Skip to content

WAF for curl requests/partial json/libddwaf v2#3467

Draft
cataphract wants to merge 6 commits intomasterfrom
glopes/appsec-curl
Draft

WAF for curl requests/partial json/libddwaf v2#3467
cataphract wants to merge 6 commits intomasterfrom
glopes/appsec-curl

Conversation

@cataphract
Copy link
Contributor

@cataphract cataphract commented Oct 31, 2025

Description

Reviewer checklist

  • Test coverage seems ok.
  • Appropriate labels assigned.

@cataphract cataphract requested review from a team as code owners October 31, 2025 14:58
@cataphract cataphract marked this pull request as draft October 31, 2025 14:58
@pr-commenter
Copy link

pr-commenter bot commented Oct 31, 2025
edited
Loading

Benchmarks [ tracer ]

Benchmark execution time: 2026-01-16 18:40:45

Comparing candidate commit 192a4a1 in PR branch glopes/appsec-curl with baseline commit ed3089e in branch master.

Found 1 performance improvements and 2 performance regressions! Performance is the same for 190 metrics, 1 unstable metrics.

scenario:PDOBench/benchPDOOverhead

  • 🟥 execution_time [+10.051µs; +13.596µs] or [+4.626%; +6.258%]

scenario:PDOBench/benchPDOOverheadWithDBM

  • 🟥 execution_time [+7.841µs; +11.088µs] or [+3.599%; +5.089%]

scenario:SamplingRuleMatchingBench/benchRegexMatching2-opcache

  • 🟩 execution_time [-9.823µs; -9.723µs] or [-88.080%; -87.183%]

@codecov-commenter
Copy link

codecov-commenter commented Oct 31, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 52.32059% with 2332 lines in your changes missing coverage. Please review.
✅ Project coverage is 58.91%. Comparing base (ed3089e) to head (bbc593e).

Files with missing lines Patch % Lines
appsec/helper-rust/src/client.rs 0.00% 564 Missing ⚠️
appsec/helper-rust/src/service.rs 53.15% 215 Missing ⚠️
appsec/helper-rust/src/service/waf_diag.rs 20.58% 189 Missing ⚠️
appsec/helper-rust/src/lib.rs 0.00% 186 Missing ⚠️
appsec/helper-rust/src/client/metrics.rs 0.00% 138 Missing ⚠️
appsec/helper-rust/src/rc.rs 73.73% 125 Missing ⚠️
appsec/helper-rust/src/telemetry/sidecar.rs 0.00% 96 Missing ⚠️
appsec/helper-rust/src/rc_notify.rs 0.00% 86 Missing ⚠️
appsec/helper-rust/src/service/limiter.rs 8.33% 66 Missing ⚠️
appsec/src/extension/json_truncated_parser.cpp 73.72% 47 Missing and 15 partials ⚠️
... and 23 more

❌ Your patch status has failed because the patch coverage (52.32%) is below the target coverage (90.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3467      +/-   ##
==========================================
- Coverage   62.02%   58.91%   -3.12%     
==========================================
  Files         140      162      +22     
  Lines       13309    17895    +4586     
  Branches     1762     1847      +85     
==========================================
+ Hits         8255    10542    +2287     
- Misses       4265     6521    +2256     
- Partials      789      832      +43
Flag Coverage Δ
helper-rust-unit 48.81% <48.81%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
appsec/src/extension/commands/request_exec.c 100.00% <100.00%> (ø)
appsec/src/extension/configuration.h 100.00% <ø> (ø)
appsec/src/extension/php_compat.h 100.00% <ø> (ø)
appsec/src/extension/request_abort.c 70.28% <100.00%> (ø)
appsec/src/extension/user_tracking.c 75.00% <100.00%> (+0.08%) ⬆️
appsec/src/helper/client.cpp 75.98% <100.00%> (ø)
appsec/src/helper/client.hpp 94.11% <ø> (ø)
appsec/src/helper/engine.cpp 91.73% <100.00%> (ø)
appsec/src/helper/engine.hpp 100.00% <ø> (ø)
appsec/src/helper/json_helper.hpp 50.00% <ø> (ø)
... and 36 more

... and 2 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ed3089e...bbc593e. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pr-commenter
Copy link

pr-commenter bot commented Oct 31, 2025
edited
Loading

Benchmarks [ appsec ]

Benchmark execution time: 2026-01-16 18:12:00

Comparing candidate commit 192a4a1 in PR branch glopes/appsec-curl with baseline commit ed3089e in branch master.

