Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(injector: stdlib): instrument os.OpenFile #219

Merged
merged 13 commits into from
Aug 29, 2024
Merged

feat(injector: stdlib): instrument os.OpenFile #219

merged 13 commits into from
Aug 29, 2024

Conversation

eliottness
Copy link
Contributor

@eliottness eliottness commented Aug 13, 2024
edited
Loading

What does this PR do?

This PR instrument all file opening via the os.Openfile function for RASP LFI and is the sister PR of DataDog/dd-trace-go#2781

  • Write intrumentation file
  • Write integration tests for the os package
  • Add tracer-internal: true to the dd:orchestrion-enabled instrumentation to properly enable the GLS storage in dd-trace-go
  • Add more tests for dd:orchestrion-enabled

Motivation

Support for LFI protection.

Reviewer's Checklist

  • Changed code has unit tests for its functionality.

@eliottness
Copy link
Contributor Author

Waiting for the dd-trace-go PR to be released

@eliottness eliottness marked this pull request as ready for review August 13, 2024 16:38
@eliottness eliottness requested a review from a team as a code owner August 13, 2024 16:38
@eliottness eliottness force-pushed the eliott.bouhana/APPSEC-53773 branch from 1ba115d to b74fc7b Compare August 22, 2024 13:26
@eliottness eliottness force-pushed the eliott.bouhana/APPSEC-53773 branch from dde8709 to 1b30daf Compare August 27, 2024 12:53
RomainMuller
RomainMuller requested changes Aug 28, 2024
View reviewed changes
Copy link
Contributor

@RomainMuller RomainMuller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor changes requested :)

_integration-tests/tests/os/lfi.go Show resolved Hide resolved
_integration-tests/tests/testdata/rasp.json Outdated Show resolved Hide resolved
_integration-tests/utils/agent/requirements.txt Outdated Show resolved Hide resolved
internal/injector/builtin/yaml/stdlib/ossec.yml Outdated Show resolved Hide resolved
@eliottness
chore: rename rasp.json
96f73f5 
Signed-off-by: Eliott Bouhana <[email protected]>
@eliottness
apply suggestions from @RomainMuller
a66072e 
Signed-off-by: Eliott Bouhana <[email protected]>
@eliottness
run pip freeze
aa90462 
Signed-off-by: Eliott Bouhana <[email protected]>
@eliottness
skip test on windows
39d36da 
Signed-off-by: Eliott Bouhana <[email protected]>
@eliottness eliottness added this pull request to the merge queue Aug 29, 2024
Merged via the queue into main with commit f109ee0 Aug 29, 2024
20 checks passed
@eliottness eliottness deleted the eliott.bouhana/APPSEC-53773 branch August 29, 2024 10:05
@codecov Codecov
Copy link

codecov bot commented Aug 29, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 62.67%. Comparing base (981f2c7) to head (39d36da).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #219      +/-   ##
==========================================
+ Coverage   62.57%   62.67%   +0.09%     
==========================================
  Files         101      101              
  Lines        5259     5259              
==========================================
+ Hits         3291     3296       +5     
+ Misses       1627     1623       -4     
+ Partials      341      340       -1
Components Coverage Δ
Instruments 34.56% <ø> (ø)
Go Driver 62.92% <ø> (ø)
Toolexec Driver 66.56% <ø> (+0.72%) ⬆️
Aspects 69.97% <ø> (ø)
Injector 71.65% <ø> (ø)
Files with missing lines Coverage Δ
_integration-tests/utils/agent/agent.go 0.00% <ø> (ø)

... and 1 file with indirect coverage changes

nsrip-dd added a commit to DataDog/dd-trace-go that referenced this pull request Aug 29, 2024
@nsrip-dd
ci: switch Orchestrion workflow back to main
6c4cc68 
With DataDog/orchestrion#219 merged, the branch
we pinned to for the Orchestrion test is gone. Switch back to main so
the workflow can run again.
@nsrip-dd nsrip-dd mentioned this pull request Aug 29, 2024
Merged
nsrip-dd added a commit to DataDog/dd-trace-go that referenced this pull request Aug 29, 2024
@nsrip-dd
ci: switch Orchestrion workflow back to main (#2833)
e7ca17e 
With DataDog/orchestrion#219 merged, the branch
we pinned to for the Orchestrion test is gone. Switch back to main so
the workflow can run again.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@RomainMuller RomainMuller RomainMuller approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eliottness @RomainMuller