Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add excon instrumentation for AppSec #4399

Merged
merged 9 commits into from
Feb 19, 2025
Merged

Add excon instrumentation for AppSec #4399

merged 9 commits into from
Feb 19, 2025

Conversation

y9v
Copy link
Member

@y9v y9v commented Feb 18, 2025
edited
Loading

What does this PR do?
This PR adds SSRF detection to excon http client library.

To enable excon instrumentation:

Datadog.configure do |c|
  c.tracing.enabled = true
  c.tracing.instrument :rack

  c.appsec.enabled = true
  c.appsec.instrument :excon
end

Motivation:
We want to enable SSRF detection for most popular ruby http client libraries.

Change log entry
Yes. AppSec: Add detection of Server-Side Request Forgery attacks for excon http client.

Additional Notes:
Auto-patching for excon is set to false, since it might be used as an adapter for faraday http client, which has auto-patching enabled.

How to test the change?
CI and app-generator (rails-ssrf application)

@y9v y9v self-assigned this Feb 18, 2025
@y9v y9v requested review from a team as code owners February 18, 2025 13:25
@github-actions github-actions bot added integrations Involves tracing integrations appsec Application Security monitoring product labels Feb 18, 2025
y9v
y9v commented Feb 18, 2025
View reviewed changes
@pr-commenter
Copy link

pr-commenter bot commented Feb 18, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-02-18 17:06:26

Comparing candidate commit 7b6d2c9 in PR branch appsec-add-excon-instrumentation with baseline commit 5e20f11 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 33 metrics, 2 unstable metrics.

@codecov-commenter
Copy link

codecov-commenter commented Feb 18, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 96.96970% with 4 lines in your changes missing coverage. Please review.

Project coverage is 97.69%. Comparing base (5e20f11) to head (7b6d2c9).
Report is 2 commits behind head on master.

Files with missing lines Patch % Lines
...adog/appsec/contrib/integration/excon_ssrf_spec.rb 95.45% 2 Missing ⚠️
lib/datadog/appsec/contrib/excon/integration.rb 95.00% 1 Missing ⚠️
lib/datadog/appsec/contrib/excon/patcher.rb 92.30% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4399      +/-   ##
==========================================
- Coverage   97.71%   97.69%   -0.03%     
==========================================
  Files        1361     1366       +5     
  Lines       83241    83372     +131     
  Branches     4227     4230       +3     
==========================================
+ Hits        81339    81450     +111     
- Misses       1902     1922      +20

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Feb 18, 2025
edited
Loading

Datadog Report

Branch report: appsec-add-excon-instrumentation
Commit report: 7b6d2c9
Test service: dd-trace-rb

✅ 0 Failed, 20768 Passed, 1372 Skipped, 3m 13.47s Total Time

@y9v y9v force-pushed the appsec-add-excon-instrumentation branch from db5dbf0 to 1c3d617 Compare February 18, 2025 14:52
Strech
Strech approved these changes Feb 18, 2025
View reviewed changes
Copy link
Member

@Strech Strech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have 2 minor comments, well done 👏🏼

@y9v y9v force-pushed the appsec-add-excon-instrumentation branch from b44ad1b to 7b6d2c9 Compare February 18, 2025 16:41
@y9v y9v merged commit 908154a into master Feb 19, 2025
497 checks passed
@y9v y9v deleted the appsec-add-excon-instrumentation branch February 19, 2025 07:38
@github-actions github-actions bot added this to the 2.11.0 milestone Feb 19, 2025
@TonyCTHsu TonyCTHsu mentioned this pull request Feb 24, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Strech Strech Strech approved these changes

Assignees

@y9v y9v

Labels
appsec Application Security monitoring product integrations Involves tracing integrations
Projects
None yet
Milestone
2.11.0
Development

Successfully merging this pull request may close these issues.
3 participants
@y9v @codecov-commenter @Strech