Skip to content

Report IAST metrics via telemetry #2805

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 11, 2023
Merged

Report IAST metrics via telemetry #2805

merged 7 commits into from
Jul 11, 2023

Conversation

@iunanua
Copy link
Contributor

@iunanua iunanua commented Feb 16, 2023
edited by uurien
Loading

What does this PR do?

When the DD_TELEMETRY_METRICS_ENABLED environment variable is true, iast related information is recollected to send it to the backend.
Here is information related related with the request, that is sent when the request ends, and other information is send as global metrics periodically.

Plugin Checklist

  • Unit tests.

Additional Notes

Even if this is a large PR, the changes out of the appsec directory are few.

  • packages/dd-trace/src/config.js: To read new DD_TELEMETRY_METRICS_ENABLED and DD_IAST_TELEMETRY_VERBOSITY configurations.
  • packages/dd-trace/src/telemetry/metrics.js: Prevent sending namespace information when the namespace hasn't anything to send.

@pr-commenter
Copy link

pr-commenter bot commented Feb 16, 2023
edited
Loading

Benchmarks

Benchmark execution time: 2023-07-11 06:54:35

Comparing candidate commit 1d0ce27 in PR branch igor/iast_telemetry with baseline commit 3a2347c in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 461 metrics, 31 unstable metrics.

@iunanua iunanua force-pushed the igor/iast_telemetry branch from 52c3db6 to 682a706 Compare March 7, 2023 14:34
@github-actions
Copy link

github-actions bot commented Mar 7, 2023
edited
Loading

Overall package size

Self size: 4.87 MB
Deduped: 57.85 MB
No deduping: 57.95 MB

Dependency sizes

name version self size total size
@datadog/native-iast-taint-tracking 1.5.0 14.86 MB 14.86 MB
@datadog/native-appsec 3.2.0 13.38 MB 13.39 MB
@datadog/pprof 3.0.0 10.54 MB 11.39 MB
protobufjs 7.2.4 2.74 MB 6.52 MB
@datadog/native-iast-rewriter 2.0.1 2.09 MB 2.1 MB
@opentelemetry/core 1.14.0 872.87 kB 1.47 MB
@datadog/native-metrics 2.0.0 898.77 kB 1.3 MB
@opentelemetry/api 1.4.1 780.32 kB 780.32 kB
msgpack-lite 0.1.26 201.16 kB 281.59 kB
opentracing 0.14.7 194.81 kB 194.81 kB
semver 7.5.3 93.39 kB 123.79 kB
@datadog/sketches-js 2.1.0 109.9 kB 109.9 kB
lodash.sortby 4.7.0 75.76 kB 75.76 kB
lru-cache 7.14.0 74.95 kB 74.95 kB
ipaddr.js 2.0.1 59.52 kB 59.52 kB
int64-buffer 0.1.10 49.18 kB 49.18 kB
ignore 5.2.0 48.87 kB 48.87 kB
import-in-the-middle 1.3.5 34.34 kB 38.81 kB
istanbul-lib-coverage 3.2.0 29.34 kB 29.34 kB
retry 0.10.1 27.44 kB 27.44 kB
lodash.uniq 4.5.0 25.01 kB 25.01 kB
limiter 1.1.5 23.17 kB 23.17 kB
lodash.kebabcase 4.1.1 17.75 kB 17.75 kB
lodash.pick 4.4.0 16.33 kB 16.33 kB
node-abort-controller 3.0.1 14.33 kB 14.33 kB
crypto-randomuuid 1.0.0 11.18 kB 11.18 kB
diagnostics_channel 1.1.0 7.07 kB 7.07 kB
path-to-regexp 0.1.7 6.78 kB 6.78 kB
koalas 1.0.2 6.47 kB 6.47 kB
methods 1.1.2 5.29 kB 5.29 kB
module-details-from-path 1.0.3 4.47 kB 4.47 kB

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@codecov
Copy link

codecov bot commented Mar 7, 2023
edited
Loading

Codecov Report

Merging #2805 (1d0ce27) into master (3a2347c) will increase coverage by 0.51%.
The diff coverage is 97.68%.

