@ def descriptors(process = 'self') end end rescue StandardError => e + # TODO: add telemetry logs Datadog.logger.error( "Error while parsing cgroup. Cause: #{e.class.name} #{e.message} Location: #{Array(e.backtrace).first}" ) diff --git a/lib/datadog/core/environment/container.rb b/lib/datadog/core/environment/container.rb index e2dde0f62ab..f4c3c822030 100644 --- a/lib/datadog/core/environment/container.rb +++ b/lib/datadog/core/environment/container.rb @@ -78,6 +78,7 @@ def descriptor break end rescue StandardError => e + # TODO: add telemetry logs Datadog.logger.error( "Error while parsing container info. Cause: #{e.class.name} #{e.message} " \ "Location: #{Array(e.backtrace).first}" diff --git a/lib/datadog/core/metrics/client.rb b/lib/datadog/core/metrics/client.rb index cb180d7de2d..a4929c403e6 100644 --- a/lib/datadog/core/metrics/client.rb +++ b/lib/datadog/core/metrics/client.rb @@ -97,6 +97,7 @@ def count(stat, value = nil, options = nil, &block) statsd.count(stat, value, metric_options(options)) rescue StandardError => e + # TODO: add telemetry logs Datadog.logger.error( "Failed to send count stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) @@ -110,6 +111,7 @@ def distribution(stat, value = nil, options = nil, &block) statsd.distribution(stat, value, metric_options(options)) rescue StandardError => e + # TODO: add telemetry logs Datadog.logger.error( "Failed to send distribution stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) @@ -122,6 +124,7 @@ def increment(stat, options = nil) statsd.increment(stat, metric_options(options)) rescue StandardError => e + # TODO: add telemetry logs Datadog.logger.error( "Failed to send increment stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) @@ -135,6 +138,7 @@ def gauge(stat, value = nil, options = nil, &block) statsd.gauge(stat, value, metric_options(options)) rescue StandardError => e + # TODO: add telemetry logs Datadog.logger.error( "Failed to send gauge stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) @@ -153,6 +157,7 @@ def time(stat, options = nil) distribution(stat, ((finished - start) * 1000), options) end rescue StandardError => e + # TODO: add telemetry logs Datadog.logger.error( "Failed to send time stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) diff --git a/lib/datadog/core/remote/component.rb b/lib/datadog/core/remote/component.rb index b468ee9dbdc..a4885493615 100644 --- a/lib/datadog/core/remote/component.rb +++ b/lib/datadog/core/remote/component.rb @@ -39,6 +39,7 @@ def initialize(settings, capabilities, agent_settings) @client.sync @healthy ||= true rescue Client::SyncError => e + # Not sure Datadog.logger.error do "remote worker client sync error: #{e.message} location: #{Array(e.backtrace).first}. skipping sync" end @@ -48,6 +49,7 @@ def initialize(settings, capabilities, agent_settings) # negotiation object stores error logging state that should be reset. negotiation = Negotiation.new(settings, agent_settings) + # Not sure Datadog.logger.error do "remote worker error: #{e.class.name} #{e.message} location: #{Array(e.backtrace).first}. "\ 'reseting client state' diff --git a/lib/datadog/core/remote/negotiation.rb b/lib/datadog/core/remote/negotiation.rb index a43eb80a334..2c7795c782e 100644 --- a/lib/datadog/core/remote/negotiation.rb +++ b/lib/datadog/core/remote/negotiation.rb @@ -20,6 +20,7 @@ def endpoint?(path) if res.internal_error? && network_error?(res.error) unless @logged[:agent_unreachable] + # TODO: change to warning Datadog.logger.error { "agent unreachable: cannot negotiate #{path}" } @logged[:agent_unreachable] = true end @@ -29,6 +30,7 @@ def endpoint?(path) if res.not_found? unless @logged[:no_info_endpoint] + # TODO: change to warning Datadog.logger.error { "agent reachable but has no /info endpoint: cannot negotiate #{path}" } @logged[:no_info_endpoint] = true end @@ -38,6 +40,8 @@ def endpoint?(path) unless res.ok? unless @logged[:unexpected_response] + # TODO: Report telemetry logs + # TODO: change to warning Datadog.logger.error { "agent reachable but unexpected response: cannot negotiate #{path}" } @logged[:unexpected_response] = true end @@ -47,6 +51,8 @@ def endpoint?(path) unless res.endpoints.include?(path) unless @logged[:no_config_endpoint] + # TODO: Report telemetry logs + # TODO: change to warning Datadog.logger.error { "agent reachable but does not report #{path}" } @logged[:no_config_endpoint] = true end diff --git a/lib/datadog/core/runtime/metrics.rb b/lib/datadog/core/runtime/metrics.rb index c07c75319e4..07d3250c638 100644 --- a/lib/datadog/core/runtime/metrics.rb +++ b/lib/datadog/core/runtime/metrics.rb @@ -94,6 +94,8 @@ def gc_metrics def try_flush yield rescue StandardError => e + # TODO: Report telemetry logs + # TODO: change to warning Datadog.logger.error("Error while sending runtime metric. Cause: #{e.class.name} #{e.message}") end diff --git a/lib/datadog/opentelemetry/sdk/propagator.rb b/lib/datadog/opentelemetry/sdk/propagator.rb index f45e4e9d7f4..dd128fa80ea 100644 --- a/lib/datadog/opentelemetry/sdk/propagator.rb +++ b/lib/datadog/opentelemetry/sdk/propagator.rb @@ -15,6 +15,7 @@ def inject( setter: ::OpenTelemetry::Context::Propagation.text_map_setter ) unless setter == ::OpenTelemetry::Context::Propagation.text_map_setter + # Not to report telemetry logs for now Datadog.logger.error( 'Custom setter is not supported. Please inform the `datadog` team at ' \ ' https://github.com/DataDog/dd-trace-rb of your use case so we can best support you. Using the default ' \ @@ -31,6 +32,7 @@ def extract( ) if getter != ::OpenTelemetry::Context::Propagation.text_map_getter && getter != ::OpenTelemetry::Common::Propagation.rack_env_getter + # Not to report telemetry logs for now Datadog.logger.error( "Custom getter #{getter} is not supported. Please inform the `datadog` team at " \ ' https://github.com/DataDog/dd-trace-rb of your use case so we can best support you. Using the default ' \ diff --git a/lib/datadog/tracing/contrib/action_cable/instrumentation.rb b/lib/datadog/tracing/contrib/action_cable/instrumentation.rb index 2baea187f23..dcb50dece11 100644 --- a/lib/datadog/tracing/contrib/action_cable/instrumentation.rb +++ b/lib/datadog/tracing/contrib/action_cable/instrumentation.rb @@ -14,17 +14,22 @@ module Instrumentation module ActionCableConnection def on_open Tracing.trace(Ext::SPAN_ON_OPEN) do |span, trace| - span.resource = "#{self.class}#on_open" - span.type = Tracing::Metadata::Ext::AppTypes::TYPE_WEB + begin + span.resource = "#{self.class}#on_open" + span.type = Tracing::Metadata::Ext::AppTypes::TYPE_WEB - span.set_tag(Ext::TAG_ACTION, 'on_open') - span.set_tag(Ext::TAG_CONNECTION, self.class.to_s) + span.set_tag(Ext::TAG_ACTION, 'on_open') + span.set_tag(Ext::TAG_CONNECTION, self.class.to_s) - span.set_tag(Tracing::Metadata::Ext::TAG_COMPONENT, Ext::TAG_COMPONENT) - span.set_tag(Tracing::Metadata::Ext::TAG_OPERATION, Ext::TAG_OPERATION_ON_OPEN) + span.set_tag(Tracing::Metadata::Ext::TAG_COMPONENT, Ext::TAG_COMPONENT) + span.set_tag(Tracing::Metadata::Ext::TAG_OPERATION, Ext::TAG_OPERATION_ON_OPEN) - # Set the resource name of the trace - trace.resource = span.resource + # Set the resource name of the trace + trace.resource = span.resource + rescue StandardError => e + # TODO: Report Telemetry logs + Datadog.logger.error("Error preparing span for ActionCable::Connection: #{e}") + end super end diff --git a/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb b/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb index 80e462e4a42..6acdbcca412 100644 --- a/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb +++ b/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb @@ -43,6 +43,7 @@ def start_processing(payload) span.set_tag(Tracing::Metadata::Ext::TAG_COMPONENT, Ext::TAG_COMPONENT) span.set_tag(Tracing::Metadata::Ext::TAG_OPERATION, Ext::TAG_OPERATION_CONTROLLER) rescue StandardError => e + # TODO: Report Telemetry logs Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -82,6 +83,7 @@ def finish_processing(payload) span.finish