Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASM make sure to append content type and length information #3204

Merged
merged 2 commits into from
Nov 2, 2023
Merged

ASM make sure to append content type and length information #3204

merged 2 commits into from
Nov 2, 2023

Conversation

GustavoCaso
Copy link
Member

What does this PR do?

On ASM, append HTTP request information as part of the top-level span.

The code that collects the request header assumes we are interested in all header requests starting with HTTP_. Those headers are set by the client following the RFC3875 section 4.1.18

Unfortunately, that is not the case for specific headers that are specified by the server. For example, Content-Type and Content-Length are not prefixed with HTTP_

The variables are called CGI server variables. Here is the list

This PR appends the content type and content length information and improves our specs.

Motivation:

Additional Notes:

How to test the change?

For Datadog employees:

  • If this PR touches code that signs or publishes builds or packages, or handles
    credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.
  • This PR doesn't touch any of that.

Unsure? Have a question? Request a review!

@GustavoCaso GustavoCaso requested review from a team as code owners October 17, 2023 14:48
@github-actions github-actions bot added appsec Application Security monitoring product integrations Involves tracing integrations labels Oct 17, 2023
@codecov-commenter
Copy link

Codecov Report

Merging #3204 (8b68fcb) into master (c6c3935) will decrease coverage by 0.01%.
Report is 3 commits behind head on master.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #3204      +/-   ##
==========================================
- Coverage   98.21%   98.21%   -0.01%     
==========================================
  Files        1252     1252              
  Lines       71937    71988      +51     
  Branches     3331     3333       +2     
==========================================
+ Hits        70654    70701      +47     
- Misses       1283     1287       +4
Files Coverage Δ
lib/datadog/appsec/contrib/rack/gateway/request.rb 100.00% <100.00%> (ø)
...atadog/appsec/contrib/rack/gateway/request_spec.rb 100.00% <100.00%> (ø)
...tadog/appsec/contrib/rack/reactive/request_spec.rb 100.00% <100.00%> (ø)
spec/datadog/appsec/event_spec.rb 100.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@GustavoCaso GustavoCaso changed the title Asm make sure to append content type and length information ASM make sure to append content type and length information Oct 17, 2023
lloeki
lloeki approved these changes Oct 18, 2023
View reviewed changes
Copy link
Member

@lloeki lloeki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@GustavoCaso GustavoCaso added this to the 1.16.0 milestone Nov 2, 2023
@GustavoCaso GustavoCaso merged commit 9688f2f into master Nov 2, 2023
178 checks passed
@GustavoCaso GustavoCaso deleted the asm-make-sure-to-append-content-type-and-length-information branch November 2, 2023 09:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lloeki lloeki lloeki approved these changes

Assignees
No one assigned
Labels
appsec Application Security monitoring product integrations Involves tracing integrations
Projects
None yet
Milestone
1.16.0
Development

Successfully merging this pull request may close these issues.
3 participants
@GustavoCaso @codecov-commenter @lloeki