internal/appsec: setup rasp metrics

Signed-off-by: Eliott Bouhana <[email protected]>
DataDog · Sep 18, 2024 · 2fe0fa5 · 2fe0fa5
1 parent b9e57e2
commit 2fe0fa5
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 9 deletions.
diff --git a/internal/appsec/listener/httpsec/roundtripper.go b/internal/appsec/listener/httpsec/roundtripper.go
@@ -19,7 +19,7 @@ import (
 // RegisterRoundTripperListener registers a listener on outgoing HTTP client requests to run the WAF.
 func RegisterRoundTripperListener(op dyngo.Operation, events *trace.SecurityEventsHolder, wafCtx *waf.Context, limiter limiter.Limiter) {
  dyngo.On(op, sharedsec.MakeWAFRunListener(events, wafCtx, limiter, func(args types.RoundTripOperationArgs) waf.RunAddressData {
- return waf.RunAddressData{Ephemeral: map[string]any{ServerIoNetURLAddr: args.URL}}
+ return waf.RunAddressData{Ephemeral: map[string]any{ServerIoNetURLAddr: args.URL}, Scope: waf.RASPScope}
  }))
 }
 

diff --git a/internal/appsec/listener/ossec/lfi.go b/internal/appsec/listener/ossec/lfi.go
@@ -25,7 +25,7 @@ const (
 
 func RegisterOpenListener(op dyngo.Operation, eventsHolder *trace.SecurityEventsHolder, wafCtx *waf.Context, limiter limiter.Limiter) {
  runWAF := sharedsec.MakeWAFRunListener(eventsHolder, wafCtx, limiter, func(args ossec.OpenOperationArgs) waf.RunAddressData {
- return waf.RunAddressData{Ephemeral: map[string]any{ServerIOFSFileAddr: args.Path}}
+ return waf.RunAddressData{Ephemeral: map[string]any{ServerIOFSFileAddr: args.Path}, Scope: waf.RASPScope}
  })
 
  dyngo.On(op, func(op *ossec.OpenOperation, args ossec.OpenOperationArgs) {

diff --git a/internal/appsec/listener/sharedsec/shared.go b/internal/appsec/listener/sharedsec/shared.go
@@ -26,6 +26,7 @@ const (
  eventRulesLoadedTag = "_dd.appsec.event_rules.loaded"
  eventRulesFailedTag = "_dd.appsec.event_rules.error_count"
  wafVersionTag = "_dd.appsec.waf.version"
+ wafSpanTagPrefix = "_dd.appsec."
 )
 
 func RunWAF(wafCtx *waf.Context, values waf.RunAddressData) waf.Result {
@@ -91,7 +92,7 @@ func AddWAFMonitoringTags(th trace.TagSetter, rulesVersion string, stats map[str
 
  // Report the stats sent by the WAF
  for k, v := range stats {
- th.SetTag(k, v)
+ th.SetTag(wafSpanTagPrefix+k, v)
  }
 }
 

diff --git a/internal/appsec/listener/sharedsec/shared_test.go b/internal/appsec/listener/sharedsec/shared_test.go
@@ -10,6 +10,7 @@ import (
 
  waf "github.com/DataDog/go-libddwaf/v3"
  "github.com/stretchr/testify/require"
+
  "gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/trace"
 )
 
@@ -34,11 +35,13 @@ func TestTagsTypes(t *testing.T) {
  AddRulesMonitoringTags(&th, &wafDiags)
 
  stats := map[string]any{
- wafDurationTag: 10,
- wafDurationExtTag: 20,
- wafTimeoutTag: 0,
- "_dd.appsec.waf.truncations.depth": []int{1, 2, 3},
- "_dd.appsec.waf.run": 12000,
+ "waf.duration": 10,
+ "rasp.duration": 10,
+ "waf.duration_ext": 20,
+ "rasp.duration_ext": 20,
+ "waf.timeouts": 0,
+ "waf.truncations.depth": []int{1, 2, 3},
+ "waf.run": 12000,
  }
 
  AddWAFMonitoringTags(&th, "1.2.3", stats)

diff --git a/internal/appsec/listener/sqlsec/sql.go b/internal/appsec/listener/sqlsec/sql.go
@@ -23,7 +23,7 @@ const (
 
 func RegisterSQLListener(op dyngo.Operation, events *trace.SecurityEventsHolder, wafCtx *waf.Context, limiter limiter.Limiter) {
  dyngo.On(op, sharedsec.MakeWAFRunListener(events, wafCtx, limiter, func(args types.SQLOperationArgs) waf.RunAddressData {
- return waf.RunAddressData{Ephemeral: map[string]any{ServerDBStatementAddr: args.Query, ServerDBTypeAddr: args.Driver}}
+ return waf.RunAddressData{Ephemeral: map[string]any{ServerDBStatementAddr: args.Query, ServerDBTypeAddr: args.Driver}, Scope: waf.RASPScope}
  }))
 }