dd-trace-go icon indicating copy to clipboard operation
dd-trace-go copied to clipboard
verified publisher icon DataDog

feat(internal/appsec/listener/httpsec): drop github.com/theckman/httpforwarded with tailored code

Open darccio opened this issue 1 month ago • 2 comments

What does this PR do?

Introduces a state machine to parse Forwarded value instead of using github.com/theckman/httpforwarded.

Review this commit for the implementation: 0fd5fb24bc944905d08b550437abb7338b820e26

Motivation

Removing an unmaintained v0.x dependency.

Performance

Old

goos: darwin
goarch: arm64
pkg: github.com/DataDog/dd-trace-go/v2/internal/appsec/listener/httpsec
cpu: Apple M1 Max
BenchmarkParseForwardedHeader-10    	  480517	      2423 ns/op	    1112 B/op	      22 allocs/op
PASS
ok  	github.com/DataDog/dd-trace-go/v2/internal/appsec/listener/httpsec	1.602s

New

goos: darwin
goarch: arm64
pkg: github.com/DataDog/dd-trace-go/v2/internal/appsec/listener/httpsec
cpu: Apple M1 Max
BenchmarkParseForwardedHeader-10    	 1873370	       637.5 ns/op	     264 B/op	       6 allocs/op
PASS
ok  	github.com/DataDog/dd-trace-go/v2/internal/appsec/listener/httpsec	1.627s

The new implementation could be faster - state machines are great - but we strived for balance between performance and maintainability.

Reviewer's Checklist

  • [ ] Changed code has unit tests for its functionality at or near 100% coverage.
  • [ ] System-Tests covering this feature have been added and enabled with the va.b.c-dev version tag.
  • [ ] There is a benchmark for any new code, or changes to existing code.
  • [ ] If this interacts with the agent in a new way, a system test has been added.
  • [ ] New code is free of linting errors. You can check this by running ./scripts/lint.sh locally.
  • [ ] Add an appropriate team label so this PR gets put in the right place for the release notes.
  • [ ] Non-trivial go.mod changes, e.g. adding new modules, are reviewed by @DataDog/dd-trace-go-guild.

Unsure? Have a question? Request a review!

darccio avatar Nov 28 '25 14:11 darccio

Benchmarks

Benchmark execution time: 2025-11-28 14:48:50

Comparing candidate commit 069337250f677df43c754ae9a8689a5a1eb94c29 in PR branch dario.castane/apmlp-494/httpforwarder with baseline commit 60f439b7e46cfe1c2e03930ed524659d81799328 in branch dario.castane/apmlp-494/testapp-isolation.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 3 metrics, 0 unstable metrics.

pr-commenter[bot] avatar Nov 28 '25 14:11 pr-commenter[bot]

@codex review

darccio avatar Nov 28 '25 14:11 darccio