Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(asm): improve dependency for api security #11987

Merged
merged 11 commits into from
Jan 20, 2025
Merged

chore(asm): improve dependency for api security #11987

merged 11 commits into from
Jan 20, 2025
+49 −26

Conversation

christophe-papazian
Copy link
Contributor

@christophe-papazian christophe-papazian commented Jan 16, 2025
edited
Loading

In a rare occurence on system tests, api security could create an import error due to circular dependency.
This PR fixes that by delaying ddwaf import at object creation.

It looks like ddwaf import using ctypes may trigger some interaction with gevent. By delaying the import, we prevent possible import errors and appsec disable at start.

  • remove direct import of other appsec parts in api_manager.py and delay it to APIManager object creation.
  • remove tracer dependency on stack trace report mechanism
  • restrict the waf import to _processor.py and import from it in _metrics
  • delay import waf and waf initialisation in AppsecProcessor to a delayed_init function called on first span or first rc update only preventing waf import at an early initialisation stage.
  • update tests accordinly.

APPSEC-56449

Checklist

  • PR author has checked that all the criteria below are met
  • The PR description includes an overview of the change
  • The PR description articulates the motivation for the change
  • The change includes tests OR the PR description describes a testing strategy
  • The PR description notes risks associated with the change, if any
  • Newly-added code is easy to change
  • The change follows the library release note guidelines
  • The change includes or references documentation updates if necessary
  • Backport labels are set (if applicable)

Reviewer Checklist

  • Reviewer has checked that all the criteria below are met
  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Newly-added code is easy to change
  • Release note makes sense to a user of the library
  • If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@christophe-papazian christophe-papazian added changelog/no-changelog A changelog entry is not required for this PR. ASM Application Security Monitoring labels Jan 16, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 16, 2025
edited
Loading

CODEOWNERS have been resolved as:

ddtrace/appsec/_api_security/api_manager.py                             @DataDog/asm-python
ddtrace/appsec/_exploit_prevention/stack_traces.py                      @DataDog/asm-python
ddtrace/appsec/_metrics.py                                              @DataDog/asm-python
ddtrace/appsec/_processor.py                                            @DataDog/asm-python
tests/appsec/appsec/test_processor.py                                   @DataDog/asm-python
tests/appsec/appsec/test_telemetry.py                                   @DataDog/asm-python

@datadog-dd-trace-py-rkomorn
Copy link

Datadog Report

Branch report: christophe-papazian/api_security_loading
Commit report: bfbdcfc
Test service: dd-trace-py

✅ 0 Failed, 309 Passed, 1289 Skipped, 5m 47.73s Total duration (33m 54.34s time saved)

@pr-commenter
Copy link

pr-commenter bot commented Jan 17, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-01-20 11:19:45

Comparing candidate commit 2c856ec in PR branch christophe-papazian/api_security_loading with baseline commit 0111544 in branch main.

Found 0 performance improvements and 1 performance regressions! Performance is the same for 393 metrics, 2 unstable metrics.

scenario:iast_aspects-format_map_aspect

  • 🟥 execution_time [+379.282ns; +438.935ns] or [+7.096%; +8.212%]

@christophe-papazian christophe-papazian marked this pull request as ready for review January 20, 2025 13:42
@christophe-papazian christophe-papazian requested a review from a team as a code owner January 20, 2025 13:42
@avara1986
Copy link
Member

LGTM!

@christophe-papazian christophe-papazian merged commit da758e9 into main Jan 20, 2025
336 of 338 checks passed
@christophe-papazian christophe-papazian deleted the christophe-papazian/api_security_loading branch January 20, 2025 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@avara1986 avara1986 avara1986 approved these changes

@gnufede gnufede gnufede approved these changes

Assignees
No one assigned
Labels
ASM Application Security Monitoring changelog/no-changelog A changelog entry is not required for this PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@christophe-papazian @avara1986 @gnufede