Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add action handling to AppSec ActiveRecord instrumentation #4321

Merged
merged 6 commits into from
Jan 27, 2025
Merged

Add action handling to AppSec ActiveRecord instrumentation #4321

merged 6 commits into from
Jan 27, 2025

Conversation

y9v
Copy link
Member

@y9v y9v commented Jan 24, 2025

What does this PR do?
This PR adds action handling to AppSec ActiveRecord instrumentation.

Motivation:
Currently we are only monitoring WAF events for SQLi.

Change log entry
Yes. AppSec: Add reporting of stack trace when SQL Injection attack is detected.

Additional Notes:
None.

How to test the change?
CI and app generator.

@y9v y9v self-assigned this Jan 24, 2025
@y9v y9v requested a review from a team as a code owner January 24, 2025 14:13
@github-actions github-actions bot added integrations Involves tracing integrations appsec Application Security monitoring product labels Jan 24, 2025
@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Jan 24, 2025
edited
Loading

Datadog Report

Branch report: appsec-add-action-handling-to-active-record-instrumentation
Commit report: 371eab8
Test service: dd-trace-rb

✅ 0 Failed, 22494 Passed, 1489 Skipped, 5m 8.27s Total Time
❄️ 1 New Flaky

New Flaky Tests (1)

  • Datadog::Profiling::Collectors::CpuAndWallTimeWorker#start when main thread is sleeping but a background thread is working is able to sample even when the main thread is sleeping - rspec - Last Failure

    Expand for error 
     sample_count: 1, stats: {:trigger_sample_attempts=>5, :trigger_simulated_signal_delivery_attempts=>1, :simulated_signal_delivery=>1, :signal_handler_enqueued_sample=>5, :signal_handler_wrong_thread=>0, :postponed_job_skipped_already_existed=>0, :postponed_job_success=>5, :postponed_job_full=>0, :postponed_job_unknown_result=>0, :interrupt_thread_attempts=>4, :cpu_sampled=>1, :cpu_skipped=>4, :cpu_effective_sample_rate=>0.2, :cpu_sampling_time_ns_min=>17498660, :cpu_sampling_time_ns_max=>17498660, :cpu_sampling_time_ns_total=>17498660, :cpu_sampling_time_ns_avg=>17498660.0, :allocation_sampled=>nil, :allocation_skipped=>nil, :allocation_effective_sample_rate=>nil, :allocation_sampling_time_ns_min=>nil, :allocation_sampling_time_ns_max=>nil, :allocation_sampling_time_ns_total=>nil, :allocation_sampling_time_ns_avg=>nil, :allocation_sampler_snapshot=>nil, :allocations_during_sample=>nil, :after_gvl_running=>0, :gvl_dont_sample=>0, :gvl_sampling_time_ns_min=>nil, :gvl_sampling_time_ns_max=>nil, :gvl_sampling_time_ns_total=>nil, :gvl_sampling_time_ns_avg=>nil}
 
 Failure/Error: expect(sample_count).to be >= 5, "sample_count: #{sample_count}, stats: #{stats}"
   sample_count: 1, stats: {:trigger_sample_attempts=>5, :trigger_simulated_signal_delivery_attempts=>1, :simulated_signal_delivery=>1, :signal_handler_enqueued_sample=>5, :signal_handler_wrong_thread=>0, :postponed_job_skipped_already_existed=>0, :postponed_job_success=>5, :postponed_job_full=>0, :postponed_job_unknown_result=>0, :interrupt_thread_attempts=>4, :cpu_sampled=>1, :cpu_skipped=>4, :cpu_effective_sample_rate=>0.2, :cpu_sampling_time_ns_min=>17498660, :cpu_sampling_time_ns_max=>17498660, :cpu_sampling_time_ns_total=>17498660, :cpu_sampling_time_ns_avg=>17498660.0, :allocation_sampled=>nil, :allocation_skipped=>nil, :allocation_effective_sample_rate=>nil, :allocation_sampling_time_ns_min=>nil, :allocation_sampling_time_ns_max=>nil, :allocation_sampling_time_ns_total=>nil, :allocation_sampling_time_ns_avg=>nil, :allocation_sampler_snapshot=>nil, :allocations_during_sample=>nil, :after_gvl_running=>0, :gvl_dont_sample=>0, :gvl_sampling_time_ns_min=>nil, :gvl_sampling_time_ns_max=>nil, :gvl_sampling_time_ns_total=>nil, :gvl_sampling_time_ns_avg=>nil}
 ./spec/datadog/profiling/collectors/cpu_and_wall_time_worker_spec.rb:415:in \`block (4 levels) in <top (required)>'
 ./spec/spec_helper.rb:238:in \`block (2 levels) in <top (required)>'
 ./spec/spec_helper.rb:123:in \`block (2 levels) in <top (required)>'
 /usr/local/bundle/gems/webmock-3.13.0/lib/webmock/rspec.rb:37:in \`block (2 levels) in <top (required)>'
 /usr/local/bundle/gems/rspec-wait-0.0.9/lib/rspec/wait.rb:46:in \`block (2 levels) in <top (required)>'

