Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement LFI #2770

Open
wants to merge 29 commits into
base: master
Choose a base branch
from
Open

Implement LFI #2770

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
8053833
Wrap lfi functions
estringana Jul 23, 2024
8c0f445
Test LFi functions
estringana Aug 2, 2024
343c85b
Avoid unnecesary new zvals
estringana Aug 21, 2024
b51f550
Add rasp duration tag
estringana Aug 26, 2024
f5c1b77
Add optional rasp metrics
estringana Aug 27, 2024
82bbd97
Add duration_ext tag
estringana Aug 28, 2024
d626280
Add DD_APPSEC_RASP_ENABLED configuration
estringana Aug 29, 2024
b22eca9
Add lfi capability
estringana Aug 30, 2024
2f0c6ca
Amend issue with rasp events tags
estringana Aug 30, 2024
f8b2a57
Move rasp.duration_ext to appsec extension
estringana Sep 3, 2024
e9b4496
Ensure rasp tags are created
estringana Sep 4, 2024
efb6de9
Ensure duration_ext is added
estringana Sep 5, 2024
59a82c9
Avoid loaded wrappers when appsec no loaded
estringana Sep 11, 2024
1bb6228
Change comment
estringana Sep 12, 2024
0e7fb90
Disable rasp by default
estringana Sep 20, 2024
844fdf8
Fix error loading filesytem integration on test_c tests
estringana Sep 30, 2024
77c40e7
Add more rasp tests
estringana Sep 30, 2024
8d8c184
Stop creating not needed spans
estringana Sep 30, 2024
785db5e
Lint
estringana Sep 30, 2024
e85757b
Lint
estringana Oct 2, 2024
21e3338
Enable rasp manually on integration tests
estringana Oct 3, 2024
9bd9682
Amend test
estringana Oct 8, 2024
7d253e0
Lint
estringana Oct 8, 2024
fc21135
Change approach to calculate elapsed
estringana Oct 14, 2024
a0944a9
Reduce calls to waf on LFI functions
estringana Oct 14, 2024
1f898e6
Changes suggested on PR
estringana Oct 15, 2024
2b8b6de
Remove stat and lstat
estringana Oct 21, 2024
6249b87
Return not loaded when filesytem integration is wrapping no functions
estringana Oct 21, 2024
fdbbb12
Avoid reporting filesytem integration on telemetry
estringana Oct 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions ext/integrations/integrations.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@
#include <hook/hook.h>
#include <sandbox/sandbox.h>
#undef INTEGRATION
#undef INTEGRATION_CUSTOM_ENABLED

static bool is_filesystem_enabled() { return get_DD_TRACE_FILESYSTEM_ENABLED() && get_DD_APPSEC_RASP_ENABLED(); }

#define DDTRACE_DEFERRED_INTEGRATION_LOADER(class, fname, integration_name) \
dd_hook_method_and_unhook_on_first_call((zai_str)ZAI_STRL(class), (zai_str)ZAI_STRL(fname), \
Expand All @@ -24,13 +27,15 @@
dd_set_up_deferred_loading_by_method(name, (zai_str)ZAI_STR_EMPTY, (zai_str)ZAI_STRL(fname), \
(zai_str)ZAI_STRL(integration), false)

#define INTEGRATION(id, lcname, ...) \
#define INTEGRATION(id, lcname, ...) INTEGRATION_AUX(id, lcname, get_DD_TRACE_##id##_ENABLED)
#define INTEGRATION_CUSTOM_ENABLED(id, lcname, is_enabled_func, ...) INTEGRATION_AUX(id, lcname, is_enabled_func)
#define INTEGRATION_AUX(id, lcname, is_enabled_func) \
{ \
.name = DDTRACE_INTEGRATION_##id, \
.name_ucase = #id, \
.name_lcase = (lcname), \
.name_len = sizeof(lcname) - 1, \
.is_enabled = get_DD_TRACE_##id##_ENABLED, \
.is_enabled = is_enabled_func, \
.is_analytics_enabled = get_DD_TRACE_##id##_ANALYTICS_ENABLED, \
.get_sample_rate = get_DD_TRACE_##id##_ANALYTICS_SAMPLE_RATE, \
.aux = {0}, \
Expand Down
3 changes: 2 additions & 1 deletion ext/integrations/integrations.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
INTEGRATION(DRUPAL, "drupal") \
INTEGRATION(ELASTICSEARCH, "elasticsearch") \
INTEGRATION(ELOQUENT, "eloquent") \
INTEGRATION(FILESYSTEM, "filesystem") \
INTEGRATION_CUSTOM_ENABLED(FILESYSTEM, "filesystem", is_filesystem_enabled) \
INTEGRATION(FRANKENPHP, "frankenphp") \
INTEGRATION(GUZZLE, "guzzle") \
INTEGRATION(LAMINAS, "laminas") \
Expand Down Expand Up @@ -53,6 +53,7 @@
INTEGRATION(ZENDFRAMEWORK, "zendframework")

