From 157d7a4227904d63a360c53a7b9be8cd2b2a7371 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Gonz=C3=A1lez=20Garc=C3=ADa?= Date: Mon, 1 Jul 2024 10:30:25 +0200 Subject: [PATCH] Add PROPAGATED_APPSEC tag on request end if there is an event and on user event tracking (#7262) What Does This Do Add appsec propagation tag: On appsec user event tracking On appsec request end (this is necessary as we can't guarantee right now that the span is available when the event is detected) Additional notes JIRA: APPSEC-10459 --- .../instrumentation/decorator/AppSecUserEventDecorator.java | 1 + .../decorator/AppSecUserEventDecoratorTest.groovy | 3 +++ .../main/java/com/datadog/appsec/gateway/GatewayBridge.java | 1 + 3 files changed, 5 insertions(+) diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/AppSecUserEventDecorator.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/AppSecUserEventDecorator.java index a55d7dd80fd..8e1b1ca58ce 100644 --- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/AppSecUserEventDecorator.java +++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/AppSecUserEventDecorator.java @@ -76,6 +76,7 @@ public void onSignup(String userId, Map metadata) { private void onEvent(@Nonnull TraceSegment segment, String eventName, Map tags) { segment.setTagTop("appsec.events." + eventName + ".track", true, true); segment.setTagTop(Tags.ASM_KEEP, true); + segment.setTagTop(Tags.PROPAGATED_APPSEC, true); // Report user event tracking mode ("safe" or "extended") UserEventTrackingMode mode = Config.get().getAppSecUserEventsTrackingMode(); diff --git a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/AppSecUserEventDecoratorTest.groovy b/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/AppSecUserEventDecoratorTest.groovy index fb1fe894bb9..0cc82c7b5f5 100644 --- a/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/AppSecUserEventDecoratorTest.groovy +++ b/dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/instrumentation/decorator/AppSecUserEventDecoratorTest.groovy @@ -37,6 +37,7 @@ class AppSecUserEventDecoratorTest extends DDSpecification { 1 * traceSegment.setTagTop('_dd.appsec.events.users.signup.auto.mode', mode) 1 * traceSegment.setTagTop('appsec.events.users.signup.track', true, true) 1 * traceSegment.setTagTop('asm.keep', true) + 1 * traceSegment.setTagTop('_dd.p.appsec', true) if (setUser) { 1 * traceSegment.setTagTop('usr.id', user) } @@ -65,6 +66,7 @@ class AppSecUserEventDecoratorTest extends DDSpecification { 1 * traceSegment.setTagTop('_dd.appsec.events.users.login.success.auto.mode', mode) 1 * traceSegment.setTagTop('appsec.events.users.login.success.track', true, true) 1 * traceSegment.setTagTop('asm.keep', true) + 1 * traceSegment.setTagTop('_dd.p.appsec', true) if (setUser) { 1 * traceSegment.setTagTop('usr.id', user) } @@ -93,6 +95,7 @@ class AppSecUserEventDecoratorTest extends DDSpecification { 1 * traceSegment.setTagTop('_dd.appsec.events.users.login.failure.auto.mode', mode) 1 * traceSegment.setTagTop('appsec.events.users.login.failure.track', true, true) 1 * traceSegment.setTagTop('asm.keep', true) + 1 * traceSegment.setTagTop('_dd.p.appsec', true) if (setUser) { 1 * traceSegment.setTagTop('appsec.events.users.login.failure.usr.id', user) } diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java index cbe3c858aec..8234f1e4425 100644 --- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java +++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java @@ -142,6 +142,7 @@ public void init() { if (!collectedEvents.isEmpty()) { // Set asm keep in case that root span was not available when events are detected traceSeg.setTagTop(Tags.ASM_KEEP, true); + traceSeg.setTagTop(Tags.PROPAGATED_APPSEC, true); traceSeg.setTagTop("appsec.event", true); traceSeg.setTagTop("network.client.ip", ctx.getPeerAddress());