Skip to content

feat(appsec): skip processing spans for events that are not http requests#627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
florentinl merged 1 commit into from
Jul 4, 2025
Merged

feat(appsec): skip processing spans for events that are not http requests #627

florentinl merged 1 commit into from
Jul 4, 2025

Conversation

@florentinl
Copy link
Contributor

@florentinlflorentinl commented Jul 2, 2025
edited
Loading

What does this PR do?

This PR allows for the AppSecSpanProcessor to skip processing spans for events that are not http requests. The information is propagated through an item on the ExecutionContext.

Motivation

Spans for unsupported events must not be processed by the AppSecSpanProcessor. To achieve this, the information that the span can be skipped must be available to the AppSecSpanProcessor before the span is started.

Additional Notes

This PR is tied to: DataDog/dd-trace-py#13855

Types of Changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog
  • This PR passes the integration tests (ask a Datadog member to run the tests)

@florentinlflorentinl mentioned this pull request Jul 2, 2025
Merged
2 tasks
@florentinlflorentinlforce-pushed the florentinl/APPSEC-58145/asm-skip-unsupported-events branch from 8a07af8 to 73a6403CompareJuly 2, 2025 12:41
@florentinlflorentinl changed the title feat(asm): skip processing spans for events that are not http requestsfeat(appsec): skip processing spans for events that are not http requestsJul 2, 2025
@florentinlflorentinl marked this pull request as ready for review July 2, 2025 14:15
@florentinlflorentinl requested review from a team as code ownersJuly 2, 2025 14:15
@florentinlflorentinl requested a review from a teamJuly 2, 2025 15:08
@florentinlflorentinl merged commit ae7df53 into mainJul 4, 2025
61 checks passed
@florentinlflorentinl deleted the florentinl/APPSEC-58145/asm-skip-unsupported-events branch July 4, 2025 07:10
florentinl added a commit to DataDog/dd-trace-py that referenced this pull request Jul 4, 2025
@florentinl
feat(appsec): add metric for unsupported lambda event types (#13855)
b0c216c
## Motivation Avoid billing when Appsec is enabled for unsupported lambda events. To keep track of executions with unsupported events, we add a span metric. ## Changes - Selectively skip processing the span based on the event To make the information available, I used the same pattern as the asm context initialization by storing temporary information inside the `ExecutionContext`. The only difference is that in the case of lambda we only have a single global `ExecutionContext` so we have to clean it up. ## Notes This PR relies on: DataDog/datadog-lambda-python#627 ## Checklist - [x] PR author has checked that all the criteria below are met - The PR description includes an overview of the change - The PR description articulates the motivation for the change - The change includes tests OR the PR description describes a testing strategy - The PR description notes risks associated with the change, if any - Newly-added code is easy to change - The change follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) - The change includes or references documentation updates if necessary - Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) ## Reviewer Checklist - [x] Reviewer has checked that all the criteria below are met - Title is accurate - All changes are related to the pull request's stated goal - Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - Testing strategy adequately addresses listed risks - Newly-added code is easy to change - Release note makes sense to a user of the library - If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
happynancee pushed a commit to DataDog/dd-trace-py that referenced this pull request Jul 7, 2025
@florentinl@happynancee
feat(appsec): add metric for unsupported lambda event types (#13855)
2ceea73
## Motivation Avoid billing when Appsec is enabled for unsupported lambda events. To keep track of executions with unsupported events, we add a span metric. ## Changes - Selectively skip processing the span based on the event To make the information available, I used the same pattern as the asm context initialization by storing temporary information inside the `ExecutionContext`. The only difference is that in the case of lambda we only have a single global `ExecutionContext` so we have to clean it up. ## Notes This PR relies on: DataDog/datadog-lambda-python#627 ## Checklist - [x] PR author has checked that all the criteria below are met - The PR description includes an overview of the change - The PR description articulates the motivation for the change - The change includes tests OR the PR description describes a testing strategy - The PR description notes risks associated with the change, if any - Newly-added code is easy to change - The change follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) - The change includes or references documentation updates if necessary - Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) ## Reviewer Checklist - [x] Reviewer has checked that all the criteria below are met - Title is accurate - All changes are related to the pull request's stated goal - Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - Testing strategy adequately addresses listed risks - Newly-added code is easy to change - Release note makes sense to a user of the library - If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
alyshawang pushed a commit to DataDog/dd-trace-py that referenced this pull request Jul 25, 2025
@florentinl@alyshawang
feat(appsec): add metric for unsupported lambda event types (#13855)
4b324ef
## Motivation Avoid billing when Appsec is enabled for unsupported lambda events. To keep track of executions with unsupported events, we add a span metric. ## Changes - Selectively skip processing the span based on the event To make the information available, I used the same pattern as the asm context initialization by storing temporary information inside the `ExecutionContext`. The only difference is that in the case of lambda we only have a single global `ExecutionContext` so we have to clean it up. ## Notes This PR relies on: DataDog/datadog-lambda-python#627 ## Checklist - [x] PR author has checked that all the criteria below are met - The PR description includes an overview of the change - The PR description articulates the motivation for the change - The change includes tests OR the PR description describes a testing strategy - The PR description notes risks associated with the change, if any - Newly-added code is easy to change - The change follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) - The change includes or references documentation updates if necessary - Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) ## Reviewer Checklist - [x] Reviewer has checked that all the criteria below are met - Title is accurate - All changes are related to the pull request's stated goal - Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - Testing strategy adequately addresses listed risks - Newly-added code is easy to change - Release note makes sense to a user of the library - If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@purple4reinapurple4reinapurple4reina approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@florentinl@purple4reina