-
Notifications
You must be signed in to change notification settings - Fork 137
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
## Summary of changes Fingerprinting is a technique used to identify and track users through the use of available data which, when combined through a certain set of algorithms, can provide a unique fingerprint for said user. Fingerprinting can be performed on many contexts with different data sets, such as the browser, which can provide the algorithm with specific data about the user’s software and hardware stack, or the server, which typically provides data at the different levels of the network stack. This PR contains the implementation of the attacker fingerprint feature described in [this RFC](https://docs.google.com/document/d/1DivOa9XsCggmZVzMI57vyxH2_EBJ0-qqIkRHm_sEvSs/edit?pli=1). ## Reason for change ## Implementation details There are two small issues detected that seem related to the WAF: If we don't send the request body, no endpoint fingerprint (_dd.appsec.fp.http.endpoint) is generated. The agent header fingerprint is not generated if we send a value in a dictionary instead of a regular string. These issues will be discussed with the libdwaf team. ## Test coverage Some unit tests have been added. Since this feature will be enabled by default and, in order to cover different situations while not impacting the CI performance, the ASM integration tests have been modified to include the fingerprint in the snapshots. ## Other details <!-- Fixes #{issue} --> <!--⚠️ Note: where possible, please obtain 2 approvals prior to merging. Unless CODEOWNERS specifies otherwise, for external teams it is typically best to have one review from a team member, and one review from apm-dotnet. Trivial changes do not require 2 reviews. -->
- Loading branch information
1 parent
272f971
commit 3847923
Showing
126 changed files
with
1,745 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 63 additions & 0 deletions
63
tracer/src/Datadog.Trace/AppSec/AttackerFingerprint/AttackerFingerprintHelper.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
// <copyright file="AttackerFingerprintHelper.cs" company="Datadog"> | ||
// Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License. | ||
// This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc. | ||
// </copyright> | ||
|
||
using System.Collections.Generic; | ||
using Datadog.Trace.AppSec.Coordinator; | ||
using Datadog.Trace.AppSec.Waf; | ||
using Datadog.Trace.Logging; | ||
|
||
#nullable enable | ||
|
||
namespace Datadog.Trace.AppSec.AttackerFingerprint; | ||
|
||
internal static class AttackerFingerprintHelper | ||
{ | ||
private static readonly IDatadogLogger Log = DatadogLogging.GetLoggerFor(typeof(AttackerFingerprintHelper)); | ||
private static readonly Dictionary<string, object> _fingerprintRequest = new() { { AddressesConstants.WafContextProcessor, new Dictionary<string, object> { { "fingerprint", true } } } }; | ||
private static bool _warningLogged = false; | ||
|
||
public static void AddSpanTags(Span span) | ||
{ | ||
if (span.IsFinished || span.Type != SpanTypes.Web) | ||
{ | ||
return; | ||
} | ||
|
||
var securityCoordinator = new SecurityCoordinator(Security.Instance, span); | ||
|
||
// We need a context | ||
if (!securityCoordinator.HasContext() || securityCoordinator.IsAdditiveContextDisposed()) | ||
{ | ||
return; | ||
} | ||
|
||
var result = securityCoordinator.RunWaf(_fingerprintRequest); | ||
AddSpanTags(result?.FingerprintDerivatives, span); | ||
} | ||
|
||
private static void AddSpanTags(Dictionary<string, object?>? fingerPrintDerivatives, ISpan span) | ||
{ | ||
if (fingerPrintDerivatives is not null) | ||
{ | ||
foreach (var derivative in fingerPrintDerivatives) | ||
{ | ||
var value = derivative.Value?.ToString(); | ||
if (!string.IsNullOrEmpty(value)) | ||
{ | ||
span.SetTag(derivative.Key, value); | ||
} | ||
else | ||
{ | ||
if (!_warningLogged) | ||
{ | ||
// This should not happen | ||
Log.Warning("Fingerprint derivative {DerivativeKey} has no value", derivative.Key); | ||
_warningLogged = true; | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.