-
Notifications
You must be signed in to change notification settings - Fork 436
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
appsec: Suspicious Attacker Blocking #2878
base: main
Are you sure you want to change the base?
Conversation
BenchmarksBenchmark execution time: 2024-09-18 19:43:09 Comparing candidate commit 8f88b8d in PR branch Found 2 performance improvements and 8 performance regressions! Performance is the same for 49 metrics, 0 unstable metrics. scenario:BenchmarkExtractW3C-24
scenario:BenchmarkInjectW3C-24
scenario:BenchmarkPartialFlushing/Disabled-24
scenario:BenchmarkPartialFlushing/Enabled-24
scenario:BenchmarkSingleSpanRetention/no-rules-24
scenario:BenchmarkSingleSpanRetention/with-rules/match-all-24
scenario:BenchmarkSingleSpanRetention/with-rules/match-half-24
scenario:BenchmarkStartSpan-24
scenario:BenchmarkTracerAddSpans-24
|
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
cebd010
to
b183600
Compare
* After recieving the order to stop appsec via RC we did not reset the ruleset to the default one * some code in http listeners where deduplicated for RASP SSRF making SSRF RASP span tags not working * its 'exclusions' but its 'exclusion_data' without an 's' Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
b183600
to
8f88b8d
Compare
@@ -199,6 +199,10 @@ func (a *appsec) stop() { | |||
a.wafHandle.Close() | |||
a.wafHandle = nil | |||
} | |||
|
|||
// Reset rules edits received from the remote configuration | |||
a.cfg.RulesManager, _ = config.NewRulesManager(nil) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC, Christophe has added start and stop system tests which you can probably use to further validate this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I already enabled them yes
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
What does this PR do?
rules_data
behaviour toexclusion_data
to support exclusion listswaf.RunAddressData.Scope
to RASP SSRF WAF rungitpro.ttaallkk.top/DataDog/datadog-agent/pkg/remoteconfig/state
Reviewer's Checklist
Unsure? Have a question? Request a review!