Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Memory leak with DD_APPSEC_ENABLED="false" #2683

Open
orlandothoeny opened this issue May 31, 2024 · 3 comments
Open

[Bug]: Memory leak with DD_APPSEC_ENABLED="false" #2683

orlandothoeny opened this issue May 31, 2024 · 3 comments
Labels
🐛 bug Something isn't working

Comments

@orlandothoeny
Copy link

orlandothoeny commented May 31, 2024
edited
Loading

Bug report

After setting DD_APPSEC_ENABLED="false" in our Kubernetes container (to try to work around #2501), we observe that the memory usage is continuously increasing.
We did not define DD_APPSEC_ENABLED before.

We also recently upgraded from 0.98.0, that could also be the cause.

The container is a long running RabbitMQ consumer using php-amqplib (Integration).

image

Maybe related to #2592?

PHP version

8.2.19

Tracer or profiler version

1.0.0beta1

Installed extensions

[PHP Modules]
amqp
apcu
ast
bcmath
bz2
calendar
Core
ctype
curl
date
ddappsec
ddtrace
dom
exif
FFI
fileinfo
filter
ftp
gd
gettext
hash
iconv
intl
json
libxml
mbstring
mongodb
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
random
readline
Reflection
session
shmop
SimpleXML
soap
sockets
sodium
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache
ddappsec
ddtrace

Output of phpinfo()

ddtrace

Datadog PHP tracer extension
For help, check out the documentation at https://docs.datadoghq.com/tracing/languages/php/
(c) Datadog 2020

Datadog tracing support => enabled
Version => 1.0.0beta1
DATADOG TRACER CONFIGURATION => {
"date": "2024-05-31T08:39:08Z",
"os_name": "Linux worker-consumer-579cf45c48-5xmrz 6.1.58+ #1 SMP PREEMPT_DYNAMIC Mon Jan 29 15:19:25 UTC 2024 x86_64",
"os_version": "6.1.58+",
"version": "1.0.0beta1",
"lang": "php",
"lang_version": "8.2.13",
"env": "prod",
"enabled": true,
"service": "stream-service",
"enabled_cli": true,
"agent_url": "http://datadog-agent.infrastructure.svc.cluster.local:8126",
"debug": false,
"analytics_enabled": false,
"sample_rate": -1,
"sampling_rules": [],
"tags": [],
"service_mapping": [],
"distributed_tracing_enabled": true,
"dd_version": "1311575236-527adb27",
"architecture": "x86_64",
"sapi": "cli",
"datadog.trace.sources_path": "/opt/datadog/dd-library/1.0.0beta1/dd-trace-sources/src",
"open_basedir_configured": false,
"uri_fragment_regex": null,
"uri_mapping_incoming": null,
"uri_mapping_outgoing": null,
"auto_flush_enabled": false,
"generate_root_span": true,
"http_client_split_by_domain": false,
"measure_compile_time": true,
"report_hostname_on_root_span": false,
"traced_internal_functions": null,
"enabled_from_env": true,
"opcache.file_cache": null
}

