Use strict base64 encoding (no newline)

lib/datadog/appsec/event.rb

@@ -138,7 +138,7 @@ def build_service_entry_tags(event_group)
         private
 
         def compressed_and_base64_encoded(value)
-          Base64.encode64(gzip(value))
+          Base64.strict_encode64(gzip(value))
         rescue TypeError => e
           Datadog.logger.debug do
             "Failed to compress and encode value when populating AppSec::Event. Error: #{e.message}"

lib/datadog/core/remote/client/capabilities.rb

@@ -53,7 +53,7 @@ def capabilities_to_base64
             cap_to_hexs = capabilities.reduce(:|).to_s(16).tap { |s| s.size.odd? && s.prepend('0') }.scan(/\h\h/)
             binary = cap_to_hexs.each_with_object([]) { |hex, acc| acc << hex }.map { |e| e.to_i(16) }.pack('C*')
 
-            Base64.encode64(binary).chomp
+            Base64.strict_encode64(binary)
           end
         end
       end

lib/datadog/core/remote/transport/http/config.rb

@@ -51,7 +51,7 @@ def initialize(http_response, options = {}) # rubocop:disable Metrics/AbcSize,Me
 
                 # TODO: these fallbacks should be improved
                 roots = payload[:roots] || []
-                targets = payload[:targets] || Base64.encode64('{}').chomp
+                targets = payload[:targets] || Base64.strict_encode64('{}')
                 target_files = payload[:target_files] || []
                 client_configs = payload[:client_configs] || []
 

spec/datadog/appsec/event_spec.rb

@@ -218,14 +218,60 @@
 
         context 'Compressed payload' do
           it 'uses compressed value when JSON string is bigger than MIN_SCHEMA_SIZE_FOR_COMPRESSION' do
-            result = "H4sIAOYoHGUAA4aphwAAAA=\n"
+            result = 'H4sIAOYoHGUAA4aphwAAAA='
             stub_const('Datadog::AppSec::Event::MIN_SCHEMA_SIZE_FOR_COMPRESSION', 1)
             expect(described_class).to receive(:compressed_and_base64_encoded).and_return(result)
 
             meta = top_level_span.meta
 
             expect(meta['_dd.appsec.s.req.headers']).to eq(result)
           end
+
+          context 'with big derivatives' do
+            let(:derivatives) do
+              {
+                '_dd.appsec.s.req.headers' => [
+                  {
+                    'host' => [8],
+                    'version' => [8],
+                    'foo' => [8],
+                    'bar' => [8],
+                    'baz' => [8],
+                    'qux' => [8],
+                    'quux' => [8],
+                    'quuux' => [8],
+                    'quuuux' => [8],
+                    'quuuuux' => [8],
+                    'quuuuuux' => [8],
+                    'quuuuuuux' => [8],
+                    'quuuuuuuux' => [8],
+                    'quuuuuuuuux' => [8],
+                    'quuuuuuuuuux' => [8],
+                    'quuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuuuuuuuuuux' => [8],
+                    'quuuuuuuuuuuuuuuuuuuuuuuux' => [8],
+                  }
+                ]
+              }
+            end
+
+            it 'has no newlines when encoded' do
+              meta = top_level_span.meta
+
+              expect(meta['_dd.appsec.s.req.headers']).to_not match(/\n/)
+            end
+          end
         end
 
         context 'derivative values exceed Event::MAX_ENCODED_SCHEMA_SIZE value' do