Skip to content

feat(appsec): skip processing spans for events that are not http requests #627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 4, 2025
Merged

feat(appsec): skip processing spans for events that are not http requests #627

merged 1 commit into from
Jul 4, 2025

Conversation

florentinl
Copy link
Contributor

@florentinl florentinl commented Jul 2, 2025
edited
Loading

What does this PR do?

This PR allows for the AppSecSpanProcessor to skip processing spans for events that are not http requests. The information is propagated through an item on the ExecutionContext.

Motivation

Spans for unsupported events must not be processed by the AppSecSpanProcessor. To achieve this, the information that the span can be skipped must be available to the AppSecSpanProcessor before the span is started.

Additional Notes

This PR is tied to: DataDog/dd-trace-py#13855

Types of Changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog
  • This PR passes the integration tests (ask a Datadog member to run the tests)

@florentinl florentinl mentioned this pull request Jul 2, 2025
Merged
2 tasks
@florentinl florentinl force-pushed the florentinl/APPSEC-58145/asm-skip-unsupported-events branch from 8a07af8 to 73a6403 Compare July 2, 2025 12:41
@florentinl florentinl changed the title feat(asm): skip processing spans for events that are not http requests feat(appsec): skip processing spans for events that are not http requests Jul 2, 2025
@florentinl florentinl marked this pull request as ready for review July 2, 2025 14:15
@florentinl florentinl requested review from a team as code owners July 2, 2025 14:15
@florentinl florentinl requested a review from a team July 2, 2025 15:08
@florentinl florentinl merged commit ae7df53 into main Jul 4, 2025
61 checks passed
@florentinl florentinl deleted the florentinl/APPSEC-58145/asm-skip-unsupported-events branch July 4, 2025 07:10
florentinl added a commit to DataDog/dd-trace-py that referenced this pull request Jul 4, 2025
@florentinl
feat(appsec): add metric for unsupported lambda event types (#13855)
b0c216c 
## Motivation

Avoid billing when Appsec is enabled for unsupported lambda events. To
keep track of executions with unsupported events, we add a span metric.

## Changes

- Selectively skip processing the span based on the event

To make the information available, I used the same pattern as the asm
context initialization by storing temporary information inside the
`ExecutionContext`.

The only difference is that in the case of lambda we only have a single
global `ExecutionContext` so we have to clean it up.

## Notes

This PR relies on:
DataDog/datadog-lambda-python#627



## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@purple4reina purple4reina purple4reina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@florentinl @purple4reina