[APMSP-3174] AppSec body parsing size limit#5877
Conversation
Typing analysisNote: Ignored files are excluded from the next sections. Untyped methodsThis PR introduces 8 partially typed methods, and clears 7 partially typed methods. It decreases the percentage of typed methods from 65.14% to 65.11% (-0.03%). Partially typed methods (+8-7)❌ Introduced:If you believe a method or an attribute is rightfully untyped or partially typed, you can add |
🎉 All green!🧪 All tests passed 🎯 Code Coverage (details) 🔗 Commit SHA: 9759a7e | Docs | Datadog PR Page | Give us feedback! |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e7c603db8e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
BenchmarksBenchmark execution time: 2026-06-09 16:05:14 Comparing candidate commit 9759a7e in PR branch Found 0 performance improvements and 0 performance regressions! Performance is the same for 45 metrics, 1 unstable metrics.
|
e7c603d to
9759a7e
Compare
What does this PR do?
Add new
DD_APPSEC_BODY_PARSING_SIZE_LIMITenv variable to control the size of the request/response payload processing by AppSec.Motivation:
This is a part of unconditional parsing when AppSec is enabled. There are still few bits that should be properly guarded or maybe re-written that might trigger parsing (see Rails body collection). But this is a first step to control the max. size of the payload we might touch.
Change log entry
Yes. Add
DD_APPSEC_BODY_PARSING_SIZE_LIMITto limit request body size sent to the WAF; set to 0 to disable body collectionAdditional Notes:
[RFC-1089] Improving WAF Timeouts and Truncations Management
How to test the change?
CI + ST