Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[APPSEC-56188] Replace Scope with Context #4277

Draft
wants to merge 10 commits into
base: master
Choose a base branch
from
Draft

[APPSEC-56188] Replace Scope with Context #4277

wants to merge 10 commits into from

Conversation

Strech
Copy link
Member

@Strech Strech commented Jan 10, 2025
edited
Loading

What does this PR do?

Replace irresponsible class AppSec::Scope with AppSec::Context and move some functionality into it.

Motivation:

In order to implement RASP/WAF telemetry and metrics we need to adjust the domain of the AppSec. The main point - AppSec::Context represents request context and hides complexity of the security engine calls (and gathering statistics) from the instrumentation.

You will see some obvious issues with existing code because of that change, but that's the plan. We move slowly with a guaranteed compatibility.

Change log entry

No.

Additional Notes:

This is the first PR which establishes the base to develop metrics collection. In this PR introduces as minimum as possible changes to stay compatible, but move forward.

How to test the change?

CI (specifically systems tests) should be enough.

@Strech Strech changed the title APPSEC-56188 Replace Scope with Context [APPSEC-56188] Replace Scope with Context Jan 10, 2025
@github-actions github-actions bot added integrations Involves tracing integrations appsec Application Security monitoring product labels Jan 10, 2025
@Strech Strech added dev/refactor Involves refactoring existing components dev/internal Other internal work that does not need to be included in the changelog labels Jan 10, 2025
datadog-datadog-prod-us1[bot]
datadog-datadog-prod-us1 bot reviewed Jan 10, 2025
View reviewed changes
spec/datadog/appsec/context_spec.rb Outdated Show resolved Hide resolved
spec/datadog/appsec/context_spec.rb Outdated Show resolved Hide resolved
@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Jan 10, 2025
edited
Loading

Datadog Report

Branch report: appsec-56188-replace-scope-with-context
Commit report: 4c768f4
Test service: dd-trace-rb

❌ 12 Failed (0 Known Flaky), 22186 Passed, 1476 Skipped, 4m 51.62s Total Time

❌ Failed Tests (12)

This report shows up to 5 failed tests.

  • Datadog::AppSec::Contrib::GraphQL::Reactive::Multiplex.subscribe all addresses have been published does call the waf context with the right arguments - rspec - Details

    Expand for error 
     the Datadog::AppSec::Context class does not implement the instance method: run
 
 Failure/Error:
   expect(context).to receive(:run).with(
     { 'graphql.server.all_resolvers' => expected_arguments },
     {},
     Datadog.configuration.appsec.waf_timeout
   ).and_return(waf_result)
 
   the Datadog::AppSec::Context class does not implement the instance method: run
 ...

  • Datadog::AppSec::Contrib::GraphQL::Reactive::Multiplex.subscribe behaves like waf result is a match yields result and blocking action. The publish method catches the resul as well - rspec - Details

    Expand for error 
     #<InstanceDouble(Datadog::AppSec::Context) (anonymous)> received unexpected message :[] with (:trace)
 
 Failure/Error: ::GraphQL::Execution::Multiplex.new(schema: schema, queries: queries, context: context, max_complexity: nil)
   #<InstanceDouble(Datadog::AppSec::Context) (anonymous)> received unexpected message :[] with (:trace)
 Shared Example Group: "waf result" called from ./spec/datadog/appsec/contrib/graphql/reactive/multiplex_spec.rb:61
 /usr/local/bundle/gems/graphql-2.3.6/lib/graphql/execution/multiplex.rb:35:in \`initialize'
 ./spec/datadog/tracing/contrib/graphql/support/application.rb:54:in \`block in <main>'
 ./spec/datadog/appsec/contrib/graphql/reactive/multiplex_spec.rb:62:in \`block in <main>'
 ./spec/datadog/appsec/reactive/shared_examples.rb:25:in \`block in <main>'
 ./spec/datadog/tracing/contrib/support/tracer_helpers.rb:96:in \`block in TracerHelpers'
 ...

