Merge branch master

Signed-off-by: Bob Weinand <bob.weinand@datadoghq.com>

Makefile

@@ -513,6 +513,7 @@ TEST_WEB_70 := \
 	test_metrics \
 	test_web_cakephp_28 \
 	test_web_codeigniter_22 \
+	test_web_codeigniter_31 \
 	test_web_laravel_42 \
 	test_web_lumen_52 \
 	test_web_nette_24 \
@@ -557,6 +558,7 @@ TEST_WEB_71 := \
 	test_metrics \
 	test_web_cakephp_28 \
 	test_web_codeigniter_22 \
+	test_web_codeigniter_31 \
 	test_web_laravel_42 \
 	test_web_laravel_57 \
 	test_web_laravel_58 \
@@ -609,6 +611,7 @@ TEST_INTEGRATIONS_72 := \
 TEST_WEB_72 := \
 	test_metrics \
 	test_web_codeigniter_22 \
+	test_web_codeigniter_31 \
 	test_web_drupal_89 \
 	test_web_laravel_42 \
 	test_web_laravel_57 \
@@ -667,6 +670,7 @@ TEST_INTEGRATIONS_73 :=\
 TEST_WEB_73 := \
 	test_metrics \
 	test_web_codeigniter_22 \
+	test_web_codeigniter_31 \
 	test_web_drupal_89 \
 	test_web_laminas_14 \
 	test_web_laravel_57 \
@@ -727,6 +731,7 @@ TEST_INTEGRATIONS_74 := \
 TEST_WEB_74 := \
 	test_metrics \
 	test_web_codeigniter_22 \
+	test_web_codeigniter_31 \
 	test_web_drupal_89 \
 	test_web_drupal_95 \
 	test_web_laminas_14 \
@@ -782,11 +787,13 @@ TEST_INTEGRATIONS_80 := \
 	test_integrations_pcntl \
 	test_integrations_predis1 \
 	test_integrations_sqlsrv \
+	test_integrations_swoole_5 \
 	test_opentracing_10
 
 TEST_WEB_80 := \
 	test_metrics \
 	test_web_codeigniter_22 \
+	test_web_codeigniter_31 \
 	test_web_drupal_95 \
 	test_web_laminas_rest_19 \
 	test_web_laminas_14 \
@@ -828,11 +835,13 @@ TEST_INTEGRATIONS_81 := \
 	test_integrations_elasticsearch7 \
 	test_integrations_predis1 \
 	test_integrations_sqlsrv \
+	test_integrations_swoole_5 \
 	test_opentracing_10
 
 TEST_WEB_81 := \
 	test_metrics \
 	test_web_codeigniter_22 \
+	test_web_codeigniter_31 \
 	test_web_drupal_95 \
 	test_web_drupal_101 \
 	test_web_laminas_rest_19 \
@@ -874,20 +883,24 @@ TEST_INTEGRATIONS_82 := \
 	test_integrations_elasticsearch7 \
 	test_integrations_elasticsearch8 \
 	test_integrations_predis1 \
+	test_integrations_frankenphp \
 	test_integrations_roadrunner \
 	test_integrations_sqlsrv \
+	test_integrations_swoole_5 \
 	test_opentracing_10
 
 TEST_WEB_82 := \
 	test_metrics \
 	test_web_codeigniter_22 \
+	test_web_codeigniter_31 \
 	test_web_drupal_95 \
 	test_web_drupal_101 \
 	test_web_laminas_rest_19 \
 	test_web_laminas_20 \
 	test_web_laravel_8x \
 	test_web_laravel_9x \
 	test_web_laravel_10x \
+	test_web_laravel_11x \
 	test_web_lumen_81 \
 	test_web_lumen_90 \
 	test_web_lumen_100 \
@@ -925,17 +938,21 @@ TEST_INTEGRATIONS_83 := \
 	test_integrations_elasticsearch7 \
 	test_integrations_elasticsearch8 \
 	test_integrations_predis1 \
+	test_integrations_frankenphp \
 	test_integrations_roadrunner \
 	test_integrations_sqlsrv \
+	test_integrations_swoole_5 \
 	test_opentracing_10
 