end rescue StandardError => e + # TODO: Report Telemetry logs Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end diff --git a/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb b/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb index 04fb6de57e2..f459a57933b 100644 --- a/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +++ b/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb @@ -2,7 +2,6 @@ require_relative '../../configuration/resolver' require_relative 'makara_resolver' -require_relative '../../../../core/telemetry/logger' module Datadog module Tracing @@ -74,11 +73,11 @@ def resolve(db_config) # `db_config` input may contain sensitive information such as passwords, # hence provide a succinct summary for the error logging. # + # TODO: Report Telemetry logs Datadog.logger.error( 'Failed to resolve ActiveRecord database configuration. '\ "Cause: #{e.class.name} Source: #{Array(e.backtrace).first}" ) - Core::Telemetry::Logger.report(e, description: 'Failed to resolve ActiveRecord database configuration') nil end @@ -94,11 +93,11 @@ def parse_matcher(matcher) normalized rescue => e + # TODO: Report Telemetry logs Datadog.logger.error( "Failed to resolve key #{matcher.inspect}. " \ "Cause: #{e.class.name} Source: #{Array(e.backtrace).first}" ) - Core::Telemetry::Logger.report(e, description: 'Failed to resolve key') nil end diff --git a/lib/datadog/tracing/contrib/elasticsearch/patcher.rb b/lib/datadog/tracing/contrib/elasticsearch/patcher.rb index 92dbfe30612..eee2be59076 100644 --- a/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +++ b/lib/datadog/tracing/contrib/elasticsearch/patcher.rb @@ -93,13 +93,12 @@ def perform_request(*args) span.resource = "#{method} #{quantized_url}" Contrib::SpanAttributeSchema.set_peer_service!(span, Ext::PEER_SERVICE_SOURCES) rescue StandardError => e - # TODO: Refactor the code to streamline the execution without ensure + # TODO: Refactor the code to avoid calling `super` in the `ensure` block Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) ensure # the call is still executed response = super - if response && response.respond_to?(:status) span.set_tag(Tracing::Metadata::Ext::HTTP::TAG_STATUS_CODE, response.status) end diff --git a/lib/datadog/tracing/contrib/grape/endpoint.rb b/lib/datadog/tracing/contrib/grape/endpoint.rb index 292f32d0726..bcb1499c16b 100644 --- a/lib/datadog/tracing/contrib/grape/endpoint.rb +++ b/lib/datadog/tracing/contrib/grape/endpoint.rb @@ -64,6 +64,7 @@ def endpoint_start_process(_name, _start, _finish, _id, payload) Thread.current[KEY_RUN] = true rescue StandardError => e + # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -108,6 +109,7 @@ def endpoint_run(name, start, finish, id, payload) span.finish(finish) end rescue StandardError => e + # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -152,6 +154,7 @@ def endpoint_start_render(*) Thread.current[KEY_RENDER] = true rescue StandardError => e + # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -177,6 +180,7 @@ def endpoint_render(name, start, finish, id, payload) span.finish(finish) end rescue StandardError => e + # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -216,6 +220,7 @@ def endpoint_run_filters(name, start, finish, id, payload) span.finish(finish) end rescue StandardError => e + # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end diff --git a/lib/datadog/tracing/contrib/httpclient/instrumentation.rb b/lib/datadog/tracing/contrib/httpclient/instrumentation.rb index 5a600970870..1c4940718a7 100644 --- a/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +++ b/lib/datadog/tracing/contrib/httpclient/instrumentation.rb @@ -4,7 +4,6 @@ require_relative '../http' require_relative '../analytics' require_relative '../http_annotation_helper' -require_relative '../../../core/telemetry/logger' module Datadog module Tracing @@ -37,8 +36,8 @@ def do_get_block(req, proxy, conn, &block) # Add additional request specific tags to the span. annotate_span_with_request!(span, req, request_options) rescue StandardError => e - Datadog.logger.error("error preparing span for httpclient request: #{e}, Source: #{e.backtrace}") - Datadog::Core::Telemetry::Logger.report(e) + # TODO: Report Telemetry logs + logger.error("error preparing span for httpclient request: #{e}, Source: #{e.backtrace}") ensure res = super end @@ -116,6 +115,10 @@ def analytics_enabled?(request_options) Contrib::Analytics.enabled?(request_options[:analytics_enabled]) end + def logger + Datadog.logger + end + def should_skip_distributed_tracing?(client_config) return !client_config[:distributed_tracing] if client_config && client_config.key?(:distributed_tracing) diff --git a/lib/datadog/tracing/contrib/httpclient/patcher.rb b/lib/datadog/tracing/contrib/httpclient/patcher.rb index cd1779a3ce5..391089d7075 100644 --- a/lib/datadog/tracing/contrib/httpclient/patcher.rb +++ b/lib/datadog/tracing/contrib/httpclient/patcher.rb @@ -13,14 +13,28 @@ module Httpclient module Patcher include Contrib::Patcher + PATCH_ONLY_ONCE = Core::Utils::OnlyOnce.new + module_function + def patched? + PATCH_ONLY_ONCE.ran? + end + def target_version Integration.version end + # patch applies our patch def patch - ::HTTPClient.include(Instrumentation) + # TODO: Refactor to remove redundancy + PATCH_ONLY_ONCE.run do + begin + ::HTTPClient.include(Instrumentation) + rescue StandardError => e + Datadog.logger.error("Unable to apply httpclient integration: #{e}") + end + end end end end diff --git a/lib/datadog/tracing/contrib/httprb/instrumentation.rb b/lib/datadog/tracing/contrib/httprb/instrumentation.rb index b935d3bd14b..305152e2c00 100644 --- a/lib/datadog/tracing/contrib/httprb/instrumentation.rb +++ b/lib/datadog/tracing/contrib/httprb/instrumentation.rb @@ -35,6 +35,7 @@ def perform(req, options) # Add additional request specific tags to the span. annotate_span_with_request!(span, req, request_options) rescue StandardError => e + # TODO: Report Telemetry logs logger.error("error preparing span for http.rb request: #{e}, Source: #{e.backtrace}") Datadog::Core::Telemetry::Logger.report(e) ensure diff --git a/lib/datadog/tracing/contrib/httprb/patcher.rb b/lib/datadog/tracing/contrib/httprb/patcher.rb index 509c645a892..c7b390cd431 100644 --- a/lib/datadog/tracing/contrib/httprb/patcher.rb +++ b/lib/datadog/tracing/contrib/httprb/patcher.rb @@ -13,14 +13,28 @@ module Httprb module Patcher include Contrib::Patcher + PATCH_ONLY_ONCE = Core::Utils::OnlyOnce.new + module_function + def patched? + PATCH_ONLY_ONCE.ran? + end + def target_version Integration.version end + # patch applies our patch def patch - ::HTTP::Client.include(Instrumentation) + # TODO: Refactor to remove redundancy + PATCH_ONLY_ONCE.run do + begin + ::HTTP::Client.include(Instrumentation) + rescue StandardError => e + Datadog.logger.error("Unable to apply httprb integration: #{e}") + end + end end end end diff --git a/lib/datadog/tracing/contrib/lograge/patcher.rb b/lib/datadog/tracing/contrib/lograge/patcher.rb index 0045c894930..47227a1113c 100644 --- a/lib/datadog/tracing/contrib/lograge/patcher.rb +++ b/lib/datadog/tracing/contrib/lograge/patcher.rb @@ -24,7 +24,8 @@ def patch if defined?(::ActiveSupport::TaggedLogging::Formatter) && ::Lograge::LogSubscribers::ActionController .logger&.formatter.is_a?(::ActiveSupport::TaggedLogging::Formatter) - Datadog.logger.warn( + # TODO: Change to warn + Datadog.logger.error( 'Lograge and ActiveSupport::TaggedLogging (the default Rails log formatter) are not compatible: ' \ 'Lograge does not account for Rails log tags, creating polluted logs and breaking log formatting. ' \ 'Traces and Logs correlation may not work. ' \ diff --git a/lib/datadog/tracing/contrib/opensearch/patcher.rb b/lib/datadog/tracing/contrib/opensearch/patcher.rb index 1bb4134df85..9a157329369 100644 --- a/lib/datadog/tracing/contrib/opensearch/patcher.rb +++ b/lib/datadog/tracing/contrib/opensearch/patcher.rb @@ -81,6 +81,7 @@ def perform_request(method, path, params = {}, body = nil, headers = nil) span.resource = "#{method} #{quantized_url}" Contrib::SpanAttributeSchema.set_peer_service!