Skip to content

Commit

Permalink
Adapt lfi to new telemetry approach
Browse files Browse the repository at this point in the history
  • Loading branch information
@estringana
estringana committed Dec 12, 2024
1 parent 2375169 commit 1526965
Show file tree
Hide file tree
Showing 5 changed files with 58 additions and 57 deletions.
5 changes: 5 additions & 0 deletions appsec/src/helper/metrics.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,11 @@ constexpr std::string_view event_rules_version =
constexpr std::string_view waf_version = "_dd.appsec.waf.version";
constexpr std::string_view waf_duration = "_dd.appsec.waf.duration";

// rasp
constexpr std::string_view rasp_duration = "_dd.appsec.rasp.duration";
constexpr std::string_view rasp_rule_eval = "_dd.appsec.rasp.rule.eval";
constexpr std::string_view rasp_timeout = "_dd.appsec.rasp.timeout";

} // namespace dds::metrics

template <>
Expand Down
7 changes: 4 additions & 3 deletions appsec/src/helper/subscriber/waf.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -413,10 +413,11 @@ void instance::listener::submit_metrics(
msubmitter.submit_span_metric(metrics::waf_duration, total_runtime_);

if (rasp_calls_ > 0) {
metrics[tag::rasp_duration] = rasp_runtime_;
metrics[tag::rasp_rule_eval] = rasp_calls_;
msubmitter.submit_span_metric(metrics::rasp_duration, rasp_runtime_);
msubmitter.submit_span_metric(metrics::rasp_rule_eval, rasp_calls_);
if (rasp_timeouts_ > 0) {
metrics[tag::rasp_timeout] = rasp_timeouts_;
msubmitter.submit_span_metric(
metrics::rasp_timeout, rasp_timeouts_);
}
}

Expand Down
3 changes: 0 additions & 3 deletions appsec/src/helper/tags.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,5 @@ constexpr std::string_view event_rules_version =

constexpr std::string_view waf_version = "_dd.appsec.waf.version";
constexpr std::string_view waf_duration = "_dd.appsec.waf.duration";
constexpr std::string_view rasp_duration = "_dd.appsec.rasp.duration";
constexpr std::string_view rasp_rule_eval = "_dd.appsec.rasp.rule.eval";
constexpr std::string_view rasp_timeout = "_dd.appsec.rasp.timeout";

} // namespace dds::tag
8 changes: 4 additions & 4 deletions appsec/tests/helper/client_test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2717,7 +2717,7 @@ TEST(ClientTest, RaspCalls)
dynamic_cast<network::request_shutdown::response *>(res.get());

EXPECT_EQ(msg_res->metrics.size(), 1);
EXPECT_GT(msg_res->metrics[tag::waf_duration], 0.0);
EXPECT_GT(msg_res->metrics[metrics::waf_duration], 0.0);
}

// Rasp during request
Expand Down Expand Up @@ -2760,9 +2760,9 @@ TEST(ClientTest, RaspCalls)
dynamic_cast<network::request_shutdown::response *>(res.get());

EXPECT_EQ(msg_res->metrics.size(), 3);
EXPECT_GT(msg_res->metrics[tag::waf_duration], 0.0);
EXPECT_EQ(msg_res->metrics[tag::rasp_rule_eval], 1);
EXPECT_GE(msg_res->metrics[tag::rasp_duration], 0.0);
EXPECT_GT(msg_res->metrics[metrics::waf_duration], 0.0);
EXPECT_EQ(msg_res->metrics[metrics::rasp_rule_eval], 1);
EXPECT_GE(msg_res->metrics[metrics::rasp_duration], 0.0);
}
}

Expand Down
92 changes: 45 additions & 47 deletions appsec/tests/helper/waf_test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,13 +91,10 @@ TEST(WafTest, RunWithInvalidParam)

TEST(WafTest, RunWithTimeout)
{
NiceMock<mock::tel_submitter> submitm{};
{ // No rasp
std::map<std::string, std::string> meta;
std::map<std::string_view, double> metrics;

NiceMock<mock::tel_submitter> submitm{};
std::shared_ptr<subscriber> wi(
waf::instance::from_string(waf_rule, submitm, 0));
waf::instance::from_string(waf_rule, submitm, 0));
auto ctx = wi->get_listener();

auto p = parameter::map();
Expand All @@ -109,40 +106,35 @@ TEST(WafTest, RunWithTimeout)
EXPECT_THROW(ctx->call(pv, e), timeout_error);
}
{ // Rasp
std::map<std::string, std::string> meta;
std::map<std::string_view, double> metrics;

