HTTP Endpoint Fingerprint Processor

[Anilm3]

This PR introduces the HTTP endpoint fingerprint processor, as well as some functionality to aid in the generation of further fingerprint fragments. To include this processor, one must add the following configuration:

id: http-endpoint-fingerprint
generator: http_endpoint_fingerprint
conditions:
  - operator: equals
    parameters:
      inputs:
        - address: waf.context.event
      type: boolean
      value: true
parameters:
  mappings:
    - method:
        - address: server.request.method
      uri_raw:
        - address: server.request.uri.raw
      body:
        - address: server.request.body
      query:
        - address: server.request.query
      output: _dd.appsec.fp.http.endpoint
evaluate: false
output: true

This fragment is specifically aimed at generating a unique fingerprint for an endpoint, or rather an endpoint as it was accessed by the given request. Note that the definition of the processor has a condition on waf.context.event. This address will be automatically generated by libddwaf, albeit it will be added in a future PR.

Related Jira: APPSEC-53808

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 84.75610% with 25 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@09de0e0). Learn more about missing BASE report.

Files	Patch %	Lines
src/processor/fingerprint.cpp	85.96%	9 Missing and 7 partials ⚠️
src/parser/processor_parser.cpp	67.85%	6 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             master     #318   +/-   ##
=========================================
  Coverage          ?   84.26%           
=========================================
  Files             ?      143           
  Lines             ?     6698           
  Branches          ?     3077           
=========================================
  Hits              ?     5644           
  Misses            ?      389           
  Partials          ?      665           

Flag	Coverage Δ
waf_test	84.26% <84.75%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-07-15 19:41:34

Comparing candidate commit 189cb8c in PR branch anilm3/endpoint-fingerprint with baseline commit 09de0e0 in branch master.

Found 4 performance improvements and 3 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

scenario:is_xss_matcher.random

• 🟥 execution_time [+4.989ms; +5.001ms] or [+6.168%; +6.183%]

scenario:phrase_match_matcher.enforce_word_boundary.random

• 🟥 execution_time [+415.972µs; +419.525µs] or [+5.791%; +5.840%]

scenario:phrase_match_matcher.random

• 🟩 execution_time [-736.556µs; -730.236µs] or [-9.447%; -9.366%]

scenario:regex_match_matcher.case_insensitive_flag.random

• 🟩 execution_time [-829.277µs; -825.397µs] or [-14.117%; -14.050%]

scenario:regex_match_matcher.case_insensitive_option.random

• 🟩 execution_time [-831.329µs; -827.154µs] or [-14.152%; -14.081%]

scenario:regex_match_matcher.lowercase_transformer.random

• 🟩 execution_time [-705.468µs; -696.910µs] or [-9.655%; -9.537%]

scenario:remove_nulls_transformer.random

• 🟥 execution_time [+1.959ms; +1.980ms] or [+19.102%; +19.303%]