@@            Coverage Diff             @@
##           master    #2805      +/-   ##
==========================================
+ Coverage   84.09%   84.60%   +0.51%     
==========================================
  Files         204      211       +7     
  Lines        8017     8252     +235     
  Branches       33       33              
==========================================
+ Hits         6742     6982     +240     
+ Misses       1275     1270       -5
Impacted Files Coverage Δ
...ppsec/iast/analyzers/command-injection-analyzer.js 100.00% <ø> (ø)
...c/appsec/iast/analyzers/ldap-injection-analyzer.js 100.00% <ø> (ø)
...d-trace/src/appsec/iast/analyzers/ssrf-analyzer.js 100.00% <ø> (ø)
.../src/appsec/iast/analyzers/weak-cipher-analyzer.js 100.00% <ø> (ø)
...ce/src/appsec/iast/analyzers/weak-hash-analyzer.js 100.00% <ø> (ø)
packages/dd-trace/src/appsec/iast/tags.js 100.00% <ø> (ø)
...race/src/appsec/iast/taint-tracking/csi-methods.js 100.00% <ø> (ø)
...ace/src/appsec/iast/taint-tracking/source-types.js 100.00% <ø> (ø)
...s/dd-trace/src/appsec/iast/telemetry/namespaces.js 89.65% <89.65%> (ø)
...d-trace/src/appsec/iast/taint-tracking/rewriter.js 94.87% <93.75%> (+0.75%) ⬆️
... and 20 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@iunanua iunanua force-pushed the igor/iast_telemetry branch 5 times, most recently from 372327a to 7eae478 Compare March 24, 2023 11:33
@iunanua iunanua marked this pull request as ready for review March 24, 2023 14:38
@iunanua iunanua requested review from a team as code owners March 24, 2023 14:38
Qard
Qard previously approved these changes Mar 26, 2023
View reviewed changes
CarlesDD
CarlesDD reviewed Mar 27, 2023
View reviewed changes
@iunanua iunanua force-pushed the igor/iast_telemetry branch from 7eae478 to f0f569f Compare April 3, 2023 09:12
CarlesDD
CarlesDD previously requested changes Apr 3, 2023
View reviewed changes
@iunanua iunanua requested a review from CarlesDD April 3, 2023 17:07
@iunanua iunanua force-pushed the igor/iast_telemetry branch 4 times, most recently from b9db65a to 7999ca0 Compare April 14, 2023 07:10
hoolioh
hoolioh reviewed Apr 17, 2023
View reviewed changes
hoolioh
hoolioh reviewed Apr 17, 2023
View reviewed changes
@iunanua iunanua force-pushed the igor/iast_telemetry branch 2 times, most recently from 424d5be to 92d624b Compare April 19, 2023 09:30
CarlesDD
CarlesDD requested changes Jul 5, 2023
View reviewed changes
@uurien uurien force-pushed the igor/iast_telemetry branch from 35e5e01 to 93aa8c7 Compare July 5, 2023 12:17
CarlesDD
CarlesDD previously approved these changes Jul 5, 2023
View reviewed changes
@uurien uurien marked this pull request as ready for review July 5, 2023 13:06
@uurien uurien requested a review from Qard July 5, 2023 16:05
@uurien uurien force-pushed the igor/iast_telemetry branch from 93aa8c7 to 1d0ce27 Compare July 11, 2023 06:45
@uurien uurien merged commit 3d05ac2 into master Jul 11, 2023
@uurien uurien deleted the igor/iast_telemetry branch July 11, 2023 07:23
Qard pushed a commit that referenced this pull request Jul 11, 2023
@iunanua @uurien
Report IAST metrics via telemetry (#2805)
a5baa66 
Co-authored-by: Ugaitz Urien <[email protected]>
Qard pushed a commit that referenced this pull request Jul 11, 2023
@iunanua @uurien
Report IAST metrics via telemetry (#2805)
fb656e4 
Co-authored-by: Ugaitz Urien <[email protected]>
Qard pushed a commit that referenced this pull request Jul 11, 2023
@iunanua @uurien
Report IAST metrics via telemetry (#2805)
bcaa5d0 
Co-authored-by: Ugaitz Urien <[email protected]>
This was referenced Jul 11, 2023
Merged
Merged
Merged
Qard pushed a commit that referenced this pull request Jul 11, 2023
@iunanua @uurien
Report IAST metrics via telemetry (#2805)
6453ea3 
Co-authored-by: Ugaitz Urien <[email protected]>
Qard pushed a commit that referenced this pull request Jul 11, 2023
@iunanua @uurien
Report IAST metrics via telemetry (#2805)
d670be8 
Co-authored-by: Ugaitz Urien <[email protected]>
Qard pushed a commit that referenced this pull request Jul 11, 2023
@iunanua @uurien
Report IAST metrics via telemetry (#2805)
9681f51 
Co-authored-by: Ugaitz Urien <[email protected]>
Qard pushed a commit that referenced this pull request Jul 14, 2023
@iunanua @uurien @Qard
Report IAST metrics via telemetry (#2805)
f08fa54 
Co-authored-by: Ugaitz Urien <[email protected]>
Qard pushed a commit that referenced this pull request Jul 14, 2023
@iunanua @uurien @Qard
Report IAST metrics via telemetry (#2805)
8f708c1 
Co-authored-by: Ugaitz Urien <[email protected]>
Qard pushed a commit that referenced this pull request Jul 14, 2023
@iunanua @uurien @Qard
Report IAST metrics via telemetry (#2805)
da08df0 
Co-authored-by: Ugaitz Urien <[email protected]>
@erikvanbrakel erikvanbrakel mentioned this pull request Jul 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@uurien uurien uurien left review comments

@hoolioh hoolioh hoolioh left review comments

@CarlesDD CarlesDD CarlesDD approved these changes

@Qard Qard Awaiting requested review from Qard

Assignees

No one assigned

Labels

asm-iast semver-patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@iunanua @Qard @uurien @hoolioh @CarlesDD