Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[asm] IAST security controls #5117

Merged
merged 59 commits into from
Feb 12, 2025
Merged
Changes from 1 commit
Commits
Show all changes
59 commits
Select commit Hold shift + click to select a range
d5a52ea
Security controls parser and secure marks for vulnerabilities
iunanua Jan 10, 2025
c4c398c
Use new NOSQL_MONGODB_INJECTION_MARK in nosql-injection-mongodb-analyzer
iunanua Jan 10, 2025
9a1229c
Config
iunanua Jan 13, 2025
dce2f18
first hooks
iunanua Jan 13, 2025
ac1d502
wrap object properties and more tests
iunanua Jan 15, 2025
4cc7895
Use dd-trace:moduleLoad(Start|End) channels
iunanua Jan 15, 2025
6fe83f6
iterate object strings and more tests
iunanua Jan 15, 2025
4e4d69e
fix parameter index, include createNewTainted flag and do not use Plu…
iunanua Jan 16, 2025
90b9ff8
Fix parameter index and include a test with incorrect index
iunanua Jan 16, 2025
2d86aee
Avoid to hook multiple times the same module and config tests
iunanua Jan 16, 2025
5ed8aa2
sql_injection_mark test
iunanua Jan 16, 2025
57548b0
vulnerable ranges tests
iunanua Jan 16, 2025
610e216
fix windows paths
iunanua Jan 16, 2025
ca0bbe5
Merge branch 'master' into igor/iast-security-controls
iunanua Jan 17, 2025
b4a217e
Upgrade taint-tracking to 3.3.0
iunanua Jan 17, 2025
0b0c292
Fix * secure mark
iunanua Jan 20, 2025
af61bf9
add createNewTainted flag to addSecureMark
iunanua Jan 21, 2025
fb1de25
Use existing _isRangeSecure
iunanua Jan 22, 2025
384d526
supressed vulnerabilities metric
iunanua Jan 22, 2025
fce89df
increment supressed vulnerability metric
iunanua Jan 22, 2025
c324c58
typo
iunanua Jan 22, 2025
767d2db
handle esm default export and filenames starting with file://
iunanua Jan 22, 2025
082ac75
esm integration tests
iunanua Jan 22, 2025
4b948ad
clean up
iunanua Jan 23, 2025
d9c1393
secure-marks tests
iunanua Jan 23, 2025
1fdaf86
Merge branch 'master' into igor/iast-security-controls
iunanua Jan 23, 2025
3b697d1
fix secure-marks generator test
iunanua Jan 23, 2025
07dcc02
fix config test
iunanua Jan 23, 2025
5556875
empty
iunanua Jan 24, 2025
3f57dea
check for repeated marks
iunanua Jan 24, 2025
d67c179
Update packages/dd-trace/src/appsec/iast/analyzers/injection-analyzer.js
iunanua Jan 27, 2025
1870856
Update packages/dd-trace/src/appsec/iast/security-controls/index.js
iunanua Jan 27, 2025
0d94fdc
Update packages/dd-trace/src/appsec/iast/taint-tracking/secure-marks.js
iunanua Jan 27, 2025
dd9721d
some suggestions
iunanua Jan 27, 2025
1e83152
move _isRangeSecure to InjectionAnalyzer
iunanua Jan 27, 2025
9ebe9d8
Add programatically config option
iunanua Jan 27, 2025
0ffe2bf
index.d.ts
iunanua Jan 27, 2025
5de1eec
Merge branch 'master' into igor/iast-security-controls
iunanua Jan 27, 2025
e8f623f
StoredInjectionAnalyzer
iunanua Jan 28, 2025
de6bc7f
Update packages/dd-trace/test/appsec/iast/analyzers/command-injection…
iunanua Jan 28, 2025
a88ce85
store control keys to avoid recreating the array
iunanua Jan 28, 2025
a0cd2bc
check visited before iterating
iunanua Jan 28, 2025
cbc2355
Merge branch 'master' into igor/iast-security-controls
iunanua Jan 29, 2025
a290eca
test suggestions
iunanua Feb 3, 2025
d7ac4cf
Merge branch 'master' into igor/iast-security-controls
iunanua Feb 3, 2025
20a5c38
Update packages/dd-trace/src/appsec/iast/security-controls/parser.js
iunanua Feb 3, 2025
777409e
lint
iunanua Feb 3, 2025
79f7fbd
ritm test
iunanua Feb 3, 2025
f9479a5
clean up
iunanua Feb 3, 2025
c31e0ff
Merge branch 'master' into igor/iast-security-controls
iunanua Feb 5, 2025
6dc2181
Reject security control with non numeric parameters
iunanua Feb 5, 2025
3a37485
fix parameter 0
iunanua Feb 5, 2025
d38f23f
Update integration-tests/appsec/iast.esm-security-controls.spec.js
iunanua Feb 7, 2025
a35f3c9
suggestions
iunanua Feb 7, 2025
0af50e8
Merge branch 'master' into igor/iast-security-controls
iunanua Feb 10, 2025
b2b4abd
use legacy store
iunanua Feb 10, 2025
ca90431
fix test
iunanua Feb 10, 2025
12fa9bb
fix test
iunanua Feb 10, 2025
2ffa591
fix test
iunanua Feb 10, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Upgrade taint-tracking to 3.3.0
iunanua committed Jan 17, 2025
commit b4a217e8651a090ed97f36da28b3c5cd7bec46d0
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -84,7 +84,7 @@
"@datadog/libdatadog": "^0.4.0",
"@datadog/native-appsec": "8.4.0",
"@datadog/native-iast-rewriter": "2.6.1",
"@datadog/native-iast-taint-tracking": "3.2.0",
"@datadog/native-iast-taint-tracking": "3.3.0",
"@datadog/native-metrics": "^3.1.0",
"@datadog/pprof": "5.4.1",
"@datadog/sketches-js": "^2.1.0",
16 changes: 8 additions & 8 deletions yarn.lock
Original file line number Diff line number Diff line change
@@ -401,10 +401,10 @@
resolved "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz"
integrity "sha1-u1BFecHK6SPmV2pPXaQ9Jfl729k= sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ=="

