From 15269656601270579c4c5286e53191f069f88a29 Mon Sep 17 00:00:00 2001 From: Alejandro Estringana Ruiz Date: Thu, 12 Dec 2024 12:37:30 +0100 Subject: [PATCH] Adapt lfi to new telemetry approach --- appsec/src/helper/metrics.hpp | 5 ++ appsec/src/helper/subscriber/waf.cpp | 7 ++- appsec/src/helper/tags.hpp | 3 - appsec/tests/helper/client_test.cpp | 8 +-- appsec/tests/helper/waf_test.cpp | 92 ++++++++++++++-------------- 5 files changed, 58 insertions(+), 57 deletions(-) diff --git a/appsec/src/helper/metrics.hpp b/appsec/src/helper/metrics.hpp index 31585edeb0..7c1cf2ee8b 100644 --- a/appsec/src/helper/metrics.hpp +++ b/appsec/src/helper/metrics.hpp @@ -98,6 +98,11 @@ constexpr std::string_view event_rules_version = constexpr std::string_view waf_version = "_dd.appsec.waf.version"; constexpr std::string_view waf_duration = "_dd.appsec.waf.duration"; +// rasp +constexpr std::string_view rasp_duration = "_dd.appsec.rasp.duration"; +constexpr std::string_view rasp_rule_eval = "_dd.appsec.rasp.rule.eval"; +constexpr std::string_view rasp_timeout = "_dd.appsec.rasp.timeout"; + } // namespace dds::metrics template <> diff --git a/appsec/src/helper/subscriber/waf.cpp b/appsec/src/helper/subscriber/waf.cpp index beaa980360..8101c33633 100644 --- a/appsec/src/helper/subscriber/waf.cpp +++ b/appsec/src/helper/subscriber/waf.cpp @@ -413,10 +413,11 @@ void instance::listener::submit_metrics( msubmitter.submit_span_metric(metrics::waf_duration, total_runtime_); if (rasp_calls_ > 0) { - metrics[tag::rasp_duration] = rasp_runtime_; - metrics[tag::rasp_rule_eval] = rasp_calls_; + msubmitter.submit_span_metric(metrics::rasp_duration, rasp_runtime_); + msubmitter.submit_span_metric(metrics::rasp_rule_eval, rasp_calls_); if (rasp_timeouts_ > 0) { - metrics[tag::rasp_timeout] = rasp_timeouts_; + msubmitter.submit_span_metric( + metrics::rasp_timeout, rasp_timeouts_); } } diff --git a/appsec/src/helper/tags.hpp b/appsec/src/helper/tags.hpp index 709c319d8c..c1698d06ce 100644 --- a/appsec/src/helper/tags.hpp +++ b/appsec/src/helper/tags.hpp @@ -19,8 +19,5 @@ constexpr std::string_view event_rules_version = constexpr std::string_view waf_version = "_dd.appsec.waf.version"; constexpr std::string_view waf_duration = "_dd.appsec.waf.duration"; -constexpr std::string_view rasp_duration = "_dd.appsec.rasp.duration"; -constexpr std::string_view rasp_rule_eval = "_dd.appsec.rasp.rule.eval"; -constexpr std::string_view rasp_timeout = "_dd.appsec.rasp.timeout"; } // namespace dds::tag diff --git a/appsec/tests/helper/client_test.cpp b/appsec/tests/helper/client_test.cpp index 078800a7d8..2a2824beee 100644 --- a/appsec/tests/helper/client_test.cpp +++ b/appsec/tests/helper/client_test.cpp @@ -2717,7 +2717,7 @@ TEST(ClientTest, RaspCalls) dynamic_cast(res.get()); EXPECT_EQ(msg_res->metrics.size(), 1); - EXPECT_GT(msg_res->metrics[tag::waf_duration], 0.0); + EXPECT_GT(msg_res->metrics[metrics::waf_duration], 0.0); } // Rasp during request @@ -2760,9 +2760,9 @@ TEST(ClientTest, RaspCalls) dynamic_cast(res.get()); EXPECT_EQ(msg_res->metrics.size(), 3); - EXPECT_GT(msg_res->metrics[tag::waf_duration], 0.0); - EXPECT_EQ(msg_res->metrics[tag::rasp_rule_eval], 1); - EXPECT_GE(msg_res->metrics[tag::rasp_duration], 0.0); + EXPECT_GT(msg_res->metrics[metrics::waf_duration], 0.0); + EXPECT_EQ(msg_res->metrics[metrics::rasp_rule_eval], 1); + EXPECT_GE(msg_res->metrics[metrics::rasp_duration], 0.0); } } diff --git a/appsec/tests/helper/waf_test.cpp b/appsec/tests/helper/waf_test.cpp index af52f4b8a2..d9d470dc11 100644 --- a/appsec/tests/helper/waf_test.cpp +++ b/appsec/tests/helper/waf_test.cpp @@ -91,13 +91,10 @@ TEST(WafTest, RunWithInvalidParam) TEST(WafTest, RunWithTimeout) { - NiceMock submitm{}; { // No rasp - std::map meta; - std::map metrics; - + NiceMock submitm{}; std::shared_ptr wi( - waf::instance::from_string(waf_rule, submitm, 0)); + waf::instance::from_string(waf_rule, submitm, 0)); auto ctx = wi->get_listener(); auto p = parameter::map(); @@ -109,40 +106,35 @@ TEST(WafTest, RunWithTimeout) EXPECT_THROW(ctx->call(pv, e), timeout_error); } { // Rasp - std::map meta; - std::map metrics; - + NiceMock submitm{}; std::shared_ptr wi( - waf::instance::from_string(waf_rule, meta, metrics, 0)); + waf::instance::from_string(waf_rule, submitm, 0)); auto ctx = wi->get_listener(); auto p = parameter::map(); p.add("arg1", parameter::string("string 1"sv)); p.add("arg2", parameter::string("string 2"sv)); + EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_timeout, 1)); + EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_rule_eval, 1.0)); + EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, 0.0)); + EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_duration, 0.0)); parameter_view pv(p); dds::event e; bool is_rasp = true; EXPECT_THROW(ctx->call(pv, e, is_rasp), timeout_error); - ctx->get_meta_and_metrics(meta, metrics); - EXPECT_EQ(metrics[tag::rasp_timeout], 1); + ctx->submit_metrics(submitm); + Mock::VerifyAndClearExpectations(&submitm); } } TEST(WafTest, ValidRunGood) { - NiceMock submitm{}; - std::shared_ptr wi{ - waf::instance::from_string(waf_rule, submitm)}; - auto ctx = wi->get_listener(); - { // No rasp event - std::map meta; - std::map metrics; - + NiceMock submitm{}; std::shared_ptr wi{ - waf::instance::from_string(waf_rule, meta, metrics)}; + waf::instance::from_string(waf_rule, submitm)}; auto ctx = wi->get_listener(); auto p = parameter::map(); @@ -152,32 +144,25 @@ TEST(WafTest, ValidRunGood) dds::event e; ctx->call(pv, e); // default to rasp=false - EXPECT_CALL(submitm, - submit_span_meta(metrics::event_rules_version, std::string{"1.2.3"})); - double duration; - EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, _)) - .WillOnce(SaveArg<1>(&duration)); - EXPECT_CALL( - submitm, submit_metric("waf.requests"sv, 1, - metrics::telemetry_tags::from_string( - std::string{"event_rules_version:1.2.3,waf_version:"} + - ddwaf_get_version()))); - ctx->submit_metrics(submitm); - EXPECT_GT(duration, 0.0); - Mock::VerifyAndClearExpectations(&submitm); - ctx->get_meta_and_metrics(meta, metrics); - EXPECT_STREQ( - meta[std::string(tag::event_rules_version)].c_str(), "1.2.3"); - EXPECT_GT(metrics[tag::waf_duration], 0.0); - EXPECT_TRUE(metrics.find(tag::rasp_duration) == metrics.end()); + EXPECT_CALL(submitm, submit_span_meta(metrics::event_rules_version, + std::string{"1.2.3"})); + double duration; + EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, _)) + .WillOnce(SaveArg<1>(&duration)); + EXPECT_CALL(submitm, + submit_metric("waf.requests"sv, 1, + metrics::telemetry_tags::from_string( + std::string{"event_rules_version:1.2.3,waf_version:"} + + ddwaf_get_version()))); + ctx->submit_metrics(submitm); + EXPECT_GT(duration, 0.0); + Mock::VerifyAndClearExpectations(&submitm); } { // Rasp event - std::map meta; - std::map metrics; - + NiceMock submitm{}; std::shared_ptr wi{ - waf::instance::from_string(waf_rule, meta, metrics)}; + waf::instance::from_string(waf_rule, submitm)}; auto ctx = wi->get_listener(); auto p = parameter::map(); @@ -188,11 +173,24 @@ TEST(WafTest, ValidRunGood) bool is_rasp = true; ctx->call(pv, e, is_rasp); - ctx->get_meta_and_metrics(meta, metrics); - EXPECT_STREQ( - meta[std::string(tag::event_rules_version)].c_str(), "1.2.3"); - EXPECT_GT(metrics[tag::waf_duration], 0.0); - EXPECT_GT(metrics[tag::rasp_duration], 0.0); + double rasp_duration; + double duration; + + EXPECT_CALL(submitm, submit_span_meta(metrics::event_rules_version, + std::string{"1.2.3"})); + EXPECT_CALL(submitm, + submit_metric("waf.requests"sv, 1, + metrics::telemetry_tags::from_string( + std::string{"event_rules_version:1.2.3,waf_version:"} + + ddwaf_get_version()))); + EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_rule_eval, 1.0)); + EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, _)) + .WillOnce(SaveArg<1>(&duration)); + EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_duration, _)) + .WillOnce(SaveArg<1>(&rasp_duration)); + ctx->submit_metrics(submitm); + EXPECT_GT(duration, 0.0); + EXPECT_GT(rasp_duration, 0); } }