Skip to content

Commit 90eeced

Browse files
florentinlflorentinl
committed
feat(appsec): enable api security
1 parent c7739eb commit 90eeced

18 files changed

+82
-12
lines changed

.vscode/settings.json

Lines changed: 29 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,33 @@
11
{
22
"python.pythonPath": "/usr/local/bin/python3",
33
"python.formatting.provider": "black",
4-
"python.testing.unittestArgs": ["-v", "-s", "./tests", "-p", "test*.py"],
4+
"python.testing.unittestArgs": [
5+
"-v",
6+
"-s",
7+
"./tests",
8+
"-p",
9+
"test*.py"
10+
],
511
"python.testing.pytestEnabled": false,
6-
"python.testing.unittestEnabled": true
7-
}
12+
"python.testing.unittestEnabled": true,
13+
"workbench.colorCustomizations": {
14+
"activityBar.activeBackground": "#ff6433",
15+
"activityBar.background": "#ff6433",
16+
"activityBar.foreground": "#15202b",
17+
"activityBar.inactiveForeground": "#15202b99",
18+
"activityBarBadge.background": "#00ff3d",
19+
"activityBarBadge.foreground": "#15202b",
20+
"commandCenter.border": "#e7e7e799",
21+
"sash.hoverBorder": "#ff6433",
22+
"statusBar.background": "#ff3d00",
23+
"statusBar.foreground": "#e7e7e7",
24+
"statusBarItem.hoverBackground": "#ff6433",
25+
"statusBarItem.remoteBackground": "#ff3d00",
26+
"statusBarItem.remoteForeground": "#e7e7e7",
27+
"titleBar.activeBackground": "#ff3d00",
28+
"titleBar.activeForeground": "#e7e7e7",
29+
"titleBar.inactiveBackground": "#ff3d0099",
30+
"titleBar.inactiveForeground": "#e7e7e799"
31+
},
32+
"peacock.color": "#ff3d00"
33+
}

datadog_lambda/asm.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -185,13 +185,19 @@ def asm_start_response(
185185
"content-type": "application/json",
186186
}
187187

188+
if isinstance(response, dict) and "statusCode" in response:
189+
body = response.get("body")
190+
else:
191+
body = response
192+
188193
core.dispatch(
189194
# The matching listener is registered in ddtrace.appsec._handlers
190195
"aws_lambda.start_response",
191196
(
192197
span,
193198
status_code,
194199
response_headers,
200+
body,
195201
),
196202
)
197203

datadog_lambda/wrapper.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -318,6 +318,9 @@ def _after(self, event, context):
318318
if status_code:
319319
self.inferred_span.set_tag("http.status_code", status_code)
320320

321+
if self.trigger_tags and (route := self.trigger_tags.get("http.route")):
322+
self.inferred_span.set_tag("http.route", route)
323+
321324
if config.service:
322325
self.inferred_span.set_tag("peer.service", config.service)
323326

scripts/build_layers.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ function docker_build_zip {
6060
# Install datadogpy in a docker container to avoid the mess from switching
6161
# between different python runtimes.
6262
temp_dir=$(mktemp -d)
63-
docker buildx build -t datadog-lambda-python-${arch}:$1 . --no-cache \
63+
docker buildx build -t datadog-lambda-python-${arch}:$1 . \
6464
--build-arg image=public.ecr.aws/docker/library/python:$1 \
6565
--build-arg runtime=python$1 \
6666
--platform linux/${arch} \

tests/integration/serverless.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,11 @@ provider:
1515
DD_COLD_START_TRACING: false
1616
DD_SERVICE: ${self:service}
1717
timeout: 15
18-
deploymentBucket:
19-
name: integration-tests-serververless-deployment-bucket
20-
iam:
21-
# IAM permissions require that all functions are deployed with this role
22-
role: "arn:aws:iam::425362996713:role/serverless-integration-test-lambda-role"
18+
# deploymentBucket:
19+
# name: integration-tests-serververless-deployment-bucket
20+
# iam:
21+
# # IAM permissions require that all functions are deployed with this role
22+
# role: "arn:aws:iam::425362996713:role/serverless-integration-test-lambda-role"
2323
layers:
2424
- { Ref: PythonLambdaLayer }
2525
- { Ref: PythonRequirementsLambdaLayer }
@@ -31,7 +31,7 @@ custom:
3131
pythonRequirements:
3232
pythonBin: python3
3333
pipCmdExtraArgs:
34-
- --no-deps # install just requests
34+
- --no-deps # install just requests
3535
layer:
3636
compatibleRuntimes:
3737
- ${env:SERVERLESS_RUNTIME}