NiceMock<mock::tel_submitter> submitm{};
std::shared_ptr<subscriber> wi(
waf::instance::from_string(waf_rule, meta, metrics, 0));
waf::instance::from_string(waf_rule, submitm, 0));
auto ctx = wi->get_listener();

auto p = parameter::map();
p.add("arg1", parameter::string("string 1"sv));
p.add("arg2", parameter::string("string 2"sv));

EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_timeout, 1));
EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_rule_eval, 1.0));
EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, 0.0));
EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_duration, 0.0));
parameter_view pv(p);
dds::event e;
bool is_rasp = true;
EXPECT_THROW(ctx->call(pv, e, is_rasp), timeout_error);

ctx->get_meta_and_metrics(meta, metrics);
EXPECT_EQ(metrics[tag::rasp_timeout], 1);
ctx->submit_metrics(submitm);
Mock::VerifyAndClearExpectations(&submitm);
}
}

TEST(WafTest, ValidRunGood)
{
NiceMock<mock::tel_submitter> submitm{};
std::shared_ptr<subscriber> wi{
waf::instance::from_string(waf_rule, submitm)};
auto ctx = wi->get_listener();

{ // No rasp event
std::map<std::string, std::string> meta;
std::map<std::string_view, double> metrics;

NiceMock<mock::tel_submitter> submitm{};
std::shared_ptr<subscriber> wi{
waf::instance::from_string(waf_rule, meta, metrics)};
waf::instance::from_string(waf_rule, submitm)};
auto ctx = wi->get_listener();

auto p = parameter::map();
Expand All @@ -152,32 +144,25 @@ TEST(WafTest, ValidRunGood)
dds::event e;
ctx->call(pv, e); // default to rasp=false

EXPECT_CALL(submitm,
submit_span_meta(metrics::event_rules_version, std::string{"1.2.3"}));
double duration;
EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, _))
.WillOnce(SaveArg<1>(&duration));
EXPECT_CALL(
submitm, submit_metric("waf.requests"sv, 1,
metrics::telemetry_tags::from_string(
std::string{"event_rules_version:1.2.3,waf_version:"} +
ddwaf_get_version())));
ctx->submit_metrics(submitm);
EXPECT_GT(duration, 0.0);
Mock::VerifyAndClearExpectations(&submitm);
ctx->get_meta_and_metrics(meta, metrics);
EXPECT_STREQ(
meta[std::string(tag::event_rules_version)].c_str(), "1.2.3");
EXPECT_GT(metrics[tag::waf_duration], 0.0);
EXPECT_TRUE(metrics.find(tag::rasp_duration) == metrics.end());
EXPECT_CALL(submitm, submit_span_meta(metrics::event_rules_version,
std::string{"1.2.3"}));
double duration;
EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, _))
.WillOnce(SaveArg<1>(&duration));
EXPECT_CALL(submitm,
submit_metric("waf.requests"sv, 1,
metrics::telemetry_tags::from_string(
std::string{"event_rules_version:1.2.3,waf_version:"} +
ddwaf_get_version())));
ctx->submit_metrics(submitm);
EXPECT_GT(duration, 0.0);
Mock::VerifyAndClearExpectations(&submitm);
}

{ // Rasp event
std::map<std::string, std::string> meta;
std::map<std::string_view, double> metrics;

NiceMock<mock::tel_submitter> submitm{};
std::shared_ptr<subscriber> wi{
waf::instance::from_string(waf_rule, meta, metrics)};
waf::instance::from_string(waf_rule, submitm)};
auto ctx = wi->get_listener();

auto p = parameter::map();
Expand All @@ -188,11 +173,24 @@ TEST(WafTest, ValidRunGood)
bool is_rasp = true;
ctx->call(pv, e, is_rasp);

ctx->get_meta_and_metrics(meta, metrics);
EXPECT_STREQ(
meta[std::string(tag::event_rules_version)].c_str(), "1.2.3");
EXPECT_GT(metrics[tag::waf_duration], 0.0);
EXPECT_GT(metrics[tag::rasp_duration], 0.0);
double rasp_duration;
double duration;

EXPECT_CALL(submitm, submit_span_meta(metrics::event_rules_version,
std::string{"1.2.3"}));
EXPECT_CALL(submitm,
submit_metric("waf.requests"sv, 1,
metrics::telemetry_tags::from_string(
std::string{"event_rules_version:1.2.3,waf_version:"} +
ddwaf_get_version())));
EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_rule_eval, 1.0));
EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, _))
.WillOnce(SaveArg<1>(&duration));
EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_duration, _))
.WillOnce(SaveArg<1>(&rasp_duration));
ctx->submit_metrics(submitm);
EXPECT_GT(duration, 0.0);
EXPECT_GT(rasp_duration, 0);
}
}

Expand Down

0 comments on commit 1526965

Please sign in to comment.