Skip to content

Commit aa950e2

Browse files
cataphractcataphract
committed
Roadrunner appsec support
1 parent f4edf58 commit aa950e2

File tree

286 files changed

+18659
-627
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

286 files changed

+18659
-627
lines changed

appsec/CMakeLists.txt

+5-2
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,14 @@
11
cmake_minimum_required(VERSION 3.14)
22

3+
34
list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/../cmake/Modules")
45

56
option(HUNTER_STATUS_DEBUG "Print Hunter debug info" OFF)
67

78
include("cmake/HunterGate.cmake")
89
HunterGate(
9-
URL "https://github.com/cpp-pm/hunter/archive/v0.23.314.tar.gz"
10-
SHA1 "95c47c92f68edb091b5d6d18924baabe02a6962a")
10+
URL "https://github.com/cpp-pm/hunter/archive/v0.25.3.tar.gz"
11+
SHA1 "0dfbc2cb5c4cf7e83533733bdfd2125ff96680cb")
1112

1213
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/hunter-cache.id.in ${CMAKE_CURRENT_SOURCE_DIR}/hunter-cache.id)
1314

@@ -30,6 +31,8 @@ option(DD_APPSEC_TESTING "Whether to enable testing" ON)
3031

3132
add_subdirectory(third_party EXCLUDE_FROM_ALL)
3233

34+
include("cmake/patchelf.cmake")
35+
3336
if (DD_APPSEC_BUILD_EXTENSION)
3437
include("cmake/extension.cmake")
3538
endif()

appsec/cmake/extension.cmake

+3-2
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ if(COMPILER_HAS_NO_GNU_UNIQUE)
4343
target_compile_options(extension PRIVATE $<$<COMPILE_LANGUAGE:CXX>:-fno-gnu-unique>)
4444
endif()
4545
target_compile_options(extension PRIVATE $<$<COMPILE_LANGUAGE:CXX>:-fno-rtti -fno-exceptions>)
46-
target_compile_options(extension PRIVATE -Wall -Wextra -Wno-unused-parameter)
46+
target_compile_options(extension PRIVATE -Wall -Wextra -Werror)
4747
# our thread local variables are only used by ourselves
4848
target_compile_options(extension PRIVATE -ftls-model=local-dynamic)
4949

@@ -54,9 +54,10 @@ target_linker_flag_conditional(extension -Wl,--as-needed)
5454
target_linker_flag_conditional(extension "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/ddappsec.version")
5555

5656
# Mac OS
57-
target_linker_flag_conditional(extension -flat_namespace -undefined suppress)
57+
target_linker_flag_conditional(extension -flat_namespace "-undefined suppress")
5858
target_linker_flag_conditional(extension -Wl,-exported_symbol -Wl,_get_module)
5959

60+
patch_away_libc(extension)
6061

6162
if(DD_APPSEC_TESTING)
6263
if(DD_APPSEC_ENABLE_COVERAGE)

appsec/cmake/patchelf.cmake

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
function(patch_away_libc target)
2+
if (NOT ${DD_APPSEC_ENABLE_PATCHELF_LIBC})
3+
return()
4+
endif()
5+
6+
if (CMAKE_SYSTEM_NAME STREQUAL Darwin)
7+
return()
8+
endif()
9+
10+
find_program(PATCHELF patchelf)
11+
if (PATCHELF STREQUAL "PATCHELF-NOTFOUND")
12+
message(FATAL_ERROR "patchelf not found")
13+
endif()
14+
15+
add_custom_command(TARGET ${target} POST_BUILD
16+
COMMAND patchelf --remove-needed libc.so $<TARGET_FILE:${target}> ${SYMBOL_FILE})
17+
endfunction()

appsec/cmake/run-tests-wrapper.sh

+2-1
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ export DD_TRACE_ENABLED=true
99
export DD_TRACE_GENERATE_ROOT_SPAN=true
1010
export DD_TRACE_CLI_ENABLED=true
1111
export DD_TRACE_AGENT_PORT=18126
12+
export PHPRC=
1213

