Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix AppSec libddwaf actions handling after update to 1.17.0.0.0 #4173

Merged
merged 2 commits into from
Nov 28, 2024
Merged

Fix AppSec libddwaf actions handling after update to 1.17.0.0.0 #4173

merged 2 commits into from
Nov 28, 2024

Conversation

y9v
Copy link
Member

@y9v y9v commented Nov 28, 2024

In version 1.17.0.0.0 libddwaf changes the format of the actions that are returned from an array of actions IDs to an array of actions objects. This means that we no longer have to look up actions in the ruleset and can just use actions that libddwaf returns.

https://github.com/DataDog/libddwaf/blob/master/UPGRADING.md#action-semantics

What does this PR do?
This PR removes AppSec::Actions class, since we don't need to hold and lookup ruleset actions now, libddwaf does it for us. It also fixes custom action handling in Datadog::AppSec::Response.

Motivation:
Failing system tests that test blocking using custom actions:
#4171

Change log entry
None

Additional Notes:
None

How to test the change?
CI is enough (system tests have to be run from cbeauchesne/add-system-tests-scenario branch)

@y9v
Fix AppSec libddwaf actions handling after update to 1.17.0.0.0
c167bd0 
In version 1.17.0.0.0 libddwaf changes the format of the actions that
are returned from an array of actions IDs to an array of actions
objects. This means that we no longer have to look up actions in the
ruleset and can just use actions that libddwaf returns.
@y9v y9v self-assigned this Nov 28, 2024
@y9v y9v requested a review from a team as a code owner November 28, 2024 15:44
@github-actions github-actions bot added the appsec Application Security monitoring product label Nov 28, 2024
@y9v y9v requested a review from a team as a code owner November 28, 2024 15:48
@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Nov 28, 2024
edited
Loading

Datadog Report

Branch report: appsec-fix-libddwaf-actions-handling
Commit report: 315c32f
Test service: dd-trace-rb

✅ 0 Failed, 22028 Passed, 1458 Skipped, 5m 31.88s Total Time

Strech
Strech approved these changes Nov 28, 2024
View reviewed changes
Copy link
Member

@Strech Strech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome 🟢

@y9v y9v force-pushed the appsec-fix-libddwaf-actions-handling branch from fb14384 to 315c32f Compare November 28, 2024 16:09
@cbeauchesne cbeauchesne mentioned this pull request Nov 28, 2024
Closed
@pr-commenter
Copy link

pr-commenter bot commented Nov 28, 2024
edited
Loading

Benchmarks

Benchmark execution time: 2024-11-28 16:26:35

Comparing candidate commit fb14384 in PR branch appsec-fix-libddwaf-actions-handling with baseline commit 646d17a in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 31 metrics, 2 unstable metrics.

@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 94.28571% with 2 lines in your changes missing coverage. Please review.

Project coverage is 97.76%. Comparing base (646d17a) to head (315c32f).

Files with missing lines Patch % Lines
lib/datadog/appsec.rb 50.00% 1 Missing ⚠️
lib/datadog/appsec/response.rb 75.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4173      +/-   ##
==========================================
- Coverage   97.78%   97.76%   -0.02%     
==========================================
  Files        1353     1351       -2     
  Lines       81861    81732     -129     
  Branches     4153     4146       -7     
==========================================
- Hits        80044    79904     -140     
- Misses       1817     1828      +11

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@y9v y9v merged commit 33ca49d into master Nov 28, 2024
309 checks passed
@y9v y9v deleted the appsec-fix-libddwaf-actions-handling branch November 28, 2024 16:56
@github-actions github-actions bot added this to the 2.8.0 milestone Nov 28, 2024
@y9v y9v mentioned this pull request Nov 28, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcotc marcotc marcotc approved these changes

@Strech Strech Strech approved these changes

Assignees

@y9v y9v

Labels
appsec Application Security monitoring product
Projects
None yet
Milestone
2.8.0
Development

Successfully merging this pull request may close these issues.
4 participants
@y9v @codecov-commenter @marcotc @Strech