Skip to content

Commit ddc3c19

Browse files
bwoebibwoebi
committed
Merge branch 'master' of github.com:DataDog/dd-trace-php into alex/AIDM-548_api-gateway-ter
2 parents 553515e + 760d4a6 commit ddc3c19

113 files changed

Lines changed: 2024 additions & 3734 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

Cargo.lock

Lines changed: 15 additions & 12 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1530,4 +1530,4 @@ composer.lock: composer.json
15301530
$(call run_composer_with_retry,,)
15311531

15321532
.PHONY: dev dist_clean clean cores all clang_format_check clang_format_fix install sudo_install test_c test_c_mem test_extension_ci test_zai test_zai_asan test install_ini install_all \
1533-
.apk .rpm .deb .tar.gz sudo debug prod strict run-tests.php verify_pecl_file_definitions verify_package_xml cbindgen cbindgen_binary
1533+
.apk .rpm .deb .tar.gz sudo debug prod strict run-tests.php verify_pecl_file_definitions verify_package_xml cbindgen cbindgen_binary

appsec/.clang-tidy

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
# readability-function-cognitive-complexity temporarily disabled until clang-tidy is fixed
33
# right now emalloc causes it to misbehave
4-
Checks: '*,-bugprone-reserved-identifier,-hicpp-signed-bitwise,-llvmlibc-restrict-system-libc-headers,-altera-unroll-loops,-hicpp-named-parameter,-cert-dcl37-c,-cert-dcl51-cpp,-read,-cppcoreguidelines-init-variables,-cppcoreguidelines-avoid-non-const-global-variables,-altera-id-dependent-backward-branch,-performance-no-int-to-ptr,-altera-struct-pack-align,-google-readability-casting,-modernize-use-trailing-return-type,-llvmlibc-implementation-in-namespace,-llvmlibc-callee-namespace,-cppcoreguidelines-pro-bounds-pointer-arithmetic,-fuchsia-default-arguments-declarations,-fuchsia-overloaded-operator,-cppcoreguidelines-pro-type-union-access,-fuchsia-default-arguments-calls,-cppcoreguidelines-non-private-member-variables-in-classes,-misc-non-private-member-variables-in-classes,-google-readability-todo,-llvm-header-guard,-readability-function-cognitive-complexity,-readability-identifier-length,-modernize-macro-to-enum,-misc-include-cleaner,-bugprone-empty-catch,-cppcoreguidelines-avoid-do-while'
4+
Checks: '*,-bugprone-reserved-identifier,-hicpp-signed-bitwise,-llvmlibc-restrict-system-libc-headers,-altera-unroll-loops,-hicpp-named-parameter,-cert-dcl37-c,-cert-dcl51-cpp,-read,-cppcoreguidelines-init-variables,-cppcoreguidelines-avoid-non-const-global-variables,-altera-id-dependent-backward-branch,-performance-no-int-to-ptr,-altera-struct-pack-align,-google-readability-casting,-modernize-use-trailing-return-type,-llvmlibc-implementation-in-namespace,-llvmlibc-callee-namespace,-cppcoreguidelines-pro-bounds-pointer-arithmetic,-fuchsia-default-arguments-declarations,-fuchsia-overloaded-operator,-cppcoreguidelines-pro-type-union-access,-fuchsia-default-arguments-calls,-cppcoreguidelines-non-private-member-variables-in-classes,-misc-non-private-member-variables-in-classes,-google-readability-todo,-llvm-header-guard,-readability-function-cognitive-complexity,-readability-identifier-length,-modernize-macro-to-enum,-misc-include-cleaner,-bugprone-empty-catch,-cppcoreguidelines-avoid-do-while,-hicpp-no-array-decay'
55
WarningsAsErrors: '*'
66
HeaderFilterRegex: ''
77
AnalyzeTemporaryDtors: false

appsec/src/extension/configuration.c

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -216,13 +216,6 @@ static void _register_testing_objects(void);
216216

217217
bool dd_config_minit(int module_number)
218218
{
219-
// We have to disable remote config by default on lambda due to issues with
220-
// the sidecar there. We'll eventually fix it though.
221-
if (getenv("AWS_LAMBDA_FUNCTION_NAME")) { // NOLINT
222-
config_entries[DDAPPSEC_CONFIG_DD_REMOTE_CONFIG_ENABLED]
223-
.default_encoded_value = (zai_str)ZAI_STR_FROM_CSTR("false");
224-
}
225-
226219
if (!zai_config_minit(config_entries,
227220
(sizeof config_entries / sizeof *config_entries),
228221
dd_ini_env_to_ini_name, module_number)) {

appsec/src/extension/configuration.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ extern bool runtime_config_first_init;
6868
CONFIG(BOOL, DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED, "true") \
6969
CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML, "") \
7070
CONFIG(STRING, DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON, "") \
71-
CONFIG(BOOL, DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED, "false") \
71+
CONFIG(BOOL, DD_APM_TRACING_ENABLED, "true") \
7272
CONFIG(BOOL, DD_API_SECURITY_ENABLED, "true", .ini_change = zai_config_system_ini_change) \
7373
CONFIG(DOUBLE, DD_API_SECURITY_SAMPLE_DELAY, "30.0", .ini_change = zai_config_system_ini_change) \
7474
// clang-format on

appsec/src/extension/tags.c

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -416,9 +416,8 @@ void dd_tags_add_tags(
416416
if (_force_keep) {
417417
dd_trace_set_priority_sampling_on_span_zobj(span,
418418
PRIORITY_SAMPLING_USER_KEEP,
419-
get_DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED()
420-
? DD_MECHANISM_ASM
421-
: DD_MECHANISM_MANUAL);
419+
get_DD_APM_TRACING_ENABLED() ? DD_MECHANISM_MANUAL
420+
: DD_MECHANISM_ASM);
422421
mlog(dd_log_debug, "Updated sampling priority to user_keep");
423422
}
424423

