-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
appsec: register ASM_TRUSTED_IPS
capability to RC
#2460
Conversation
ASM_TRUSTED_IPS is the Remote Config capability that signifies this library is compatible with trusted IPs; meaning it uses `libddwaf v1.12.0` or later. This is expected to produce additional data under the `ASM_DATA` RC product, which contains a set of trusted IPs. The merge strategy for this data is identical to that of other data currently received from RC, meaning if the same entry is provided multiple times, the library will retain the one with the latest expiration timestamp.
- Pre-allocating certain maps & slices for more efficient processing - Making `combineRCRulesUpdates` a method of `*rulesManager` - Extracting a duplicated []Capabilities slice into a shared variable
…sted-ips/APPSEC-18230 # Conflicts: # internal/appsec/remoteconfig.go
BenchmarksBenchmark execution time: 2023-12-21 16:40:45 Comparing candidate commit 82220ea in PR branch Found 0 performance improvements and 0 performance regressions! Performance is the same for 39 metrics, 2 unstable metrics. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Best line-to-feature ratio
ASM_TRUSTED_IPS
capability to RC
What does this PR do?
ASM_TRUSTED_IPS is the Remote Config capability that signifies this library is compatible with trusted IPs; meaning it uses
libddwaf v1.12.0
or later.This is expected to produce additional data under the
ASM_DATA
RC product, which contains a set of trusted IPs. The merge strategy for this data is identical to that of other data currently received from RC, meaning if the same entry is provided multiple times, the library will retain the one with the latest expiration timestamp.Reviewer's Checklist
For Datadog employees:
@DataDog/security-design-and-guidance
.Unsure? Have a question? Request a review!