Exploit prevention SQLi in pg

[uurien]

What does this PR do?

Implements detection and blocking of SQL injection attacks in applications using pg library in the points where the threat could be exploited.

Plugin Checklist

• Unit tests.

Additional Notes

System tests: DataDog/system-tests#2862

APPSEC-53981

[github-actions]

Overall package size

Self size: 7.08 MB
Deduped: 62.45 MB
No deduping: 62.73 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | @datadog/native-appsec | 8.1.1 | 18.67 MB | 18.68 MB | | @datadog/native-iast-taint-tracking | 3.1.0 | 12.27 MB | 12.28 MB | | @datadog/pprof | 5.3.0 | 9.85 MB | 10.22 MB | | protobufjs | 7.2.5 | 2.77 MB | 5.16 MB | | @datadog/native-iast-rewriter | 2.4.1 | 2.14 MB | 2.23 MB | | @opentelemetry/core | 1.14.0 | 872.87 kB | 1.47 MB | | @datadog/native-metrics | 2.0.0 | 898.77 kB | 1.3 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | jsonpath-plus | 9.0.0 | 580.4 kB | 1.03 MB | | import-in-the-middle | 1.8.1 | 71.67 kB | 785.15 kB | | msgpack-lite | 0.1.26 | 201.16 kB | 281.59 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.0 | 109.9 kB | 109.9 kB | | semver | 7.6.3 | 95.82 kB | 95.82 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | lru-cache | 7.14.0 | 74.95 kB | 74.95 kB | | ignore | 5.3.1 | 51.46 kB | 51.46 kB | | int64-buffer | 0.1.10 | 49.18 kB | 49.18 kB | | shell-quote | 1.8.1 | 44.96 kB | 44.96 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | rfdc | 1.3.1 | 25.21 kB | 25.21 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | dc-polyfill | 0.1.4 | 23.1 kB | 23.1 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | path-to-regexp | 0.1.10 | 6.38 kB | 6.38 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-09-11 11:00:09

Comparing candidate commit d93eabe in PR branch ugaitz/rasp-sql-pg with baseline commit 8490eae in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 259 metrics, 7 unstable metrics.

[codecov]

Codecov Report

Attention: Patch coverage is 63.30935% with 51 lines in your changes missing coverage. Please review.

Project coverage is 86.03%. Comparing base (421f3d4) to head (d93eabe).
Report is 8 commits behind head on master.

Files with missing lines	Patch %	Lines
packages/dd-trace/src/appsec/rasp/index.js	36.00%	32 Missing ⚠️
packages/dd-trace/src/appsec/rasp/utils.js	48.14%	14 Missing ⚠️
packages/dd-trace/src/appsec/rasp/sql_injection.js	88.09%	5 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #4566       +/-   ##
===========================================
+ Coverage   51.47%   86.03%   +34.55%     
===========================================
  Files          39      269      +230     
  Lines        1457    11794    +10337     
  Branches       33       33               
===========================================
+ Hits          750    10147     +9397     
- Misses        707     1647      +940     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[simon-id]

last nit otherwise LGTM