diff --git a/appsec/src/extension/configuration.c b/appsec/src/extension/configuration.c index 50704b7b19..0994360dc7 100644 --- a/appsec/src/extension/configuration.c +++ b/appsec/src/extension/configuration.c @@ -91,6 +91,48 @@ static bool _parse_uint64( return _parse_uint(value, decoded_value, LONG_MAX); } +static bool _parse_list( + zai_str value, zval *nonnull decoded_value, bool persistent) +{ + zval tmp; + ZVAL_ARR(&tmp, pemalloc(sizeof(HashTable), persistent)); // NOLINT + zend_hash_init(Z_ARRVAL(tmp), 8, NULL, + persistent ? ZVAL_INTERNAL_PTR_DTOR : ZVAL_PTR_DTOR, persistent); + + char *data = (char *)value.ptr; + if (data && *data) { // non-empty + const char *val_start; + const char *val_end; + do { + if (*data != ',' && *data != ' ' && *data != '\t' && + *data != '\n') { + val_start = val_end = data; + while (*++data && *data != ',') { + if (*data != ' ' && *data != '\t' && *data != '\n') { + val_end = data; + } + } + size_t val_len = val_end - val_start + 1; + zval val; + ZVAL_NEW_STR( + &val, zend_string_init(val_start, val_len, persistent)); + zend_hash_next_index_insert_new(Z_ARRVAL(tmp), &val); + } else { + ++data; + } + } while (*data); + + if (zend_hash_num_elements(Z_ARRVAL(tmp)) == 0) { + zend_hash_destroy(Z_ARRVAL(tmp)); + pefree(Z_ARRVAL(tmp), persistent); + return false; + } + } + + ZVAL_COPY_VALUE(decoded_value, &tmp); + return true; +} + #define CUSTOM(...) CUSTOM // NOLINTNEXTLINE(bugprone-macro-parentheses) #define CALIAS_EXPAND(name) {.ptr = name, .len = sizeof(name) - 1}, diff --git a/appsec/src/extension/configuration.h b/appsec/src/extension/configuration.h index dc566add01..0794b8761d 100644 --- a/appsec/src/extension/configuration.h +++ b/appsec/src/extension/configuration.h @@ -26,11 +26,11 @@ extern bool runtime_config_first_init; #define DEFAULT_OBFUSCATOR_VALUE_REGEX \ "(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\\.net(?:[_-]|-)sessionid|sid|jwt)(?:\\s*=([^;&]+)|\"\\s*:\\s*(\"[^\"]+\"|\\d+))|bearer\\s+([a-z0-9\\._\\-]+)|token\\s*:\\s*([a-z0-9]{13})|gh[opsu]_([0-9a-zA-Z]{36})|ey[I-L][\\w=-]+\\.(ey[I-L][\\w=-]+(?:\\.[\\w.+\\/=-]+)?)|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}([^\\-]+)[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*([a-z0-9\\/\\.+]{100,})" -#define DD_BASE(path) "/opt/datadog-php/" path +#define DD_BASE(path) "/opt/datadog-php/" // clang-format off #define DD_CONFIGURATION_GENERAL \ - CONFIG(BOOL, DD_APPSEC_ENABLED, "false", .ini_change = zai_config_system_ini_change) \ + CONFIG(BOOL, DD_APPSEC_ENABLED, "false", .ini_change = zai_config_system_ini_change) \ SYSCFG(BOOL, DD_APPSEC_CLI_START_ON_RINIT, "false") \ SYSCFG(STRING, DD_APPSEC_RULES, "") \ SYSCFG(CUSTOM(uint64_t), DD_APPSEC_WAF_TIMEOUT, "10000", .parser = _parse_uint64) \ @@ -44,6 +44,7 @@ extern bool runtime_config_first_init; SYSCFG(BOOL, DD_APPSEC_TESTING_HELPER_METRICS, "false") \ CONFIG(CUSTOM(INT), DD_APPSEC_LOG_LEVEL, "warn", .parser = dd_parse_log_level) \ SYSCFG(STRING, DD_APPSEC_LOG_FILE, "php_error_reporting") \ + SYSCFG(BOOL, DD_APPSEC_HELPER_LAUNCH, "true") \ CONFIG(STRING, DD_APPSEC_HELPER_PATH, DD_BASE("bin/libddappsec-helper.so")) \ SYSCFG(BOOL, DD_APPSEC_STACK_TRACE_ENABLED, "true") \ SYSCFG(BOOL, DD_APPSEC_RASP_ENABLED , "true") \ @@ -51,23 +52,25 @@ extern bool runtime_config_first_init; SYSCFG(INT, DD_APPSEC_MAX_STACK_TRACES, "2") \ SYSCFG(STRING, DD_APPSEC_HELPER_LOG_FILE, "/dev/null") \ SYSCFG(STRING, DD_APPSEC_HELPER_LOG_LEVEL, "info") \ + CONFIG(CUSTOM(SET), DD_EXTRA_SERVICES, "", .parser = _parse_list) \ CONFIG(STRING, DD_SERVICE, "") \ CONFIG(STRING, DD_ENV, "") \ CONFIG(STRING, DD_VERSION, "") \ CONFIG(BOOL, DD_REMOTE_CONFIG_ENABLED, "true") \ - CONFIG(STRING, DD_AGENT_HOST, "localhost") \ + CONFIG(CUSTOM(uint32_t), DD_REMOTE_CONFIG_POLL_INTERVAL, "1000", .parser = _parse_uint32) \ + CONFIG(STRING, DD_AGENT_HOST, "") \ CONFIG(INT, DD_TRACE_AGENT_PORT, "0") \ CONFIG(INT, DD_APPSEC_MAX_BODY_BUFF_SIZE, "524288") \ CONFIG(STRING, DD_TRACE_AGENT_URL, "") \ CONFIG(BOOL, DD_TRACE_ENABLED, "true") \ - CALIAS(CUSTOM(STRING), DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE, "ident", \ - CALIASES("DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING"), .parser = dd_parse_user_collection_mode) \ + CALIAS(CUSTOM(STRING), DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE, "ident", \ + CALIASES("DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING"), .parser = dd_parse_user_collection_mode) \ CONFIG(BOOL, DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED, "true") \ CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "") \ CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "") \ CONFIG(BOOL, DD_APM_TRACING_ENABLED, "true") \ CONFIG(BOOL, DD_API_SECURITY_ENABLED, "true", .ini_change = zai_config_system_ini_change) \ - CONFIG(DOUBLE, DD_API_SECURITY_SAMPLE_DELAY, "30", .ini_change = zai_config_system_ini_change) + CONFIG(DOUBLE, DD_API_SECURITY_SAMPLE_DELAY, "30.0", .ini_change = zai_config_system_ini_change) #ifdef __linux__ #define DD_CONFIGURATION \ diff --git a/ext/auto_flush.c b/ext/auto_flush.c index 0da8f6864c..bed41fdfe1 100644 --- a/ext/auto_flush.c +++ b/ext/auto_flush.c @@ -141,7 +141,7 @@ char *ddtrace_agent_url(void) { return zend_strndup(ZSTR_VAL(hostname), ZSTR_LEN(hostname)); } - if (ZSTR_LEN(hostname) > 0 && zai_config_memoized_entries[DDTRACE_CONFIG_DD_AGENT_HOST].name_index != ZAI_CONFIG_ORIGIN_DEFAULT) { + if (ZSTR_LEN(hostname) > 0) { bool isIPv6 = memchr(ZSTR_VAL(hostname), ':', ZSTR_LEN(hostname)); int64_t port = get_global_DD_TRACE_AGENT_PORT(); diff --git a/ext/configuration.h b/ext/configuration.h index 97b9787560..8984674f68 100644 --- a/ext/configuration.h +++ b/ext/configuration.h @@ -51,7 +51,7 @@ enum ddtrace_sampling_rules_format { #define DD_TRACE_AGENT_FLUSH_INTERVAL_VAL 1001 #define DD_INTEGRATION_ANALYTICS_ENABLED_DEFAULT false -#define DD_INTEGRATION_ANALYTICS_SAMPLE_RATE_DEFAULT 1.0 +#define DD_INTEGRATION_ANALYTICS_SAMPLE_RATE_DEFAULT 1 #if PHP_VERSION_ID >= 80300 || defined(_WIN32) #define DD_SIDECAR_TRACE_SENDER_DEFAULT true @@ -100,12 +100,12 @@ enum ddtrace_sampling_rules_format { CONFIG(STRING, DD_TRACE_SOURCES_PATH, DD_DEFAULT_SOURCES_PATH, .ini_change = zai_config_system_ini_change) \ CONFIG(BOOL, DD_AUTOLOAD_NO_COMPILE, "false", .ini_change = zai_config_system_ini_change) \ CONFIG(STRING, DD_TRACE_AGENT_URL, "", .ini_change = zai_config_system_ini_change) \ - CONFIG(STRING, DD_AGENT_HOST, "localhost", .ini_change = zai_config_system_ini_change) \ - CONFIG(STRING, DD_DOGSTATSD_URL, "http://localhost:8125") \ - CONFIG(STRING, DD_DOGSTATSD_HOST, "localhost") \ + CONFIG(STRING, DD_AGENT_HOST, "", .ini_change = zai_config_system_ini_change) \ + CONFIG(STRING, DD_DOGSTATSD_URL, "") \ + CONFIG(STRING, DD_DOGSTATSD_HOST, "") \ CONFIG(STRING, DD_API_KEY, "", .ini_change = zai_config_system_ini_change) \ CONFIG(BOOL, DD_DISTRIBUTED_TRACING, "true") \ - CONFIG(INT, DD_DOGSTATSD_PORT, "8125") \ + CONFIG(STRING, DD_DOGSTATSD_PORT, "8125") \ CONFIG(STRING, DD_ENV, "", .ini_change = ddtrace_alter_dd_env, \ .env_config_fallback = ddtrace_conf_otel_resource_attributes_env) \ CONFIG(BOOL, DD_AUTOFINISH_SPANS, "false") \ @@ -114,10 +114,10 @@ enum ddtrace_sampling_rules_format { CONFIG(STRING, DD_SERVICE, "", .ini_change = ddtrace_alter_dd_service, \ .env_config_fallback = ddtrace_conf_otel_service_name) \ CONFIG(MAP, DD_SERVICE_MAPPING, "") \ - CONFIG(CUSTOM(MAP), DD_TAGS, "", \ + CONFIG(CUSTOM(MAP), DD_TAGS, "", \ .env_config_fallback = ddtrace_conf_otel_resource_attributes_tags, \ - .parser = dd_parse_tags) \ - CONFIG(INT, DD_TRACE_AGENT_PORT, "8126", .ini_change = zai_config_system_ini_change) \ + .parser = dd_parse_tags) \ + CONFIG(INT, DD_TRACE_AGENT_PORT, "0", .ini_change = zai_config_system_ini_change) \ CONFIG(BOOL, DD_TRACE_ANALYTICS_ENABLED, "false") \ CONFIG(BOOL, DD_TRACE_APPEND_TRACE_IDS_TO_LOGS, "false") \ CONFIG(BOOL, DD_TRACE_AUTO_FLUSH_ENABLED, "false") /* true in CLI */ \ @@ -177,7 +177,7 @@ enum ddtrace_sampling_rules_format { CONFIG(SET_LOWERCASE, DD_TRACE_PROPAGATION_STYLE_INJECT, "datadog,tracecontext,baggage") \ CONFIG(SET_LOWERCASE, DD_TRACE_PROPAGATION_STYLE, "datadog,tracecontext,baggage", \ .env_config_fallback = ddtrace_conf_otel_propagators) \ - CONFIG(SET, DD_TRACE_BAGGAGE_TAG_KEYS, "user.id, session.id, account.id") \ + CONFIG(SET, DD_TRACE_BAGGAGE_TAG_KEYS, "user.id,session.id,account.id") \ CONFIG(BOOL, DD_TRACE_IGNORE_AGENT_SAMPLING_RATES, "false", .ini_change = zai_config_system_ini_change) \ CONFIG(SET, DD_TRACE_TRACED_INTERNAL_FUNCTIONS, "") \ CONFIG(INT, DD_TRACE_AGENT_TIMEOUT, DD_CFG_EXPSTR(DD_TRACE_AGENT_TIMEOUT_VAL), \ @@ -190,7 +190,7 @@ enum ddtrace_sampling_rules_format { CONFIG(BOOL, DD_TRACE_GENERATE_ROOT_SPAN, "true", .ini_change = ddtrace_span_alter_root_span_config) \ CONFIG(INT, DD_TRACE_SPANS_LIMIT, "1000") \ CONFIG(BOOL, DD_TRACE_128_BIT_TRACEID_GENERATION_ENABLED, "true") \ - CONFIG(BOOL, DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED, "true") \ + CONFIG(BOOL, DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED, "true") \ CONFIG(INT, DD_TRACE_BGS_CONNECT_TIMEOUT, DD_CFG_EXPSTR(DD_TRACE_BGS_CONNECT_TIMEOUT_VAL), \ .ini_change = zai_config_system_ini_change) \ CONFIG(INT, DD_TRACE_BGS_TIMEOUT, DD_CFG_EXPSTR(DD_TRACE_BGS_TIMEOUT_VAL), \ @@ -248,8 +248,8 @@ enum ddtrace_sampling_rules_format { CONFIG(BOOL, DD_TRACE_WEBSOCKET_MESSAGES_INHERIT_SAMPLING, "true") \ CONFIG(BOOL, DD_TRACE_WEBSOCKET_MESSAGES_SEPARATE_TRACES, "true") \ CONFIG(BOOL, DD_INJECT_FORCE, "false", .ini_change = zai_config_system_ini_change) \ - CONFIG(DOUBLE, DD_REMOTE_CONFIG_POLL_INTERVAL_SECONDS, "5.0", .ini_change = zai_config_system_ini_change) \ - CONFIG(BOOL, DD_REMOTE_CONFIG_ENABLED, "true", .ini_change = zai_config_system_ini_change) \ + CONFIG(DOUBLE, DD_REMOTE_CONFIG_POLL_INTERVAL_SECONDS, "5", .ini_change = zai_config_system_ini_change) \ + CONFIG(BOOL, DD_REMOTE_CONFIG_ENABLED, "true", .ini_change = zai_config_system_ini_change) \ CONFIG(BOOL, DD_DYNAMIC_INSTRUMENTATION_ENABLED, "false", .ini_change = ddtrace_alter_dynamic_instrumentation_config) \ CONFIG(SET, DD_DYNAMIC_INSTRUMENTATION_REDACTED_IDENTIFIERS, "", .ini_change = zai_config_system_ini_change) \ CONFIG(BOOL, DD_APM_TRACING_ENABLED, "true") \ @@ -257,7 +257,7 @@ enum ddtrace_sampling_rules_format { CONFIG(INT, DD_TRACE_BAGGAGE_MAX_ITEMS, "64") \ CONFIG(INT, DD_TRACE_BAGGAGE_MAX_BYTES, "8192") \ CONFIG(BOOL, DD_TRACE_INFERRED_PROXY_SERVICES_ENABLED, "false") \ - CONFIG(SET, DD_TRACE_HTTP_CLIENT_ERROR_STATUSES, "400-499", .ini_change = zai_config_system_ini_change) \ + CONFIG(SET, DD_TRACE_HTTP_CLIENT_ERROR_STATUSES, "500-599", .ini_change = zai_config_system_ini_change) \ CONFIG(SET, DD_TRACE_HTTP_SERVER_ERROR_STATUSES, "500-599", .ini_change = zai_config_system_ini_change) \ CONFIG(BOOL, DD_CODE_ORIGIN_FOR_SPANS_ENABLED, "true", .ini_change = ddtrace_alter_DD_CODE_ORIGIN_FOR_SPANS_ENABLED) \ CONFIG(INT, DD_CODE_ORIGIN_MAX_USER_FRAMES, "8") \ diff --git a/ext/dogstatsd.c b/ext/dogstatsd.c index 5a00903926..2560214f24 100644 --- a/ext/dogstatsd.c +++ b/ext/dogstatsd.c @@ -9,17 +9,13 @@ ZEND_EXTERN_MODULE_GLOBALS(ddtrace); char *ddtrace_dogstatsd_url(void) { zend_string *url = get_DD_DOGSTATSD_URL(); - if (ZSTR_LEN(url) > 0 && zai_config_memoized_entries[DDTRACE_CONFIG_DD_DOGSTATSD_URL].name_index != ZAI_CONFIG_ORIGIN_DEFAULT) { + if (ZSTR_LEN(url) > 0) { return zend_strndup(ZSTR_VAL(url), ZSTR_LEN(url) + 1); } zend_string *hostname = get_DD_DOGSTATSD_HOST(); - if (ZSTR_LEN(hostname) == 0 || zai_config_memoized_entries[DDTRACE_CONFIG_DD_DOGSTATSD_HOST].name_index == ZAI_CONFIG_ORIGIN_DEFAULT) { - if (zai_config_memoized_entries[DDTRACE_CONFIG_DD_AGENT_HOST].name_index == ZAI_CONFIG_ORIGIN_DEFAULT) { - hostname = ZSTR_EMPTY_ALLOC(); - } else { - hostname = get_global_DD_AGENT_HOST(); - } + if (ZSTR_LEN(hostname) == 0) { + hostname = get_global_DD_AGENT_HOST(); } if (ZSTR_LEN(hostname) > 7 && strncmp(ZSTR_VAL(hostname), "unix://", 7) == 0) { @@ -29,7 +25,7 @@ char *ddtrace_dogstatsd_url(void) { if (ZSTR_LEN(hostname) > 0) { bool isIPv6 = memchr(ZSTR_VAL(hostname), ':', ZSTR_LEN(hostname)); - int port = get_DD_DOGSTATSD_PORT(); + int port = atoi(ZSTR_VAL(get_DD_DOGSTATSD_PORT())); if (port <= 0 || port > 65535) { port = 8125; } @@ -43,7 +39,7 @@ char *ddtrace_dogstatsd_url(void) { } int64_t port = get_global_DD_TRACE_AGENT_PORT(); - if (port <= 0 || port > 65535 || zai_config_memoized_entries[DDTRACE_CONFIG_DD_TRACE_AGENT_PORT].name_index == ZAI_CONFIG_ORIGIN_DEFAULT) { + if (port <= 0 || port > 65535) { port = 8125; } char *formatted_url;