Set asm events on new tag _dd.p.appsec

DataDog · Oct 25, 2024 · 5149b34 · 5149b34
1 parent 2275399
commit 5149b34
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 25 deletions.
diff --git a/appsec/src/extension/tags.c b/appsec/src/extension/tags.c
@@ -108,6 +108,7 @@ static THREAD_LOCAL_ON_ZTS bool _appsec_json_frags_inited;
 static THREAD_LOCAL_ON_ZTS zend_llist _appsec_json_frags;
 static THREAD_LOCAL_ON_ZTS zend_string *nullable _event_user_id;
 static THREAD_LOCAL_ON_ZTS bool _blocked;
+static THREAD_LOCAL_ON_ZTS bool _asm_event;
 static THREAD_LOCAL_ON_ZTS bool _force_keep;
 
 static void _init_relevant_headers(void);
@@ -121,6 +122,8 @@ void _set_runtime_family(zend_object *nonnull span);
 static bool _set_appsec_enabled(zval *metrics_zv);
 static void _register_functions(void);
 static void _register_test_functions(void);
+static void _add_new_zstr_to_meta(zend_array *meta_ht, zend_string *key,
+    zend_string *val, bool copy, bool override);
 
 void dd_tags_startup()
 {
@@ -290,9 +293,13 @@ void dd_tags_rinit()
     // Just in case...
     _event_user_id = NULL;
     _blocked = false;
+    _asm_event = false;
     _force_keep = false;
 }
 
+static void _dd_tags_add_asm_event() { _asm_event = true; }
+
+
 void dd_tags_add_appsec_json_frag(zend_string *nonnull zstr)
 {
     zend_llist_add_element(&_appsec_json_frags, &zstr);
@@ -313,6 +320,16 @@ void dd_tags_rshutdown()
     }
 }
 
+static void _dd_appsec_asm_event(zend_array *meta_ht)
+{
+    if (meta_ht && _asm_event) {
+        // Indicate there is a ASM EVENT. This tag is used for any event
+        // threats, business logic events, IAST, etc
+        _add_new_zstr_to_meta(
+            meta_ht, _dd_tag_p_appsec_zstr, _1_zstr, true, false);
+    }
+}
+
 void dd_tags_add_tags(
     zend_object *nonnull span, zend_array *nullable superglob_equiv)
 {
@@ -370,9 +387,7 @@ void dd_tags_add_tags(
         return;
     }
 
-    // Indicate there is a ASM EVENT. This tag is used for any event threats,
-    // business logic events, IAST, etc
-    _add_new_zstr_to_meta(meta_ht, _dd_tag_p_appsec_zstr, _1_zstr, true, false);
+    _dd_tags_add_asm_event();
 
     // Add tags with request/response information
     if (server) {
@@ -485,6 +500,24 @@ static void _add_basic_tags_to_meta(
     _dd_request_headers(meta_ht, _server, headers);
 }
 
+// NOLINTNEXTLINE(bugprone-easily-swappable-parameters)
+static void _add_all_tags_to_meta(
+    zval *nonnull meta, const zend_array *nonnull _server)
+{
+    zend_array *meta_ht = Z_ARRVAL_P(meta);
+    _dd_http_method(meta_ht);
+    _dd_http_url(meta_ht, _server);
+    _dd_http_user_agent(meta_ht, _server);
+    _dd_http_status_code(meta_ht);
+    _dd_http_network_client_ip(meta_ht, _server);
+    _dd_request_headers(meta_ht, _server, &_relevant_headers);
+    _dd_http_client_ip(meta_ht);
+    _dd_response_headers(meta_ht);
+    _dd_event_user_id(meta_ht);
+    _dd_appsec_blocked(meta_ht);
+    _dd_appsec_asm_event(meta_ht);
+}
+
 static void _add_new_zstr_to_meta(zend_array *meta_ht, zend_string *key,
     zend_string *val, bool copy, bool override)
 {
@@ -511,23 +544,6 @@ static void _add_new_zstr_to_meta(zend_array *meta_ht, zend_string *key,
     }
 }
 
-// NOLINTNEXTLINE(bugprone-easily-swappable-parameters)
-static void _add_all_tags_to_meta(
-    zval *nonnull meta, const zend_array *nonnull _server)
-{
-    zend_array *meta_ht = Z_ARRVAL_P(meta);
-    _dd_http_method(meta_ht);
-    _dd_http_url(meta_ht, _server);
-    _dd_http_user_agent(meta_ht, _server);
-    _dd_http_status_code(meta_ht);
-    _dd_http_network_client_ip(meta_ht, _server);
-    _dd_request_headers(meta_ht, _server, &_relevant_headers);
-    _dd_http_client_ip(meta_ht);
-    _dd_response_headers(meta_ht);
-    _dd_event_user_id(meta_ht);
-    _dd_appsec_blocked(meta_ht);
-}
-
 static void _dd_http_method(zend_array *meta_ht)
 {
     if (zend_hash_exists(meta_ht, _dd_tag_http_method_zstr)) {

diff --git a/appsec/tests/extension/client_init_record_span_tags.phpt b/appsec/tests/extension/client_init_record_span_tags.phpt
@@ -85,6 +85,7 @@ tags:
 Array
 (
     [_dd.appsec.json] => {"triggers":[{"found":"attack"},{"another":"attack"},{"yet another":"attack"}]}
+    [_dd.p.appsec] => 1
     [_dd.p.dm] => -0
     [_dd.p.tid] => %s
     [_dd.runtime_family] => php

diff --git a/appsec/tests/extension/rinit_record_span_tags.phpt b/appsec/tests/extension/rinit_record_span_tags.phpt
@@ -80,6 +80,7 @@ tags:
 Array
 (
     [_dd.appsec.json] => {"triggers":[{"found":"attack"},{"another":"attack"},{"yet another":"attack"}]}
+    [_dd.p.appsec] => 1
     [_dd.p.dm] => -0
     [_dd.p.tid] => %s
     [_dd.runtime_family] => php

diff --git a/ext/serializer.c b/ext/serializer.c
@@ -1691,19 +1691,20 @@ void ddtrace_serialize_span_to_array(ddtrace_span_data *span, zval *array) {
         zend_hash_str_del(meta, ZEND_STRL("operation.name"));
     }
 
+    zval *asm_event = NULL;
+    if (get_global_DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED()) {
+        asm_event = zend_hash_str_find(meta, ZEND_STRL("_dd.p.appsec"));
+    }
+    bool is_standalone_appsec_span = asm_event ? Z_TYPE_P(asm_event) == IS_STRING && strncmp(Z_STRVAL_P(asm_event), "1", sizeof("1") - 1) == 0 : 0;
+
     _serialize_meta(el, span, Z_TYPE_P(prop_service) > IS_NULL ? Z_STR(prop_service_as_string) : ZSTR_EMPTY_ALLOC());
 
     zval metrics_zv;
     array_init(&metrics_zv);
     zend_string *str_key;
     zval *val;
-    bool is_standalone_appsec_span = false;
     ZEND_HASH_FOREACH_STR_KEY_VAL_IND(metrics, str_key, val) {
         if (str_key) {
-            if (!is_standalone_appsec_span && get_global_DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED() &&
-                strcmp("_dd.appsec.enabled", ZSTR_VAL(str_key)) == 0) {
-                is_standalone_appsec_span = true;
-            }
             dd_serialize_array_metrics_recursively(Z_ARRVAL(metrics_zv), str_key, val);
         }
     } ZEND_HASH_FOREACH_END();