tests/integration/snapshots/logs/async-metrics_python310.log

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
6666
"_inferred_span.synchronicity": "sync",
6767
"_inferred_span.tag_source": "self",
6868
"http.status_code": "200",
69+
"http.route": "/",
6970
"peer.service": "integration-tests-python",
7071
"_dd.peer.service.source": "peer.service",
7172
"_dd.base_service": "integration-tests-python",
@@ -613,6 +614,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
613614
"_inferred_span.synchronicity": "sync",
614615
"_inferred_span.tag_source": "self",
615616
"http.status_code": "200",
617+
"http.route": "/httpapi/get",
616618
"peer.service": "integration-tests-python",
617619
"_dd.peer.service.source": "peer.service",
618620
"_dd.base_service": "integration-tests-python",

tests/integration/snapshots/logs/async-metrics_python311.log

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
6666
"_inferred_span.synchronicity": "sync",
6767
"_inferred_span.tag_source": "self",
6868
"http.status_code": "200",
69+
"http.route": "/",
6970
"peer.service": "integration-tests-python",
7071
"_dd.peer.service.source": "peer.service",
7172
"_dd.base_service": "integration-tests-python",
@@ -613,6 +614,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
613614
"_inferred_span.synchronicity": "sync",
614615
"_inferred_span.tag_source": "self",
615616
"http.status_code": "200",
617+
"http.route": "/httpapi/get",
616618
"peer.service": "integration-tests-python",
617619
"_dd.peer.service.source": "peer.service",
618620
"_dd.base_service": "integration-tests-python",

tests/integration/snapshots/logs/async-metrics_python312.log

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
6666
"_inferred_span.synchronicity": "sync",
6767
"_inferred_span.tag_source": "self",
6868
"http.status_code": "200",
69+
"http.route": "/",
6970
"peer.service": "integration-tests-python",
7071
"_dd.peer.service.source": "peer.service",
7172
"_dd.base_service": "integration-tests-python",
@@ -613,6 +614,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
613614
"_inferred_span.synchronicity": "sync",
614615
"_inferred_span.tag_source": "self",
615616
"http.status_code": "200",
617+
"http.route": "/httpapi/get",
616618
"peer.service": "integration-tests-python",
617619
"_dd.peer.service.source": "peer.service",
618620
"_dd.base_service": "integration-tests-python",

tests/integration/snapshots/logs/async-metrics_python313.log

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
6666
"_inferred_span.synchronicity": "sync",
6767
"_inferred_span.tag_source": "self",
6868
"http.status_code": "200",
69+
"http.route": "/",
6970
"peer.service": "integration-tests-python",
7071
"_dd.peer.service.source": "peer.service",
7172
"_dd.base_service": "integration-tests-python",
@@ -613,6 +614,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
613614
"_inferred_span.synchronicity": "sync",
614615
"_inferred_span.tag_source": "self",
615616
"http.status_code": "200",
617+
"http.route": "/httpapi/get",
616618
"peer.service": "integration-tests-python",
617619
"_dd.peer.service.source": "peer.service",
618620
"_dd.base_service": "integration-tests-python",

tests/integration/snapshots/logs/async-metrics_python38.log

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
6666
"_inferred_span.synchronicity": "sync",
6767
"_inferred_span.tag_source": "self",
6868
"http.status_code": "200",
69+
"http.route": "/",
6970
"peer.service": "integration-tests-python",
7071
"_dd.peer.service.source": "peer.service",
7172
"_dd.base_service": "integration-tests-python",
@@ -613,6 +614,7 @@ HTTP GET https://www.datadoghq.com/ Headers: ["Accept-Encoding:gzip, deflate","A
613614
"_inferred_span.synchronicity": "sync",
614615
"_inferred_span.tag_source": "self",
615616
"http.status_code": "200",
617+
"http.route": "/httpapi/get",
616618
"peer.service": "integration-tests-python",
617619
"_dd.peer.service.source": "peer.service",
618620
"_dd.base_service": "integration-tests-python",

0 commit comments

Comments
 (0)