 TEST_WEB_83 := \
 	test_metrics \
 	test_web_codeigniter_22 \
+	test_web_codeigniter_31 \
 	test_web_drupal_95 \
 	test_web_laravel_8x \
 	test_web_laravel_9x \
 	test_web_laravel_10x \
+	test_web_laravel_11x \
 	test_web_lumen_81 \
 	test_web_lumen_90 \
 	test_web_lumen_100 \
@@ -962,7 +979,7 @@ define run_composer_with_retry
 	done \
 
 	mkdir -p /tmp/artifacts
-	$(COMPOSER) --working-dir=$1 show -f json -D | grep -o '"name": "[^"]*\|"version": "[^"]*' | paste -d';' - - | sed 's/"name": //; s/"version": //' | tr -d '"' >> "/tmp/artifacts/web_versions.csv"
+	$(COMPOSER) --working-dir=$1 show -f json | grep -o '"name": "[^"]*\|"version": "[^"]*' | paste -d';' - - | sed 's/"name": //; s/"version": //' | tr -d '"' >> "/tmp/artifacts/web_versions.csv"
 endef
 
 define run_tests_without_coverage
@@ -1098,6 +1115,7 @@ benchmarks_opcache: benchmarks_run_dependencies call_benchmarks_opcache
 test_opentelemetry_1: global_test_run_dependencies
 	rm -f tests/.scenarios.lock/opentelemetry1/composer.lock
 	$(MAKE) test_scenario_opentelemetry1
+	$(call run_composer_with_retry,tests/Frameworks/Custom/OpenTelemetry,)
 	$(eval TEST_EXTRA_ENV=$(shell [ $(PHP_MAJOR_MINOR) -ge 81 ] && echo "OTEL_PHP_FIBERS_ENABLED=1" || echo '') DD_TRACE_OTEL_ENABLED=1 DD_TRACE_GENERATE_ROOT_SPAN=0)
 	$(call run_tests,--testsuite=opentelemetry1 $(TESTS))
 	$(eval TEST_EXTRA_ENV=)
@@ -1112,7 +1130,9 @@ test_opentracing_beta6: global_test_run_dependencies
 
 test_opentracing_10: global_test_run_dependencies
 	$(MAKE) test_scenario_opentracing10
+	$(call run_composer_with_retry,tests/Frameworks/Custom/OpenTracing,)
 	$(call run_tests,tests/OpenTracer1Unit)
+	$(call run_tests,tests/OpenTracing)
 
 test_integrations: $(TEST_INTEGRATIONS_$(PHP_MAJOR_MINOR))
 test_web: $(TEST_WEB_$(PHP_MAJOR_MINOR))
@@ -1195,17 +1215,26 @@ test_integrations_phpredis5: global_test_run_dependencies
 test_integrations_predis1: global_test_run_dependencies
 	$(MAKE) test_scenario_predis1
 	$(call run_tests_debug,tests/Integrations/Predis)
+test_integrations_frankenphp: global_test_run_dependencies
+	$(MAKE) test_scenario_default
+	$(call run_tests_debug,--testsuite=frankenphp-test)
 test_integrations_roadrunner: global_test_run_dependencies
 	$(call run_composer_with_retry,tests/Frameworks/Roadrunner/Version_2,)
 	$(call run_tests_debug,tests/Integrations/Roadrunner/V2)
 test_integrations_sqlsrv: global_test_run_dependencies
 	$(MAKE) test_scenario_default
 	$(call run_tests_debug,tests/Integrations/SQLSRV)
+test_integrations_swoole_5: global_test_run_dependencies
+	$(MAKE) test_scenario_swoole5
+	$(call run_tests_debug,--testsuite=swoole-test)
 test_web_cakephp_28: global_test_run_dependencies
 	$(call run_composer_with_retry,tests/Frameworks/CakePHP/Version_2_8,)
 	$(call run_tests_debug,--testsuite=cakephp-28-test)
 test_web_codeigniter_22: global_test_run_dependencies
 	$(call run_tests_debug,--testsuite=codeigniter-22-test)
+test_web_codeigniter_31: global_test_run_dependencies
+	$(COMPOSER) --working-dir=tests/Frameworks/CodeIgniter/Version_3_1 update
+	$(call run_tests_debug,--testsuite=codeigniter-31-test)
 test_web_drupal_89: global_test_run_dependencies
 	$(call run_composer_with_retry,tests/Frameworks/Drupal/Version_8_9/core,--ignore-platform-reqs)
 	$(call run_composer_with_retry,tests/Frameworks/Drupal/Version_8_9,--ignore-platform-reqs)
@@ -1246,6 +1275,9 @@ test_web_laravel_9x: global_test_run_dependencies
 test_web_laravel_10x: global_test_run_dependencies
 	$(call run_composer_with_retry,tests/Frameworks/Laravel/Version_10_x,)
 	$(call run_tests_debug,--testsuite=laravel-10x-test)
+test_web_laravel_11x: global_test_run_dependencies
+	$(call run_composer_with_retry,tests/Frameworks/Laravel/Version_11_x,)
+	$(call run_tests_debug,--testsuite=laravel-11x-test)
 test_web_lumen_52: global_test_run_dependencies
 	$(call run_composer_with_retry,tests/Frameworks/Lumen/Version_5_2,)
 	$(call run_tests_debug,tests/Integrations/Lumen/V5_2)

appsec/src/extension/ddappsec.c

@@ -354,7 +354,8 @@ __thread void *unspecnull TSRMLS_CACHE = NULL;
 static void _check_enabled()
 {
     if ((!get_global_DD_APPSEC_TESTING() && !dd_trace_enabled()) ||
-        (strcmp(sapi_module.name, "cli") != 0 && sapi_module.phpinfo_as_text)) {
+        (strcmp(sapi_module.name, "cli") != 0 && sapi_module.phpinfo_as_text) ||
+        (strcmp(sapi_module.name, "frankenphp") == 0)) {
         DDAPPSEC_G(enabled) = APPSEC_FULLY_DISABLED;
         DDAPPSEC_G(active) = false;
         DDAPPSEC_G(to_be_configured) = false;
@@ -456,6 +457,50 @@ static PHP_FUNCTION(datadog_appsec_testing_request_exec)
     RETURN_TRUE;
 }
 
+static PHP_FUNCTION(datadog_appsec_push_address)
+{
+    UNUSED(return_value);
+    if (!DDAPPSEC_G(active)) {
+        mlog(dd_log_debug, "Trying to access to push_address "
+                           "function while appsec is disabled");
+        return;
+    }
+
+    zend_string *key = NULL;
+    zval *value = NULL;
+    if (zend_parse_parameters(ZEND_NUM_ARGS(), "Sz", &key, &value) == FAILURE) {
+        RETURN_FALSE;
+    }
+
+    zval parameters_zv;
+    zend_array *parameters_arr = zend_new_array(1);
+    ZVAL_ARR(&parameters_zv, parameters_arr);
+    zend_hash_add(Z_ARRVAL(parameters_zv), key, value);
+    Z_TRY_ADDREF_P(value);
+
+    dd_conn *conn = dd_helper_mgr_cur_conn();
+    if (conn == NULL) {
+        zval_ptr_dtor(&parameters_zv);
+        mlog_g(dd_log_debug, "No connection; skipping push_address");
+        return;
+    }
+
+    dd_result res = dd_request_exec(conn, &parameters_zv);
+    zval_ptr_dtor(&parameters_zv);
+
+    if (dd_req_is_user_req()) {
+        if (res == dd_should_block || res == dd_should_redirect) {
+            dd_req_call_blocking_function(res);
+        }
+    } else {
+        if (res == dd_should_block) {
+            dd_request_abort_static_page();
+        } else if (res == dd_should_redirect) {
+            dd_request_abort_redirect();
+        }
+    }
+}
+
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(
     void_ret_bool_arginfo, 0, 0, _IS_BOOL, 0)
 ZEND_END_ARG_INFO()
@@ -464,9 +509,15 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(request_exec_arginfo, 0, 1, _IS_BOOL, 0)
 ZEND_ARG_INFO(0, "data")
 ZEND_END_ARG_INFO()
 
+ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(push_address_arginfo, 0, 0, IS_VOID, 1)
+ZEND_ARG_INFO(0, key)
+ZEND_ARG_INFO(0, value)
+ZEND_END_ARG_INFO()
+
 // clang-format off
 static const zend_function_entry functions[] = {
     ZEND_RAW_FENTRY(DD_APPSEC_NS "is_enabled", PHP_FN(datadog_appsec_is_enabled), void_ret_bool_arginfo, 0)
+    ZEND_RAW_FENTRY(DD_APPSEC_NS "push_address", PHP_FN(datadog_appsec_push_address), push_address_arginfo, 0)
     PHP_FE_END
 };
 static const zend_function_entry testing_functions[] = {

appsec/tests/extension/inc/mock_helper.php

@@ -152,6 +152,16 @@ function print_commands($sort = true) {
         print_r($commands);
     }
 
+    function get_command($command) {
+            $commands = $this->get_commands();
+            foreach($commands as $c) {
+                if ($c[0] == $command) {
+                    return $c;
+                }
+            }
+            return [];
+        }
+
     static function ksort_recurse(&$arr) {
         if (!is_array($arr)) {
             return;

appsec/tests/extension/push_params_block.phpt

@@ -0,0 +1,29 @@
+--TEST--
+Push address gets blocked
+--INI--
+extension=ddtrace.so
+datadog.appsec.enabled=1
+--FILE--
+<?php
+use function datadog\appsec\testing\{rinit,rshutdown};
+use function datadog\appsec\push_address;
+
+include __DIR__ . '/inc/mock_helper.php';
+
+$helper = Helper::createInitedRun([
+    response_list(response_request_init(['ok', []])),
+    response_list(response_request_exec(['block', ['status_code' => '404', 'type' => 'json'], ['{"found":"attack"}','{"another":"attack"}']])),
+]);
+
+rinit();
+push_address("server.request.path_params", ["some" => "params", "more" => "parameters"]);
+
+var_dump("THIS SHOULD NOT GET IN THE OUTPUT");
+
+?>
+--EXPECTHEADERS--
+Status: 404 Not Found
+Content-type: application/json
+--EXPECTF--
+{"errors": [{"title": "You've been blocked", "detail": "Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."}]}
+Warning: datadog\appsec\push_address(): Datadog blocked the request and presented a static error page in %s on line %d

appsec/tests/extension/push_params_ok_01.phpt

@@ -0,0 +1,45 @@
+--TEST--
+Push address are sent on request_exec - array
+--INI--
+extension=ddtrace.so
+datadog.appsec.enabled=1
+--FILE--
+<?php
+use function datadog\appsec\testing\{rinit,rshutdown};
+use function datadog\appsec\push_address;
+
+include __DIR__ . '/inc/mock_helper.php';
+
+$helper = Helper::createInitedRun([
+    response_list(response_request_init(['ok', []])),
+    response_list(response_request_exec(['ok', [], [], [], [], false])),
+    response_list(response_request_shutdown(['ok', [], new ArrayObject(), new ArrayObject()]))
+]);
+
+var_dump(rinit());
+push_address("server.request.path_params", ["some" => "params", "more" => "parameters"]);
+var_dump(rshutdown());
+
+var_dump($helper->get_command("request_exec"));
+
+?>
+--EXPECTF--
+bool(true)
+bool(true)
+array(2) {
+  [0]=>
+  string(12) "request_exec"
+  [1]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      ["server.request.path_params"]=>
+      array(2) {
+        ["some"]=>
+        string(6) "params"
+        ["more"]=>
+        string(10) "parameters"
+      }
+    }
+  }
+}