                           Diagnostics

Diagnostic checks => passed

Directive => Local Value => Master Value
datadog.agent_host => datadog-agent.infrastructure.svc.cluster.local => datadog-agent.infrastructure.svc.cluster.local
datadog.amqp_analytics_enabled => Off => Off
datadog.amqp_analytics_sample_rate => 1 => 1
datadog.api_key => no value => no value
datadog.appsec.sca_enabled => Off => Off
datadog.autofinish_spans => Off => Off
datadog.autoload_no_compile => 0 => 0
datadog.cakephp_analytics_enabled => Off => Off
datadog.cakephp_analytics_sample_rate => 1 => 1
datadog.codeigniter_analytics_enabled => Off => Off
datadog.codeigniter_analytics_sample_rate => 1 => 1
datadog.curl_analytics_enabled => Off => Off
datadog.curl_analytics_sample_rate => 1 => 1
datadog.dbm_propagation_mode => full => full
datadog.distributed_tracing => On => On
datadog.dogstatsd_port => 8125 => 8125
datadog.dogstatsd_url => no value => no value
datadog.drupal_analytics_enabled => Off => Off
datadog.drupal_analytics_sample_rate => 1 => 1
datadog.elasticsearch_analytics_enabled => Off => Off
datadog.elasticsearch_analytics_sample_rate => 1 => 1
datadog.eloquent_analytics_enabled => Off => Off
datadog.eloquent_analytics_sample_rate => 1 => 1
datadog.env => prod => prod
datadog.exec_analytics_enabled => Off => Off
datadog.exec_analytics_sample_rate => 1 => 1
datadog.frankenphp_analytics_enabled => Off => Off
datadog.frankenphp_analytics_sample_rate => 1 => 1
datadog.guzzle_analytics_enabled => Off => Off
datadog.guzzle_analytics_sample_rate => 1 => 1
datadog.http_server_route_based_naming => On => On
datadog.instrumentation_telemetry_enabled => On => On
datadog.laminas_analytics_enabled => Off => Off
datadog.laminas_analytics_sample_rate => 1 => 1
datadog.laravel_analytics_enabled => Off => Off
datadog.laravel_analytics_sample_rate => 1 => 1
datadog.laravelqueue_analytics_enabled => Off => Off
datadog.laravelqueue_analytics_sample_rate => 1 => 1
datadog.log_backtrace => Off => Off
datadog.logs_analytics_enabled => Off => Off
datadog.logs_analytics_sample_rate => 1 => 1
datadog.logs_injection => Off => Off
datadog.lumen_analytics_enabled => Off => Off
datadog.lumen_analytics_sample_rate => 1 => 1
datadog.magento_analytics_enabled => Off => Off
datadog.magento_analytics_sample_rate => 1 => 1
datadog.memcache_analytics_enabled => Off => Off
datadog.memcache_analytics_sample_rate => 1 => 1
datadog.memcached_analytics_enabled => Off => Off
datadog.memcached_analytics_sample_rate => 1 => 1
datadog.mongo_analytics_enabled => Off => Off
datadog.mongo_analytics_sample_rate => 1 => 1
datadog.mongodb_analytics_enabled => Off => Off
datadog.mongodb_analytics_sample_rate => 1 => 1
datadog.mysqli_analytics_enabled => Off => Off
datadog.mysqli_analytics_sample_rate => 1 => 1
datadog.nette_analytics_enabled => Off => Off
datadog.nette_analytics_sample_rate => 1 => 1
datadog.pcntl_analytics_enabled => Off => Off
datadog.pcntl_analytics_sample_rate => 1 => 1
datadog.pdo_analytics_enabled => Off => Off
datadog.pdo_analytics_sample_rate => 1 => 1
datadog.phpredis_analytics_enabled => Off => Off
datadog.phpredis_analytics_sample_rate => 1 => 1
datadog.predis_analytics_enabled => Off => Off
datadog.predis_analytics_sample_rate => 1 => 1
datadog.psr18_analytics_enabled => Off => Off
datadog.psr18_analytics_sample_rate => 1 => 1
datadog.roadrunner_analytics_enabled => Off => Off
datadog.roadrunner_analytics_sample_rate => 1 => 1
datadog.service => stream-service => stream-service
datadog.service_mapping => no value => no value
datadog.slim_analytics_enabled => Off => Off
datadog.slim_analytics_sample_rate => 1 => 1
datadog.span_sampling_rules => [] => []
datadog.span_sampling_rules_file => no value => no value
datadog.sqlsrv_analytics_enabled => Off => Off
datadog.sqlsrv_analytics_sample_rate => 1 => 1
datadog.swoole_analytics_enabled => Off => Off
datadog.swoole_analytics_sample_rate => 1 => 1