(span, Ext::PEER_SERVICE_SOURCES) rescue StandardError => e + # TODO: Report Telemetry logs Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) # TODO: Refactor the code to streamline the execution without ensure diff --git a/lib/datadog/tracing/contrib/patcher.rb b/lib/datadog/tracing/contrib/patcher.rb index 85156da3cef..5dfbe854588 100644 --- a/lib/datadog/tracing/contrib/patcher.rb +++ b/lib/datadog/tracing/contrib/patcher.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true require_relative '../../core/utils/only_once' -require_relative '../../core/telemetry/logger' module Datadog module Tracing @@ -50,8 +49,9 @@ def patch # Processes patching errors. This default implementation logs the error and reports relevant metrics. # @param e [Exception] def on_patch_error(e) + # Log the error + # TODO: Report Telemetry logs Datadog.logger.error("Failed to apply #{patch_name} patch. Cause: #{e} Location: #{Array(e.backtrace).first}") - Datadog::Core::Telemetry::Logger.report(e, description: "Failed to apply #{patch_name} patch") @patch_error_result = { type: e.class.name, diff --git a/lib/datadog/tracing/contrib/presto/patcher.rb b/lib/datadog/tracing/contrib/presto/patcher.rb index 4070f05a248..dbc328a6851 100644 --- a/lib/datadog/tracing/contrib/presto/patcher.rb +++ b/lib/datadog/tracing/contrib/presto/patcher.rb @@ -13,10 +13,23 @@ module Presto module Patcher include Contrib::Patcher + PATCH_ONLY_ONCE = Core::Utils::OnlyOnce.new + module_function + def patched? + PATCH_ONLY_ONCE.ran? + end + def patch - ::Presto::Client::Client.include(Instrumentation::Client) + # TODO: Refactor to remove redundancy + PATCH_ONLY_ONCE.run do + begin + ::Presto::Client::Client.include(Instrumentation::Client) + rescue StandardError => e + Datadog.logger.error("Unable to apply Presto integration: #{e}") + end + end end end end diff --git a/lib/datadog/tracing/distributed/propagation.rb b/lib/datadog/tracing/distributed/propagation.rb index 2c56b441220..a5da4093eb8 100644 --- a/lib/datadog/tracing/distributed/propagation.rb +++ b/lib/datadog/tracing/distributed/propagation.rb @@ -69,6 +69,7 @@ def inject!(digest, data) result = true rescue => e result = nil + # TODO: Report Telemetry logs, capturing propagator name ::Datadog.logger.error( "Error injecting distributed trace data. Cause: #{e} Location: #{Array(e.backtrace).first}" ) @@ -127,6 +128,7 @@ def extract(data) ) end rescue => e + # TODO: Not to report Telemetry logs for now ::Datadog.logger.error( "Error extracting distributed trace data. Cause: #{e} Location: #{Array(e.backtrace).first}" ) diff --git a/lib/datadog/tracing/sampling/rate_sampler.rb b/lib/datadog/tracing/sampling/rate_sampler.rb index bc79714bcec..844970100c2 100644 --- a/lib/datadog/tracing/sampling/rate_sampler.rb +++ b/lib/datadog/tracing/sampling/rate_sampler.rb @@ -20,6 +20,7 @@ def initialize(sample_rate = 1.0, decision: nil) super() unless sample_rate >= 0.0 && sample_rate <= 1.0 + # TODO: Change to warning Datadog.logger.error('sample rate is not between 0 and 1, falling back to 1') sample_rate = 1.0 end diff --git a/lib/datadog/tracing/sampling/rule.rb b/lib/datadog/tracing/sampling/rule.rb index 9c18bed7fac..e5438329d99 100644 --- a/lib/datadog/tracing/sampling/rule.rb +++ b/lib/datadog/tracing/sampling/rule.rb @@ -32,6 +32,7 @@ def initialize(matcher, sampler, provenance) def match?(trace) @matcher.match?(trace) rescue => e + # TODO: Report Telemetry logs Datadog.logger.error( "Matcher failed. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) diff --git a/lib/datadog/tracing/sampling/rule_sampler.rb b/lib/datadog/tracing/sampling/rule_sampler.rb index 4b7e812e75f..4eb0164dd88 100644 --- a/lib/datadog/tracing/sampling/rule_sampler.rb +++ b/lib/datadog/tracing/sampling/rule_sampler.rb @@ -80,6 +80,7 @@ def self.parse(rules, rate_limit, default_sample_rate) new(parsed_rules, rate_limit: rate_limit, default_sample_rate: default_sample_rate) rescue => e + # TODO: Change to warning Datadog.logger.error do "Could not parse trace sampling rules '#{rules}': #{e.class.name} #{e.message} at #{Array(e.backtrace).first}" end @@ -137,6 +138,7 @@ def sample_trace(trace) trace.set_tag(Tracing::Metadata::Ext::Distributed::TAG_DECISION_MAKER, provenance) end rescue StandardError => e + # TODO: Report Telemetry logs Datadog.logger.error( "Rule sampling failed. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) diff --git a/lib/datadog/tracing/transport/http/client.rb b/lib/datadog/tracing/transport/http/client.rb index e19491ddabc..bb7f64d15c6 100644 --- a/lib/datadog/tracing/transport/http/client.rb +++ b/lib/datadog/tracing/transport/http/client.rb @@ -38,6 +38,7 @@ def send_request(request, &block) if stats.consecutive_errors > 0 Datadog.logger.debug(message) else + # Not to report Telemetry logs Datadog.logger.error(message) end diff --git a/lib/datadog/tracing/transport/io/client.rb b/lib/datadog/tracing/transport/io/client.rb index 685c7512190..f6fe0cf8aad 100644 --- a/lib/datadog/tracing/transport/io/client.rb +++ b/lib/datadog/tracing/transport/io/client.rb @@ -49,6 +49,7 @@ def send_request(request) if stats.consecutive_errors > 0 Datadog.logger.debug(message) else + # Not to report Telemetry logs Datadog.logger.error(message) end diff --git a/lib/datadog/tracing/workers.rb b/lib/datadog/tracing/workers.rb index fdcce6772ba..5838a055471 100644 --- a/lib/datadog/tracing/workers.rb +++ b/lib/datadog/tracing/workers.rb @@ -56,6 +56,8 @@ def callback_traces # ensures that the thread will not die because of an exception. # TODO[manu]: findout the reason and reschedule the send if it's not # a fatal exception + # + # TODO: Change to warning. Datadog.logger.error( "Error during traces flush: dropped #{traces.length} items. Cause: #{e} Location: #{Array(e.backtrace).first}" ) diff --git a/lib/datadog/tracing/workers/trace_writer.rb b/lib/datadog/tracing/workers/trace_writer.rb index fda409e74e5..b2a717d42d6 100644 --- a/lib/datadog/tracing/workers/trace_writer.rb +++ b/lib/datadog/tracing/workers/trace_writer.rb @@ -43,6 +43,7 @@ def write_traces(traces) traces = process_traces(traces) flush_traces(traces) rescue StandardError => e + # TODO: Change to warning. Datadog.logger.error( "Error while writing traces: dropped #{traces.length} items. Cause: #{e} Location: #{Array(e.backtrace).first}" ) From 257be688033b9f9268b2197340cb10404d311473 Mon Sep 17 00:00:00 2001 From: Tony Hsu Date: Wed, 11 Sep 2024 15:03:51 +0200 Subject: [PATCH 3/8] Implement --- lib/datadog/core/environment/cgroup.rb | 1 - lib/datadog/core/environment/container.rb | 1 - lib/datadog/core/metrics/client.rb | 12 ++-- lib/datadog/core/remote/component.rb | 4 +- lib/datadog/core/remote/negotiation.rb | 14 ++--- lib/datadog/core/runtime/metrics.rb | 4 +- lib/datadog/core/telemetry/event.rb | 3 + lib/datadog/opentelemetry/sdk/propagator.rb | 4 +- .../contrib/action_cable/instrumentation.rb | 21 +++---- .../action_controller/instrumentation.rb | 2 - .../active_record/configuration/resolver.rb | 5 +- .../tracing/contrib/elasticsearch/patcher.rb | 3 +- lib/datadog/tracing/contrib/grape/endpoint.rb | 5 -- .../contrib/httpclient/instrumentation.rb | 9 +-- .../tracing/contrib/httpclient/patcher.rb | 16 +---- .../tracing/contrib/httprb/instrumentation.rb | 1 - lib/datadog/tracing/contrib/httprb/patcher.rb | 16 +---- .../tracing/contrib/lograge/patcher.rb | 3 +- .../tracing/contrib/opensearch/patcher.rb | 1 - lib/datadog/tracing/contrib/patcher.rb | 4 +- lib/datadog/tracing/contrib/presto/patcher.rb | 15 +---- .../tracing/distributed/propagation.rb | 6 +- lib/datadog/tracing/sampling/rate_sampler.rb | 3 +- lib/datadog/tracing/sampling/rule.rb | 3 +- lib/datadog/tracing/sampling/rule_sampler.rb | 8 ++- lib/datadog/tracing/transport/http/client.rb | 2 +- lib/datadog/tracing/transport/io/client.rb | 2 +- lib/datadog/tracing/workers.rb | 4 +- lib/datadog/tracing/workers/trace_writer.rb | 3 +- spec/datadog/core/metrics/client_spec.rb | 58 ++++++++++--------- spec/datadog/core/remote/negotiation_spec.rb | 16 ++--- spec/datadog/core/runtime/metrics_spec.rb | 4 +- .../tracing/sampling/rate_sampler_spec.rb | 12 ++++ .../tracing/sampling/rule_sampler_spec.rb | 8 +-- spec/datadog/tracing/sampling/rule_spec.rb | 2 + 35 files changed, 117 insertions(+), 158 deletions(-) diff --git a/lib/datadog/core/environment/cgroup.rb b/lib/datadog/core/environment/cgroup.rb index 94ba65c2818..18971979c28 100644 --- a/lib/datadog/core/environment/cgroup.rb +++ b/lib/datadog/core/environment/cgroup.rb @@ -33,7 +33,6 @@ def descriptors(process = 'self') end end rescue StandardError => e - # TODO: add telemetry logs Datadog.logger.error( "Error while parsing cgroup. Cause: #{e.class.name} #{e.message} Location: #{Array(e.backtrace).first}" ) diff --git a/lib/datadog/core/environment/container.rb b/lib/datadog/core/environment/container.rb index f4c3c822030..e2dde0f62ab 100644 --- a/lib/datadog/core/environment/container.rb +++ b/lib/datadog/core/environment/container.rb @@ -78,7 +78,6 @@ def descriptor break end rescue StandardError => e - # TODO: add telemetry logs Datadog.logger.error( "Error while parsing container info. Cause: #{e.class.name} #{e.message} " \ "Location: #{Array(e.backtrace).first}" diff --git a/lib/datadog/core/metrics/client.rb b/lib/datadog/core/metrics/client.rb index a4929c403e6..cde34bb32db 100644 --- a/lib/datadog/core/metrics/client.rb +++ b/lib/datadog/core/metrics/client.rb @@ -2,6 +2,7 @@ require_relative '../utils/time' require_relative '../utils/only_once' +require_relative '../telemetry/logger' require_relative '../configuration/ext' require_relative 'ext' @@ -97,10 +98,10 @@ def count(stat, value = nil, options = nil, &block) statsd.count(stat, value, metric_options(options)) rescue StandardError => e - # TODO: add telemetry logs Datadog.logger.error( "Failed to send count stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) + Telemetry::Logger.report(e, description: 'Failed to send count stat') end def distribution(stat, value = nil, options = nil, &block) @@ -111,10 +112,10 @@ def distribution(stat, value = nil, options = nil, &block) statsd.distribution(stat, value, metric_options(options)) rescue StandardError => e - # TODO: add telemetry logs Datadog.logger.error( "Failed to send distribution stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) + Telemetry::Logger.report(e, description: 'Failed to send distribution stat') end def increment(stat, options = nil) @@ -124,10 +125,10 @@ def increment(stat, options = nil) statsd.increment(stat, metric_options(options)) rescue StandardError => e - # TODO: add telemetry logs Datadog.logger.error( "Failed to send increment stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) + Telemetry::Logger.report(e, description: 'Failed to send increment stat') end def gauge(stat, value = nil, options = nil, &block) @@ -138,10 +139,10 @@ def gauge(stat, value = nil, options = nil, &block) statsd.gauge(stat, value, metric_options(options)) rescue StandardError => e - # TODO: add telemetry logs Datadog.logger.error( "Failed to send gauge stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) + Telemetry::Logger.report(e, description: 'Failed to send gauge stat') end def time(stat, options = nil) @@ -157,10 +158,11 @@ def time(stat, options = nil) distribution(stat, ((finished - start) * 1000), options) end rescue StandardError => e - # TODO: add telemetry logs + # TODO: Likely to be redundant, since `distribution` handles its own errors. Datadog.logger.error( "Failed to send time stat. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) + Telemetry::Logger.report(e, description: 'Failed to send time stat') end end diff --git a/lib/datadog/core/remote/component.rb b/lib/datadog/core/remote/component.rb index a4885493615..3c8047cc9d3 100644 --- a/lib/datadog/core/remote/component.rb +++ b/lib/datadog/core/remote/component.rb @@ -39,7 +39,7 @@ def initialize(settings, capabilities, agent_settings) @client.sync @healthy ||= true rescue Client::SyncError => e - # Not sure + # Transient errors due to network or agent. Logged the error but not via telemetry Datadog.logger.error do "remote worker client sync error: #{e.message} location: #{Array(e.backtrace).first}. skipping sync" end @@ -49,7 +49,7 @@ def initialize(settings, capabilities, agent_settings) # negotiation object stores error logging state that should be reset. negotiation = Negotiation.new(settings, agent_settings) - # Not sure + # Transient errors due to network or agent. Logged the error but not via telemetry Datadog.logger.error do "remote worker error: #{e.class.name} #{e.message} location: #{Array(e.backtrace).first}. "\ 'reseting client state' diff --git a/lib/datadog/core/remote/negotiation.rb b/lib/datadog/core/remote/negotiation.rb index 2c7795c782e..d68de4f40b6 100644 --- a/lib/datadog/core/remote/negotiation.rb +++ b/lib/datadog/core/remote/negotiation.rb @@ -20,8 +20,7 @@ def endpoint?(path) if res.internal_error? && network_error?(res.error) unless @logged[:agent_unreachable] - # TODO: change to warning - Datadog.logger.error { "agent unreachable: cannot negotiate #{path}" } + Datadog.logger.warn { "agent unreachable: cannot negotiate #{path}" } @logged[:agent_unreachable] = true end @@ -30,8 +29,7 @@ def endpoint?(path) if res.not_found? unless @logged[:no_info_endpoint] - # TODO: change to warning - Datadog.logger.error { "agent reachable but has no /info endpoint: cannot negotiate #{path}" } + Datadog.logger.warn { "agent reachable but has no /info endpoint: cannot negotiate #{path}" } @logged[:no_info_endpoint] = true end @@ -40,9 +38,7 @@ def endpoint?(path) unless res.ok? unless @logged[:unexpected_response] - # TODO: Report telemetry logs - # TODO: change to warning - Datadog.logger.error { "agent reachable but unexpected response: cannot negotiate #{path}" } + Datadog.logger.warn { "agent reachable but unexpected response: cannot negotiate #{path}" } @logged[:unexpected_response] = true end @@ -51,9 +47,7 @@ def endpoint?(path) unless res.endpoints.include?(path) unless @logged[:no_config_endpoint] - # TODO: Report telemetry logs - # TODO: change to warning - Datadog.logger.error { "agent reachable but does not report #{path}" } + Datadog.logger.warn { "agent reachable but does not report #{path}" } @logged[:no_config_endpoint] = true end diff --git a/lib/datadog/core/runtime/metrics.rb b/lib/datadog/core/runtime/metrics.rb index 07d3250c638..6c89d5b7dc7 100644 --- a/lib/datadog/core/runtime/metrics.rb +++ b/lib/datadog/core/runtime/metrics.rb @@ -94,9 +94,7 @@ def gc_metrics def try_flush yield rescue StandardError => e - # TODO: Report telemetry logs - # TODO: change to warning - Datadog.logger.error("Error while sending runtime metric. Cause: #{e.class.name} #{e.message}") + Datadog.logger.warn("Error while sending runtime metric. Cause: #{e.class.name} #{e.message}") end def default_metric_options diff --git a/lib/datadog/core/telemetry/event.rb b/lib/datadog/core/telemetry/event.rb index 3808c475893..fabc8014207 100644 --- a/lib/datadog/core/telemetry/event.rb +++ b/lib/datadog/core/telemetry/event.rb @@ -1,5 +1,8 @@ # frozen_string_literal: true +require_relative '../utils/forking' +require_relative '../utils/sequence' + module Datadog module Core module Telemetry diff --git a/lib/datadog/opentelemetry/sdk/propagator.rb b/lib/datadog/opentelemetry/sdk/propagator.rb index dd128fa80ea..b711fba2390 100644 --- a/lib/datadog/opentelemetry/sdk/propagator.rb +++ b/lib/datadog/opentelemetry/sdk/propagator.rb @@ -15,7 +15,7 @@ def inject( setter: ::OpenTelemetry::Context::Propagation.text_map_setter ) unless setter == ::OpenTelemetry::Context::Propagation.text_map_setter - # Not to report telemetry logs for now + # PENDING: Not to report telemetry logs for now Datadog.logger.error( 'Custom setter is not supported. Please inform the `datadog` team at ' \ ' https://github.com/DataDog/dd-trace-rb of your use case so we can best support you. Using the default ' \ @@ -32,7 +32,7 @@ def extract( ) if getter != ::OpenTelemetry::Context::Propagation.text_map_getter && getter != ::OpenTelemetry::Common::Propagation.rack_env_getter - # Not to report telemetry logs for now + # PENDING: Not to report telemetry logs for now Datadog.logger.error( "Custom getter #{getter} is not supported. Please inform the `datadog` team at " \ ' https://github.com/DataDog/dd-trace-rb of your use case so we can best support you. Using the default ' \ diff --git a/lib/datadog/tracing/contrib/action_cable/instrumentation.rb b/lib/datadog/tracing/contrib/action_cable/instrumentation.rb index dcb50dece11..2baea187f23 100644 --- a/lib/datadog/tracing/contrib/action_cable/instrumentation.rb +++ b/lib/datadog/tracing/contrib/action_cable/instrumentation.rb @@ -14,22 +14,17 @@ module Instrumentation module ActionCableConnection def on_open Tracing.trace(Ext::SPAN_ON_OPEN) do |span, trace| - begin - span.resource = "#{self.class}#on_open" - span.type = Tracing::Metadata::Ext::AppTypes::TYPE_WEB + span.resource = "#{self.class}#on_open" + span.type = Tracing::Metadata::Ext::AppTypes::TYPE_WEB - span.set_tag(Ext::TAG_ACTION, 'on_open') - span.set_tag(Ext::TAG_CONNECTION, self.class.to_s) + span.set_tag(Ext::TAG_ACTION, 'on_open') + span.set_tag(Ext::TAG_CONNECTION, self.class.to_s) - span.set_tag(Tracing::Metadata::Ext::TAG_COMPONENT, Ext::TAG_COMPONENT) - span.set_tag(Tracing::Metadata::Ext::TAG_OPERATION, Ext::TAG_OPERATION_ON_OPEN) + span.set_tag(Tracing::Metadata::Ext::TAG_COMPONENT, Ext::TAG_COMPONENT) + span.set_tag(Tracing::Metadata::Ext::TAG_OPERATION, Ext::TAG_OPERATION_ON_OPEN) - # Set the resource name of the trace - trace.resource = span.resource - rescue StandardError => e - # TODO: Report Telemetry logs - Datadog.logger.error("Error preparing span for ActionCable::Connection: #{e}") - end + # Set the resource name of the trace + trace.resource = span.resource super end diff --git a/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb b/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb index 6acdbcca412..80e462e4a42 100644 --- a/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb +++ b/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb @@ -43,7 +43,6 @@ def start_processing(payload) span.set_tag(Tracing::Metadata::Ext::TAG_COMPONENT, Ext::TAG_COMPONENT) span.set_tag(Tracing::Metadata::Ext::TAG_OPERATION, Ext::TAG_OPERATION_CONTROLLER) rescue StandardError => e - # TODO: Report Telemetry logs Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -83,7 +82,6 @@ def finish_processing(payload) span.finish end rescue StandardError => e - # TODO: Report Telemetry logs Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end diff --git a/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb b/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb index f459a57933b..04fb6de57e2 100644 --- a/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +++ b/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb @@ -2,6 +2,7 @@ require_relative '../../configuration/resolver' require_relative 'makara_resolver' +require_relative '../../../../core/telemetry/logger' module Datadog module Tracing @@ -73,11 +74,11 @@ def resolve(db_config) # `db_config` input may contain sensitive information such as passwords, # hence provide a succinct summary for the error logging. # - # TODO: Report Telemetry logs Datadog.logger.error( 'Failed to resolve ActiveRecord database configuration. '\ "Cause: #{e.class.name} Source: #{Array(e.backtrace).first}" ) + Core::Telemetry::Logger.report(e, description: 'Failed to resolve ActiveRecord database configuration') nil end @@ -93,11 +94,11 @@ def parse_matcher(matcher) normalized rescue => e - # TODO: Report Telemetry logs Datadog.logger.error( "Failed to resolve key #{matcher.inspect}. " \ "Cause: #{e.class.name} Source: #{Array(e.backtrace).first}" ) + Core::Telemetry::Logger.report(e, description: 'Failed to resolve key') nil end diff --git a/lib/datadog/tracing/contrib/elasticsearch/patcher.rb b/lib/datadog/tracing/contrib/elasticsearch/patcher.rb index eee2be59076..92dbfe30612 100644 --- a/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +++ b/lib/datadog/tracing/contrib/elasticsearch/patcher.rb @@ -93,12 +93,13 @@ def perform_request(*args) span.resource = "#{method} #{quantized_url}" Contrib::SpanAttributeSchema.set_peer_service!(span, Ext::PEER_SERVICE_SOURCES) rescue StandardError => e - # TODO: Refactor the code to avoid calling `super` in the `ensure` block + # TODO: Refactor the code to streamline the execution without ensure Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) ensure # the call is still executed response = super + if response && response.respond_to?(:status) span.set_tag(Tracing::Metadata::Ext::HTTP::TAG_STATUS_CODE, response.status) end diff --git a/lib/datadog/tracing/contrib/grape/endpoint.rb b/lib/datadog/tracing/contrib/grape/endpoint.rb index bcb1499c16b..292f32d0726 100644 --- a/lib/datadog/tracing/contrib/grape/endpoint.rb +++ b/lib/datadog/tracing/contrib/grape/endpoint.rb @@ -64,7 +64,6 @@ def endpoint_start_process(_name, _start, _finish, _id, payload) Thread.current[KEY_RUN] = true rescue StandardError => e - # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -109,7 +108,6 @@ def endpoint_run(name, start, finish, id, payload) span.finish(finish) end rescue StandardError => e - # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -154,7 +152,6 @@ def endpoint_start_render(*) Thread.current[KEY_RENDER] = true rescue StandardError => e - # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -180,7 +177,6 @@ def endpoint_render(name, start, finish, id, payload) span.finish(finish) end rescue StandardError => e - # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end @@ -220,7 +216,6 @@ def endpoint_run_filters(name, start, finish, id, payload) span.finish(finish) end rescue StandardError => e - # TODO: Report Telelemetry log Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) end diff --git a/lib/datadog/tracing/contrib/httpclient/instrumentation.rb b/lib/datadog/tracing/contrib/httpclient/instrumentation.rb index 1c4940718a7..5a600970870 100644 --- a/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +++ b/lib/datadog/tracing/contrib/httpclient/instrumentation.rb @@ -4,6 +4,7 @@ require_relative '../http' require_relative '../analytics' require_relative '../http_annotation_helper' +require_relative '../../../core/telemetry/logger' module Datadog module Tracing @@ -36,8 +37,8 @@ def do_get_block(req, proxy, conn, &block) # Add additional request specific tags to the span. annotate_span_with_request!(span, req, request_options) rescue StandardError => e - # TODO: Report Telemetry logs - logger.error("error preparing span for httpclient request: #{e}, Source: #{e.backtrace}") + Datadog.logger.error("error preparing span for httpclient request: #{e}, Source: #{e.backtrace}") + Datadog::Core::Telemetry::Logger.report(e) ensure res = super end @@ -115,10 +116,6 @@ def analytics_enabled?(request_options) Contrib::Analytics.enabled?(request_options[:analytics_enabled]) end - def logger - Datadog.logger - end - def should_skip_distributed_tracing?(client_config) return !client_config[:distributed_tracing] if client_config && client_config.key?(:distributed_tracing) diff --git a/lib/datadog/tracing/contrib/httpclient/patcher.rb b/lib/datadog/tracing/contrib/httpclient/patcher.rb index 391089d7075..cd1779a3ce5 100644 --- a/lib/datadog/tracing/contrib/httpclient/patcher.rb +++ b/lib/datadog/tracing/contrib/httpclient/patcher.rb @@ -13,28 +13,14 @@ module Httpclient module Patcher include Contrib::Patcher - PATCH_ONLY_ONCE = Core::Utils::OnlyOnce.new - module_function - def patched? - PATCH_ONLY_ONCE.ran? - end - def target_version Integration.version end - # patch applies our patch def patch - # TODO: Refactor to remove redundancy - PATCH_ONLY_ONCE.run do - begin - ::HTTPClient.include(Instrumentation) - rescue StandardError => e - Datadog.logger.error("Unable to apply httpclient integration: #{e}") - end - end + ::HTTPClient.include(Instrumentation) end end end diff --git a/lib/datadog/tracing/contrib/httprb/instrumentation.rb b/lib/datadog/tracing/contrib/httprb/instrumentation.rb index 305152e2c00..b935d3bd14b 100644 --- a/lib/datadog/tracing/contrib/httprb/instrumentation.rb +++ b/lib/datadog/tracing/contrib/httprb/instrumentation.rb @@ -35,7 +35,6 @@ def perform(req, options) # Add additional request specific tags to the span. annotate_span_with_request!