-
Notifications
You must be signed in to change notification settings - Fork 411
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(appsec): ddwaf extension #3027
Conversation
bdfb834
to
87a0b14
Compare
This reverts commit 021ad0e.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall, but I probably don't have all the context for a full review. I think as long as appsec is only optionally imported from the main tracer, then it won't have any impact on serverless.
@nizox this pull request is now in conflict 😩 |
…b-ddwaf' into nicolas.vivet/external-shared-lib-ddwaf
Thanks a lot for the reviews @brettlangdon and @Kyle-Verhoog ! Is there anything else I need to fix? |
Nope! As long as CI passes, this will automerge. If we have a flaky test we can rerun the failed tests, but otherwise nothing else needed from me. |
@brettlangdon seems we did not sign all commits :( do you prefer we amend them with signatures or do you think you could admin-merge this? |
@Mergifyio refresh |
✅ Pull request refreshed |
This PR adds an extension for [libddwaf](https://github.com/DataDog/libddwaf) and a minimal AppSec module. ddwaf is a C++ extension built using cython and linked statically with the libddwaf library that is itself built with cmake. As a result, a C++ compiler, cmake, ninja and git are now required to build ddtrace from source. We except most users to install ddtrace using binary wheels, so they should not notice this change. However, any errors during the compilation of this extension is ignored for now in order to avoid installation failures. The AppSec module is disabled by default and can be enabled using the `DD_APPSEC_ENABLED` environment variable. It consists of a single processor subscribing to web spans and detecting common web scanners on 404 HTTP responses.
This PR adds an extension for libddwaf and a minimal AppSec module.
ddwaf is a C++ extension built using cython and linked statically with the libddwaf library that is itself built with cmake. As a result, a C++ compiler, cmake, ninja and git are now required to build ddtrace from source. We except most users to install ddtrace using binary wheels, so they should not notice this change.
The AppSec module is disabled by default and can be enabled using the
DD_APPSEC_ENABLED
environment variable. It consists of a single processor subscribing to web spans and detecting common web scanners on 404 HTTP responses.