From 5149b343cb60a8663591c519406e5a3310a380bb Mon Sep 17 00:00:00 2001 From: Alejandro Estringana Ruiz Date: Fri, 25 Oct 2024 11:03:27 +0200 Subject: [PATCH] Set asm events on new tag _dd.p.appsec --- appsec/src/extension/tags.c | 56 ++++++++++++------- .../client_init_record_span_tags.phpt | 1 + .../extension/rinit_record_span_tags.phpt | 1 + ext/serializer.c | 11 ++-- 4 files changed, 44 insertions(+), 25 deletions(-) diff --git a/appsec/src/extension/tags.c b/appsec/src/extension/tags.c index b17b29de283..144f60a620b 100644 --- a/appsec/src/extension/tags.c +++ b/appsec/src/extension/tags.c @@ -108,6 +108,7 @@ static THREAD_LOCAL_ON_ZTS bool _appsec_json_frags_inited; static THREAD_LOCAL_ON_ZTS zend_llist _appsec_json_frags; static THREAD_LOCAL_ON_ZTS zend_string *nullable _event_user_id; static THREAD_LOCAL_ON_ZTS bool _blocked; +static THREAD_LOCAL_ON_ZTS bool _asm_event; static THREAD_LOCAL_ON_ZTS bool _force_keep; static void _init_relevant_headers(void); @@ -121,6 +122,8 @@ void _set_runtime_family(zend_object *nonnull span); static bool _set_appsec_enabled(zval *metrics_zv); static void _register_functions(void); static void _register_test_functions(void); +static void _add_new_zstr_to_meta(zend_array *meta_ht, zend_string *key, + zend_string *val, bool copy, bool override); void dd_tags_startup() { @@ -290,9 +293,13 @@ void dd_tags_rinit() // Just in case... _event_user_id = NULL; _blocked = false; + _asm_event = false; _force_keep = false; } +static void _dd_tags_add_asm_event() { _asm_event = true; } + + void dd_tags_add_appsec_json_frag(zend_string *nonnull zstr) { zend_llist_add_element(&_appsec_json_frags, &zstr); @@ -313,6 +320,16 @@ void dd_tags_rshutdown() } } +static void _dd_appsec_asm_event(zend_array *meta_ht) +{ + if (meta_ht && _asm_event) { + // Indicate there is a ASM EVENT. This tag is used for any event + // threats, business logic events, IAST, etc + _add_new_zstr_to_meta( + meta_ht, _dd_tag_p_appsec_zstr, _1_zstr, true, false); + } +} + void dd_tags_add_tags( zend_object *nonnull span, zend_array *nullable superglob_equiv) { @@ -370,9 +387,7 @@ void dd_tags_add_tags( return; } - // Indicate there is a ASM EVENT. This tag is used for any event threats, - // business logic events, IAST, etc - _add_new_zstr_to_meta(meta_ht, _dd_tag_p_appsec_zstr, _1_zstr, true, false); + _dd_tags_add_asm_event(); // Add tags with request/response information if (server) { @@ -485,6 +500,24 @@ static void _add_basic_tags_to_meta( _dd_request_headers(meta_ht, _server, headers); } +// NOLINTNEXTLINE(bugprone-easily-swappable-parameters) +static void _add_all_tags_to_meta( + zval *nonnull meta, const zend_array *nonnull _server) +{ + zend_array *meta_ht = Z_ARRVAL_P(meta); + _dd_http_method(meta_ht); + _dd_http_url(meta_ht, _server); + _dd_http_user_agent(meta_ht, _server); + _dd_http_status_code(meta_ht); + _dd_http_network_client_ip(meta_ht, _server); + _dd_request_headers(meta_ht, _server, &_relevant_headers); + _dd_http_client_ip(meta_ht); + _dd_response_headers(meta_ht); + _dd_event_user_id(meta_ht); + _dd_appsec_blocked(meta_ht); + _dd_appsec_asm_event(meta_ht); +} + static