(span, req, request_options) rescue StandardError => e - # TODO: Report Telemetry logs logger.error("error preparing span for http.rb request: #{e}, Source: #{e.backtrace}") Datadog::Core::Telemetry::Logger.report(e) ensure diff --git a/lib/datadog/tracing/contrib/httprb/patcher.rb b/lib/datadog/tracing/contrib/httprb/patcher.rb index c7b390cd431..509c645a892 100644 --- a/lib/datadog/tracing/contrib/httprb/patcher.rb +++ b/lib/datadog/tracing/contrib/httprb/patcher.rb @@ -13,28 +13,14 @@ module Httprb module Patcher include Contrib::Patcher - PATCH_ONLY_ONCE = Core::Utils::OnlyOnce.new - module_function - def patched? - PATCH_ONLY_ONCE.ran? - end - def target_version Integration.version end - # patch applies our patch def patch - # TODO: Refactor to remove redundancy - PATCH_ONLY_ONCE.run do - begin - ::HTTP::Client.include(Instrumentation) - rescue StandardError => e - Datadog.logger.error("Unable to apply httprb integration: #{e}") - end - end + ::HTTP::Client.include(Instrumentation) end end end diff --git a/lib/datadog/tracing/contrib/lograge/patcher.rb b/lib/datadog/tracing/contrib/lograge/patcher.rb index 47227a1113c..0045c894930 100644 --- a/lib/datadog/tracing/contrib/lograge/patcher.rb +++ b/lib/datadog/tracing/contrib/lograge/patcher.rb @@ -24,8 +24,7 @@ def patch if defined?(::ActiveSupport::TaggedLogging::Formatter) && ::Lograge::LogSubscribers::ActionController .logger&.formatter.is_a?(::ActiveSupport::TaggedLogging::Formatter) - # TODO: Change to warn - Datadog.logger.error( + Datadog.logger.warn( 'Lograge and ActiveSupport::TaggedLogging (the default Rails log formatter) are not compatible: ' \ 'Lograge does not account for Rails log tags, creating polluted logs and breaking log formatting. ' \ 'Traces and Logs correlation may not work. ' \ diff --git a/lib/datadog/tracing/contrib/opensearch/patcher.rb b/lib/datadog/tracing/contrib/opensearch/patcher.rb index 9a157329369..1bb4134df85 100644 --- a/lib/datadog/tracing/contrib/opensearch/patcher.rb +++ b/lib/datadog/tracing/contrib/opensearch/patcher.rb @@ -81,7 +81,6 @@ def perform_request(method, path, params = {}, body = nil, headers = nil) span.resource = "#{method} #{quantized_url}" Contrib::SpanAttributeSchema.set_peer_service!(span, Ext::PEER_SERVICE_SOURCES) rescue StandardError => e - # TODO: Report Telemetry logs Datadog.logger.error(e.message) Datadog::Core::Telemetry::Logger.report(e) # TODO: Refactor the code to streamline the execution without ensure diff --git a/lib/datadog/tracing/contrib/patcher.rb b/lib/datadog/tracing/contrib/patcher.rb index 5dfbe854588..85156da3cef 100644 --- a/lib/datadog/tracing/contrib/patcher.rb +++ b/lib/datadog/tracing/contrib/patcher.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true require_relative '../../core/utils/only_once' +require_relative '../../core/telemetry/logger' module Datadog module Tracing @@ -49,9 +50,8 @@ def patch # Processes patching errors. This default implementation logs the error and reports relevant metrics. # @param e [Exception] def on_patch_error(e) - # Log the error - # TODO: Report Telemetry logs Datadog.logger.error("Failed to apply #{patch_name} patch. Cause: #{e} Location: #{Array(e.backtrace).first}") + Datadog::Core::Telemetry::Logger.report(e, description: "Failed to apply #{patch_name} patch") @patch_error_result = { type: e.class.name, diff --git a/lib/datadog/tracing/contrib/presto/patcher.rb b/lib/datadog/tracing/contrib/presto/patcher.rb index dbc328a6851..4070f05a248 100644 --- a/lib/datadog/tracing/contrib/presto/patcher.rb +++ b/lib/datadog/tracing/contrib/presto/patcher.rb @@ -13,23 +13,10 @@ module Presto module Patcher include Contrib::Patcher - PATCH_ONLY_ONCE = Core::Utils::OnlyOnce.new - module_function - def patched? - PATCH_ONLY_ONCE.ran? - end - def patch - # TODO: Refactor to remove redundancy - PATCH_ONLY_ONCE.run do - begin - ::Presto::Client::Client.include(Instrumentation::Client) - rescue StandardError => e - Datadog.logger.error("Unable to apply Presto integration: #{e}") - end - end + ::Presto::Client::Client.include(Instrumentation::Client) end end end diff --git a/lib/datadog/tracing/distributed/propagation.rb b/lib/datadog/tracing/distributed/propagation.rb index a5da4093eb8..9ab993eb56e 100644 --- a/lib/datadog/tracing/distributed/propagation.rb +++ b/lib/datadog/tracing/distributed/propagation.rb @@ -3,6 +3,7 @@ require_relative '../configuration/ext' require_relative '../trace_digest' require_relative '../trace_operation' +require_relative '../../core/telemetry/logger' module Datadog module Tracing @@ -69,10 +70,13 @@ def inject!(digest, data) result = true rescue => e result = nil - # TODO: Report Telemetry logs, capturing propagator name ::Datadog.logger.error( "Error injecting distributed trace data. Cause: #{e} Location: #{Array(e.backtrace).first}" ) + ::Datadog::Core::Telemetry::Logger.report( + e, + description: "Error injecting distributed trace data with #{propagator.class.name}" + ) end result diff --git a/lib/datadog/tracing/sampling/rate_sampler.rb b/lib/datadog/tracing/sampling/rate_sampler.rb index 844970100c2..ea581dd70fa 100644 --- a/lib/datadog/tracing/sampling/rate_sampler.rb +++ b/lib/datadog/tracing/sampling/rate_sampler.rb @@ -20,8 +20,7 @@ def initialize(sample_rate = 1.0, decision: nil) super() unless sample_rate >= 0.0 && sample_rate <= 1.0 - # TODO: Change to warning - Datadog.logger.error('sample rate is not between 0 and 1, falling back to 1') + Datadog.logger.warn('sample rate is not between 0 and 1, falling back to 1') sample_rate = 1.0 end diff --git a/lib/datadog/tracing/sampling/rule.rb b/lib/datadog/tracing/sampling/rule.rb index e5438329d99..6f458ba093f 100644 --- a/lib/datadog/tracing/sampling/rule.rb +++ b/lib/datadog/tracing/sampling/rule.rb @@ -2,6 +2,7 @@ require_relative 'matcher' require_relative 'rate_sampler' +require_relative '../../core/telemetry/logger' module Datadog module Tracing @@ -32,10 +33,10 @@ def initialize(matcher, sampler, provenance) def match?(trace) @matcher.match?(trace) rescue => e - # TODO: Report Telemetry logs Datadog.logger.error( "Matcher failed. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) + Datadog::Core::Telemetry::Logger.report(e, description: 'Matcher failed') nil end diff --git a/lib/datadog/tracing/sampling/rule_sampler.rb b/lib/datadog/tracing/sampling/rule_sampler.rb index 4eb0164dd88..398926233e3 100644 --- a/lib/datadog/tracing/sampling/rule_sampler.rb +++ b/lib/datadog/tracing/sampling/rule_sampler.rb @@ -3,6 +3,7 @@ require_relative 'ext' require_relative '../../core/rate_limiter' require_relative 'rule' +require_relative '../../core/telemetry/logger' module Datadog module Tracing @@ -80,10 +81,10 @@ def self.parse(rules, rate_limit, default_sample_rate) new(parsed_rules, rate_limit: rate_limit, default_sample_rate: default_sample_rate) rescue => e - # TODO: Change to warning - Datadog.logger.error do + Datadog.logger.warn do "Could not parse trace sampling rules '#{rules}': #{e.class.name} #{e.message} at #{Array(e.backtrace).first}" end + nil end @@ -138,10 +139,11 @@ def sample_trace(trace) trace.set_tag(Tracing::Metadata::Ext::Distributed::TAG_DECISION_MAKER, provenance) end rescue StandardError => e - # TODO: Report Telemetry logs Datadog.logger.error( "Rule sampling failed. Cause: #{e.class.name} #{e.message} Source: #{Array(e.backtrace).first}" ) + Datadog::Core::Telemetry::Logger.report(e, description: 'Rule sampling failed') + yield(trace) end diff --git a/lib/datadog/tracing/transport/http/client.rb b/lib/datadog/tracing/transport/http/client.rb index bb7f64d15c6..ab2c7191df8 100644 --- a/lib/datadog/tracing/transport/http/client.rb +++ b/lib/datadog/tracing/transport/http/client.rb @@ -38,7 +38,7 @@ def send_request(request, &block) if stats.consecutive_errors > 0 Datadog.logger.debug(message) else - # Not to report Telemetry logs + # Not to report telemetry logs Datadog.logger.error(message) end diff --git a/lib/datadog/tracing/transport/io/client.rb b/lib/datadog/tracing/transport/io/client.rb index f6fe0cf8aad..4288889ec76 100644 --- a/lib/datadog/tracing/transport/io/client.rb +++ b/lib/datadog/tracing/transport/io/client.rb @@ -49,7 +49,7 @@ def send_request(request) if stats.consecutive_errors > 0 Datadog.logger.debug(message) else - # Not to report Telemetry logs + # Not to report telemetry logs Datadog.logger.error(message) end diff --git a/lib/datadog/tracing/workers.rb b/lib/datadog/tracing/workers.rb index 5838a055471..030986a2204 100644 --- a/lib/datadog/tracing/workers.rb +++ b/lib/datadog/tracing/workers.rb @@ -56,9 +56,7 @@ def callback_traces # ensures that the thread will not die because of an exception. # TODO[manu]: findout the reason and reschedule the send if it's not # a fatal exception - # - # TODO: Change to warning. - Datadog.logger.error( + Datadog.logger.warn( "Error during traces flush: dropped #{traces.length} items. Cause: #{e} Location: #{Array(e.backtrace).first}" ) end diff --git a/lib/datadog/tracing/workers/trace_writer.rb b/lib/datadog/tracing/workers/trace_writer.rb index b2a717d42d6..bbb04ff219a 100644 --- a/lib/datadog/tracing/workers/trace_writer.rb +++ b/lib/datadog/tracing/workers/trace_writer.rb @@ -43,8 +43,7 @@ def write_traces(traces) traces = process_traces(traces) flush_traces(traces) rescue StandardError => e - # TODO: Change to warning. - Datadog.logger.error( + Datadog.logger.warn( "Error while writing traces: dropped #{traces.length} items. Cause: #{e} Location: #{Array(e.backtrace).first}" ) end diff --git a/spec/datadog/core/metrics/client_spec.rb b/spec/datadog/core/metrics/client_spec.rb index 5f6fb218b2c..91af802a322 100644 --- a/spec/datadog/core/metrics/client_spec.rb +++ b/spec/datadog/core/metrics/client_spec.rb @@ -13,9 +13,16 @@ it { is_expected.to have_attributes(statsd: statsd) } - shared_examples_for 'missing value arg' do - it 'logs an error without raising' do - expect(Datadog.logger).to receive(:error) + shared_examples_for 'logs an error without raising' do |action| + it do + expect(Datadog.logger).to receive(:error).with( + /Failed to send #{action} stat/ + ) + expect(Datadog::Core::Telemetry::Logger).to receive(:report).with( + a_kind_of(StandardError), + description: "Failed to send #{action} stat" + ) + expect { subject }.to_not raise_error end end @@ -383,7 +390,7 @@ context 'that does not yield args' do subject(:count) { metrics.count(stat) {} } - it_behaves_like 'missing value arg' + it_behaves_like 'logs an error without raising', 'count' end context 'that yields args' do @@ -433,12 +440,9 @@ end context 'which raises an error' do - before do - expect(statsd).to receive(:count).and_raise(StandardError) - expect(Datadog.logger).to receive(:error) - end + before { allow(statsd).to receive(:count).and_raise(StandardError) } - it { expect { count }.to_not raise_error } + it_behaves_like 'logs an error without raising', 'count' end end end @@ -464,7 +468,7 @@ context 'that does not yield args' do subject(:distribution) { metrics.distribution(stat) {} } - it_behaves_like 'missing value arg' + it_behaves_like 'logs an error without raising', 'distribution' end context 'that yields args' do @@ -514,12 +518,9 @@ end context 'which raises an error' do - before do - expect(statsd).to receive(:distribution).and_raise(StandardError) - expect(Datadog.logger).to receive(:error) - end + before { allow(statsd).to receive(:distribution).and_raise(StandardError) } - it { expect { distribution }.to_not raise_error } + it_behaves_like 'logs an error without raising', 'distribution' end end end @@ -545,7 +546,7 @@ context 'that does not yield args' do subject(:gauge) { metrics.gauge(stat) {} } - it_behaves_like 'missing value arg' + it_behaves_like 'logs an error without raising', 'gauge' end context 'that yields args' do @@ -595,12 +596,9 @@ end context 'which raises an error' do - before do - expect(statsd).to receive(:gauge).and_raise(StandardError) - expect(Datadog.logger).to receive(:error) - end + before { allow(statsd).to receive(:gauge).and_raise(StandardError) } - it { expect { gauge }.to_not raise_error } + it_behaves_like 'logs an error without raising', 'gauge' end end end @@ -622,6 +620,12 @@ context 'when #statsd is a Datadog::Statsd' do context 'and given a block' do + context 'when raise exception' do + subject(:increment) { metrics.increment(stat) { raise } } + + it_behaves_like 'logs an error without raising', 'increment' + end + context 'that yields args' do subject(:increment) { metrics.increment(stat) { stat_options } } @@ -676,12 +680,9 @@ end context 'which raises an error' do - before do - expect(statsd).to receive(:increment).and_raise(StandardError) - expect(Datadog.logger).to receive(:error) - end + before { allow(statsd).to receive(:increment).and_raise(StandardError) } - it { expect { increment }.to_not raise_error } + it_behaves_like 'logs an error without raising', 'increment' end end end @@ -711,7 +712,10 @@ let(:error) { RuntimeError.new } # Expect the given block to raise its errors through - it { expect { time }.to raise_error(error) } + it do + expect(Datadog.logger).not_to receive(:error) + expect { time }.to raise_error(error) + end end end diff --git a/spec/datadog/core/remote/negotiation_spec.rb b/spec/datadog/core/remote/negotiation_spec.rb index e34a0af2d59..71770a6ce51 100644 --- a/spec/datadog/core/remote/negotiation_spec.rb +++ b/spec/datadog/core/remote/negotiation_spec.rb @@ -50,13 +50,13 @@ end it do - expect(Datadog.logger).to_not receive(:error) + expect(Datadog.logger).to_not receive(:warn) expect(endpoint?).to be true end it do - expect(Datadog.logger).to receive(:error).and_return(nil) + expect(Datadog.logger).to receive(:warn) expect(negotiation.endpoint?('/bar')).to be false end @@ -65,7 +65,7 @@ let(:suppress_logging) { { no_config_endpoint: true } } it 'does not log an error' do - expect(Datadog.logger).to_not receive(:error) + expect(Datadog.logger).to_not receive(:warn) expect(negotiation.endpoint?('/bar')).to be false end @@ -77,7 +77,7 @@ let(:response_body) { '404 page not found' } before do - expect(Datadog.logger).to receive(:error).and_return(nil) + expect(Datadog.logger).to receive(:warn) end it { expect(endpoint?).to be false } @@ -95,7 +95,7 @@ let(:response_body) { '400 bad request' } before do - expect(Datadog.logger).to receive(:error).and_return(nil) + expect(Datadog.logger).to receive(:warn) end it { expect(endpoint?).to be false } @@ -113,7 +113,7 @@ let(:response_body) { '500 internal server error' } before do - expect(Datadog.logger).to receive(:error).and_return(nil) + expect(Datadog.logger).to receive(:warn) end it { expect(endpoint?).to be false } @@ -133,7 +133,7 @@ end before do - expect(Datadog.logger).to receive(:error).and_return(nil) + expect(Datadog.logger).to receive(:warn) end it { expect(endpoint?).to be false } @@ -150,7 +150,7 @@ let(:request_exception) { Errno::ECONNREFUSED.new } before do - expect(Datadog.logger).to receive(:error).and_return(nil) + expect(Datadog.logger).to receive(:warn) end it { expect(endpoint?).to be false } diff --git a/spec/datadog/core/runtime/metrics_spec.rb b/spec/datadog/core/runtime/metrics_spec.rb index 13488814f9b..f3480969ef4 100644 --- a/spec/datadog/core/runtime/metrics_spec.rb +++ b/spec/datadog/core/runtime/metrics_spec.rb @@ -98,7 +98,7 @@ end context 'when an error is thrown' do - before { allow(Datadog.logger).to receive(:error) } + before { allow(Datadog.logger).to receive(:warn) } it do allow(metric).to receive(:available?) @@ -106,7 +106,7 @@ flush - expect(Datadog.logger).to have_received(:error) + expect(Datadog.logger).to have_received(:warn) .with(/Error while sending runtime metric./) .at_least(:once) end diff --git a/spec/datadog/tracing/sampling/rate_sampler_spec.rb