Found 0 performance improvements and 7 performance regressions! Performance is the same for 5 metrics, 0 unstable metrics.

scenario:LaravelBench/benchLaravelBaseline-appsec

  • 🟥 mem_peak [+543.440KB; +543.440KB] or [+10.532%; +10.532%]

scenario:LaravelBench/benchLaravelOverhead-appsec

  • 🟥 execution_time [+297.080µs; +610.160µs] or [+2.036%; +4.181%]
  • 🟥 mem_peak [+543.440KB; +543.440KB] or [+10.532%; +10.532%]

scenario:SymfonyBench/benchSymfonyBaseline-appsec

  • 🟥 mem_peak [+543.440KB; +543.440KB] or [+10.532%; +10.532%]

scenario:SymfonyBench/benchSymfonyOverhead-appsec

  • 🟥 execution_time [+794.367µs; +971.113µs] or [+6.774%; +8.281%]
  • 🟥 mem_peak [+543.440KB; +543.440KB] or [+10.532%; +10.532%]

scenario:WordPressBench/benchWordPressOverhead-appsec

  • 🟥 execution_time [+5.467ms; +5.719ms] or [+12.983%; +13.582%]

@cataphract cataphract force-pushed the glopes/appsec-curl branch 2 times, most recently from 88dbc85 to 2d9bc56 Compare November 21, 2025 11:57
@cataphract cataphract force-pushed the glopes/appsec-curl branch 2 times, most recently from bb17297 to 947897c Compare December 24, 2025 16:22
@cataphract cataphract force-pushed the glopes/appsec-curl branch 2 times, most recently from 59377d6 to 55d4bd0 Compare January 5, 2026 16:17
@datadog-official
Copy link

datadog-official bot commented Jan 16, 2026
edited
Loading

⚠️ Tests

Fix all issues with Cursor

⚠️ Warnings

❄️ 1 New flaky test detected

ext/standard/tests/file/lstat_stat_variation12.phpt (Test lstat() and stat() functions: usage variations - effects of is_link()) from PHP.ext.standard.tests.file (Datadog) (Fix with Cursor) 
*** Testing stat() on a link after using is_link() on it ***
     bool(true)
     bool(true)
005+ Error: stat1 do not match with stat2 at key value: 8
006+ Error: stat1 do not match with stat2 at key value: atime
005- bool(true)
     
008+  Dumping stat array 1...
007- --- Done ---
009+ array(26) {
...

🧪 1022 Tests failed

    testSearchPhpBinaries from integration.DDTrace\Tests\Integration\PHPInstallerTest (Fix with Cursor)

    testSimplePushAndProcess from laravel-58-test.DDTrace\Tests\Integrations\Laravel\V5_8\QueueTest (Fix with Cursor)

testSimplePushAndProcess from laravel-8x-test.DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest (Datadog) (Fix with Cursor) 
DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest::testSimplePushAndProcess
Test code or tested code printed unexpected output: spanLinksTraceId: 696a788e00000000c07a61e021bddf90
tid: 696a788e00000000
hexProcessTraceId: c07a61e021bddf90
hexProcessSpanId: 66988bba4f03bf3b
processTraceId: 13869505617707523984
processSpanId: 7392812420634492731

phpvfscomposer://tests/vendor/phpunit/phpunit/phpunit:106
View all
This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 192a4a1 | Docs | Datadog PR Page | Was this helpful? Give us feedback!

@cataphract cataphract force-pushed the glopes/appsec-curl branch 3 times, most recently from bbc593e to 192a4a1 Compare January 16, 2026 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cataphract @codecov-commenter