Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

appsec: setup ossec package and OpenOperation #2781

Merged
merged 7 commits into from
Aug 16, 2024
Merged

appsec: setup ossec package and OpenOperation #2781

merged 7 commits into from
Aug 16, 2024

Conversation

eliottness
Copy link
Contributor

@eliottness eliottness commented Jul 10, 2024
edited
Loading

What does this PR do?

This PR setups protection against LFI attacks:

  • Setup ossec listener with the new address and register the listener where it is needed
  • Setup ossec emitter package with the new OpenOperation
  • Fix GLS nil-map assignment issue
  • Skip stackframes with the file name <generated>
  • Add Orchestrion workflow runs-on parameter

Motivation

Complete support for ASM Exploit Prevention.

Reviewer's Checklist

  • Changed code has unit tests for its functionality at or near 100% coverage.
  • System-Tests covering this feature have been added and enabled with the va.b.c-dev version tag.
  • There is a benchmark for any new code, or changes to existing code.
  • If this interacts with the agent in a new way, a system test has been added.
  • Add an appropriate team label so this PR gets put in the right place for the release notes.
  • Non-trivial go.mod changes, e.g. adding new modules, are reviewed by @DataDog/dd-trace-go-guild.

Unsure? Have a question? Request a review!
Signed-off-by: Eliott Bouhana eliott.bouhana@datadoghq.com

@pr-commenter
Copy link

pr-commenter bot commented Jul 10, 2024
edited
Loading

Benchmarks

Benchmark execution time: 2024-08-16 13:03:48

Comparing candidate commit 465bb69 in PR branch eliott.bouhana/APPSEC-53772 with baseline commit 0462924 in branch main.

Found 1 performance improvements and 0 performance regressions! Performance is the same for 57 metrics, 1 unstable metrics.

scenario:BenchmarkStartRequestSpan-24

  • 🟩 execution_time [-8.200ns; -6.980ns] or [-2.671%; -2.274%]

@eliottness eliottness marked this pull request as ready for review July 10, 2024 14:52
@eliottness eliottness requested a review from a team as a code owner July 10, 2024 14:52
Base automatically changed from eliott.bouhana/APPSEC-53654 to main July 10, 2024 15:34
@eliottness eliottness requested review from a team as code owners July 10, 2024 15:34
An error occurred while trying to automatically change base from eliott.bouhana/APPSEC-53654 to main July 10, 2024 15:34
@github-actions github-actions bot added the apm:ecosystem contrib/* related feature requests or bugs label Jul 10, 2024
@eliottness eliottness force-pushed the eliott.bouhana/APPSEC-53772 branch 3 times, most recently from 68fe39e to c3342d8 Compare July 10, 2024 15:40
@eliottness eliottness marked this pull request as draft July 12, 2024 08:07
@eliottness eliottness force-pushed the eliott.bouhana/APPSEC-53772 branch from c3342d8 to f0db6f9 Compare July 18, 2024 13:43
RomainMuller
RomainMuller reviewed Jul 29, 2024
View reviewed changes
internal/appsec/emitter/ossec/lfi.go Show resolved Hide resolved
internal/appsec/listener/httpsec/http.go Outdated Show resolved Hide resolved
internal/appsec/listener/grpcsec/grpc.go Outdated Show resolved Hide resolved
internal/appsec/listener/ossec/lfi.go Outdated Show resolved Hide resolved
internal/appsec/dyngo/operation.go Outdated Show resolved Hide resolved
@eliottness eliottness force-pushed the eliott.bouhana/APPSEC-53772 branch from f0db6f9 to a6344bf Compare August 7, 2024 15:36
@eliottness eliottness requested a review from RomainMuller August 9, 2024 14:12
@eliottness eliottness mentioned this pull request Aug 13, 2024
Merged
5 tasks
@eliottness
appsec: setup ossec package and OpenOperation
e8c096c 
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
@eliottness
rework to pedantic operations
5cf8378 
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
@eliottness eliottness force-pushed the eliott.bouhana/APPSEC-53772 branch from 104538f to 4e7459c Compare August 13, 2024 16:04
@eliottness eliottness marked this pull request as ready for review August 13, 2024 16:04
@eliottness
test orchestrion smoke tests
71d06cf 
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
@eliottness
fix GLS and LFI
f2f947d 
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
@eliottness
add conditional listener registration helpers
f78ed32 
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
@eliottness
refactor tests
71f22a2 
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
@eliottness eliottness force-pushed the eliott.bouhana/APPSEC-53772 branch from 7a9527d to 71f22a2 Compare August 13, 2024 16:30
@eliottness
Copy link
Contributor Author

https://github.com/DataDog/orchestrion/actions/runs/10373604854/job/28719101598

RomainMuller
RomainMuller approved these changes Aug 14, 2024
View reviewed changes
Copy link
Contributor

@RomainMuller RomainMuller left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM Modulo the still open conversation :)

@eliottness
skip generated stackframes + add orchestrion workflow runs-on paramet…
465bb69 
…er + refactor OpenOperationRes

Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
@eliottness eliottness merged commit ea13a82 into main Aug 16, 2024
186 checks passed
@eliottness eliottness deleted the eliott.bouhana/APPSEC-53772 branch August 16, 2024 13:44
darccio pushed a commit that referenced this pull request Aug 19, 2024
@eliottness @darccio
appsec: setup ossec package and OpenOperation (#2781)
da02d30 
Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
github-merge-queue bot pushed a commit to DataDog/orchestrion that referenced this pull request Aug 29, 2024
@eliottness
feat(injector: stdlib): instrument os.OpenFile (#219)
f109ee0 
### What does this PR do?

This PR instrument all file opening via the `os.Openfile` function for
RASP LFI and is the sister PR of
DataDog/dd-trace-go#2781

- [x] Write intrumentation file
- [x] Write integration tests for the `os` package
- [x] Add `tracer-internal: true` to the `dd:orchestrion-enabled`
instrumentation to properly enable the GLS storage in dd-trace-go
- [x] Add more tests for `dd:orchestrion-enabled`    

### Motivation

Support for LFI protection.

### Reviewer's Checklist
<!--
* Authors can use this list as a reference to ensure that there are no
problems
during the review but the signing off is to be done by the reviewer(s).
-->

- [ ] Changed code has unit tests for its functionality.

---------

Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nsrip-dd nsrip-dd nsrip-dd left review comments

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@RomainMuller RomainMuller RomainMuller approved these changes

@darccio darccio darccio approved these changes

Assignees
No one assigned
Labels
apm:ecosystem contrib/* related feature requests or bugs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@eliottness @darccio @RomainMuller @nsrip-dd