Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[APPSEC-56187] Rework WAF span metrics collection #4291

Merged
merged 12 commits into from
Jan 16, 2025
Merged

[APPSEC-56187] Rework WAF span metrics collection #4291

merged 12 commits into from
Jan 16, 2025

Conversation

Strech
Copy link
Member

@Strech Strech commented Jan 15, 2025
edited
Loading

What does this PR do?

Encapsulates metrics collection into AppSec::Context which exposes public API to call security checks. And restructure some other classes responsibilities.

Motivation:

The end goal is to reduce abstraction leak from instrumentation and accumulate it in a single place for the future refactoring.

⚠️ This is not the end-goal, but rather mid-state.

Change log entry

No.

Additional Notes:

In a nutshell

  1. AppSec::Processor::Context moved into AppSec::SecurityEngine::Runner and lost some responsibilities it should not has.
  2. A new self-sufficient representation of the WAF run introduced AppSec::SecurityEngine::Result::{Ok, Match, Error} with united interface and stats.
  3. Security events storage moved into Context too to remove the knowledge leak from security engine side.
  4. And AppSec module is now responsible for knowing is API-Security enabled or not.

How to test the change?

If the CI and System-Tests are passing - we are good to go.

@github-actions github-actions bot added integrations Involves tracing integrations appsec Application Security monitoring product labels Jan 15, 2025
@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Jan 15, 2025
edited
Loading

Datadog Report

Branch report: appsec-56187-move-waf-span-metrics-into-context
Commit report: b6e2f20
Test service: dd-trace-rb

✅ 0 Failed, 22063 Passed, 1477 Skipped, 5m 10.33s Total Time

@Strech Strech force-pushed the appsec-56187-move-waf-span-metrics-into-context branch from 8ab0c68 to d7769f1 Compare January 15, 2025 14:23
@Strech Strech added dev/refactor Involves refactoring existing components dev/internal Other internal work that does not need to be included in the changelog labels Jan 15, 2025
@pr-commenter
Copy link

pr-commenter bot commented Jan 15, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-01-15 18:21:08

Comparing candidate commit b6e2f20 in PR branch appsec-56187-move-waf-span-metrics-into-context with baseline commit 9e3a3e3 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 31 metrics, 2 unstable metrics.

@Strech Strech force-pushed the appsec-56187-move-waf-span-metrics-into-context branch 4 times, most recently from a24600c to 7a8e713 Compare January 15, 2025 16:20
@codecov-commenter
Copy link

codecov-commenter commented Jan 15, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 97.84946% with 8 lines in your changes missing coverage. Please review.

Project coverage is 97.71%. Comparing base (9e3a3e3) to head (b6e2f20).
Report is 3 commits behind head on master.

Files with missing lines Patch % Lines
lib/datadog/appsec/contrib/rack/gateway/watcher.rb 50.00% 3 Missing ⚠️
.../datadog/appsec/contrib/sinatra/gateway/watcher.rb 50.00% 2 Missing ⚠️
...ib/datadog/appsec/contrib/rails/gateway/watcher.rb 50.00% 1 Missing ⚠️
lib/datadog/appsec/monitor/gateway/watcher.rb 50.00% 1 Missing ⚠️
lib/datadog/appsec/security_engine/runner.rb 97.95% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #4291   +/-   ##
=======================================
  Coverage   97.71%   97.71%           
=======================================
  Files        1356     1358    +2     
  Lines       82489    82498    +9     
  Branches     4219     4221    +2     
=======================================
+ Hits        80604    80615   +11     
+ Misses       1885     1883    -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Strech Strech force-pushed the appsec-56187-move-waf-span-metrics-into-context branch from 7a8e713 to b6e2f20 Compare January 15, 2025 17:58
@Strech Strech marked this pull request as ready for review January 15, 2025 18:00
@Strech Strech requested review from a team as code owners January 15, 2025 18:00
y9v
y9v approved these changes Jan 16, 2025
View reviewed changes
lib/datadog/appsec/context.rb Show resolved Hide resolved
@Strech Strech merged commit 4bdcc0f into master Jan 16, 2025
378 checks passed
@Strech Strech deleted the appsec-56187-move-waf-span-metrics-into-context branch January 16, 2025 10:19
@github-actions github-actions bot added this to the 2.10.0 milestone Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@y9v y9v y9v approved these changes

Assignees
No one assigned
Labels
appsec Application Security monitoring product dev/internal Other internal work that does not need to be included in the changelog dev/refactor Involves refactoring existing components integrations Involves tracing integrations
Projects
None yet
Milestone
2.10.0
Development

Successfully merging this pull request may close these issues.
3 participants
@Strech @codecov-commenter @y9v