dd-trace-py icon indicating copy to clipboard operation
dd-trace-py copied to clipboard

Published 20 hours ago verified publisher icon DataDog

feat(asm): grpc threats support

Open juanjux opened this issue 1 year ago • 2 comments

Description

Add Threat Monitoring support for gRPC (first part, without blocking).

Checklist

  • [X] The PR description includes an overview of the change
  • [X] The PR description articulates the motivation for the change
  • [X] The change includes tests OR the PR description describes a testing strategy
  • [X] The PR description notes risks associated with the change, if any
  • [X] Newly-added code is easy to change
  • [X] The change follows the library release note guidelines
  • [X] The change includes or references documentation updates if necessary
  • [X] Backport labels are set (if applicable)

Reviewer Checklist

  • [ ] Title is accurate
  • [ ] All changes are related to the pull request's stated goal
  • [ ] Avoids breaking API changes
  • [ ] Testing strategy adequately addresses listed risks
  • [ ] Newly-added code is easy to change
  • [ ] Release note makes sense to a user of the library
  • [ ] If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • [ ] Backport labels are set in a manner that is consistent with the release branch maintenance policy

juanjux avatar Jul 03 '24 08:07 juanjux

Datadog Report

Branch report: juanjux/APPSEC-52949-grpc-threats-support Commit report: 2e39d58 Test service: dd-trace-py

:white_check_mark: 0 Failed, 111167 Passed, 3472 Skipped, 11m 19.82s Total duration (46m 15.14s time saved)

datadog-dd-trace-py-rkomorn[bot] avatar Jul 03 '24 08:07 datadog-dd-trace-py-rkomorn[bot]

Benchmarks

Benchmark execution time: 2024-07-08 17:21:11

Comparing candidate commit 86dbdd6da3edf64f72701b5ccd67028a8501c0d0 in PR branch juanjux/APPSEC-52949-grpc-threats-support with baseline commit 41014bd9392c865e44c90939554894dcce57aa47 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 221 metrics, 9 unstable metrics.

pr-commenter[bot] avatar Jul 03 '24 09:07 pr-commenter[bot]

Codecov Report

Attention: Patch coverage is 18.51852% with 44 lines in your changes missing coverage. Please review.

Project coverage is 10.42%. Comparing base (8823cac) to head (2e39d58). Report is 6 commits behind head on main.

Files Patch % Lines
ddtrace/appsec/_handlers.py 27.27% 16 Missing :warning:
tests/appsec/iast/test_grpc_iast.py 0.00% 12 Missing :warning:
ddtrace/contrib/grpc/server_interceptor.py 0.00% 9 Missing :warning:
ddtrace/appsec/_constants.py 0.00% 4 Missing :warning:
ddtrace/contrib/grpc/client_interceptor.py 0.00% 3 Missing :warning:
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #9705       +/-   ##
===========================================
- Coverage   74.48%   10.42%   -64.07%     
===========================================
  Files        1390     1358       -32     
  Lines      128765   126612     -2153     
===========================================
- Hits        95908    13196    -82712     
- Misses      32857   113416    +80559

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov-commenter avatar Jul 08 '24 08:07 codecov-commenter

Moved to draft to add some processor tests.

juanjux avatar Jul 08 '24 08:07 juanjux

Added a test checking that the correct WAF addresses are called, PTAL @erikayasuda.

juanjux avatar Jul 08 '24 16:07 juanjux