Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more logging around stack generation #3096

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Add more logging around stack generation #3096

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
075cfb2
Add more loggin around stack generation
estringana Feb 19, 2025
c3fe130
Add string conversion of record reponse
estringana Feb 20, 2025
8128128
Add logging when a asm event is triggered
estringana Feb 20, 2025
54f1704
Fix logging message saying record action was a fail
estringana Feb 20, 2025
1bf12b2
Change logging messages level
estringana Feb 20, 2025
361f307
Add format to logging messages
estringana Feb 20, 2025
6683b32
Wip
estringana Feb 21, 2025
c0adc60
wip
estringana Feb 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions appsec/src/extension/backtrace.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ static const char QUALIFIED_NAME_SEPARATOR[] = "::";

static zend_string *_frames_key;
static zend_string *_language_key;
//static zend_string *_message_key;
//static zend_string *_message_value;
static zend_string *_php_value;
static zend_string *_exploit_key;
static zend_string *_dd_stack_key;
Expand Down Expand Up @@ -188,8 +190,11 @@ void dd_generate_backtrace(zend_string *nullable id, zval *nonnull dd_backtrace)
ZVAL_STR_COPY(&language, _php_value);
zval id_zv;
ZVAL_STR_COPY(&id_zv, id);
// zval message;
// ZVAL_STR_COPY(&message, _message_value);
zend_hash_add(Z_ARRVAL_P(dd_backtrace), _language_key, &language);
zend_hash_add(Z_ARRVAL_P(dd_backtrace), _id_key, &id_zv);
// zend_hash_add(Z_ARRVAL_P(dd_backtrace), _message_key, &message);

zval frames;
zval php_backtrace;
Expand All @@ -213,7 +218,10 @@ static PHP_FUNCTION(datadog_appsec_testing_generate_backtrace)

bool dd_report_exploit_backtrace(zend_string *nullable id)
{
mlog(dd_log_trace, "Generating backtrace");
if (!get_global_DD_APPSEC_STACK_TRACE_ENABLED()) {
mlog(dd_log_trace, "Backtrace generation is disabled with "
"DD_APPSEC_STACK_TRACE_ENABLED");
return false;
}

Expand Down Expand Up @@ -241,6 +249,11 @@ bool dd_report_exploit_backtrace(zend_string *nullable id)
if (Z_TYPE_P(meta_struct) == IS_NULL) {
array_init(meta_struct);
} else if (Z_TYPE_P(meta_struct) != IS_ARRAY) {
if (!get_global_DD_APPSEC_TESTING()) {
mlog(dd_log_trace,
"Field 'meta_struct' is of type '%d', expected 'array'",
Z_TYPE_P(meta_struct));
}
return false;
}

Expand All @@ -253,13 +266,21 @@ bool dd_report_exploit_backtrace(zend_string *nullable id)
exploit = zend_hash_add_new(
Z_ARR_P(dd_stack), _exploit_key, &EG(uninitialized_zval));
array_init(exploit);
mlog(dd_log_trace, "Backtrace stack created");
} else if (Z_TYPE_P(dd_stack) != IS_ARRAY) {
if (!get_global_DD_APPSEC_TESTING()) {
mlog(dd_log_trace,
"Field 'stack' is of type '%d', expected 'array'",
Z_TYPE_P(dd_stack));
}
return false;
} else {
exploit = zend_hash_find(Z_ARR_P(dd_stack), _exploit_key);
}

if (Z_TYPE_P(exploit) != IS_ARRAY) {
mlog(dd_log_trace, "Field 'exploit' is of type '%d', expected 'array'",
Z_TYPE_P(exploit));
return false;
}

Expand All @@ -277,9 +298,13 @@ bool dd_report_exploit_backtrace(zend_string *nullable id)

if (zend_hash_next_index_insert_new(Z_ARRVAL_P(exploit), &backtrace) ==
NULL) {
if (!get_global_DD_APPSEC_TESTING()) {
mlog(dd_log_warning, "Error adding Stacktrace");
}
return false;
}

mlog(dd_log_trace, "Stacktrace generated");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In terms of nomenclature you have backtrace, stacktrace and backtrace stack, maybe use one term only?

return true;
}

Expand Down Expand Up @@ -328,6 +353,8 @@ void dd_backtrace_startup()
{
_frames_key = zend_string_init_interned(LSTRARG("frames"), 1);
_language_key = zend_string_init_interned(LSTRARG("language"), 1);
// _message_key = zend_string_init_interned(LSTRARG("message"), 1);
// _message_value = zend_string_init_interned(LSTRARG("Default message"), 1);
_php_value = zend_string_init_interned(LSTRARG("php"), 1);
_exploit_key = zend_string_init_interned(LSTRARG("exploit"), 1);
_dd_stack_key = zend_string_init_interned(LSTRARG("_dd.stack"), 1);
Expand Down
3 changes: 3 additions & 0 deletions appsec/src/extension/commands_helpers.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -520,6 +520,9 @@ static dd_result _command_process_actions(
} else if (dd_mpack_node_lstr_eq(verdict, "stack_trace")) {
_command_process_stack_trace_parameters(
mpack_node_array_at(action, 1));
if (res == dd_success) {
res = dd_should_record;
}
}
}

Expand Down
2 changes: 2 additions & 0 deletions appsec/src/extension/dddefs.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ const char *nonnull dd_result_to_string(dd_result result)
return "dd_network";
case dd_should_block:
return "dd_should_block";
case dd_should_record:
return "dd_should_record";
case dd_error:
return "dd_error";
case dd_try_later:
Expand Down
2 changes: 2 additions & 0 deletions appsec/src/extension/ddtrace.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -448,6 +448,8 @@ void dd_trace_emit_asm_event(void)
return;
}

mlog(dd_log_trace, "Emitting ASM event");

_ddtrace_emit_asm_event();
}

Expand Down
2 changes: 1 addition & 1 deletion appsec/src/extension/request_lifecycle.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ static zend_array *nullable _do_request_begin(
return dd_request_abort_redirect_spec();
}
dd_request_abort_redirect();
} else if (res) {
} else if (res != dd_success && res != dd_should_record) {
mlog_g(
dd_log_info, "request init failed: %s", dd_result_to_string(res));
}
Expand Down
Loading