1314
CMAKE_BINARY_DIR="$1"
1415
MOCK_HELPER_BINARY="$2"
@@ -44,7 +45,7 @@ function link_extensions {
4445
if [[ -L $ddtrace && $(readlink "$ddtrace") != $TRACER_EXT_FILE ]]; then
4546
rm -v "$ddtrace"
4647
fi
47-
if [[ ! -f $ddtrace ]]; then
48+
if [[ ! -L $ddtrace ]]; then
4849
ln -s -v "$TRACER_EXT_FILE" $ddtrace
4950
fi
5051
fi

appsec/cmake/run_tests.cmake

+3-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
1-
set(DD_APPSEC_TRACER_EXT_FILE ${CMAKE_SOURCE_DIR}/../tmp/build_extension/modules/ddtrace.so)
1+
get_filename_component(DD_APPSEC_TRACER_EXT_FILE "${CMAKE_SOURCE_DIR}/../tmp/build_extension/modules/ddtrace.so" REALPATH)
22

33
add_custom_target(ddtrace
4-
COMMAND make
4+
COMMAND ${CMAKE_COMMAND} -E env "PATH=${PhpConfig_ROOT_DIR}/bin:$ENV{PATH}" PHPRC=
5+
make "${DD_APPSEC_TRACER_EXT_FILE}"
56
BYPRODUCTS ${DD_APPSEC_TRACER_EXT_FILE}
67
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/../)
78

appsec/run-tests-internal.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -2842,10 +2842,10 @@ function run_test($php, $file, array $env)
28422842
gdb --args {$cmd}
28432843
;;
28442844
"valgrind")
2845-
USE_ZEND_ALLOC=0 valgrind $2 ${cmd}
2845+
USE_ZEND_ALLOC=0 valgrind $2 {$cmd}
28462846
;;
28472847
"rr")
2848-
rr record $2 ${cmd}
2848+
rr record $2 {$cmd}
28492849
;;
28502850
*)
28512851
{$cmd}
@@ -3773,7 +3773,7 @@ public function __construct(array $environment, $tool = 'memcheck')
37733773
public function wrapCommand($cmd, $memcheck_filename, $check_all)
37743774
{
37753775
$supp_file = INIT_DIR . "/valgrind.supp";
3776-
$vcmd = "valgrind -q --tool={$this->tool} --trace-children=no --child-silent-after-fork=yes --leak-check=full " .
3776+
$vcmd = "valgrind --gen-suppressions=all -q --tool={$this->tool} --trace-children=no --child-silent-after-fork=yes --leak-check=full " .
37773777
"--num-callers=16 --run-libc-freeres=no";
37783778
if (file_exists($supp_file)) {
37793779
$vcmd .= " --suppressions='$supp_file'";

appsec/src/extension/commands/client_init.c

+17-11
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,8 @@ static const unsigned int MAX_TCP_PORT_ALLOWED = UINT16_MAX;
2323

2424
static dd_result _pack_command(mpack_writer_t *nonnull w, void *nullable ctx);
2525
static dd_result _process_response(mpack_node_t root, void *nullable ctx);
26-
static void _process_meta_and_metrics(mpack_node_t root);
26+
static void _process_meta_and_metrics(
27+
mpack_node_t root, struct req_info *nonnull ctx);
2728
static void _pack_agent_details(mpack_writer_t *nonnull w);
2829

2930
static const dd_command_spec _spec = {
@@ -78,24 +79,22 @@ static void _pack_agent_details(mpack_writer_t *nonnull w)
7879
}
7980
}
8081

81-
dd_result dd_client_init(dd_conn *nonnull conn)
82+
dd_result dd_client_init(dd_conn *nonnull conn, struct req_info *nonnull ctx)
8283
{
83-
return dd_command_exec_cred(conn, &_spec, NULL);
84+
return dd_command_exec_cred(conn, &_spec, ctx);
8485
}
8586