void _add_new_zstr_to_meta(zend_array *meta_ht, zend_string *key, zend_string *val, bool copy, bool override) { @@ -511,23 +544,6 @@ static void _add_new_zstr_to_meta(zend_array *meta_ht, zend_string *key, } } -// NOLINTNEXTLINE(bugprone-easily-swappable-parameters) -static void _add_all_tags_to_meta( - zval *nonnull meta, const zend_array *nonnull _server) -{ - zend_array *meta_ht = Z_ARRVAL_P(meta); - _dd_http_method(meta_ht); - _dd_http_url(meta_ht, _server); - _dd_http_user_agent(meta_ht, _server); - _dd_http_status_code(meta_ht); - _dd_http_network_client_ip(meta_ht, _server); - _dd_request_headers(meta_ht, _server, &_relevant_headers); - _dd_http_client_ip(meta_ht); - _dd_response_headers(meta_ht); - _dd_event_user_id(meta_ht); - _dd_appsec_blocked(meta_ht); -} - static void _dd_http_method(zend_array *meta_ht) { if (zend_hash_exists(meta_ht, _dd_tag_http_method_zstr)) { diff --git a/appsec/tests/extension/client_init_record_span_tags.phpt b/appsec/tests/extension/client_init_record_span_tags.phpt index 5455aeafd69..0e345b23a76 100644 --- a/appsec/tests/extension/client_init_record_span_tags.phpt +++ b/appsec/tests/extension/client_init_record_span_tags.phpt @@ -85,6 +85,7 @@ tags: Array ( [_dd.appsec.json] => {"triggers":[{"found":"attack"},{"another":"attack"},{"yet another":"attack"}]} + [_dd.p.appsec] => 1 [_dd.p.dm] => -0 [_dd.p.tid] => %s [_dd.runtime_family] => php diff --git a/appsec/tests/extension/rinit_record_span_tags.phpt b/appsec/tests/extension/rinit_record_span_tags.phpt index 3ffe1d1f797..97b2d2c8e6f 100644 --- a/appsec/tests/extension/rinit_record_span_tags.phpt +++ b/appsec/tests/extension/rinit_record_span_tags.phpt @@ -80,6 +80,7 @@ tags: Array ( [_dd.appsec.json] => {"triggers":[{"found":"attack"},{"another":"attack"},{"yet another":"attack"}]} + [_dd.p.appsec] => 1 [_dd.p.dm] => -0 [_dd.p.tid] => %s [_dd.runtime_family] => php diff --git a/ext/serializer.c b/ext/serializer.c index 8dbcdcbb27f..79fed5ec74a 100644 --- a/ext/serializer.c +++ b/ext/serializer.c @@ -1691,19 +1691,20 @@ void ddtrace_serialize_span_to_array(ddtrace_span_data *span, zval *array) { zend_hash_str_del(meta, ZEND_STRL("operation.name")); } + zval *asm_event = NULL; + if (get_global_DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED()) { + asm_event = zend_hash_str_find(meta, ZEND_STRL("_dd.p.appsec")); + } + bool is_standalone_appsec_span = asm_event ? Z_TYPE_P(asm_event) == IS_STRING && strncmp(Z_STRVAL_P(asm_event), "1", sizeof("1") - 1) == 0 : 0; + _serialize_meta(el, span, Z_TYPE_P(prop_service) > IS_NULL ? Z_STR(prop_service_as_string) : ZSTR_EMPTY_ALLOC()); zval metrics_zv; array_init(&metrics_zv); zend_string *str_key; zval *val; - bool is_standalone_appsec_span = false; ZEND_HASH_FOREACH_STR_KEY_VAL_IND(metrics, str_key, val) { if (str_key) { - if (!is_standalone_appsec_span && get_global_DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED() && - strcmp("_dd.appsec.enabled", ZSTR_VAL(str_key)) == 0) { - is_standalone_appsec_span = true; - } dd_serialize_array_metrics_recursively(Z_ARRVAL(metrics_zv), str_key, val); } } ZEND_HASH_FOREACH_END();