Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code injection instrumented metric #5164

Merged
merged 3 commits into from
Jan 31, 2025
Merged

Conversation

IlyasShabi
Copy link
Contributor

What does this PR do?

Support instrumented sink metric sink for code injection

Motivation

Plugin Checklist

Additional Notes

Copy link

github-actions bot commented Jan 28, 2025

Overall package size

Self size: 8.55 MB
Deduped: 94.94 MB
No deduping: 95.46 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.4.0 | 29.44 MB | 29.44 MB | | @datadog/native-appsec | 8.4.0 | 19.25 MB | 19.26 MB | | @datadog/native-iast-taint-tracking | 3.2.0 | 13.9 MB | 13.91 MB | | @datadog/pprof | 5.5.1 | 9.79 MB | 10.17 MB | | protobufjs | 7.2.5 | 2.77 MB | 5.16 MB | | @datadog/native-iast-rewriter | 2.6.1 | 2.59 MB | 2.73 MB | | @opentelemetry/core | 1.14.0 | 872.87 kB | 1.47 MB | | @datadog/native-metrics | 3.1.0 | 1.06 MB | 1.46 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | import-in-the-middle | 1.11.2 | 112.74 kB | 826.22 kB | | source-map | 0.7.4 | 226 kB | 226 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | lru-cache | 7.18.3 | 133.92 kB | 133.92 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.0 | 109.9 kB | 109.9 kB | | semver | 7.6.3 | 95.82 kB | 95.82 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 5.3.1 | 51.46 kB | 51.46 kB | | shell-quote | 1.8.1 | 44.96 kB | 44.96 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | rfdc | 1.3.1 | 25.21 kB | 25.21 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | dc-polyfill | 0.1.4 | 23.1 kB | 23.1 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | ttl-set | 1.0.0 | 4.61 kB | 9.69 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |

🤖 This report was automatically generated by heaviest-objects-in-the-universe

Copy link

codecov bot commented Jan 28, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.08%. Comparing base (ff05e3b) to head (481c745).
Report is 8 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #5164      +/-   ##
==========================================
+ Coverage   81.07%   81.08%   +0.01%     
==========================================
  Files         479      479              
  Lines       21338    21350      +12     
==========================================
+ Hits        17299    17311      +12     
  Misses       4039     4039              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pr-commenter
Copy link

pr-commenter bot commented Jan 28, 2025

Benchmarks

Benchmark execution time: 2025-01-30 13:30:08

Comparing candidate commit 481c745 in PR branch code-injdection-metrics with baseline commit ff05e3b in branch master.

Found 1 performance improvements and 0 performance regressions! Performance is the same for 907 metrics, 25 unstable metrics.

scenario:plugin-graphql-with-async-hooks-22

  • 🟩 max_rss_usage [-117.624MB; -101.800MB] or [-18.082%; -15.649%]

@IlyasShabi IlyasShabi marked this pull request as ready for review January 30, 2025 13:34
@IlyasShabi IlyasShabi requested a review from a team as a code owner January 30, 2025 13:34
expect(payload[0][0].metrics['_dd.iast.enabled']).to.be.equal(1)
expect(payload[0][0].meta).to.have.property('_dd.iast.json')
let iastTelemetryReceived = false
const checkTelemetry = agent.assertTelemetryReceived(({ headers, payload }) => {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand why these tests are working.
The request is finished when we are subscribing to the agent, why are we able to check the logs that happened before? Could this be a source of flakyness?
I think that we should set these asserts before the axios.get(url)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I can see more code implemented like this, I think that it is working because there is at least small delay betewen the vuln is detected and reported and the logs are send to the agent.

@IlyasShabi IlyasShabi merged commit c67739b into master Jan 31, 2025
348 of 350 checks passed
@IlyasShabi IlyasShabi deleted the code-injdection-metrics branch January 31, 2025 13:40
watson pushed a commit that referenced this pull request Jan 31, 2025
@watson watson mentioned this pull request Jan 31, 2025
watson pushed a commit that referenced this pull request Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants