Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI [APPSEC-11398] #3644

Merged
merged 1 commit into from
Oct 3, 2023
Merged

Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI [APPSEC-11398] #3644

merged 1 commit into from
Oct 3, 2023

Conversation

CarlesDD
Copy link
Contributor

What does this PR do?

Change origin for URL tainted sources

Motivation

Align the source of tainted URL sources along all tracers

@github-actions
Copy link

github-actions bot commented Sep 20, 2023
edited
Loading

Overall package size

Self size: 5.26 MB
Deduped: 58.22 MB
No deduping: 58.39 MB

Dependency sizes

name version self size total size
@datadog/native-iast-taint-tracking 1.5.0 14.86 MB 14.86 MB
@datadog/native-appsec 4.0.0 14.83 MB 14.83 MB
@datadog/pprof 4.0.0 8.25 MB 9.1 MB
protobufjs 7.2.4 2.74 MB 6.52 MB
@datadog/native-iast-rewriter 2.1.3 2.23 MB 2.32 MB
@opentelemetry/core 1.14.0 872.87 kB 1.47 MB
@datadog/native-metrics 2.0.0 898.77 kB 1.3 MB
@opentelemetry/api 1.4.1 780.32 kB 780.32 kB
import-in-the-middle 1.4.2 41.4 kB 704.79 kB
msgpack-lite 0.1.26 201.16 kB 281.59 kB
opentracing 0.14.7 194.81 kB 194.81 kB
semver 7.5.4 93.4 kB 123.8 kB
@datadog/sketches-js 2.1.0 109.9 kB 109.9 kB
lodash.sortby 4.7.0 75.76 kB 75.76 kB
lru-cache 7.14.0 74.95 kB 74.95 kB
ipaddr.js 2.1.0 60.23 kB 60.23 kB
ignore 5.2.4 51.22 kB 51.22 kB
int64-buffer 0.1.10 49.18 kB 49.18 kB
istanbul-lib-coverage 3.2.0 29.34 kB 29.34 kB
lodash.uniq 4.5.0 25.01 kB 25.01 kB
limiter 1.1.5 23.17 kB 23.17 kB
retry 0.13.1 18.85 kB 18.85 kB
lodash.kebabcase 4.1.1 17.75 kB 17.75 kB
node-abort-controller 3.1.1 16.89 kB 16.89 kB
lodash.pick 4.4.0 16.33 kB 16.33 kB
jest-docblock 29.7.0 8.99 kB 12.76 kB
crypto-randomuuid 1.0.0 11.18 kB 11.18 kB
diagnostics_channel 1.1.0 7.07 kB 7.07 kB
path-to-regexp 0.1.7 6.78 kB 6.78 kB
koalas 1.0.2 6.47 kB 6.47 kB
methods 1.1.2 5.29 kB 5.29 kB
module-details-from-path 1.0.3 4.47 kB 4.47 kB

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@codecov
Copy link

codecov bot commented Sep 20, 2023
edited
Loading

Codecov Report

Merging #3644 (d2b5802) into master (f090b98) will decrease coverage by 0.39%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #3644      +/-   ##
==========================================
- Coverage   84.94%   84.55%   -0.39%     
==========================================
  Files         220      216       -4     
  Lines        8999     8743     -256     
  Branches       33       33              
==========================================
- Hits         7644     7393     -251     
+ Misses       1355     1350       -5
Files Coverage Δ
...ec/iast/analyzers/unvalidated-redirect-analyzer.js 100.00% <100.00%> (ø)
.../dd-trace/src/appsec/iast/taint-tracking/plugin.js 100.00% <100.00%> (ø)
...ace/src/appsec/iast/taint-tracking/source-types.js 100.00% <ø> (ø)

... and 6 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@pr-commenter
Copy link

pr-commenter bot commented Sep 20, 2023
edited
Loading

Benchmarks

Benchmark execution time: 2023-10-03 07:37:55

Comparing candidate commit d2b5802 in PR branch ccapell/iast-change-vuln-origin-for-uri with baseline commit f090b98 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 382 metrics, 10 unstable metrics.

@CarlesDD CarlesDD force-pushed the ccapell/iast-change-vuln-origin-for-uri branch from 622db69 to 350a31a Compare September 22, 2023 05:47
@CarlesDD CarlesDD marked this pull request as ready for review September 22, 2023 07:02
@CarlesDD CarlesDD requested a review from a team as a code owner September 22, 2023 07:02
@CarlesDD CarlesDD changed the title Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI [APPSEC-11398] Sep 28, 2023
@CarlesDD CarlesDD force-pushed the ccapell/iast-change-vuln-origin-for-uri branch from 350a31a to d2b5802 Compare October 3, 2023 07:29
@CarlesDD CarlesDD merged commit 50e53c9 into master Oct 3, 2023
112 checks passed
szegedi pushed a commit that referenced this pull request Oct 12, 2023
@CarlesDD @szegedi
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
6f46597
@szegedi szegedi mentioned this pull request Oct 12, 2023
Merged
szegedi pushed a commit that referenced this pull request Oct 12, 2023
@CarlesDD @szegedi
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
832fff5
@szegedi szegedi mentioned this pull request Oct 12, 2023
Merged
szegedi pushed a commit that referenced this pull request Oct 17, 2023
@CarlesDD @szegedi
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
551816c
szegedi pushed a commit that referenced this pull request Oct 17, 2023
@CarlesDD @szegedi
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
b3b6ec2
khanayan123 pushed a commit that referenced this pull request Jan 2, 2024
@CarlesDD @khanayan123
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
fb80258
khanayan123 pushed a commit that referenced this pull request Jan 2, 2024
@CarlesDD @khanayan123
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
9800b19
khanayan123 pushed a commit that referenced this pull request Jan 2, 2024
@CarlesDD @khanayan123
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
68dfe95
khanayan123 pushed a commit that referenced this pull request Jan 2, 2024
@CarlesDD @khanayan123
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
cf9df48
khanayan123 pushed a commit that referenced this pull request Jan 2, 2024
@CarlesDD @khanayan123
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
dceebc8
khanayan123 pushed a commit that referenced this pull request Jan 2, 2024
@CarlesDD @khanayan123
Change source origin from HTTP_REQUEST_PATH to HTTP_REQUEST_URI (#3644)
6985022
@tlhunter tlhunter deleted the ccapell/iast-change-vuln-origin-for-uri branch January 19, 2024 22:17
@erikvanbrakel erikvanbrakel mentioned this pull request Jul 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@uurien uurien uurien approved these changes

Assignees
No one assigned
Labels
asm-iast semver-minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@CarlesDD @uurien