PoC: AWS API Gateway Inferred Span Support

[wconti27]

What does this PR do?

Created inferred spans for AWS Api Gateway for web integrations if the received request has a specific header (see RFC). The headers will also contain info on the route, start time of the request in MS, method, etc.

This is a rough POC.

Motivation

Plugin Checklist

• Unit tests.
• TypeScript definitions.
• TypeScript tests.
• API documentation.
• CircleCI jobs/workflows.
• Plugin is exported.

Additional Notes

[github-actions]

Overall package size

Self size: 7.86 MB
Deduped: 64.88 MB
No deduping: 65.22 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | @datadog/native-appsec | 8.2.1 | 19.18 MB | 19.19 MB | | @datadog/native-iast-taint-tracking | 3.2.0 | 13.9 MB | 13.91 MB | | @datadog/pprof | 5.4.1 | 9.76 MB | 10.13 MB | | protobufjs | 7.2.5 | 2.77 MB | 5.16 MB | | @datadog/native-iast-rewriter | 2.5.0 | 2.51 MB | 2.65 MB | | @opentelemetry/core | 1.14.0 | 872.87 kB | 1.47 MB | | @datadog/native-metrics | 3.0.1 | 1.06 MB | 1.46 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | import-in-the-middle | 1.11.2 | 112.74 kB | 826.22 kB | | msgpack-lite | 0.1.26 | 201.16 kB | 281.59 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | lru-cache | 7.18.3 | 133.92 kB | 133.92 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.0 | 109.9 kB | 109.9 kB | | semver | 7.6.3 | 95.82 kB | 95.82 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 5.3.1 | 51.46 kB | 51.46 kB | | int64-buffer | 0.1.10 | 49.18 kB | 49.18 kB | | shell-quote | 1.8.1 | 44.96 kB | 44.96 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | rfdc | 1.3.1 | 25.21 kB | 25.21 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | dc-polyfill | 0.1.4 | 23.1 kB | 23.1 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | path-to-regexp | 0.1.10 | 6.38 kB | 6.38 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-10-30 15:32:03

Comparing candidate commit c0755f8 in PR branch conti/api-gateway-poc with baseline commit e94c682 in branch master.

Found 33 performance improvements and 2 performance regressions! Performance is the same for 225 metrics, 6 unstable metrics.

scenario:appsec-appsec-enabled-18

• 🟩 cpu_user_time [-85.570ms; -76.352ms] or [-17.318%; -15.452%]
• 🟩 execution_time [-74.408ms; -50.306ms] or [-12.705%; -8.590%]
• 🟩 instructions [-177.6M instructions; -170.1M instructions] or [-13.232%; -12.672%]

scenario:appsec-appsec-enabled-with-attacks-18

• 🟩 cpu_user_time [-116.667ms; -107.506ms] or [-22.231%; -20.485%]
• 🟩 execution_time [-112.399ms; -87.613ms] or [-18.128%; -14.131%]
• 🟩 instructions [-275.1M instructions; -267.7M instructions] or [-19.101%; -18.582%]

scenario:appsec-control-18

• 🟩 cpu_user_time [-45.294ms; -36.952ms] or [-11.264%; -9.190%]
• 🟩 instructions [-78.9M instructions; -71.3M instructions] or [-8.310%; -7.509%]

scenario:appsec-control-with-attacks-18

• 🟩 cpu_user_time [-42.710ms; -35.137ms] or [-11.207%; -9.220%]
• 🟩 instructions [-87.0M instructions; -79.3M instructions] or [-9.078%; -8.277%]

scenario:appsec-iast-no-vulnerability-control-18

• 🟩 cpu_user_time [-98.121ms; -76.344ms] or [-16.315%; -12.694%]
• 🟩 execution_time [-101.187ms; -65.303ms] or [-12.722%; -8.211%]
• 🟩 instructions [-178.0M instructions; -172.5M instructions] or [-12.097%; -11.718%]
• 🟩 max_rss_usage [-5.000MB; -4.439MB] or [-6.002%; -5.329%]

scenario:appsec-iast-no-vulnerability-iast-enabled-always-active-18

• 🟩 cpu_user_time [-197.368ms; -165.359ms] or [-15.044%; -12.605%]
• 🟩 execution_time [-219.703ms; -147.372ms] or [-14.496%; -9.723%]
• 🟩 instructions [-439.7M instructions; -429.8M instructions] or [-16.800%; -16.422%]

scenario:appsec-iast-no-vulnerability-iast-enabled-default-config-18

• 🟩 cpu_user_time [-134.064ms; -103.237ms] or [-10.698%; -8.238%]
• 🟩 execution_time [-149.393ms; -99.083ms] or [-10.148%; -6.730%]
• 🟩 instructions [-272.5M instructions; -257.8M instructions] or [-11.133%; -10.532%]
• 🟩 max_rss_usage [-9.667MB; -6.117MB] or [-8.019%; -5.074%]

scenario:appsec-iast-with-vulnerability-control-18

• 🟩 cpu_user_time [-120.572ms; -79.438ms] or [-12.610%; -8.308%]
• 🟩 execution_time [-161.718ms; -95.377ms] or [-10.992%; -6.483%]
• 🟩 instructions [-178.2M instructions; -168.0M instructions] or [-7.056%; -6.653%]

scenario:appsec-iast-with-vulnerability-iast-enabled-always-active-18

• 🟩 cpu_user_time [-281.735ms; -224.069ms] or [-15.452%; -12.289%]
• 🟩 execution_time [-520.162ms; -382.419ms] or [-19.538%; -14.364%]
• 🟩 instructions [-869.7M instructions; -847.9M instructions] or [-20.082%; -19.579%]
• 🟩 max_rss_usage [-13.751MB; -10.925MB] or [-10.712%; -8.510%]

scenario:appsec-iast-with-vulnerability-iast-enabled-default-config-18

• 🟩 cpu_user_time [-157.157ms; -96.784ms] or [-9.220%; -5.678%]
• 🟩 execution_time [-320.949ms; -174.908ms] or [-13.033%; -7.103%]
• 🟩 instructions [-452.4M instructions; -406.2M instructions] or [-11.598%; -10.412%]

scenario:plugin-http-server-querystring-obfuscation-18

• 🟥 cpu_usage_percentage [+7.136%; +7.319%]
• 🟩 execution_time [-165.016ms; -155.547ms] or [-15.794%; -14.888%]

scenario:plugin-http-server-with-tracer-18

• 🟥 cpu_usage_percentage [+5.994%; +6.177%]
• 🟩 execution_time [-133.531ms; -124.255ms] or [-13.530%; -12.590%]

[tlhunter]

I'd move all the changes to a helper function exported from an api gateway specific file then call the function in here with minimal changes.