Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

internal/appsec/waf: add WAF metrics #1225

Merged
merged 38 commits into from
Apr 7, 2022
Merged

internal/appsec/waf: add WAF metrics #1225

merged 38 commits into from
Apr 7, 2022

Conversation

Hellzy
Copy link
Contributor

@Hellzy Hellzy commented Mar 29, 2022
edited

Sumary

This set of changes revolves around updating libddwaf to 1.21. The update introduces new WAF metrics which require
the library to implement WAF objects decoding in order to use them. These changes:

  1. Update the libddwaf version
  2. Introduce a WAF decoder use to read data from the WAF to Go
  3. Adds WAF metrics reading and propagation through span tags

Changes

internal/appsec

  • internal/appsec/waf.go: retrieve metrics using WAF bindings and store them in dyngo operations
  • internal/appsec/dyngo/common.go: add structures used for dyngo operation composition (metrics, security events...)
  • internal/appsec/dyngo/instrumentation/grpcsec/grpc.go: retrieve WAF metrics and store them in span tags
  • internal/appsec/dyngo/instrumentation/grpcsec/grpc.go: minor update due to function name change
  • internal/appsec/dyngo/intstrumentation/httpsec/http.go: retrieve WAF metrics and store them in span tags
  • internal/appsec/waf/include/ddwafh: update header to 1.21
  • internal/appsec/waf/lib/*: update libddwaf static library to 1.21
  • internal/appsec/waf/waf.go: implement WAF object decoder, update bindings to handle WAF metrics
  • internal/appsec/waf/waf_test.go: add decoder and metrics testing

contrib

  • contrib/labstack/echo.v4/appsec.go: store WAF metrics in span tags
  • contrib/gin-gonic/appsec.go: store WAF metrics in span tags
  • contrib/google.golang.org/grpc/appsec.go: store WAF metrics in span tags

@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from 4667aa8 to e6d5433 Compare March 29, 2022 15:39
@Hellzy Hellzy self-assigned this Mar 30, 2022
@Hellzy Hellzy added the appsec label Mar 30, 2022
@Hellzy Hellzy added this to the 1.38.0 milestone Mar 30, 2022
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from 9ed3dac to a482cc0 Compare March 30, 2022 15:40
@Hellzy Hellzy changed the title Francois.mazeau/libddwaf update internal/appsec/waf: update libddwafe to 1.21, add WAF decoder & handle new WAF metrics Mar 31, 2022
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch 5 times, most recently from e840845 to e3ccfa0 Compare March 31, 2022 13:22
@Hellzy
internal/appsec/dyngo/insrumentation: factorize common code
5026d92 
- Add new common.go file holding code used by http and grpc
- Add new structs used to compose Operation types for metrics/events
- Update contribs to use the new factorized APIs, including grpc
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from e3ccfa0 to 9ebfe1d Compare March 31, 2022 14:58
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from 9ebfe1d to a8dbd52 Compare March 31, 2022 15:10
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from 2825c15 to 583dbf4 Compare April 4, 2022 09:53
@Hellzy @Julio-Guerra
Apply suggestions from code review
89f9ef8 
Co-authored-by: Julio Guerra <julio@datadog.com>
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from 0b9604e to 89f9ef8 Compare April 4, 2022 10:07
@Hellzy Hellzy requested a review from Julio-Guerra April 5, 2022 14:00
Julio-Guerra
Julio-Guerra requested changes Apr 5, 2022
View reviewed changes
contrib/gin-gonic/gin/appsec.go Show resolved Hide resolved
internal/appsec/dyngo/instrumentation/httpsec/http.go Show resolved Hide resolved
internal/appsec/dyngo/instrumentation/httpsec/http.go Show resolved Hide resolved
internal/appsec/dyngo/instrumentation/httpsec/http.go Outdated Show resolved Hide resolved
internal/appsec/dyngo/instrumentation/httpsec/http.go Outdated Show resolved Hide resolved
internal/appsec/waf.go Outdated Show resolved Hide resolved
internal/appsec/waf.go Outdated Show resolved Hide resolved
internal/appsec/waf.go Outdated Show resolved Hide resolved
internal/appsec/waf/waf.go Show resolved Hide resolved
internal/appsec/waf/waf.go Show resolved Hide resolved
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from 5aad370 to 67f7c7f Compare April 7, 2022 08:36
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from 67f7c7f to 2f5dda5 Compare April 7, 2022 08:38
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from cc8235b to f7ee85c Compare April 7, 2022 09:43
@Hellzy Hellzy requested a review from Julio-Guerra April 7, 2022 12:04
@Hellzy @Julio-Guerra
Apply suggestions from code review
06f0d21 
Co-authored-by: Julio Guerra <julio@datadog.com>
@Hellzy Hellzy force-pushed the francois.mazeau/libddwaf-update branch from 5cfd271 to 06f0d21 Compare April 7, 2022 14:21
@Hellzy Hellzy requested a review from Julio-Guerra April 7, 2022 14:30
@Hellzy Hellzy merged commit d95eb22 into v1 Apr 7, 2022
@Hellzy Hellzy deleted the francois.mazeau/libddwaf-update branch April 7, 2022 16:21
@Julio-Guerra Julio-Guerra changed the title internal/appsec/waf: update libddwaf to 1.21, add decoder & handle new metrics internal/appsec/waf: add WAF metrics Apr 7, 2022
Hellzy added a commit that referenced this pull request Apr 8, 2022
@Hellzy
internal/appsec/waf: update libddwaf to 1.2.1 & attach WAF metrics to…
9e7309c 
… span tags (#1225)

- Update libddwaf to 1.2.1
- Add WAF rule configuration and runtime metrics retrieval
- Add WAF rule configuration and runtime metrics to spans
- Update WAF bindings and add helper functions
- Add WAF object decoder
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Julio-Guerra Julio-Guerra Julio-Guerra approved these changes

Assignees

@Hellzy Hellzy

Labels
appsec
Projects
None yet
Milestone
1.38.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Hellzy @Julio-Guerra