diff --git a/.circleci/config.yml b/.circleci/config.yml index 84a2bad6839..0e2309dd22c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -343,10 +343,11 @@ jobs: - "." appsec: - <<: *contrib_job + <<: *machine_executor steps: - run_test: pattern: 'appsec' + snapshot: true tracer: <<: *contrib_job diff --git a/.gitignore b/.gitignore index a518e2f5721..3b2cd4d363a 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,8 @@ __pycache__/ # C extensions ddtrace/appsec/_ddwaf.cpp +ddtrace/appsec/include +ddtrace/appsec/share ddtrace/profiling/collector/_task.c ddtrace/profiling/_threading.c ddtrace/profiling/collector/_traceback.c diff --git a/ddtrace/tracer.py b/ddtrace/tracer.py index d92d162e1b3..bdd59f5bd1e 100644 --- a/ddtrace/tracer.py +++ b/ddtrace/tracer.py @@ -670,14 +670,7 @@ def _initialize_span_processors(self, appsec_enabled=asbool(get_env("appsec", "e trace_processors += [TraceTopLevelSpanProcessor()] trace_processors += self._filters - self._span_processors = [ - SpanAggregator( - partial_flush_enabled=self._partial_flush_enabled, - partial_flush_min_spans=self._partial_flush_min_spans, - trace_processors=trace_processors, - writer=self._writer, - ), - ] # type: List[SpanProcessor] + self._span_processors = [] # type: List[SpanProcessor] if appsec_enabled: try: @@ -696,6 +689,15 @@ def _initialize_span_processors(self, appsec_enabled=asbool(get_env("appsec", "e if config._raise: raise + self._span_processors.append( + SpanAggregator( + partial_flush_enabled=self._partial_flush_enabled, + partial_flush_min_spans=self._partial_flush_min_spans, + trace_processors=trace_processors, + writer=self._writer, + ) + ) + def _log_compat(self, level, msg): """Logs a message for the given level. diff --git a/tests/appsec/test_processor.py b/tests/appsec/test_processor.py index bbf6148afc2..f7eef041591 100644 --- a/tests/appsec/test_processor.py +++ b/tests/appsec/test_processor.py @@ -8,6 +8,7 @@ from ddtrace.ext import priority from tests.utils import override_env from tests.utils import override_global_config +from tests.utils import snapshot ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) @@ -63,3 +64,14 @@ def test_valid_json(tracer): span.set_tag("http.status_code", "404") assert "triggers" in json.loads(span.get_tag("_dd.appsec.json")) + + +@snapshot(include_tracer=True) +def test_appsec_span_tags_snapshot(tracer): + tracer._initialize_span_processors(appsec_enabled=True) + + with tracer.trace("test", span_type=SpanTypes.WEB.value) as span: + span.set_tag("http.url", "http://example.com/.git") + span.set_tag("http.status_code", "404") + + assert "triggers" in json.loads(span.get_tag("_dd.appsec.json")) diff --git a/tests/snapshots/tests.appsec.test_processor.test_appsec_span_tags_snapshot.json b/tests/snapshots/tests.appsec.test_processor.test_appsec_span_tags_snapshot.json new file mode 100644 index 00000000000..84b666c3798 --- /dev/null +++ b/tests/snapshots/tests.appsec.test_processor.test_appsec_span_tags_snapshot.json @@ -0,0 +1,28 @@ +[[ + { + "name": "test", + "service": null, + "resource": "test", + "trace_id": 0, + "span_id": 1, + "parent_id": 0, + "type": "web", + "meta": { + "_dd.appsec.json": "{\"triggers\":[{\"rule\":{\"id\":\"nfd-000-006\",\"name\":\"Detect failed attempt to fetch sensitive files\",\"tags\":{\"type\":\"security_scanner\",\"category\":\"attack_attempt\"}},\"rule_matches\":[{\"operator\":\"match_regex\",\"operator_value\":\"^404$\",\"parameters\":[{\"address\":\"server.response.status\",\"key_path\":[],\"value\":\"404\",\"highlight\":[\"404\"]}]},{\"operator\":\"match_regex\",\"operator_value\":\"\\\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)\",\"parameters\":[{\"address\":\"server.request.uri.raw\",\"key_path\":[],\"value\":\"http://example.com/.git\",\"highlight\":[\".git\"]}]}]}]}", + "_dd.runtime_family": "python", + "appsec.event": "true", + "http.status_code": "404", + "http.url": "http://example.com/.git", + "runtime-id": "97fa1c9e353f4f60b50356bcaa9b55ec" + }, + "metrics": { + "_dd.agent_psr": 1.0, + "_dd.appsec.enabled": 1.0, + "_dd.top_level": 1, + "_dd.tracer_kr": 1.0, + "_sampling_priority_v1": 2, + "system.pid": 134 + }, + "duration": 144873, + "start": 1644487605324226804 + }]]