b/spec/datadog/tracing/sampling/rate_sampler_spec.rb index 5c26c02b47f..993efb1d0b4 100644 --- a/spec/datadog/tracing/sampling/rate_sampler_spec.rb +++ b/spec/datadog/tracing/sampling/rate_sampler_spec.rb @@ -22,6 +22,12 @@ it_behaves_like 'sampler with sample rate', 1.0 do let(:trace) { nil } end + + it do + expect(Datadog.logger).to receive(:warn).with('sample rate is not between 0 and 1, falling back to 1') + + sampler + end end context 'that is 0' do @@ -46,6 +52,12 @@ let(:sample_rate) { 1.5 } it_behaves_like 'sampler with sample rate', 1.0 + + it do + expect(Datadog.logger).to receive(:warn).with('sample rate is not between 0 and 1, falling back to 1') + + sampler + end end end end diff --git a/spec/datadog/tracing/sampling/rule_sampler_spec.rb b/spec/datadog/tracing/sampling/rule_sampler_spec.rb index 43c2ea25d22..e63e2e9d6ca 100644 --- a/spec/datadog/tracing/sampling/rule_sampler_spec.rb +++ b/spec/datadog/tracing/sampling/rule_sampler_spec.rb @@ -173,7 +173,7 @@ let(:rule) { { sample_rate: 'oops' } } it 'does not accept rule with a non-float sample_rate' do - expect(Datadog.logger).to receive(:error) + expect(Datadog.logger).to receive(:warn) is_expected.to be_nil end end @@ -182,7 +182,7 @@ let(:rule) { { name: 'test' } } it 'does not accept rule missing the mandatory sample_rate' do - expect(Datadog.logger).to receive(:error) + expect(Datadog.logger).to receive(:warn) is_expected.to be_nil end @@ -190,7 +190,7 @@ let(:rules) { [{ sample_rate: 0.1 }, { name: 'test' }] } it 'rejects all rules if one is missing the mandatory sample_rate' do - expect(Datadog.logger).to receive(:error) + expect(Datadog.logger).to receive(:warn) is_expected.to be_nil end end @@ -200,7 +200,7 @@ let(:rules) { 'not a json array' } it 'returns nil in case of parsing error' do - expect(Datadog.logger).to receive(:error) + expect(Datadog.logger).to receive(:warn) is_expected.to be_nil end end diff --git a/spec/datadog/tracing/sampling/rule_spec.rb b/spec/datadog/tracing/sampling/rule_spec.rb index 6451c32e51d..305eb4a41ac 100644 --- a/spec/datadog/tracing/sampling/rule_spec.rb +++ b/spec/datadog/tracing/sampling/rule_spec.rb @@ -53,6 +53,8 @@ expect(Datadog.logger).to receive(:error) .with(a_string_including("Matcher failed. Cause: #{error}")) + expect(Datadog::Core::Telemetry::Logger).to receive(:report) + .with(error, description: 'Matcher failed') end it { is_expected.to be nil } From d27c71ecd7b962f14957ace66ba43b78ba7969c6 Mon Sep 17 00:00:00 2001 From: William Conti Date: Mon, 16 Sep 2024 14:46:04 -0400 Subject: [PATCH 4/8] initial commit --- .github/workflows/system-tests.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index fe9c6c37571..125e50c65fc 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -188,6 +188,22 @@ jobs: - APPSEC_BLOCKING_FULL_DENYLIST - APPSEC_REQUEST_BLOCKING include: + - library: ruby + app: rack + scenario: INTEGRATIONS + env: + AWS_ACCESS_KEY_ID: ${{ secrets.IDM_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.IDM_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-east-1 + AWS_DEFAULT_REGION: us-east-1 # AWS services should use `AWS_REGION`, but some still use the older `AWS_DEFAULT_REGION` + - library: ruby + app: rack + scenario: CROSSED_TRACING_LIBRARIES + env: + AWS_ACCESS_KEY_ID: ${{ secrets.IDM_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.IDM_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-east-1 + AWS_DEFAULT_REGION: us-east-1 # AWS services should use `AWS_REGION`, but some still use the older `AWS_DEFAULT_REGION` - library: ruby app: rack scenario: REMOTE_CONFIG_MOCKED_BACKEND_ASM_DD From aea6cd817ce268c785eced88e3ffc20a5745de0d Mon Sep 17 00:00:00 2001 From: William Conti Date: Mon, 16 Sep 2024 14:52:37 -0400 Subject: [PATCH 5/8] use test branch --- .github/workflows/system-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index 125e50c65fc..60bbf9a9672 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -11,7 +11,7 @@ on: env: REGISTRY: ghcr.io REPO: ghcr.io/datadog/dd-trace-rb - ST_REF: main + ST_REF: conti/fix-php-errors # delete later FORCE_TESTS: -F tests/appsec/waf/test_addresses.py::Test_GraphQL -F tests/appsec/test_blocking_addresses.py::Test_BlockingGraphqlResolvers FORCE_TESTS_SCENARIO: GRAPHQL_APPSEC From 23692506bb9291c49f226ced987d19003477f68f Mon Sep 17 00:00:00 2001 From: William Conti Date: Mon, 16 Sep 2024 15:51:53 -0400 Subject: [PATCH 6/8] re run --- .github/workflows/system-tests.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index 60bbf9a9672..1288048abe2 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -192,16 +192,16 @@ jobs: app: rack scenario: INTEGRATIONS env: - AWS_ACCESS_KEY_ID: ${{ secrets.IDM_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.IDM_AWS_SECRET_ACCESS_KEY }} + AWS_ACCESS_KEY_ID: ${{ secrets.SYSTEM_TESTS_IDM_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.SYSTEM_TESTS_IDM_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-east-1 AWS_DEFAULT_REGION: us-east-1 # AWS services should use `AWS_REGION`, but some still use the older `AWS_DEFAULT_REGION` - library: ruby app: rack scenario: CROSSED_TRACING_LIBRARIES env: - AWS_ACCESS_KEY_ID: ${{ secrets.IDM_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.IDM_AWS_SECRET_ACCESS_KEY }} + AWS_ACCESS_KEY_ID: ${{ secrets.SYSTEM_TESTS_IDM_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.SYSTEM_TESTS_IDM_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-east-1 AWS_DEFAULT_REGION: us-east-1 # AWS services should use `AWS_REGION`, but some still use the older `AWS_DEFAULT_REGION` - library: ruby From 1286bfb58a13a818dfcc97afdbee618e354bfe7f Mon Sep 17 00:00:00 2001 From: William Conti Date: Mon, 16 Sep 2024 15:54:35 -0400 Subject: [PATCH 7/8] fix again --- .github/workflows/system-tests.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index 1288048abe2..d9d974721b6 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -191,19 +191,9 @@ jobs: - library: ruby app: rack scenario: INTEGRATIONS - env: - AWS_ACCESS_KEY_ID: ${{ secrets.SYSTEM_TESTS_IDM_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.SYSTEM_TESTS_IDM_AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-east-1 - AWS_DEFAULT_REGION: us-east-1 # AWS services should use `AWS_REGION`, but some still use the older `AWS_DEFAULT_REGION` - library: ruby app: rack scenario: CROSSED_TRACING_LIBRARIES - env: - AWS_ACCESS_KEY_ID: ${{ secrets.SYSTEM_TESTS_IDM_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.SYSTEM_TESTS_IDM_AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-east-1 - AWS_DEFAULT_REGION: us-east-1 # AWS services should use `AWS_REGION`, but some still use the older `AWS_DEFAULT_REGION` - library: ruby app: rack scenario: REMOTE_CONFIG_MOCKED_BACKEND_ASM_DD @@ -300,6 +290,10 @@ jobs: ./run.sh ++docker ${{ matrix.scenario }} ${{matrix.scenario == env.FORCE_TESTS_SCENARIO && env.FORCE_TESTS || ''}} env: DD_API_KEY: ${{ secrets.DD_APPSEC_SYSTEM_TESTS_API_KEY }} + AWS_ACCESS_KEY_ID: ${{ secrets.SYSTEM_TESTS_IDM_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.SYSTEM_TESTS_IDM_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: us-east-1 + AWS_DEFAULT_REGION: us-east-1 # AWS services should use `AWS_REGION`, but some still use the older `AWS_DEFAULT_REGION` - name: Archive logs uses: actions/upload-artifact@v4 if: ${{ always() }} From 8e76cd7fa752e41723eee5c275350d4e6835ead3 Mon Sep 17 00:00:00 2001 From: William Conti <58711692+wconti27@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:20:13 -0400 Subject: [PATCH 8/8] Update .github/workflows/system-tests.yml --- .github/workflows/system-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index d9d974721b6..5a58e401e51 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -11,7 +11,7 @@ on: env: REGISTRY: ghcr.io REPO: ghcr.io/datadog/dd-trace-rb - ST_REF: conti/fix-php-errors # delete later + ST_REF: main FORCE_TESTS: -F tests/appsec/waf/test_addresses.py::Test_GraphQL -F tests/appsec/test_blocking_addresses.py::Test_BlockingGraphqlResolvers FORCE_TESTS_SCENARIO: GRAPHQL_APPSEC