@codecov-commenter
Copy link

codecov-commenter commented Jan 24, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 95.52239% with 3 lines in your changes missing coverage. Please review.

Project coverage is 97.72%. Comparing base (e3cec5f) to head (371eab8).
Report is 11 commits behind head on master.

Files with missing lines Patch % Lines
...ib/integration/active_record_sql_injection_spec.rb 93.33% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4321      +/-   ##
==========================================
- Coverage   97.73%   97.72%   -0.02%     
==========================================
  Files        1367     1368       +1     
  Lines       82864    82916      +52     
  Branches     4209     4209              
==========================================
+ Hits        80985    81027      +42     
- Misses       1879     1889      +10

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pr-commenter
Copy link

pr-commenter bot commented Jan 24, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-01-27 15:28:32

Comparing candidate commit 371eab8 in PR branch appsec-add-action-handling-to-active-record-instrumentation with baseline commit e3cec5f in branch master.

Found 0 performance improvements and 3 performance regressions! Performance is the same for 28 metrics, 2 unstable metrics.

scenario:tracing - 10 span trace - no writer

  • 🟥 throughput [-177.639op/s; -172.280op/s] or [-6.110%; -5.925%]

scenario:tracing - 100 span trace - no writer

  • 🟥 throughput [-20.223op/s; -19.239op/s] or [-5.798%; -5.515%]

scenario:tracing - Propagation - Datadog

  • 🟥 throughput [-3612.247op/s; -3533.287op/s] or [-10.808%; -10.572%]

Strech
Strech reviewed Jan 24, 2025
View reviewed changes
Copy link
Member

@Strech Strech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but the test suite needs more love

lib/datadog/appsec/contrib/active_record/instrumentation.rb Outdated Show resolved Hide resolved
spec/datadog/appsec/contrib/active_record/mysql2_adapter_spec.rb Outdated Show resolved Hide resolved
spec/datadog/appsec/contrib/active_record/mysql2_adapter_spec.rb Outdated Show resolved Hide resolved
spec/datadog/appsec/contrib/active_record/mysql2_adapter_spec.rb Outdated Show resolved Hide resolved
@y9v y9v requested a review from Strech January 24, 2025 16:48
@y9v y9v force-pushed the appsec-add-action-handling-to-active-record-instrumentation branch 3 times, most recently from f6d950e to 2414459 Compare January 27, 2025 12:43
@y9v y9v enabled auto-merge January 27, 2025 14:31
@y9v y9v force-pushed the appsec-add-action-handling-to-active-record-instrumentation branch from 38dd76f to 371eab8 Compare January 27, 2025 15:04
@y9v y9v merged commit 494e0e1 into master Jan 27, 2025
378 checks passed
@y9v y9v deleted the appsec-add-action-handling-to-active-record-instrumentation branch January 27, 2025 15:41
@github-actions github-actions bot added this to the 2.10.0 milestone Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Strech Strech Strech approved these changes

Assignees

@y9v y9v

Labels
appsec Application Security monitoring product integrations Involves tracing integrations
Projects
None yet
Milestone
2.10.0
Development

Successfully merging this pull request may close these issues.
3 participants
@y9v @codecov-commenter @Strech