Skip to content

Commit

Permalink
[ASM] Restrict RASP Lfi operations to read operation only (#6221)
Browse files Browse the repository at this point in the history 
## Summary of changes

In order to avoid too many calls to the WAF, after some discussions, it
was agreed that we should only call the WAF in RASP when accessing a
file for read operations.

## Reason for change

Performance.

## Implementation details

## Test coverage

## Other details
<!-- Fixes #{issue} -->

<!-- ⚠️ Note: where possible, please obtain 2 approvals prior to
merging. Unless CODEOWNERS specifies otherwise, for external teams it is
typically best to have one review from a team member, and one review
from apm-dotnet. Trivial changes do not require 2 reviews. -->
  • Loading branch information
@NachoEchevarria
NachoEchevarria authored Nov 5, 2024
1 parent 8d9670a commit d7f025c
Show file tree
Hide file tree
Showing 9 changed files with 198 additions and 179 deletions.
52 changes: 26 additions & 26 deletions ...net461/Datadog.Trace.SourceGenerators/AspectsDefinitionsGenerator/AspectsDefinitions.g.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,28 +349,15 @@ internal static partial class AspectDefinitions
" [AspectMethodInsertBefore(\"System.IO.File::Create(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::CreateText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Delete(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenRead(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenWrite(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllBytes(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllLines(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendAllLines(System.String,System.Collections.Generic.IEnumerable`1<System.String>)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendAllLines(System.String,System.Collections.Generic.IEnumerable`1<System.String>,System.Text.Encoding)\",\"\",[2],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendAllText(System.String,System.String)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendAllText(System.String,System.String,System.Text.Encoding)\",\"\",[2],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllText(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Create(System.String,System.Int32)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Create(System.String,System.Int32,System.IO.FileOptions)\",\"\",[2],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Create(System.String,System.Int32,System.IO.FileOptions,System.Security.AccessControl.FileSecurity)\",\"\",[3],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode,System.IO.FileAccess)\",\"\",[2],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare)\",\"\",[3],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::SetAttributes(System.String,System.IO.FileAttributes)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::WriteAllBytes(System.String,System.Byte[])\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::WriteAllLines(System.String,System.String[])\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
Expand All @@ -384,6 +371,19 @@ internal static partial class AspectDefinitions
" [AspectMethodInsertBefore(\"System.IO.File::Move(System.String,System.String)\",\"\",[0,1],[False,False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Replace(System.String,System.String,System.String)\",\"\",[0,1,2],[False,False,False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Replace(System.String,System.String,System.String,System.Boolean)\",\"\",[1,2,3],[False,False,False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllText(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode,System.IO.FileAccess)\",\"\",[2],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare)\",\"\",[3],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllBytes(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllLines(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenRead(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
"[AspectClass(\"mscorlib,System.IO.FileSystem,System.Runtime\",[None],Sink,[PathTraversal])] Datadog.Trace.Iast.Aspects.FileInfoAspect",
" [AspectMethodInsertBefore(\"System.IO.FileInfo::.ctor(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.FileInfo::CopyTo(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
Expand Down Expand Up @@ -742,28 +742,15 @@ internal static partial class AspectDefinitions
" [AspectMethodInsertBefore(\"System.IO.File::Create(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::CreateText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Delete(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenRead(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenWrite(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllBytes(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllLines(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendAllLines(System.String,System.Collections.Generic.IEnumerable`1<System.String>)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendAllLines(System.String,System.Collections.Generic.IEnumerable`1<System.String>,System.Text.Encoding)\",\"\",[2],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendAllText(System.String,System.String)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendAllText(System.String,System.String,System.Text.Encoding)\",\"\",[2],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::AppendText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllText(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Create(System.String,System.Int32)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Create(System.String,System.Int32,System.IO.FileOptions)\",\"\",[2],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Create(System.String,System.Int32,System.IO.FileOptions,System.Security.AccessControl.FileSecurity)\",\"\",[3],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode,System.IO.FileAccess)\",\"\",[2],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare)\",\"\",[3],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::SetAttributes(System.String,System.IO.FileAttributes)\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::WriteAllBytes(System.String,System.Byte[])\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::WriteAllLines(System.String,System.String[])\",\"\",[1],[False],[None],Default,[])] ReviewPath(System.String)",
Expand All @@ -777,6 +764,19 @@ internal static partial class AspectDefinitions
" [AspectMethodInsertBefore(\"System.IO.File::Move(System.String,System.String)\",\"\",[0,1],[False,False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Replace(System.String,System.String,System.String)\",\"\",[0,1,2],[False,False,False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Replace(System.String,System.String,System.String,System.Boolean)\",\"\",[1,2,3],[False,False,False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllText(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode,System.IO.FileAccess)\",\"\",[2],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::Open(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare)\",\"\",[3],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllBytes(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllLines(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllLines(System.String,System.Text.Encoding)\",\"\",[1],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadAllText(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::ReadLines(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
" [AspectMethodInsertBefore(\"System.IO.File::OpenRead(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPathRead(System.String)",
"[AspectClass(\"mscorlib,System.IO.FileSystem,System.Runtime\",[None],Sink,[PathTraversal])] Datadog.Trace.Iast.Aspects.FileInfoAspect",
" [AspectMethodInsertBefore(\"System.IO.FileInfo::.ctor(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
" [AspectMethodInsertBefore(\"System.IO.FileInfo::CopyTo(System.String)\",\"\",[0],[False],[None],Default,[])] ReviewPath(System.String)",
Expand Down
Loading

0 comments on commit d7f025c

Please sign in to comment.