Skip to content

[APPSEC-62723] Add normalized route#5834

Merged
Strech merged 24 commits into
masterfrom
appsec-62723-add-normalized-route
Jun 29, 2026
Merged

[APPSEC-62723] Add normalized route#5834
Strech merged 24 commits into
masterfrom
appsec-62723-add-normalized-route

Conversation

@Strech

@Strech Strech commented May 28, 2026

Copy link
Copy Markdown
Member

What does this PR do?

Utilize pre-saved routing spec in request environment to compute OpenAPI v3 compatible normalized route from the route pattern.

Motivation:

RFC-1103: API Security - Normalized HTTP Route

Change log entry

Yes. Add normalized route for API Security Testing purposes.

Additional Notes:

TBD

How to test the change?

CI + ST (enforce ST at some point + give link)

@Strech
Strech requested a review from a team as a code owner May 28, 2026 13:25
@Strech
Strech marked this pull request as draft May 28, 2026 13:25
@dd-octo-sts dd-octo-sts Bot added integrations Involves tracing integrations appsec Application Security monitoring product labels May 28, 2026
@datadog-datadog-prod-us1-2

datadog-datadog-prod-us1-2 Bot commented May 28, 2026

Copy link
Copy Markdown

Tests

🎉 All green!

🧪 All tests passed
❄️ No new flaky tests detected

🎯 Code Coverage (details)
Patch Coverage: 90.15%
Overall Coverage: 90.02% (+0.01%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: f3e1615 | Docs | Datadog PR Page | Give us feedback!

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a7643e6b62

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread spec/datadog/appsec/contrib/rack/normalized_route_tag_spec.rb
@pr-commenter

pr-commenter Bot commented Jun 1, 2026

Copy link
Copy Markdown

Benchmarks

Benchmark execution time: 2026-06-26 15:25:46

Comparing candidate commit f3e1615 in PR branch appsec-62723-add-normalized-route with baseline commit 60c3b03 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 48 metrics, 1 unstable metrics.

Explanation

This is an A/B test comparing a candidate commit's performance against that of a baseline commit. Performance changes are noted in the tables below as:

  • 🟩 = significantly better candidate vs. baseline
  • 🟥 = significantly worse candidate vs. baseline

We compute a confidence interval (CI) over the relative difference of means between metrics from the candidate and baseline commits, considering the baseline as the reference.

If the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD), the change is considered significant.

Feel free to reach out to #apm-benchmarking-platform on Slack if you have any questions.

More details about the CI and significant changes

You can imagine this CI as a range of values that is likely to contain the true difference of means between the candidate and baseline commits.

CIs of the difference of means are often centered around 0%, because often changes are not that big:

---------------------------------(------|---^--------)-------------------------------->
                              -0.6%    0%  0.3%     +1.2%
                                 |          |        |
         lower bound of the CI --'          |        |
sample mean (center of the CI) -------------'        |
         upper bound of the CI ----------------------'

As described above, a change is considered significant if the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD).

For instance, for an execution time metric, this confidence interval indicates a significantly worse performance:

----------------------------------------|---------|---(---------^---------)---------->
                                       0%        1%  1.3%      2.2%      3.1%
                                                  |   |         |         |
       significant impact threshold --------------'   |         |         |
                      lower bound of CI --------------'         |         |
       sample mean (center of the CI) --------------------------'         |
                      upper bound of CI ----------------------------------'

@Strech
Strech force-pushed the appsec-62723-add-normalized-route branch from 08d2b25 to e3af926 Compare June 26, 2026 09:35
@dd-octo-sts

dd-octo-sts Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Typing analysis

Note: Ignored files are excluded from the next sections.

Untyped methods

This PR introduces 1 untyped method and 5 partially typed methods. It increases the percentage of typed methods from 65.54% to 65.81% (+0.27%).

Untyped methods (+1-0)Introduced:
sig/datadog/appsec/route_normalizer/rails_route_pattern.rbs:21
└── def initialize: (untyped pattern) -> void
Partially typed methods (+5-0)Introduced:
sig/datadog/appsec/route_normalizer/rails_route_pattern.rbs:23
└── def normalize: (path_params: Hash[Symbol, untyped], path: String) -> String
sig/datadog/appsec/route_normalizer/rails_route_pattern.rbs:29
└── def visit_route_node: (untyped node, Buffer buffer) -> void
sig/datadog/appsec/route_normalizer/rails_route_pattern.rbs:31
└── def group_present?: (untyped node) -> bool
sig/datadog/appsec/route_normalizer/rails_route_pattern.rbs:35
└── def collect_group_param_names: (untyped node, Array[String] memo) -> Array[String]
sig/datadog/appsec/route_normalizer.rbs:22
└── def normalize_rails_route: (untyped route, ::Rack::env rack_env, String? route_prefix) -> String?

Untyped other declarations

This PR introduces 1 untyped other declaration and 1 partially typed other declaration. It increases the percentage of typed other declarations from 82.71% to 83.0% (+0.29%).

Untyped other declarations (+1-0)Introduced:
sig/datadog/appsec/route_normalizer/rails_route_pattern.rbs:15
└── @pattern: untyped
Partially typed other declarations (+1-0)Introduced:
sig/datadog/appsec/route_normalizer/rails_route_pattern.rbs:17
└── @path_params: Hash[Symbol, untyped]

If you believe a method or an attribute is rightfully untyped or partially typed, you can add # untyped:accept on the line before the definition to remove it from the stats.

@Strech
Strech force-pushed the appsec-62723-add-normalized-route branch from e3af926 to adfad1e Compare June 26, 2026 09:57
Comment thread lib/datadog/appsec/contrib/rack/request_middleware.rb
Comment thread lib/datadog/appsec/route_normalizer/rails_route_pattern.rb Outdated
@Strech
Strech force-pushed the appsec-62723-add-normalized-route branch from adfad1e to 19cfb55 Compare June 26, 2026 14:34
@Strech
Strech marked this pull request as ready for review June 26, 2026 15:10
@Strech
Strech requested a review from a team as a code owner June 26, 2026 15:10
@Strech
Strech merged commit c26290e into master Jun 29, 2026
587 checks passed
@Strech
Strech deleted the appsec-62723-add-normalized-route branch June 29, 2026 11:24
@dd-octo-sts dd-octo-sts Bot added this to the 2.37.0 milestone Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

appsec Application Security monitoring product integrations Involves tracing integrations

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants