Sending more relevant data to backend (#1695)

* Adding more data and filtering cookie from the no cookie header waf address
DataDog · Aug 24, 2021 · cfacae1 · cfacae1
1 parent 0aae062
commit cfacae1
Show file tree

Hide file tree

Showing 11 changed files with 41 additions and 34 deletions.
diff --git a/src/Datadog.Trace/AppSec/EventModel/AppSecEvent.cs b/src/Datadog.Trace/AppSec/EventModel/AppSecEvent.cs
@@ -4,7 +4,6 @@
 // </copyright>
 
 using System;
-using Datadog.Trace.Abstractions;
 using Datadog.Trace.Vendors.Newtonsoft.Json;
 
 namespace Datadog.Trace.AppSec.EventModel

diff --git a/src/Datadog.Trace/AppSec/EventModel/Attack.cs b/src/Datadog.Trace/AppSec/EventModel/Attack.cs
@@ -4,6 +4,7 @@
 // </copyright>
 
 using System;
+using System.Net;
 using Datadog.Trace.Vendors.Newtonsoft.Json;
 
 namespace Datadog.Trace.AppSec.EventModel
@@ -26,18 +27,28 @@ public static Attack From(Waf.ReturnTypes.Managed.Return result, Trace.Span span
         {
             var ruleMatch = result.ResultData.Filter[0];
             var request = transport.Request();
-
+            var frameworkDescription = FrameworkDescription.Instance;
             var attack = new Attack
             {
                 EventId = Guid.NewGuid().ToString(),
                 Context = new Context()
                 {
+                    Host = new Host
+                    {
+                        OsType = frameworkDescription.OSPlatform,
+                        Hostname = Dns.GetHostName()
+                    },
                     Http = new Http
                     {
                         Request = request,
                         Response = transport.Response(result.Blocked)
                     },
-                    Actor = new Actor { Ip = new Ip { Address = request.RemoteIp } }
+                    Actor = new Actor { Ip = new Ip { Address = request.RemoteIp } },
+                    Tracer = new Tracer
+                    {
+                        RuntimeType = frameworkDescription.Name,
+                        RuntimeVersion = frameworkDescription.ProductVersion,
+                    }
                 },
                 Blocked = result.Blocked,
                 Rule = new Rule { Name = result.ResultData.Flow, Id = result.ResultData.Rule },

diff --git a/src/Datadog.Trace/AppSec/EventModel/Host.cs b/src/Datadog.Trace/AppSec/EventModel/Host.cs
@@ -10,7 +10,7 @@ namespace Datadog.Trace.AppSec.EventModel
     internal class Host
     {
         [JsonProperty("context_version")]
-        public string ContextVersion { get; set; }
+        public string ContextVersion => "0.1.0";
 
         [JsonProperty("os_type")]
         public string OsType { get; set; }

diff --git a/src/Datadog.Trace/AppSec/Security.cs b/src/Datadog.Trace/AppSec/Security.cs
@@ -49,6 +49,7 @@ private Security(SecuritySettings settings = null, InstrumentationGateway instru
 
                 _instrumentationGateway = instrumentationGateway ?? new InstrumentationGateway();
 
+                _settings.Enabled = _settings.Enabled && AreArchitectureAndOsSupported();
                 if (_settings.Enabled)
                 {
                     _powerWaf = powerWaf ?? PowerWaf.Initialize();

diff --git a/src/Datadog.Trace/AppSec/Transports/Http/HttpTransport.Framework.cs b/src/Datadog.Trace/AppSec/Transports/Http/HttpTransport.Framework.cs
@@ -43,14 +43,14 @@ public IAdditiveContext GetAdditiveContext()
             return context.Items[WafKey] as IAdditiveContext;
         }
 
-        public Request Request()
+        public Request Request() => new()
         {
-            return new Request
-            {
-                Url = context.Request.Url,
-                Method = context.Request.HttpMethod,
-            };
-        }
+            Url = context.Request.Url,
+            Method = context.Request.HttpMethod,
+            Scheme = context.Request.Url.Scheme,
+            RemoteIp = context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"] ?? context.Request.ServerVariables["REMOTE_ADDR"],
+            Host = context.Request.UserHostAddress,
+        };
 
         public Response Response(bool blocked) => new()
         {

diff --git a/src/Datadog.Trace/Util/Http/HttpRequestExtensions.Core.cs b/src/Datadog.Trace/Util/Http/HttpRequestExtensions.Core.cs
@@ -19,11 +19,13 @@ internal static partial class HttpRequestExtensions
         internal static Dictionary<string, object> PrepareArgsForWaf(this HttpRequest request, RouteData routeDatas = null)
         {
             var url = GetUrl(request);
-
             var headersDic = new Dictionary<string, string>();
             foreach (var k in request.Headers.Keys)
             {
-                headersDic.Add(k, request.Headers[k]);
+                if (!k.Equals("cookie", System.StringComparison.OrdinalIgnoreCase))
+                {
+                    headersDic.Add(k, request.Headers[k]);
+                }
             }
 
             var cookiesDic = new Dictionary<string, string>();

