Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Faraday instrumentation for AppSec #4391

Merged
merged 11 commits into from
Feb 18, 2025
Merged

Add Faraday instrumentation for AppSec #4391

merged 11 commits into from
Feb 18, 2025

Conversation

y9v
Copy link
Member

@y9v y9v commented Feb 14, 2025

What does this PR do?
This PR adds Faraday instrumentation to AppSec for Server-Side Request Forgery detection.

Motivation:
We want to detect SSRF attacks on applications using Faraday as the http client. Support for more http clients (excon and rest-client) will be added in subsequent PRs.

Change log entry
Yes. AppSec: Add detection of Server-Side Request Forgery attacks for Faraday http client.

Additional Notes:
Patcher is heavily inspired by our Tracing Faraday patcher.

How to test the change?
CI and manual testing with app-generator (rails-ssrf variant)

@y9v y9v self-assigned this Feb 14, 2025
@y9v y9v requested review from a team as code owners February 14, 2025 15:06
@github-actions github-actions bot added integrations Involves tracing integrations appsec Application Security monitoring product labels Feb 14, 2025
@pr-commenter
Copy link

pr-commenter bot commented Feb 14, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-02-18 09:54:45

Comparing candidate commit 0158995 in PR branch appsec-add-faraday-instrumentation with baseline commit bcf28ce in branch master.

Found 0 performance improvements and 1 performance regressions! Performance is the same for 30 metrics, 2 unstable metrics.

scenario:tracing - Propagation - Trace Context

  • 🟥 throughput [-3022.972op/s; -2927.621op/s] or [-8.152%; -7.895%]

@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Feb 14, 2025
edited
Loading

Datadog Report

Branch report: appsec-add-faraday-instrumentation
Commit report: 0158995
Test service: dd-trace-rb

✅ 0 Failed, 20398 Passed, 1373 Skipped, 3m 12.28s Total Time

@codecov-commenter
Copy link

codecov-commenter commented Feb 14, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 98.13665% with 3 lines in your changes missing coverage. Please review.

Project coverage is 97.71%. Comparing base (bcf28ce) to head (0158995).

Files with missing lines Patch % Lines
...og/appsec/contrib/integration/faraday_ssrf_spec.rb 95.65% 2 Missing ⚠️
lib/datadog/appsec/contrib/faraday/integration.rb 95.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4391      +/-   ##
==========================================
- Coverage   97.71%   97.71%   -0.01%     
==========================================
  Files        1354     1361       +7     
  Lines       83085    83246     +161     
  Branches     4219     4226       +7     
==========================================
+ Hits        81188    81341     +153     
- Misses       1897     1905       +8

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@DataDog DataDog deleted a comment from datadog-datadog-prod-us1 bot Feb 14, 2025
Strech
Strech requested changes Feb 17, 2025
View reviewed changes
Copy link
Member

@Strech Strech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome to see that we have a solid ground to develop integrations. I left a few comments over naming and testing because I think we could do better and simplify even more

@y9v y9v force-pushed the appsec-add-faraday-instrumentation branch from b36bc90 to 22b7115 Compare February 17, 2025 16:18
@y9v y9v force-pushed the appsec-add-faraday-instrumentation branch from b7fbdd1 to 6de7666 Compare February 17, 2025 16:33
@y9v y9v requested a review from Strech February 17, 2025 16:33
Strech
Strech approved these changes Feb 18, 2025
View reviewed changes
Copy link
Member

@Strech Strech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome 👏🏼

I have a few non-blocking suggestions, but for tests it's an important.

@y9v y9v merged commit 89e2082 into master Feb 18, 2025
284 checks passed
@y9v y9v deleted the appsec-add-faraday-instrumentation branch February 18, 2025 10:09
@github-actions github-actions bot added this to the 2.11.0 milestone Feb 18, 2025
@y9v y9v mentioned this pull request Feb 18, 2025
Merged
@TonyCTHsu TonyCTHsu mentioned this pull request Feb 24, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@marcotc marcotc marcotc approved these changes

@Strech Strech Strech approved these changes

Assignees

@y9v y9v

Labels
appsec Application Security monitoring product integrations Involves tracing integrations
Projects
None yet
Milestone
2.11.0
Development

Successfully merging this pull request may close these issues.
4 participants
@y9v @codecov-commenter @marcotc @Strech