Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

internal/appsec: add server.request.method address #1893

Merged
merged 3 commits into from Apr 17, 2023
Merged

internal/appsec: add server.request.method address #1893

merged 3 commits into from Apr 17, 2023

Conversation

eliottness
Copy link
Contributor

What does this PR do?

This address is now sent to the WAF for further examination.

Motivation

This address is not used by all the recommended ruleset, but with custom rules we will need to support it.

Describe how to test/QA your changes

I added a test about a custom rule using this address.

Reviewer's Checklist

  • Changed code has unit tests for its functionality.
  • If this interacts with the agent in a new way, a system test has been added.

@eliottness eliottness self-assigned this Apr 12, 2023
@pr-commenter
Copy link

pr-commenter bot commented Apr 12, 2023
edited

Benchmarks

Comparing candidate commit d4afb67 in PR branch eliott.bouhana/appsec-8855 with baseline commit 2901aa4 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 18 metrics, 0 unstable metrics.

@eliottness eliottness marked this pull request as ready for review April 13, 2023 13:14
@eliottness eliottness requested a review from a team as a code owner April 13, 2023 13:14
Hellzy
Hellzy reviewed Apr 13, 2023
View reviewed changes
Copy link
Contributor

@Hellzy Hellzy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good 👍

internal/appsec/waf_test.go Outdated Show resolved Hide resolved
@eliottness eliottness force-pushed the eliott.bouhana/appsec-8855 branch 2 times, most recently from d83c0e9 to a082438 Compare April 14, 2023 08:52
@eliottness eliottness removed their assignment Apr 14, 2023
Hellzy
Hellzy requested changes Apr 14, 2023
View reviewed changes
internal/appsec/waf.go Outdated Show resolved Hide resolved
@eliottness eliottness force-pushed the eliott.bouhana/appsec-8855 branch 2 times, most recently from 5930a31 to c1adbf9 Compare April 14, 2023 12:12
Hellzy
Hellzy reviewed Apr 14, 2023
View reviewed changes
Copy link
Contributor

@Hellzy Hellzy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost there 😅

internal/appsec/waf_test.go Outdated Show resolved Hide resolved
@eliottness
internal/appsec: add server.request.method address
c295b31 
This address is now received by the WAF. The recommended ruleset
does not use it but custom rules coming we need to support it.

Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
@eliottness eliottness requested a review from Hellzy April 14, 2023 13:55
Hellzy
Hellzy approved these changes Apr 14, 2023
View reviewed changes
Copy link
Contributor

@Hellzy Hellzy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done. And congrats on your first product contrib 🎉

@eliottness eliottness enabled auto-merge (squash) April 14, 2023 14:59
@eliottness eliottness enabled auto-merge (squash) April 17, 2023 13:05
@eliottness eliottness merged commit b438db9 into main Apr 17, 2023
272 of 273 checks passed
@eliottness eliottness deleted the eliott.bouhana/appsec-8855 branch April 17, 2023 13:18
zARODz11z added a commit that referenced this pull request May 8, 2023
@zARODz11z
contrib/aws/aws-sdk-go-v2: add aws_service, region, <resourcename> su…
93310c3 
…ch as queuename tags

contrib: upgrade labstack/echo/v4 from v4.2.0 to v4.9.0 (#1891)

ci: fix flaky lint job (#1892)

contrib/elasticsearch: use naming schema (#1897)

ci: introduce golangci (#1898)

appsec: suspicious request blocking (#1797)

Co-authored-by: Julio Guerra <julio@datadog.com>

ci/golangci-lint: skip google.golang.org/grpc.v12 (#1899)

.github/workflows: run ASM and RC system-tests scenarios (#1900)

contrib/hashicorp/vault: use naming schema (#1868)

contrib/database/sql: add WithIgnoreQueryTypes option (#1823)

Co-authored-by: Zarir Hamza <zarir.hamza@datadoghq.com>
Co-authored-by: Rodrigo Argüello <rodrigo.arguello@datadoghq.com>

contrib/database/sql: use naming schema (#1895)

internal/appsec: add server.request.method address (#1893)

Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Co-authored-by: François Mazeau <francois.mazeau@datadoghq.com>

internal/appsec/dyngo: atomic instrumentation swapping (#1873)