appsec/src/helper/engine.cpp

Lines changed: 47 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33
//
44
// This product includes software developed at Datadog
55
// (https://www.datadoghq.com/). Copyright 2021 Datadog, Inc.
6-
#include <algorithm>
76
#include <atomic>
87
#include <memory>
98
#include <spdlog/spdlog.h>
@@ -14,9 +13,39 @@
1413
#include "json_helper.hpp"
1514
#include "metrics.hpp"
1615
#include "parameter_view.hpp"
16+
#include "remote_config/changeset.hpp"
17+
#include "remote_config/listeners/config_aggregators/asm_aggregator.hpp"
1718
#include "std_logging.hpp"
1819
#include "subscriber/waf.hpp"
1920

21+
namespace {
22+
using dds::remote_config::asm_aggregator;
23+
using dds::remote_config::changeset;
24+
25+
changeset build_changeset(const rapidjson::Value &doc)
26+
{
27+
changeset changeset;
28+
// NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-array-to-pointer-decay)
29+
if (doc.HasMember(asm_aggregator::ASM_ADDED)) {
30+
// NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-array-to-pointer-decay)
31+
for (const auto &entry : doc[asm_aggregator::ASM_ADDED].GetObject()) {
32+
changeset.added.emplace(
33+
entry.name.GetString(), dds::json_to_parameter(entry.value));
34+
}
35+
}
36+
37+
// NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-array-to-pointer-decay)
38+
if (doc.HasMember(asm_aggregator::ASM_REMOVED)) {
39+
// NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-array-to-pointer-decay)
40+
const auto &removed = doc[asm_aggregator::ASM_REMOVED];
41+
for (const auto &entry : removed.GetArray()) {
42+
changeset.removed.emplace(entry.GetString());
43+
}
44+
}
45+
46+
return changeset;
47+
}
48+
} // namespace
2049
namespace dds {
2150

2251
void engine::subscribe(std::unique_ptr<subscriber> sub)
@@ -25,16 +54,18 @@ void engine::subscribe(std::unique_ptr<subscriber> sub)
2554
}
2655

2756
void engine::update(
28-
engine_ruleset &ruleset, metrics::telemetry_submitter &submit_metric)
57+
const rapidjson::Document &doc, metrics::telemetry_submitter &submit_metric)
2958
{
3059
std::vector<std::unique_ptr<subscriber>> new_subscribers;
3160
auto old_common =
3261
std::atomic_load_explicit(&common_, std::memory_order_acquire);
3362
new_subscribers.reserve(old_common->subscribers.size());
34-
dds::parameter param = json_to_parameter(ruleset.get_document());
63+
changeset const changeset = build_changeset(doc);
3564
for (auto &sub : old_common->subscribers) {
3665
try {
37-
new_subscribers.emplace_back(sub->update(param, submit_metric));
66+
std::unique_ptr<subscriber> new_sub =
67+
sub->update(changeset, submit_metric);
68+
new_subscribers.emplace_back(std::move(new_sub));
3869
} catch (const std::exception &e) {
3970
SPDLOG_WARN("Failed to update subscriber {}: {}", sub->get_name(),
4071
e.what());
@@ -127,15 +158,24 @@ std::unique_ptr<engine> engine::from_settings(
127158
metrics::telemetry_submitter &msubmitter)
128159
{
129160
auto &&rules_path = eng_settings.rules_file_or_default();
130-
auto ruleset = engine_ruleset::from_path(rules_path);
161+
auto ruleset = read_file(rules_path);
162+
163+
rapidjson::Document doc;
164+
rapidjson::ParseResult const result =
165+
doc.Parse(ruleset.data(), ruleset.size());
166+
if ((result == nullptr) || !doc.IsObject()) {
167+
throw parsing_error("invalid json rule");
168+
}
169+
dds::parameter ruleset_param = json_to_parameter(doc);
170+
131171
std::unique_ptr<engine> engine_ptr{
132172
engine::create(eng_settings.trace_rate_limit)};
133173

134174
try {
135175
SPDLOG_DEBUG("Will load WAF rules from {}", rules_path);
136176
// may throw std::exception
137-
auto waf =
138-
waf::instance::from_settings(eng_settings, ruleset, msubmitter);
177+
auto waf = waf::instance::from_settings(
178+
eng_settings, std::move(ruleset_param), msubmitter);
139179
engine_ptr->subscribe(std::move(waf));
140180
} catch (...) {
141181
DD_STDLOG(DD_STDLOG_WAF_INIT_FAILED, rules_path);

appsec/src/helper/engine.hpp

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,6 @@
66
#pragma once
77

88
#include "action.hpp"
9-
#include "config.hpp"
10-
#include "engine_ruleset.hpp"
119
#include "engine_settings.hpp"
1210
#include "metrics.hpp"
1311
#include "parameter.hpp"
@@ -103,8 +101,8 @@ class engine {
103101

104102
// Should not be called concurrently but safely publishes changes to common_
105103
// the rc client has a lock that ensures this
106-
virtual void update(
107-
engine_ruleset &ruleset, metrics::telemetry_submitter &submit_metric);
104+
virtual void update(const rapidjson::Document &doc,
105+
metrics::telemetry_submitter &submit_metric);
108106

109107
protected:
110108
explicit engine(uint32_t trace_rate_limit)

appsec/src/helper/engine_ruleset.cpp

Lines changed: 0 additions & 56 deletions
This file was deleted.

appsec/src/helper/engine_ruleset.hpp

Lines changed: 0 additions & 42 deletions
This file was deleted.

0 commit comments

Comments
 (0)