Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

appsec: add SQLi RASP protection #2730

Merged
merged 27 commits into from
Jun 20, 2024
Merged

appsec: add SQLi RASP protection #2730

merged 27 commits into from
Jun 20, 2024

Conversation

Hellzy
Copy link
Contributor

@Hellzy Hellzy commented Jun 6, 2024
edited
Loading

What does this PR do?

JIRA: APPSEC-52505

This change adds RASP protection for SQLi. If appsec is enabled, the WAF is run before executing a query, and the query only gets executed if the WAF doesn't yield a security event.

Motivation

This is part of the ASM exploit prevention effort.

Reviewer's Checklist

  • Changed code has unit tests for its functionality at or near 100% coverage.
  • System-Tests covering this feature have been added and enabled with the va.b.c-dev version tag.
  • There is a benchmark for any new code, or changes to existing code.
  • If this interacts with the agent in a new way, a system test has been added.
  • Add an appropriate team label so this PR gets put in the right place for the release notes.
  • Non-trivial go.mod changes, e.g. adding new modules, are reviewed by @DataDog/dd-trace-go-guild.

Unsure? Have a question? Request a review!

@github-actions github-actions bot added the apm:ecosystem contrib/* related feature requests or bugs label Jun 6, 2024
@pr-commenter
Copy link

pr-commenter bot commented Jun 6, 2024
edited
Loading

Benchmarks

Benchmark execution time: 2024-06-20 13:15:42

Comparing candidate commit be265f7 in PR branch francois.mazeau/sqli with baseline commit 2fb4ed0 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 44 metrics, 0 unstable metrics.

github-actions[bot]
github-actions bot reviewed Jun 11, 2024
View reviewed changes
internal/appsec/waf_test.go Outdated Show resolved Hide resolved
internal/appsec/waf_test.go Outdated Show resolved Hide resolved
Julio-Guerra
Julio-Guerra requested changes Jun 11, 2024
View reviewed changes
Copy link
Contributor

@Julio-Guerra Julio-Guerra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job, it overall looks good to me and I left 3 comments.

I would also love if we could add tests for all the different SQL queries (Exec, Update, etc.)

contrib/database/sql/conn.go Outdated Show resolved Hide resolved
internal/appsec/emitter/sqlsec/types/sql.go Outdated Show resolved Hide resolved
internal/appsec/waf_test.go Show resolved Hide resolved
eliottness
eliottness requested changes Jun 18, 2024
View reviewed changes
internal/appsec/waf_test.go Outdated Show resolved Hide resolved
internal/appsec/waf_test.go Show resolved Hide resolved
internal/appsec/waf_test.go Outdated Show resolved Hide resolved
internal/appsec/waf_test.go Outdated Show resolved Hide resolved
eliottness
eliottness reviewed Jun 18, 2024
View reviewed changes
contrib/database/sql/conn.go Outdated Show resolved Hide resolved
contrib/database/sql/conn.go Outdated Show resolved Hide resolved
contrib/database/sql/conn.go Outdated Show resolved Hide resolved
contrib/database/sql/conn.go Outdated Show resolved Hide resolved
@Hellzy Hellzy requested a review from Julio-Guerra June 18, 2024 15:19
@Hellzy Hellzy marked this pull request as ready for review June 18, 2024 15:20
@Hellzy Hellzy requested review from a team as code owners June 18, 2024 15:20
@Hellzy Hellzy requested a review from eliottness June 18, 2024 15:20
rarguelloF
rarguelloF reviewed Jun 20, 2024
View reviewed changes
Copy link
Contributor

@rarguelloF rarguelloF left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a refactor suggestion for the changes in contrib/database/sql.

@rarguelloF rarguelloF self-requested a review June 20, 2024 13:09
@Hellzy Hellzy merged commit 2c61934 into main Jun 20, 2024
141 of 200 checks passed
@Hellzy Hellzy deleted the francois.mazeau/sqli branch June 20, 2024 13:30
@bobholt bobholt mentioned this pull request Aug 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@Julio-Guerra Julio-Guerra Julio-Guerra approved these changes

@rarguelloF rarguelloF rarguelloF approved these changes

@eliottness eliottness eliottness approved these changes

Assignees
No one assigned
Labels
apm:ecosystem contrib/* related feature requests or bugs appsec
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Hellzy @Julio-Guerra @rarguelloF @eliottness