Co-authored-by: François Mazeau <francois.mazeau@datadoghq.com>

go.mod: datadog-agent/pkg/remoteconfig/state 7.45.0-rc.1 (#1902)

internal/version: bump to v1.51.0 (#1912)

ddtrace/tracer: don't set empty tracestate propagation tag (#1910)

go.mod: github.com/DataDog/datadog-agent/pkg/obfuscate 7.45.0-rc.1 (#1916)

appsec: add blocking SDK body operation (#1901)

* Modifying the appsec api: adding appsec.MonitorParsedHTTPBody an error as return value
* Adding a call to the WAF to check for security event synchronously with a call to appsec.MonitorParsedHTTPBody on the body passed as parameter
* Removing the call to the WAF done on the body an the end of a request because we moved it.
* Refactoring the waf addresses storage and access

Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>

ddtrace/{opentelemetry,opentracer}: add telemetry (#1909)

internal/appsec: fix user ID event detection (#1918)

internal/telemetry: track tracer init time metric (#1896)

Co-authored-by: Andrew Glaude <andrew.glaude@datadoghq.com>

internal/appsec/remoteconfig: fix rules overrides (#1921)

contrib/mongodb: use naming schema (#1908)

contrib/syndtr/goleveldb/leveldb: use naming schema (#1914)

contrib/tidwall/buntdb: use naming schema (#1913)

internal/appsec: do not ignore the appsec events rate limiter (#1927)

remoteconfig: remove empty products and don't override appsec rules data (#1925)

contrib/kafka: refactor tests (#1907)

contrib/google.golang.org/grpc: use naming schema (#1919)

contrib/twitchtv/twirp: use naming schema (#1920)

contrib/http: use naming schema (#1929)

ddtrace/tracer: reset decision maker during fallback behavior of w3c header extraction (#1933)

contrib/cassandra: use naming schema (#1911)

Co-authored-by: Diana Shevchenko <40775148+dianashevchenko@users.noreply.github.com>

contrib/redis: use naming schema (#1906)

Co-authored-by: Andrew Glaude <andrew.glaude@datadoghq.com>

ci/system-tests: more scenarios with parallel jobs (#1938)

ci: update linter job and add bodyclose (#1942)

contrib/redis/go-redis.v9: support v9 (#1730)

Add support for new go-redis version v9.

It does 2 things:
Copy existing version 8 files to a new path, /redis/go-redis.v9.
Make changes to support version 9.

Fixes #1710

format and rerun go tidy

get rid of prints

add topLevelRegion assertions

remove confusing named return values and todo comment

ddtrace/tracer: ensure access to trace tags is concurrency-safe (#1948)

Spancontext marshaling was accessing tracer internal structures without a
lock, resulting in a data race and panic.

This commit adds a few methods to trace to allow safe access to the tags
and propagatingTags members of trace to the marshaling code.

Fixes #1944

ddtrace/tracer: mark context updated when SetUser is called (#1949)

Fixes a minor logic mistake when setting a user on a span

lint and add default switch case

refactor resourceNameKey and value assignments

restructure functions to be left aligned

use internal logger, be less verbose with function names

go back to normal switch type and format

Set keyTraceID128 on first span in the chunk only (#1946)

go.mod: upgrade go-libddwaf to v1.2.0 (#1953)

Co-authored-by: Julio Guerra <julio@datadog.com>

contrib/database/sql: fix bug where options were always overwritten by register options (#1904)

Co-authored-by: Diana Shevchenko <40775148+dianashevchenko@users.noreply.github.com>

ci/smoke-tests: update the go.sum file after go get -u (#1957)

contrib/net/http: don't set empty string values as span tags (#1956)

Do not set span fields when they are not configured so the tracer can put the defaults in.

use normal string then derefence

rever go.mod and go.sum changes

contrib/internal/httptrace: remove naming schema from init (#1960)

contrib/graphql: use naming schema (#1926)

internal/telemetry: trim the dependencies version prefix v (#1963)

contrib/aws: use naming schema (#1931)

contrib/cloud.google.com/go/pubsub.v1: use naming schema (#1937)

go mod tidy

lint and fix test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hellzy Hellzy Hellzy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@eliottness @Hellzy