  • Datadog::AppSec::Contrib::GraphQL::Reactive::Multiplex.subscribe behaves like waf result is a match yields result and no blocking action - rspec - Details

    Expand for error 
     #<InstanceDouble(Datadog::AppSec::Context) (anonymous)> received unexpected message :[] with (:trace)
 
 Failure/Error: ::GraphQL::Execution::Multiplex.new(schema: schema, queries: queries, context: context, max_complexity: nil)
   #<InstanceDouble(Datadog::AppSec::Context) (anonymous)> received unexpected message :[] with (:trace)
 Shared Example Group: "waf result" called from ./spec/datadog/appsec/contrib/graphql/reactive/multiplex_spec.rb:61
 /usr/local/bundle/gems/graphql-2.3.6/lib/graphql/execution/multiplex.rb:35:in \`initialize'
 ./spec/datadog/tracing/contrib/graphql/support/application.rb:54:in \`block in <main>'
 ./spec/datadog/appsec/contrib/graphql/reactive/multiplex_spec.rb:62:in \`block in <main>'
 ./spec/datadog/appsec/reactive/shared_examples.rb:13:in \`block in <main>'
 ./spec/datadog/tracing/contrib/support/tracer_helpers.rb:96:in \`block in TracerHelpers'
 ...

  • Datadog::AppSec::Contrib::GraphQL::Reactive::Multiplex.subscribe behaves like waf result is invalid_call does not yield - rspec - Details

    Expand for error 
     #<InstanceDouble(Datadog::AppSec::Context) (anonymous)> received unexpected message :[] with (:trace)
 
 Failure/Error: ::GraphQL::Execution::Multiplex.new(schema: schema, queries: queries, context: context, max_complexity: nil)
   #<InstanceDouble(Datadog::AppSec::Context) (anonymous)> received unexpected message :[] with (:trace)
 Shared Example Group: "waf result" called from ./spec/datadog/appsec/contrib/graphql/reactive/multiplex_spec.rb:61
 /usr/local/bundle/gems/graphql-2.3.6/lib/graphql/execution/multiplex.rb:35:in \`initialize'
 ./spec/datadog/tracing/contrib/graphql/support/application.rb:54:in \`block in <main>'
 ./spec/datadog/appsec/contrib/graphql/reactive/multiplex_spec.rb:62:in \`block in <main>'
 ./spec/datadog/appsec/reactive/shared_examples.rb:49:in \`block in <main>'
 ./spec/datadog/tracing/contrib/support/tracer_helpers.rb:96:in \`block in TracerHelpers'
 ...

  • Datadog::AppSec::Contrib::GraphQL::Reactive::Multiplex.subscribe behaves like waf result is invalid_flow does not yield - rspec - Details

    Expand for error 
     #<InstanceDouble(Datadog::AppSec::Context) (anonymous)> received unexpected message :[] with (:trace)
 
 Failure/Error: ::GraphQL::Execution::Multiplex.new(schema: schema, queries: queries, context: context, max_complexity: nil)
   #<InstanceDouble(Datadog::AppSec::Context) (anonymous)> received unexpected message :[] with (:trace)
 Shared Example Group: "waf result" called from ./spec/datadog/appsec/contrib/graphql/reactive/multiplex_spec.rb:61
 /usr/local/bundle/gems/graphql-2.3.6/lib/graphql/execution/multiplex.rb:35:in \`initialize'
 ./spec/datadog/tracing/contrib/graphql/support/application.rb:54:in \`block in <main>'
 ./spec/datadog/appsec/contrib/graphql/reactive/multiplex_spec.rb:62:in \`block in <main>'
 ./spec/datadog/appsec/reactive/shared_examples.rb:73:in \`block in <main>'
 ./spec/datadog/tracing/contrib/support/tracer_helpers.rb:96:in \`block in TracerHelpers'
 ...

@pr-commenter
Copy link

pr-commenter bot commented Jan 10, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-01-10 16:44:21

Comparing candidate commit 4c768f4 in PR branch appsec-56188-replace-scope-with-context with baseline commit 12add3a in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 31 metrics, 2 unstable metrics.

@Strech Strech force-pushed the appsec-56188-replace-scope-with-context branch 2 times, most recently from 5ec6575 to 615da95 Compare January 10, 2025 15:58
@Strech Strech force-pushed the appsec-56188-replace-scope-with-context branch from 615da95 to 4c768f4 Compare January 10, 2025 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
appsec Application Security monitoring product dev/internal Other internal work that does not need to be included in the changelog dev/refactor Involves refactoring existing components integrations Involves tracing integrations
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Strech