[IAST] Add manual.keep tag when a vulnerability is reported #3850
Conversation
| reqCtx.getTraceSegment().setDataTop("iast", batch); | ||
| final TraceSegment segment = reqCtx.getTraceSegment(); | ||
| segment.setDataTop("iast", batch); | ||
| segment.setTagTop(DDTags.MANUAL_KEEP, true); |
There was a problem hiding this comment.
At some point we have to be careful regarding when to set the manual.keep due to increased costs for customers (for instance, we had the idea to only set the flag when a new vulnerability not seen previously pops up)
There was a problem hiding this comment.
I think we need to define the semantics here a bit more carefully.
I have two concerns...
1 - There needs to be an indicator of why this is being kept, so that it can show up properly in the ingestion page
2 - We need to decide whether to set this when the trace is already being sampled or not
Since this is a common situation, I think we might want to encapsulate this in a helper method. Otherwise, we'll get the same bug repeated across the different products.
Something like segment.overrideSampling(Product.IAST)
There was a problem hiding this comment.
@dougqh Noted this for the next guild meeting. Is this a concern before merging this PR?
There was a problem hiding this comment.
I think that it's fine to merge this as is for now, maybe with a comment in the code. The AppSec code has the same issue.
smola
force-pushed
the
smola/iast-manual-keep
branch
from
1bd1766 to
15469d6
Compare
What Does This Do
Add manual.keep tag when a vulnerability is reported.
Motivation
Given that this should be relatively infrequent, and is an important event, we want to keep traces when a vulnerability is reported.
Additional Notes
This is analogous to what we do with AppSec threats.