From bd9aff3392a919c1b81541bf07e9d4809e778d8f Mon Sep 17 00:00:00 2001 From: Nav Singh Date: Thu, 28 Aug 2025 13:29:34 -0700 Subject: [PATCH] Add observability rule for metrics name changes --- observability/metrics/metric-name-change.js | 60 +++++++++++++++++++ observability/metrics/metric-name-change.yaml | 34 +++++++++++ 2 files changed, 94 insertions(+) create mode 100644 observability/metrics/metric-name-change.js create mode 100644 observability/metrics/metric-name-change.yaml diff --git a/observability/metrics/metric-name-change.js b/observability/metrics/metric-name-change.js new file mode 100644 index 0000000000..a5ba2b6764 --- /dev/null +++ b/observability/metrics/metric-name-change.js @@ -0,0 +1,60 @@ +// Test file for metric-name-change rule +// This file contains test cases with true positives and true negatives + +// ===== TRUE POSITIVES (should trigger the rule) ===== + +// ruleid: observability.metrics.metric-name-change +metrics.counter("user_login_count", 1); + +// ruleid: observability.metrics.metric-name-change +prometheus.Counter({name: "http_requests_total", help: "Total HTTP requests"}); + +// ruleid: observability.metrics.metric-name-change +statsd.increment("page_views", 1); + +// ruleid: observability.metrics.metric-name-change +statsd.counter("api_calls", 5); + +// ruleid: observability.metrics.metric-name-change +client.increment("user_registrations", 1, {tags: ["success"]}); + +// ruleid: observability.metrics.metric-name-change +meter.counter("database_queries", queryCount); + +// ===== TRUE NEGATIVES (should NOT trigger the rule) ===== + +// ok: observability.metrics.metric-name-change +const userCount = 42; + +// ok: observability.metrics.metric-name-change +logger.info("User logged in successfully"); + +// ok: observability.metrics.metric-name-change +const metricName = "user_login_count"; + +// ok: observability.metrics.metric-name-change +console.log("Processing metrics"); + +// ok: observability.metrics.metric-name-change +function incrementCounter(name, value) { + return name + value; +} + +// ok: observability.metrics.metric-name-change +db.query("SELECT COUNT(*) FROM users"); + +// ok: observability.metrics.metric-name-change +const config = { + metrics: { + enabled: true, + port: 9090 + } +}; + +// ok: observability.metrics.metric-name-change +// This is just a comment about metrics.counter("test") + +// ok: observability.metrics.metric-name-change +const obj = { + counter: function(name) { return name; } +}; \ No newline at end of file diff --git a/observability/metrics/metric-name-change.yaml b/observability/metrics/metric-name-change.yaml new file mode 100644 index 0000000000..72d3096bb0 --- /dev/null +++ b/observability/metrics/metric-name-change.yaml @@ -0,0 +1,34 @@ +rules: + - id: observability.metrics.metric-name-change + message: "Metric name change detected - verify dashboards and alerts are updated before deploying" + severity: WARNING + languages: [javascript, typescript, python, go] + patterns: + - pattern-either: + - pattern: | + metrics.counter("$METRIC_NAME", ...) + - pattern: | + prometheus.Counter({name: "$METRIC_NAME", ...}) + - pattern: | + statsd.increment("$METRIC_NAME", ...) + - pattern: | + statsd.counter("$METRIC_NAME", ...) + - pattern: | + client.increment("$METRIC_NAME", ...) + - pattern: | + meter.counter("$METRIC_NAME", ...) + metadata: + category: observability + subcategory: metrics + impact: dashboard-breaking + confidence: MEDIUM + likelihood: MEDIUM + technology: + - metrics + - monitoring + - observability + references: + - https://prometheus.io/docs/practices/naming/ + - https://grafana.com/docs/grafana/latest/dashboards/ + cwe: + - "CWE-778: Insufficient Logging" \ No newline at end of file