-
Notifications
You must be signed in to change notification settings - Fork 421
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
internal/appsec: security events obfuscation #1237
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9bee9e8
to
6728ef0
Compare
67f7c7f
to
2f5dda5
Compare
Julio-Guerra
reviewed
Apr 7, 2022
Julio-Guerra
reviewed
Apr 7, 2022
Julio-Guerra
reviewed
Apr 7, 2022
Julio-Guerra
reviewed
Apr 7, 2022
Julio-Guerra
reviewed
Apr 7, 2022
Julio-Guerra
reviewed
Apr 7, 2022
Julio-Guerra
reviewed
Apr 7, 2022
632f1b2
to
28259ef
Compare
3f2316a
to
97d0d26
Compare
The obfuscator mainly relies on key names, so we need to change the type we used for `server.request.cookies` to a map whose keys are the cookie names.
Co-authored-by: Julio Guerra <julio@datadog.com>
4728912
to
a4339c2
Compare
@Julio-Guerra right now if a user-provided regexp doesn't compile the default configuration is used. |
a4339c2
to
6e53c9a
Compare
Julio-Guerra
reviewed
Apr 8, 2022
Also move rule version span tagging out of sync.Once closures
Julio-Guerra
reviewed
Apr 8, 2022
Julio-Guerra
requested changes
Apr 11, 2022
Co-authored-by: Julio Guerra <julio@datadog.com>
3052260
to
8d0342f
Compare
Co-authored-by: Julio Guerra <julio@datadog.com>
Julio-Guerra
approved these changes
Apr 12, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Congrats 👏
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The WAF takes care of obfuscation and the library needs to create the obfuscator configuration that will then be passed to the WAF. The obfuscator can be configured using 2 environment variables:
DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP
: regexp used to obufscate matched parameters keysDD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP
: regexp used to obfuscate matched parameters values and highlights.A default key regexp is used if none is provided. No value regexp is used if none is provided
Changes
internal/appsec
appsec.go
: pass down obfuscator config during WAF registrationconfig.go
: add obfuscator config creation and setup from envconfig_test.go
: add testing for obfuscator configrule_test.go
: adapt a test due to changed function prototypewaf.go
: retrieve obfuscator config and pass it down for handle creationwaf_test.go
: add library->WAF end-to-end obfuscation testinternal/appsec/dyngo/instrumentation/httpsec
http.go
: add cookies parsinginternal/appsec/waf
include/ddwaf.h
: update header wrt WAF v1.3.0lib/*
: update WAF static libraries to v1.3.0waf.go
: retrieve obfuscator config and pass over to the WAFwaf_test.go
: add testing for WAF obfuscator config