Skip to content

Commit

Permalink
Merge pull request #2955 from DataDog/leiyks/add-fingerprinting
Browse files Browse the repository at this point in the history 
feat(appsec): add fingerprints
  • Loading branch information
@Leiyks
Leiyks authored Nov 25, 2024
2 parents 6280989 + d9cfc57 commit 1896f61
Show file tree
Hide file tree
Showing 9 changed files with 1,278 additions and 121 deletions.
519 changes: 489 additions & 30 deletions appsec/recommended.json
View file

Large diffs are not rendered by default.

27 changes: 17 additions & 10 deletions appsec/src/helper/subscriber/waf.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,9 +233,14 @@ void instance::listener::call(dds::parameter_view &data, event &event)
// NOLINTNEXTLINE
total_runtime_ += res.total_runtime / 1000.0;

const parameter_view schemas{res.derivatives};
for (const auto &schema : schemas) {
schemas_.emplace(schema.key(), std::move(parameter_to_json(schema)));
const parameter_view derivatives{res.derivatives};
for (const auto &derivative : derivatives) {
if (derivative.key().starts_with("_dd.appsec.s.")) {
derivatives_.emplace(
derivative.key(), std::move(parameter_to_json(derivative)));
} else {
derivatives_.emplace(derivative.key(), std::move(derivative));
}
}

switch (code) {
Expand Down Expand Up @@ -264,17 +269,19 @@ void instance::listener::get_meta_and_metrics(
meta[std::string(tag::event_rules_version)] = ruleset_version_;
metrics[tag::waf_duration] = total_runtime_;

for (const auto &[key, value] : schemas_) {
std::string schema = value;
if (value.length() > max_plain_schema_allowed) {
auto encoded = compress(schema);
for (const auto &[key, value] : derivatives_) {
std::string derivative = value;
if (value.length() > max_plain_schema_allowed &&
key.starts_with("_dd.appsec.s.")) {

auto encoded = compress(derivative);
if (encoded) {
schema = base64_encode(encoded.value(), false);
derivative = base64_encode(encoded.value(), false);
}
}

if (schema.length() <= max_schema_size) {
meta.emplace(key, std::move(schema));
if (derivative.length() <= max_schema_size) {
meta.emplace(key, std::move(derivative));
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion appsec/src/helper/subscriber/waf.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ class instance : public dds::subscriber {
std::chrono::microseconds waf_timeout_;
double total_runtime_{0.0};
std::string_view ruleset_version_;
std::map<std::string, std::string> schemas_;
std::map<std::string, std::string> derivatives_;
};

// NOLINTNEXTLINE(google-runtime-references)
Expand Down
Loading

0 comments on commit 1896f61

Please sign in to comment.