Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(appsec): ddwaf extension #3027

Merged
merged 73 commits into from
Feb 2, 2022
Merged

feat(appsec): ddwaf extension #3027

merged 73 commits into from
Feb 2, 2022

Conversation

nizox
Copy link
Contributor

@nizox nizox commented Nov 23, 2021
edited by brettlangdon
Loading

This PR adds an extension for libddwaf and a minimal AppSec module.

ddwaf is a C++ extension built using cython and linked statically with the libddwaf library that is itself built with cmake. As a result, a C++ compiler, cmake, ninja and git are now required to build ddtrace from source. We except most users to install ddtrace using binary wheels, so they should not notice this change.

The AppSec module is disabled by default and can be enabled using the DD_APPSEC_ENABLED environment variable. It consists of a single processor subscribing to web spans and detecting common web scanners on 404 HTTP responses.

@nizox nizox force-pushed the nicolas.vivet/external-shared-lib-ddwaf branch from bdfb834 to 87a0b14 Compare November 25, 2021 10:03
DarcyRaynerDD
DarcyRaynerDD reviewed Dec 7, 2021
View reviewed changes
Copy link
Contributor

@DarcyRaynerDD DarcyRaynerDD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall, but I probably don't have all the context for a full review. I think as long as appsec is only optionally imported from the main tracer, then it won't have any impact on serverless.

.gitignore Show resolved Hide resolved
@mergify
Copy link
Contributor

mergify bot commented Dec 7, 2021

@nizox this pull request is now in conflict 😩

@mergify mergify bot added the conflict label Dec 7, 2021
@mergify mergify bot removed the conflict label Dec 7, 2021
@nizox nizox requested a review from P403n1x87 December 7, 2021 20:58
brettlangdon
brettlangdon approved these changes Feb 1, 2022
View reviewed changes
ddtrace/appsec/_ddwaf.pyx Show resolved Hide resolved
Kyle-Verhoog
Kyle-Verhoog approved these changes Feb 1, 2022
View reviewed changes
ddtrace/appsec/processor.py Show resolved Hide resolved
@vdeturckheim vdeturckheim changed the title [APPSEC] ddwaf extension feat(appsec): ddwaf extension Feb 1, 2022
@vdeturckheim
Copy link
Contributor

Thanks a lot for the reviews @brettlangdon and @Kyle-Verhoog ! Is there anything else I need to fix?

@brettlangdon
Copy link
Member

Thanks a lot for the reviews @brettlangdon and @Kyle-Verhoog ! Is there anything else I need to fix?

Nope! As long as CI passes, this will automerge. If we have a flaky test we can rerun the failed tests, but otherwise nothing else needed from me.

@vdeturckheim
Copy link
Contributor

@brettlangdon seems we did not sign all commits :( do you prefer we amend them with signatures or do you think you could admin-merge this?

@brettlangdon
Copy link
Member

@Mergifyio refresh

@mergify
Copy link
Contributor

mergify bot commented Feb 2, 2022

refresh

✅ Pull request refreshed

@brettlangdon brettlangdon changed the title feat(appsec): ddwaf extension feat(appsec): ddwaf extensio Feb 2, 2022
@brettlangdon brettlangdon changed the title feat(appsec): ddwaf extensio feat(appsec): ddwaf extension Feb 2, 2022
@mergify mergify bot merged commit d668dac into master Feb 2, 2022
@mergify mergify bot deleted the nicolas.vivet/external-shared-lib-ddwaf branch February 2, 2022 13:12
@majorgreys majorgreys mentioned this pull request Feb 2, 2022
Merged
mergify bot pushed a commit that referenced this pull request Feb 3, 2022
@majorgreys
fix(appsec): ddtrace.ext.SpanTypes not an Enum (#3220)
e39b57f 
Update from #3192 given new code added by #3027.
@Kyle-Verhoog Kyle-Verhoog mentioned this pull request Feb 3, 2022
Merged
mabdinur pushed a commit that referenced this pull request Feb 4, 2022
@nizox @mabdinur
feat(appsec): ddwaf extension (#3027)
fafcb01 
This PR adds an extension for [libddwaf](https://github.com/DataDog/libddwaf) and a minimal AppSec module.

ddwaf is a C++ extension built using cython and linked statically with the libddwaf library that is itself built with cmake. As a result, a C++ compiler, cmake, ninja and git are now required to build ddtrace from source. We except most users to install ddtrace using binary wheels, so they should not notice this change. However, any errors during the compilation of this extension is ignored for now in order to avoid installation failures.

The AppSec module is disabled by default and can be enabled using the `DD_APPSEC_ENABLED` environment variable. It consists of a single processor subscribing to web spans and detecting common web scanners on 404 HTTP responses.
brettlangdon pushed a commit that referenced this pull request Feb 8, 2022
@majorgreys @brettlangdon
fix(appsec): ddtrace.ext.SpanTypes not an Enum (#3220)
cf4532d 
Update from #3192 given new code added by #3027.
brettlangdon pushed a commit that referenced this pull request Feb 9, 2022
@majorgreys @brettlangdon
fix(appsec): ddtrace.ext.SpanTypes not an Enum (#3220)
3b435dd 
Update from #3192 given new code added by #3027.
majorgreys added a commit that referenced this pull request Feb 10, 2022
@majorgreys
fix(appsec): ddtrace.ext.SpanTypes not an Enum (#3220)
a8f2fa8 
Update from #3192 given new code added by #3027.
majorgreys added a commit that referenced this pull request Feb 10, 2022
@majorgreys
fix(appsec): ddtrace.ext.SpanTypes not an Enum (#3220)
927a468 
Update from #3192 given new code added by #3027.
@DavidS-cloud DavidS-cloud mentioned this pull request Feb 14, 2022
Closed
majorgreys added a commit that referenced this pull request Feb 15, 2022
@majorgreys
fix(appsec): ddtrace.ext.SpanTypes not an Enum (#3220)
9e135b3 
Update from #3192 given new code added by #3027.
majorgreys added a commit that referenced this pull request Feb 16, 2022
@majorgreys
fix(appsec): ddtrace.ext.SpanTypes not an Enum (#3220)
88d2461 
Update from #3192 given new code added by #3027.
majorgreys added a commit that referenced this pull request Feb 17, 2022
@majorgreys
fix(appsec): ddtrace.ext.SpanTypes not an Enum (#3220)
cd6abc6 
Update from #3192 given new code added by #3027.
majorgreys added a commit that referenced this pull request Feb 18, 2022
@majorgreys
fix(appsec): ddtrace.ext.SpanTypes not an Enum (#3220)
214f5b5 
Update from #3192 given new code added by #3027.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jd jd jd left review comments

@vdeturckheim vdeturckheim vdeturckheim left review comments

@DarcyRaynerDD DarcyRaynerDD DarcyRaynerDD left review comments

@brettlangdon brettlangdon brettlangdon approved these changes

@Kyle-Verhoog Kyle-Verhoog Kyle-Verhoog approved these changes

@P403n1x87 P403n1x87 Awaiting requested review from P403n1x87

Assignees
No one assigned
Labels
changelog/no-changelog A changelog entry is not required for this PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@nizox @codecov-commenter @vdeturckheim @brettlangdon @jd @Kyle-Verhoog @P403n1x87 @DarcyRaynerDD