8687
static dd_result _pack_command(
8788
mpack_writer_t *nonnull w, ATTR_UNUSED void *nullable ctx)
8889
{
89-
// unsigned pid, string client_version, runtime_version, rules_file
9090
mpack_write(w, (uint32_t)getpid());
9191
dd_mpack_write_lstr(w, PHP_DDAPPSEC_VERSION);
9292
dd_mpack_write_lstr(w, PHP_VERSION);
9393

94-
enabled_configuration configuration = DDAPPSEC_G(enabled_by_configuration);
95-
if (configuration == NOT_CONFIGURED) {
94+
if (DDAPPSEC_G(enabled) == APPSEC_ENABLED_VIA_REMCFG) {
9695
mpack_write_nil(w);
9796
} else {
98-
mpack_write_bool(w, configuration == ENABLED ? true : false);
97+
mpack_write_bool(w, DDAPPSEC_G(active));
9998
}
10099

101100
// Service details
@@ -206,7 +205,7 @@ static dd_result _process_response(
206205
mpack_node_t root, ATTR_UNUSED void *nullable ctx)
207206
{
208207
// Add any tags and metrics provided by the helper
209-
_process_meta_and_metrics(root);
208+
_process_meta_and_metrics(root, ctx);
210209

211210
// check verdict
212211
mpack_node_t verdict = mpack_node_array_at(root, 0);
@@ -246,15 +245,22 @@ static dd_result _process_response(
246245
return dd_error;
247246
}
248247

249-
static void _process_meta_and_metrics(mpack_node_t root)
248+
static void _process_meta_and_metrics(mpack_node_t root, struct req_info *nonnull ctx)
250249
{
250+
zend_object *span = ctx->root_span;
251+
if (!span) {
252+
mlog(
253+
dd_log_debug, "Meta/metrics in client_init ignored (no root span)");
254+
return;
255+
}
256+
251257
mpack_node_t meta = mpack_node_array_at(root, 3);
252258
if (mpack_node_map_count(meta) > 0) {
253-
dd_command_process_meta(meta);
259+
dd_command_process_meta(meta, span);
254260
}
255261

256262
mpack_node_t metrics = mpack_node_array_at(root, 4);
257-
dd_command_process_metrics(metrics);
263+
dd_command_process_metrics(metrics, span);
258264
}
259265

260266
static dd_result _check_helper_version(mpack_node_t root)

appsec/src/extension/commands/client_init.h

+2-1
Original file line numberDiff line numberDiff line change
@@ -6,5 +6,6 @@
66
#pragma once
77

88
#include "../network.h"
9+
#include "../commands_ctx.h"
910

10-
dd_result dd_client_init(dd_conn *nonnull conn);
11+
dd_result dd_client_init(dd_conn *nonnull conn, struct req_info *nonnull ctx);

appsec/src/extension/commands/request_exec.c

+13-4
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,11 @@
1212
#include <zend_hash.h>
1313
#include <zend_types.h>
1414

15+
struct ctx {
16+
struct req_info req_info; // dd_command_proc_resp_verd_span_data expect it
17+
zval *nonnull data;
18+
};
19+
1520
static dd_result _pack_command(
1621
mpack_writer_t *nonnull w, ATTR_UNUSED void *nullable ctx);
1722

@@ -32,14 +37,18 @@ dd_result dd_request_exec(dd_conn *nonnull conn, zval *nonnull data)
3237
return dd_error;
3338
}
3439

35-
return dd_command_exec(conn, &_spec, (void *)data);
40+
struct ctx ctx = { .data = data };
41+
42+
return dd_command_exec(conn, &_spec, &ctx);
3643
}
3744

3845
static dd_result _pack_command(
39-
mpack_writer_t *nonnull w, ATTR_UNUSED void *nullable ctx)
46+
mpack_writer_t *nonnull w, ATTR_UNUSED void *nullable _ctx)
4047
{
41-
zval *data = (zval *)ctx;
42-
dd_mpack_write_zval(w, data);
48+
assert(_ctx != NULL);
49+
struct ctx *ctx = _ctx;
50+
51+
dd_mpack_write_zval(w, ctx->data);
4352

4453
return dd_success;
4554
}

0 commit comments

Comments
 (0)