datadog.symfony_analytics_enabled => Off => Off
datadog.symfony_analytics_sample_rate => 1 => 1
datadog.tags => no value => no value
datadog.trace.128_bit_traceid_generation_enabled => On => On
datadog.trace.128_bit_traceid_logging_enabled => Off => Off
datadog.trace.agent_connect_timeout => 100 => 100
datadog.trace.agent_debug_verbose_curl => Off => Off
datadog.trace.agent_flush_after_n_requests => 10 => 10
datadog.trace.agent_flush_interval => 5000 => 5000
datadog.trace.agent_max_payload_size => 52428800 => 52428800
datadog.trace.agent_port => 0 => 0
datadog.trace.agent_retries => 0 => 0
datadog.trace.agent_stack_backlog => 12 => 12
datadog.trace.agent_stack_initial_size => 131072 => 131072
datadog.trace.agent_timeout => 500 => 500
datadog.trace.agent_url => no value => no value
datadog.trace.agentless => Off => Off
datadog.trace.amqp_analytics_enabled => Off => Off
datadog.trace.amqp_analytics_sample_rate => 1 => 1
datadog.trace.amqp_enabled => On => On
datadog.trace.analytics_enabled => Off => Off
datadog.trace.append_trace_ids_to_logs => Off => Off
datadog.trace.auto_flush_enabled => Off => Off
datadog.trace.beta_high_memory_pressure_percent => 80 => 80
datadog.trace.bgs_connect_timeout => 2000 => 2000
datadog.trace.bgs_timeout => 5000 => 5000
datadog.trace.cakephp_analytics_enabled => Off => Off
datadog.trace.cakephp_analytics_sample_rate => 1 => 1
datadog.trace.cakephp_enabled => On => On
datadog.trace.cli_enabled => On => On
datadog.trace.client_ip_enabled => Off => Off
datadog.trace.client_ip_header => no value => no value
datadog.trace.codeigniter_analytics_enabled => Off => Off
datadog.trace.codeigniter_analytics_sample_rate => 1 => 1
datadog.trace.codeigniter_enabled => On => On
datadog.trace.curl_analytics_enabled => Off => Off
datadog.trace.curl_analytics_sample_rate => 1 => 1
datadog.trace.curl_enabled => On => On
datadog.trace.db_client_split_by_instance => Off => Off
datadog.trace.debug => Off => Off
datadog.trace.debug_curl_output => Off => Off
datadog.trace.debug_prng_seed => -1 => -1
datadog.trace.drupal_analytics_enabled => Off => Off
datadog.trace.drupal_analytics_sample_rate => 1 => 1
datadog.trace.drupal_enabled => On => On
datadog.trace.elasticsearch_analytics_enabled => Off => Off
datadog.trace.elasticsearch_analytics_sample_rate => 1 => 1
datadog.trace.elasticsearch_enabled => On => On
datadog.trace.eloquent_analytics_enabled => Off => Off
datadog.trace.eloquent_analytics_sample_rate => 1 => 1
datadog.trace.eloquent_enabled => On => On
datadog.trace.enabled => On => On
datadog.trace.exec_analytics_enabled => Off => Off
datadog.trace.exec_analytics_sample_rate => 1 => 1
datadog.trace.exec_enabled => On => On
datadog.trace.flush_collect_cycles => Off => Off
datadog.trace.forked_process => On => On
datadog.trace.frankenphp_analytics_enabled => Off => Off
datadog.trace.frankenphp_analytics_sample_rate => 1 => 1
datadog.trace.frankenphp_enabled => On => On
datadog.trace.generate_root_span => On => On
datadog.trace.guzzle_analytics_enabled => Off => Off
datadog.trace.guzzle_analytics_sample_rate => 1 => 1
datadog.trace.guzzle_enabled => On => On
datadog.trace.header_tags => no value => no value
datadog.trace.health_metrics_enabled => Off => Off
datadog.trace.health_metrics_heartbeat_sample_rate => 0.001 => 0.001
datadog.trace.hook_limit => 100 => 100
datadog.trace.http_client_split_by_domain => Off => Off
datadog.trace.http_post_data_param_allowed => no value => no value
datadog.trace.http_url_query_param_allowed => * => *
datadog.trace.laminas_analytics_enabled => Off => Off
datadog.trace.laminas_analytics_sample_rate => 1 => 1
datadog.trace.laminas_enabled => On => On
datadog.trace.laravel_analytics_enabled => Off => Off
datadog.trace.laravel_analytics_sample_rate => 1 => 1
datadog.trace.laravel_enabled => On => On
datadog.trace.laravel_queue_distributed_tracing => On => On
datadog.trace.laravelqueue_analytics_enabled => Off => Off
