Update native-appsec module to 8.0.1 #4347

CarlesDD · 2024-05-24T06:13:29Z

What does this PR do?

Updates native-appsec module to v8.0.1:

Action state keeping moved to waf
Handling new result action semantics (block_request and redirect_request)

Motivation

Implement new libddwaf to add RASP support

Additional Notes

System test PR to enable XPASSing test: DataDog/system-tests#2495

APPSEC-52723

github-actions · 2024-05-24T06:14:11Z

Overall package size

Self size: 6.53 MB
Deduped: 61.79 MB
No deduping: 62.07 MB

Dependency sizes

name	version	self size	total size
@datadog/native-appsec	8.0.1	15.59 MB	15.6 MB
@datadog/native-iast-taint-tracking	2.1.0	14.91 MB	14.92 MB
@datadog/pprof	5.3.0	9.85 MB	10.22 MB
protobufjs	7.2.5	2.77 MB	6.56 MB
@datadog/native-iast-rewriter	2.3.1	2.15 MB	2.24 MB
@opentelemetry/core	1.14.0	872.87 kB	1.47 MB
@datadog/native-metrics	2.0.0	898.77 kB	1.3 MB
@opentelemetry/api	1.8.0	1.21 MB	1.21 MB
import-in-the-middle	1.7.4	70.19 kB	739.86 kB
msgpack-lite	0.1.26	201.16 kB	281.59 kB
opentracing	0.14.7	194.81 kB	194.81 kB
semver	7.5.4	93.4 kB	123.8 kB
pprof-format	2.1.0	111.69 kB	111.69 kB
@datadog/sketches-js	2.1.0	109.9 kB	109.9 kB
lodash.sortby	4.7.0	75.76 kB	75.76 kB
lru-cache	7.14.0	74.95 kB	74.95 kB
ignore	5.2.4	51.22 kB	51.22 kB
int64-buffer	0.1.10	49.18 kB	49.18 kB
shell-quote	1.8.1	44.96 kB	44.96 kB
istanbul-lib-coverage	3.2.0	29.34 kB	29.34 kB
tlhunter-sorted-set	0.1.0	24.94 kB	24.94 kB
limiter	1.1.5	23.17 kB	23.17 kB
dc-polyfill	0.1.4	23.1 kB	23.1 kB
retry	0.13.1	18.85 kB	18.85 kB
jest-docblock	29.7.0	8.99 kB	12.76 kB
crypto-randomuuid	1.0.0	11.18 kB	11.18 kB
path-to-regexp	0.1.7	6.78 kB	6.78 kB
koalas	1.0.2	6.47 kB	6.47 kB
module-details-from-path	1.0.3	4.47 kB	4.47 kB

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

pr-commenter · 2024-05-24T06:27:15Z

Benchmarks

Benchmark execution time: 2024-05-28 10:19:44

Comparing candidate commit 0768977 in PR branch ccapell/upgrade-native-appsec-waf-1.18 with baseline commit 3544dc0 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 259 metrics, 7 unstable metrics.

uurien · 2024-05-27T08:33:28Z

Keep in mind, various new XPASS in system test with this changes, we should draft a PR to merge once this is merged:

  - generated xml file: /home/runner/work/dd-trace-js/dd-trace-js/logs_appsec_blocking/reportJunit.xml -
  =========================== short test summary info ============================
  XPASS tests/appsec/waf/test_blocking.py::Test_CustomBlockingResponse::test_custom_status_code missing_feature
  XPASS tests/appsec/waf/test_blocking.py::Test_CustomBlockingResponse::test_custom_redirect missing_feature
  XPASS tests/appsec/waf/test_blocking.py::Test_CustomBlockingResponse::test_custom_redirect_wrong_status_code missing_feature
  XPASS tests/appsec/waf/test_blocking.py::Test_CustomBlockingResponse::test_custom_redirect_missing_location missing_feature
  ========= 39 passed, 1073 deselected, 17 xfailed, 4 xpassed in 22.09s ==========

packages/dd-trace/src/appsec/blocking.js

simon-id · 2024-05-27T10:26:45Z

we should draft a PR to merge once this is merged:

correction: we should draft a PR before this is merged!

CarlesDD · 2024-05-27T10:39:56Z

Link to draft system test PR added in this PR description.

uurien · 2024-05-27T10:43:01Z

LGTM, I'll appreciate @simon-id approval, who knows RC better than me.

yarn.lock

packages/dd-trace/src/appsec/blocking.js

packages/dd-trace/src/appsec/rule_manager.js

packages/dd-trace/test/appsec/sdk/user_blocking.spec.js

packages/dd-trace/src/appsec/rule_manager.js

packages/dd-trace/test/appsec/blocking.spec.js

* Bump @datadog/native-appsec to v8.0.1 * Move action state keeping to waf. Handle new result actions * Removed unused type argument in block function * Lint * Handle waf result in graphql * Check blocking action * Refactor handle waf result * Refactor isBlockingAction * Remove batchConfiguration thing. * Optional chaining in conditionals * Remove unrelated change in yarn.lock * Fix return from waf run stub when no actions in result * Rephrase test * Fix waf actions test * Get blocking action test with empty object instead undefined

CarlesDD added 3 commits May 24, 2024 08:19

Bump @datadog/native-appsec to v8.0.1

3cc21a2

Move action state keeping to waf. Handle new result actions

329e59c

Removed unused type argument in block function

2d9ff23

CarlesDD force-pushed the ccapell/upgrade-native-appsec-waf-1.18 branch from 64e52d1 to 2d9ff23 Compare May 24, 2024 06:19

CarlesDD added asm-waf semver-minor labels May 24, 2024

CarlesDD added 2 commits May 24, 2024 08:28

Lint

bcc3fd4

Handle waf result in graphql

45055a9

CarlesDD force-pushed the ccapell/upgrade-native-appsec-waf-1.18 branch from 4d93151 to 45055a9 Compare May 24, 2024 07:12

Check blocking action

b0081b4

CarlesDD marked this pull request as ready for review May 27, 2024 07:41

CarlesDD requested review from a team as code owners May 27, 2024 07:41

Refactor handle waf result

7e851f3

uurien reviewed May 27, 2024

View reviewed changes

packages/dd-trace/src/appsec/blocking.js Outdated Show resolved Hide resolved

simon-id reviewed May 27, 2024

View reviewed changes

yarn.lock Outdated Show resolved Hide resolved

packages/dd-trace/src/appsec/blocking.js Outdated Show resolved Hide resolved

packages/dd-trace/src/appsec/rule_manager.js Show resolved Hide resolved

CarlesDD added 4 commits May 27, 2024 17:05

Refactor isBlockingAction

605f618

Remove batchConfiguration thing.

abb8d93

Optional chaining in conditionals

4289902

Remove unrelated change in yarn.lock

edc3b3d

Qard previously approved these changes May 27, 2024

View reviewed changes