NameError: uninitialized constant Rack::Request

[orien]

There is an incompatibility with non-Rack projects that make use of the rack/utils library.

In this scenario, the Rack module is loaded/defined, but Rack::Request is not.

dd-trace-rb/lib/datadog/appsec/contrib/rack/gateway/request.rb

Line 39 in 25686d4

if defined?(::Rack) && ::Rack::Request.instance_methods.include?(:each_header)

Current behaviour
Error raised (NameError: uninitialized constant Rack::Request)

Expected behaviour

Error should not be raised.

Steps to reproduce

Run this script:

#!/usr/bin/env ruby

require 'bundler/inline'

gemfile do
  source 'https://rubygems.org'
  gem 'rack', require: 'rack/utils'
  gem 'ddtrace', '1.10.1', require: 'ddtrace/auto_instrument'
end

See error:

/ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/gateway/request.rb:39:in `<class:Request>': uninitialized constant Rack::Request (NameError)

            if defined?(::Rack) && ::Rack::Request.instance_methods.include?(:each_header)
                                         ^^^^^^^^^
Did you mean?  Rack::REQUEST_PATH
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/gateway/request.rb:13:in `<module:Gateway>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/gateway/request.rb:11:in `<module:Rack>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/gateway/request.rb:10:in `<module:Contrib>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/gateway/request.rb:9:in `<module:AppSec>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/gateway/request.rb:8:in `<module:Datadog>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/gateway/request.rb:7:in `<top (required)>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/request_middleware.rb:3:in `require_relative'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/request_middleware.rb:3:in `<top (required)>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/integration.rb:5:in `require_relative'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec/contrib/rack/integration.rb:5:in `<top (required)>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec.rb:37:in `require_relative'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/datadog/appsec.rb:37:in `<top (required)>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/ddtrace.rb:7:in `require_relative'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/ddtrace.rb:7:in `<top (required)>'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/ddtrace/auto_instrument.rb:4:in `require_relative'
	from /ruby/3.2.1/lib/ruby/gems/3.2.0/gems/ddtrace-1.10.1/lib/ddtrace/auto_instrument.rb:4:in `<top (required)>'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/runtime.rb:60:in `require'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/runtime.rb:60:in `block (2 levels) in require'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/runtime.rb:55:in `each'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/runtime.rb:55:in `block in require'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/runtime.rb:44:in `each'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/runtime.rb:44:in `require'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/inline.rb:66:in `block (2 levels) in gemfile'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/settings.rb:131:in `temporary'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/inline.rb:51:in `block in gemfile'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler.rb:420:in `block in with_unbundled_env'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler.rb:666:in `with_env'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler.rb:420:in `with_unbundled_env'
	from /ruby/3.2.1/lib/ruby/site_ruby/3.2.0/bundler/inline.rb:42:in `gemfile'
	from ./ddtrace_defect.rb:5:in `<main>'

Environment

• ddtrace version: 1.10.1
• Ruby version: 3.2.1
• Operating system: Linux, macOS

[GustavoCaso]

Hi @orien

Thank you so much for opening the ticket and for the fix 🎉

If I may ask, what is the setup you have running in ruby that is not a rack-based application? I'm mostly asking because we are currently delivering which integrations the appsec team should start focusing on for our next quarter.

[orien]

Hi @GustavoCaso, thanks for investigating this.

The system we're having trouble with is an internal integration service. It doesn't expose an external endpoint (HTTP or otherwise). Rather, it has a number of scheduled and asynchronous tasks that it runs. It uses the sidekiq and clockwork gems to support this functionality.

[GustavoCaso]

@orien Thank you so much for reporting the issue and for working on a solution #2725

In the end, we end up exploring different approaches to fix the solution.

• Doing lazy require the necessary files for loading appsec if enabled require appsec instrumentation files only when instrumentation has been activated. #2775
• Removing the check entirely Remove check for ::Rack::Request.instance_methods.include?(:each_header) at load time #2778

For the time being, we decided to use the last one for simplicity

We are considering lazy require as a possible solution to reduce the load we put on the customer's application at boot time. Still, since that would require a more significant change overall on the repo, we will leave that one for the future.

In the meantime, feel free to close your PR #2725

[orien]

Awesome! Thank you.