datadog.trace.laravelqueue_analytics_sample_rate => 1 => 1
datadog.trace.laravelqueue_enabled => On => On
datadog.trace.log_file => no value => no value
datadog.trace.log_level => error => error
datadog.trace.logs_analytics_enabled => Off => Off
datadog.trace.logs_analytics_sample_rate => 1 => 1
datadog.trace.logs_enabled => Off => Off
datadog.trace.lumen_analytics_enabled => Off => Off
datadog.trace.lumen_analytics_sample_rate => 1 => 1
datadog.trace.lumen_enabled => On => On
datadog.trace.magento_analytics_enabled => Off => Off
datadog.trace.magento_analytics_sample_rate => 1 => 1
datadog.trace.magento_enabled => On => On
datadog.trace.measure_compile_time => On => On
datadog.trace.memcache_analytics_enabled => Off => Off
datadog.trace.memcache_analytics_sample_rate => 1 => 1
datadog.trace.memcache_enabled => On => On
datadog.trace.memcached_analytics_enabled => Off => Off
datadog.trace.memcached_analytics_sample_rate => 1 => 1
datadog.trace.memcached_enabled => On => On
datadog.trace.memory_limit => no value => no value
datadog.trace.mongo_analytics_enabled => Off => Off
datadog.trace.mongo_analytics_sample_rate => 1 => 1
datadog.trace.mongo_enabled => On => On
datadog.trace.mongodb_analytics_enabled => Off => Off
datadog.trace.mongodb_analytics_sample_rate => 1 => 1
datadog.trace.mongodb_enabled => On => On
datadog.trace.mysqli_analytics_enabled => Off => Off
datadog.trace.mysqli_analytics_sample_rate => 1 => 1
datadog.trace.mysqli_enabled => On => On
datadog.trace.nette_analytics_enabled => Off => Off
datadog.trace.nette_analytics_sample_rate => 1 => 1
datadog.trace.nette_enabled => On => On
datadog.trace.obfuscation_query_string_regexp => (?i)(?:(?:"|%22)?)(?:(?:old[-]?|new[-]?)?p(?:ass)?w(?:or)?d(?:1|2)?|pass(?:[-]?phrase)?|secret|(?:api[-]?|private[-]?|public[-]?|access[-]?|secret[-]?|app(?:lication)?[-]?)key(?:[-]?id)?|token|consumer[-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:(?:\s|%20)(?:=|%3D)[^&]+|(?:"|%22)(?:\s|%20)(?::|%3A)(?:\s|%20)*(?:"|%22)(?:%2[^2]|%[^2]|[^"%])+(?:"|%22))|(?:bearer(?:\s|%20)+[a-z0-9.-]+|token(?::|%3A)[a-z0-9]{13}|gh[opsu][0-9a-zA-Z]{36}|eyI-L+.eyI-L+(?:.(?:[\w.+/=-]|%3D|%2F|%2B)+)?|-{5}BEGIN(?:[a-z\s]|%20)+PRIVATE(?:\s|%20)KEY-{5}[^\-]+-{5}END(?:[a-z\s]|%20)+PRIVATE(?:\s|%20)KEY(?:-{5})?(?:\n|%0A)?|(?:ssh-(?:rsa|dss)|ecdsa-[a-z0-9]+-[a-z0-9]+)(?:\s|%20|%09)+(?:[a-z0-9/.+]|%2F|%5C|%2B){100,}(?:=|%3D)*(?:(?:\s|%20|%09)+[a-z0-9.-]+)?) => (?i)(?:(?:"|%22)?)(?:(?:old[-]?|new[-]?)?p(?:ass)?w(?:or)?d(?:1|2)?|pass(?:[-]?phrase)?|secret|(?:api[-]?|private[-]?|public[-]?|access[-]?|secret[-]?|app(?:lication)?[-]?)key(?:[-]?id)?|token|consumer[-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:(?:\s|%20)(?:=|%3D)[^&]+|(?:"|%22)(?:\s|%20)(?::|%3A)(?:\s|%20)*(?:"|%22)(?:%2[^2]|%[^2]|[^"%])+(?:"|%22))|(?:bearer(?:\s|%20)+[a-z0-9.-]+|token(?::|%3A)[a-z0-9]{13}|gh[opsu][0-9a-zA-Z]{36}|eyI-L+.eyI-L+(?:.(?:[\w.+/=-]|%3D|%2F|%2B)+)?|-{5}BEGIN(?:[a-z\s]|%20)+PRIVATE(?:\s|%20)KEY-{5}[^\-]+-{5}END(?:[a-z\s]|%20)+PRIVATE(?:\s|%20)KEY(?:-{5})?(?:\n|%0A)?|(?:ssh-(?:rsa|dss)|ecdsa-[a-z0-9]+-[a-z0-9]+)(?:\s|%20|%09)+(?:[a-z0-9/.+]|%2F|%5C|%2B){100,}(?:=|%3D)*(?:(?:\s|%20|%09)+[a-z0-9.-]+)?)
datadog.trace.once_logs => On => On
datadog.trace.otel_enabled => Off => Off
datadog.trace.pcntl_analytics_enabled => Off => Off
datadog.trace.pcntl_analytics_sample_rate => 1 => 1
datadog.trace.pcntl_enabled => On => On
datadog.trace.pdo_analytics_enabled => Off => Off
datadog.trace.pdo_analytics_sample_rate => 1 => 1
datadog.trace.pdo_enabled => On => On
datadog.trace.peer_service_defaults_enabled => Off => Off
datadog.trace.peer_service_mapping => no value => no value
datadog.trace.phpredis_analytics_enabled => Off => Off
datadog.trace.phpredis_analytics_sample_rate => 1 => 1
datadog.trace.phpredis_enabled => On => On
datadog.trace.predis_analytics_enabled => Off => Off
datadog.trace.predis_analytics_sample_rate => 1 => 1
