Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(iast): cmdi instrumented sink metric #9214

Merged
merged 12 commits into from May 13, 2024
Merged

chore(iast): cmdi instrumented sink metric #9214

merged 12 commits into from May 13, 2024
+17 −0

Conversation

avara1986
Copy link
Member

@avara1986 avara1986 commented May 9, 2024
edited

Enable CMDi instrumented sink metric

Checklist

  • Change(s) are motivated and described in the PR description
  • Testing strategy is described if automated tests are not included in the PR
  • Risks are described (performance impact, potential for breakage, maintainability)
  • Change is maintainable (easy to change, telemetry, documentation)
  • Library release note guidelines are followed or label changelog/no-changelog is set
  • Documentation is included (in-code, generated user docs, public corp docs)
  • Backport labels are set (if applicable)
  • If this PR changes the public interface, I've notified @DataDog/apm-tees.
  • If change touches code that signs or publishes builds or packages, or handles credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.

Reviewer Checklist

  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Description motivates each change
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Change is maintainable (easy to change, telemetry, documentation)
  • Release note makes sense to a user of the library
  • Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@avara1986 avara1986 added ASM Application Security Monitoring changelog/no-changelog A changelog entry is not required for this PR. labels May 9, 2024
@datadog-dd-trace-py-rkomorn
Copy link

datadog-dd-trace-py-rkomorn bot commented May 9, 2024
edited

Datadog Report

Branch report: avara1986/APPSEC-52862-iast_cmdi_instrumented_metric
Commit report: 4363266
Test service: dd-trace-py

✅ 0 Failed, 112196 Passed, 804 Skipped, 46m 6.54s Total duration (6m 44.17s time saved)

@pr-commenter
Copy link

pr-commenter bot commented May 9, 2024
edited

Benchmarks

Benchmark execution time: 2024-05-13 10:41:06

Comparing candidate commit 4363266 in PR branch avara1986/APPSEC-52862-iast_cmdi_instrumented_metric with baseline commit 60be242 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 209 metrics, 9 unstable metrics.

@avara1986 avara1986 marked this pull request as ready for review May 9, 2024 15:19
@avara1986 avara1986 requested a review from a team as a code owner May 9, 2024 15:19
@avara1986 avara1986 enabled auto-merge (squash) May 9, 2024 15:19
@codecov-commenter
Copy link

codecov-commenter commented May 9, 2024
edited

Codecov Report

Attention: Patch coverage is 0% with 11 lines in your changes are missing coverage. Please review.

Project coverage is 6.72%. Comparing base (60be242) to head (4363266).

Files Patch % Lines
tests/appsec/iast/test_telemetry.py 0.00% 9 Missing ⚠️
...race/appsec/_iast/taint_sinks/command_injection.py 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #9214       +/-   ##
===========================================
- Coverage   78.58%    6.72%   -71.86%     
===========================================
  Files        1277     1247       -30     
  Lines      120432   118663     -1769     
===========================================
- Hits        94646     7985    -86661     
- Misses      25786   110678    +84892

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@gnufede
Copy link
Member

gnufede commented May 9, 2024

Maybe add a simple regression test? Like ensure that it's called on patch?

auto-merge was automatically disabled May 13, 2024 09:38

Base branch was modified

@avara1986 avara1986 enabled auto-merge (squash) May 13, 2024 09:47
@avara1986 avara1986 merged commit fccb8b3 into main May 13, 2024
124 of 126 checks passed
@avara1986 avara1986 deleted the avara1986/APPSEC-52862-iast_cmdi_instrumented_metric branch May 13, 2024 10:41
@avara1986 avara1986 mentioned this pull request May 13, 2024
Merged
18 tasks
avara1986 added a commit that referenced this pull request May 13, 2024
@avara1986 @brettlangdon
chore(iast): sqli and ssrf instrumented sink metric (#9241)
228ac3b 
Enable SQLi and SSRF instrumented sink metric

This PR continues #9214

APPSEC-52863 & APPSEC-52863

## Checklist

- [x] Change(s) are motivated and described in the PR description
- [x] Testing strategy is described if automated tests are not included
in the PR
- [x] Risks are described (performance impact, potential for breakage,
maintainability)
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed or label `changelog/no-changelog` is set
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/))
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))
- [x] If this PR changes the public interface, I've notified
`@DataDog/apm-tees`.
- [x] If change touches code that signs or publishes builds or packages,
or handles credentials of any kind, I've requested a review from
`@DataDog/security-design-and-guidance`.

## Reviewer Checklist

- [x] Title is accurate
- [x] All changes are related to the pull request's stated goal
- [x] Description motivates each change
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- [x] Testing strategy adequately addresses listed risks
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] Release note makes sense to a user of the library
- [x] Author has acknowledged and discussed the performance implications
of this PR as reported in the benchmarks PR comment
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Co-authored-by: Brett Langdon <brett.langdon@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juanjux juanjux juanjux approved these changes

@gnufede gnufede gnufede approved these changes

Assignees
No one assigned
Labels
ASM Application Security Monitoring changelog/no-changelog A changelog entry is not required for this PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@avara1986 @codecov-commenter @gnufede @juanjux @christophe-papazian