dd-trace-php icon indicating copy to clipboard operation
dd-trace-php copied to clipboard

Published 20 hours ago verified publisher icon DataDog

Blocking from a hook is not stopping code execution

Open estringana opened this issue 1 year ago • 2 comments

Description

Blocking a request from Appsec should stop customer code execution. However, when this blocking happens within a tracer hook, it does not stop executing customer code execution.

Reviewer checklist

  • [ ] Test coverage seems ok.
  • [ ] Appropriate labels assigned.

estringana avatar Sep 05 '24 15:09 estringana

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 72.93%. Comparing base (906cbc5) to head (7c8f668). Report is 310 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff              @@
##             master    #2836      +/-   ##
============================================
- Coverage     74.80%   72.93%   -1.87%     
  Complexity     2781     2781              
============================================
  Files           112      139      +27     
  Lines         11017    15166    +4149     
  Branches          0     1022    +1022     
============================================
+ Hits           8241    11062    +2821     
- Misses         2776     3552     +776     
- Partials          0      552     +552
Flag Coverage Δ
appsec-extension 67.99% <ø> (?)
tracer-php 74.80% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 27 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 906cbc5...7c8f668. Read the comment docs.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov-commenter avatar Sep 05 '24 15:09 codecov-commenter

I see, the tracer sandboxing is sandboxing the bailout away :-) I suppose some it would be ideal to signal the tracer "please bailout again after catching this" :-D

bwoebi avatar Sep 05 '24 19:09 bwoebi

Benchmarks [ tracer ]

Benchmark execution time: 2024-12-26 11:33:25

Comparing candidate commit e459810a8a060b574ec6a05386ed0d1c70c69b81 in PR branch estringana/blocking-within-tracer-hook with baseline commit 4cc2897a27f6165ccaee32436216b27a9d2d4f75 in branch master.

Found 2 performance improvements and 1 performance regressions! Performance is the same for 175 metrics, 0 unstable metrics.

scenario:MessagePackSerializationBench/benchMessagePackSerialization

  • 🟩 execution_time [-6.415µs; -4.045µs] or [-3.750%; -2.365%]

scenario:PDOBench/benchPDOBaseline-opcache

  • 🟥 execution_time [+12.800µs; +16.942µs] or [+7.143%; +9.455%]

scenario:TraceFlushBench/benchFlushTrace

  • 🟩 execution_time [-1000.000ns; -1000.000ns] or [-50.000%; -50.000%]

pr-commenter[bot] avatar Nov 29 '24 10:11 pr-commenter[bot]