datadog.trace.predis_enabled => On => On
datadog.trace.propagate_service => Off => Off
datadog.trace.propagate_user_id_default => Off => Off
datadog.trace.propagation_style => datadog,tracecontext => datadog,tracecontext
datadog.trace.propagation_style_extract => datadog,tracecontext,B3,B3 single header => datadog,tracecontext,B3,B3 single header
datadog.trace.propagation_style_inject => datadog,tracecontext => datadog,tracecontext
datadog.trace.psr18_analytics_enabled => Off => Off
datadog.trace.psr18_analytics_sample_rate => 1 => 1
datadog.trace.psr18_enabled => On => On
datadog.trace.rate_limit => 0 => 0
datadog.trace.redis_client_split_by_host => Off => Off
datadog.trace.remove_autoinstrumentation_orphans => Off => Off
datadog.trace.remove_integration_service_names_enabled => Off => Off
datadog.trace.remove_root_span_laravel_queue => On => On
datadog.trace.report_hostname => Off => Off
datadog.trace.resource_uri_fragment_regex => no value => no value
datadog.trace.resource_uri_mapping_incoming => no value => no value
datadog.trace.resource_uri_mapping_outgoing => no value => no value
datadog.trace.resource_uri_query_param_allowed => no value => no value
datadog.trace.retain_thread_capabilities => Off => Off
datadog.trace.roadrunner_analytics_enabled => Off => Off
datadog.trace.roadrunner_analytics_sample_rate => 1 => 1
datadog.trace.roadrunner_enabled => On => On
datadog.trace.sample_rate => -1 => -1
datadog.trace.sampling_rules => [] => []
datadog.trace.sampling_rules_format => glob => glob
datadog.trace.shutdown_timeout => 5000 => 5000
datadog.trace.sidecar_trace_sender => Off => Off
datadog.trace.slim_analytics_enabled => Off => Off
datadog.trace.slim_analytics_sample_rate => 1 => 1
datadog.trace.slim_enabled => On => On
datadog.trace.sources_path => /opt/datadog/dd-library/1.0.0beta1/dd-trace-sources/src => /opt/datadog/dd-library/1.0.0beta1/dd-trace-sources/src
datadog.trace.spans_limit => 1000 => 1000
datadog.trace.sqlsrv_analytics_enabled => Off => Off
datadog.trace.sqlsrv_analytics_sample_rate => 1 => 1
datadog.trace.sqlsrv_enabled => On => On
datadog.trace.startup_logs => On => On
datadog.trace.swoole_analytics_enabled => Off => Off
datadog.trace.swoole_analytics_sample_rate => 1 => 1
datadog.trace.swoole_enabled => On => On
datadog.trace.symfony_analytics_enabled => Off => Off
datadog.trace.symfony_analytics_sample_rate => 1 => 1
datadog.trace.symfony_enabled => On => On
datadog.trace.traced_internal_functions => no value => no value
datadog.trace.url_as_resource_names_enabled => On => On
datadog.trace.warn_legacy_dd_trace => On => On
datadog.trace.web_analytics_enabled => Off => Off
datadog.trace.web_analytics_sample_rate => 1 => 1
datadog.trace.web_enabled => On => On
datadog.trace.wordpress_additional_actions => no value => no value
datadog.trace.wordpress_analytics_enabled => Off => Off
datadog.trace.wordpress_analytics_sample_rate => 1 => 1
datadog.trace.wordpress_callbacks => On => On
datadog.trace.wordpress_enabled => On => On
datadog.trace.x_datadog_tags_max_length => 512 => 512
datadog.trace.yii_analytics_enabled => Off => Off
datadog.trace.yii_analytics_sample_rate => 1 => 1
datadog.trace.yii_enabled => On => On
datadog.trace.zendframework_analytics_enabled => Off => Off
datadog.trace.zendframework_analytics_sample_rate => 1 => 1
datadog.trace.zendframework_enabled => On => On
datadog.version => 1311575236-527adb27 => 1311575236-527adb27
datadog.web_analytics_enabled => Off => Off
datadog.web_analytics_sample_rate => 1 => 1
datadog.wordpress_analytics_enabled => Off => Off
datadog.wordpress_analytics_sample_rate => 1 => 1
datadog.yii_analytics_enabled => Off => Off
datadog.yii_analytics_sample_rate => 1 => 1
datadog.zendframework_analytics_enabled => Off => Off
datadog.zendframework_analytics_sample_rate => 1 => 1
ddtrace.cgroup_file => /proc/self/cgroup => /proc/self/cgroup
ddtrace.disable => 0 => 0