#define INTEGRATION(id, ...) DDTRACE_INTEGRATION_##id,
#define INTEGRATION_CUSTOM_ENABLED(id, ...) INTEGRATION(id)
typedef enum { DD_INTEGRATIONS } ddtrace_integration_name;
#undef INTEGRATION

Expand Down
15 changes: 14 additions & 1 deletion tests/ext/telemetry/integration.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ PUBLIC STATIC METHOD
test_access hook
array(1) {
["integrations"]=>
array(2) {
array(3) {
[0]=>
array(5) {
["name"]=>
Expand All @@ -84,6 +84,19 @@ array(1) {
NULL
}
[1]=>
array(5) {
["name"]=>
string(10) "filesystem"
["enabled"]=>
bool(false)
["version"]=>
string(0) ""
["compatible"]=>
NULL
["auto_enabled"]=>
NULL
}
[2]=>
array(5) {
["name"]=>
string(4) "logs"
Expand Down
105 changes: 105 additions & 0 deletions tests/ext/telemetry/integration_filesystem.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
--TEST--
Filesystem integration depends on RASP. If RASP enabled, integration is enabled
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't get this one. What it shows enabled is your TestSandboxedIntegration

--SKIPIF--
<?php
if (getenv('PHP_PEAR_RUNTESTS') === '1') die("skip: pecl run-tests does not support {PWD}");
if (PHP_OS === "WINNT" && PHP_VERSION_ID < 70400) die("skip: Windows on PHP 7.2 and 7.3 have permission issues with synchronous access to telemetry");
if (getenv('USE_ZEND_ALLOC') === '0' && !getenv("SKIP_ASAN")) die('skip timing sensitive test - valgrind is too slow');
require __DIR__ . '/../includes/clear_skipif_telemetry.inc'
?>
--ENV--
DD_TRACE_GENERATE_ROOT_SPAN=0
_DD_LOAD_TEST_INTEGRATIONS=1
DD_INSTRUMENTATION_TELEMETRY_ENABLED=1
DD_APPSEC_RASP_ENABLED=1
--INI--
datadog.trace.agent_url="file://{PWD}/integration-telemetry.out"
--FILE--
<?php

namespace DDTrace\Test
{
class TestSandboxedIntegration implements \DDTrace\Integration
{
function init(): int
{
dd_trace_method("Test", "public_static_method", function() {
echo "test_access hook" . PHP_EOL;
});
return self::LOADED;
}
}
}

namespace
{
class Test
{
public static function public_static_method()
{
echo "PUBLIC STATIC METHOD\n";
}
}

Test::public_static_method();

dd_trace_internal_fn("finalize_telemetry");

for ($i = 0; $i < 100; ++$i) {
usleep(100000);
if (file_exists(__DIR__ . '/integration-telemetry.out')) {
foreach (file(__DIR__ . '/integration-telemetry.out') as $l) {
if ($l) {
$json = json_decode($l, true);
$batch = $json["request_type"] == "message-batch" ? $json["payload"] : [$json];
foreach ($batch as $json) {
if ($json["request_type"] == "app-integrations-change") {
var_dump($json["payload"]);
break 3;
}
}
}
}
}
}
}

?>
--EXPECT--
PUBLIC STATIC METHOD
test_access hook
array(1) {
["integrations"]=>
array(2) {
[0]=>
array(5) {
["name"]=>
string(37) "ddtrace\test\testsandboxedintegration"
["enabled"]=>
bool(true)
["version"]=>
NULL
["compatible"]=>
NULL
["auto_enabled"]=>
NULL
}
[1]=>
array(5) {
["name"]=>
string(4) "logs"
["enabled"]=>
bool(false)
["version"]=>
string(0) ""
["compatible"]=>
NULL
["auto_enabled"]=>
NULL
}
}
}
--CLEAN--
<?php

@unlink(__DIR__ . '/integration-telemetry.out');
Loading