"@datadog/libdatadog@^0.3.0":
version "0.3.0"
resolved "https://registry.yarnpkg.com/@datadog/libdatadog/-/libdatadog-0.3.0.tgz#2fc1e2695872840bc8c356f66acf675da428d6f0"
integrity sha512-TbP8+WyXfh285T17FnLeLUOPl4SbkRYMqKgcmknID2mXHNrbt5XJgW9bnDgsrrtu31Q7FjWWw2WolgRLWyzLRA==
"@datadog/libdatadog@^0.4.0":
version "0.4.0"
resolved "https://registry.yarnpkg.com/@datadog/libdatadog/-/libdatadog-0.4.0.tgz#aeeea02973f663b555ad9ac30c4015a31d561598"
integrity sha512-kGZfFVmQInzt6J4FFGrqMbrDvOxqwk3WqhAreS6n9b/De+iMVy/NMu3V7uKsY5zAvz+uQw0liDJm3ZDVH/MVVw==

"@datadog/native-appsec@8.4.0":
version "8.4.0"
@@ -421,10 +421,10 @@
lru-cache "^7.14.0"
node-gyp-build "^4.5.0"

"@datadog/native-iast-taint-tracking@3.2.0":
version "3.2.0"
resolved "https://registry.yarnpkg.com/@datadog/native-iast-taint-tracking/-/native-iast-taint-tracking-3.2.0.tgz#9fb6823d82f934e12c06ea1baa7399ca80deb2ec"
integrity sha512-Mc6FzCoyvU5yXLMsMS9yKnEqJMWoImAukJXolNWCTm+JQYCMf2yMsJ8pBAm7KyZKliamM9rCn7h7Tr2H3lXwjA==
"@datadog/native-iast-taint-tracking@3.3.0":
version "3.3.0"
resolved "https://registry.yarnpkg.com/@datadog/native-iast-taint-tracking/-/native-iast-taint-tracking-3.3.0.tgz#5a9c87e07376e7c5a4b4d4985f140a60388eee00"
integrity sha512-OzmjOncer199ATSYeCAwSACCRyQimo77LKadSHDUcxa/n9FYU+2U/bYQTYsK3vquSA2E47EbSVq9rytrlTdvnA==
dependencies:
node-gyp-build "^3.9.0"