Upgrading from

No response
@orlandothoeny orlandothoeny added the 🐛 bug Something isn't working label May 31, 2024
@Anilm3
Copy link
Contributor

Anilm3 commented Jun 3, 2024

Thanks for reporting this, we are currently working to try and reproduce and fix the memory leak.

In the meantime, you can consider fully disabling the appsec extension by commenting the line extension = ddappsec.so from the 98-ddtrace.ini configuration file. This should completely prevent the appsec extension from loading, which will either get rid of the leak or at least give us more clues regarding the source of the leak.

On a separate note, can you also please provide the phpinfo section for the ddappsec extension?

@fabianerni
Copy link

fabianerni commented Jun 4, 2024
edited
Loading 

php --ri ddappsec

ddappsec


Datadog PHP AppSec extension
(c) Datadog 2021

State managed by remote config => No
Current state => Disabled
Version => 1.0.0beta1
Connected to helper? => No

Directive => Local Value => Master Value
datadog.appsec.enabled => Off => Off
datadog.appsec.cli_start_on_rinit => Off => Off
datadog.appsec.rules => no value => no value
datadog.appsec.waf_timeout => 10000 => 10000
datadog.appsec.trace_rate_limit => 100 => 100
datadog.appsec.extra_headers => no value => no value
datadog.appsec.obfuscation_parameter_key_regexp => (?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization => (?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization
datadog.appsec.obfuscation_parameter_value_regexp => (?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,} => (?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\s*=[^;]|"\s*:\s*"[^"]+")|bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}
datadog.appsec.testing => Off => Off
datadog.appsec.testing_abort_rinit => Off => Off
datadog.appsec.testing_raw_body => Off => Off
datadog.appsec.log_level => warn => warn
datadog.appsec.log_file => php_error_reporting => php_error_reporting
datadog.appsec.helper_launch => On => On
datadog.appsec.helper_path => /opt/datadog/dd-library/1.0.0beta1/bin/ddappsec-helper => /opt/datadog/dd-library/1.0.0beta1/bin/ddappsec-helper
datadog.appsec.helper_runtime_path => /tmp => /tmp
datadog.appsec.helper_log_file => /dev/null => /dev/null
datadog.extra_services => no value => no value
datadog.appsec.helper_extra_args => no value => no value
datadog.remote_config_enabled => On => On
datadog.remote_config_poll_interval => 1000 => 1000
datadog.appsec.max_body_buff_size => 524288 => 524288
datadog.appsec.automated_user_events_tracking => safe => safe
datadog.appsec.http_blocked_template_html => no value => no value
datadog.appsec.http_blocked_template_json => no value => no value
datadog.api_security_request_sample_rate => 0.1 => 0.1
datadog.api_security_enabled => On => On

@Anilm3
Copy link
Contributor

Anilm3 commented Jun 5, 2024

Thanks for sending that through, so far we have been unable to reproduce a memory leak in this scenario, although we're still trying. Have you been able to update the configuration so that the appsec extension isn't loaded? It would really help reduce the scope of our investigation.

On a separate note, are you also using the datadog profiler?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛 bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Anilm3 @fabianerni @orlandothoeny