diff --git a/src/Datadog.Trace/Util/Http/HttpRequestExtensions.Framework.cs b/src/Datadog.Trace/Util/Http/HttpRequestExtensions.Framework.cs
@@ -17,9 +17,13 @@ internal static partial class HttpRequestExtensions
         internal static Dictionary<string, object> PrepareArgsForWaf(this HttpRequest request, RouteData routeDatas = null)
         {
             var headersDic = new Dictionary<string, string>();
-            foreach (var k in request.Headers.AllKeys)
+            var headerKeys = request.Headers.Keys;
+            foreach (string k in headerKeys)
             {
-                headersDic.Add(k, request.Headers[k]);
+                if (!k.Equals("cookie", System.StringComparison.OrdinalIgnoreCase))
+                {
+                    headersDic.Add(k, request.Headers[k]);
+                }
             }
 
             var cookiesDic = new Dictionary<string, string>();

diff --git a/test/test-applications/security/Samples.AspNetCore5/Controllers/HomeController.cs b/test/test-applications/security/Samples.AspNetCore5/Controllers/HomeController.cs
@@ -21,10 +21,9 @@ public HomeController(ILogger<HomeController> logger)
 
         public IActionResult Index()
         {
-            var instrumentationType = Type.GetType("Datadog.Trace.ClrProfiler.Instrumentation, Datadog.Trace.ClrProfiler.Managed");
+            var instrumentationType = Type.GetType("Datadog.Trace.ClrProfiler.Instrumentation, Datadog.Trace");
             ViewBag.ProfilerAttached = instrumentationType?.GetProperty("ProfilerAttached", BindingFlags.Public | BindingFlags.Static)?.GetValue(null) ?? false;
-            ViewBag.TracerAssemblyLocation = Type.GetType("Datadog.Trace.Tracer, Datadog.Trace")?.Assembly.Location;
-            ViewBag.ClrProfilerAssemblyLocation = instrumentationType?.Assembly.Location;
+            ViewBag.TracerAssemblyLocation = instrumentationType?.Assembly.Location;
 
             var prefixes = new[] { "COR_", "CORECLR_", "DD_", "DATADOG_", "PW" };
 

diff --git a/test/test-applications/security/Samples.AspNetCore5/Samples.AspNetCore5.csproj b/test/test-applications/security/Samples.AspNetCore5/Samples.AspNetCore5.csproj
@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFrameworks>netcoreapp3.0;netcoreapp3.1;net5.0</TargetFrameworks>
   </PropertyGroup>
-  
+
   <ItemGroup>
     <PackageReference Include="System.Data.SqlClient" Version="4.8.2" />
   </ItemGroup>

diff --git a/test/test-applications/security/Samples.AspNetCore5/Views/Home/Index.cshtml b/test/test-applications/security/Samples.AspNetCore5/Views/Home/Index.cshtml
@@ -71,10 +71,6 @@
                 <th scope="row">Datadog.Trace.dll path</th>
                 <td>@(ViewBag.TracerAssemblyLocation ?? "(not found)")</td>
             </tr>
-            <tr>
-                <th scope="row">Datadog.Trace.ClrProfiler.Managed.dll path</th>
-                <td>@(ViewBag.ClrProfilerAssemblyLocation ?? "(not found)")</td>
-            </tr>
         </tbody>
     </table>
 </div>

diff --git a/test/test-applications/security/aspnet/Samples.AspNetMvc5/Samples.AspNetMvc5.csproj b/test/test-applications/security/aspnet/Samples.AspNetMvc5/Samples.AspNetMvc5.csproj
@@ -19,9 +19,12 @@
     <UseIISExpress>true</UseIISExpress>
     <Use64BitIISExpress>true</Use64BitIISExpress>
     <IISExpressSSLPort>44385</IISExpressSSLPort>
-    <IISExpressAnonymousAuthentication>enabled</IISExpressAnonymousAuthentication>
-    <IISExpressWindowsAuthentication>disabled</IISExpressWindowsAuthentication>
-    <IISExpressUseClassicPipelineMode>false</IISExpressUseClassicPipelineMode>
+    <IISExpressAnonymousAuthentication>
+    </IISExpressAnonymousAuthentication>
+    <IISExpressWindowsAuthentication>
+    </IISExpressWindowsAuthentication>
+    <IISExpressUseClassicPipelineMode>
+    </IISExpressUseClassicPipelineMode>
     <UseGlobalApplicationHostFile />
     <NuGetPackageImportStamp>
     </NuGetPackageImportStamp>
@@ -193,14 +196,6 @@
       <Project>{b34edbc7-c5fb-409d-8472-bc7469d6f2bd}</Project>
       <Name>Datadog.Trace.AspNet</Name>
     </ProjectReference>
-    <ProjectReference Include="..\..\..\..\..\src\Datadog.Trace.ClrProfiler.Managed.Core\Datadog.Trace.ClrProfiler.Managed.Core.csproj">
-      <Project>{d95d5e26-f32a-481d-a15a-ef7b3b56d2e0}</Project>
-      <Name>Datadog.Trace.ClrProfiler.Managed.Core</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\..\..\..\..\src\Datadog.Trace.ClrProfiler.Managed\Datadog.Trace.ClrProfiler.Managed.csproj">
-      <Project>{85f35aaf-d102-4960-8b41-3bd9cbd0e77f}</Project>
-      <Name>Datadog.Trace.ClrProfiler.Managed</Name>
-    </ProjectReference>
     <ProjectReference Include="..\..\..\..\..\src\Datadog.Trace\Datadog.Trace.csproj">
       <Project>{5dfdf781-f24c-45b1-82ef-9125875a80a4}</Project>
       <Name>Datadog.Trace</Name>