Skip to content

[APPSEC-60450] Add parsed body address to downstream request analysis#5320

Merged
Strech merged 22 commits intomasterfrom
appsec-60450-add-parsed-body-address-to-downstream-request
Feb 10, 2026
Merged

[APPSEC-60450] Add parsed body address to downstream request analysis#5320
Strech merged 22 commits intomasterfrom
appsec-60450-add-parsed-body-address-to-downstream-request

Conversation

@Strech
Copy link
Member

@Strech Strech commented Feb 5, 2026

What does this PR do?

  • Add request/response body parsing into Faraday/Excon/RestClient contribs
  • Add new utility class for handling body parsing
  • Add counter sampler for downstream requests analysis
  • Replace inhouse rack query parsing with Rack-based parsing
  • And some more refactoring

Motivation:

This is a second batch of changes for http libraries instrumentations that brings a request/response body analysis based on sampling/limit settings.

Change log entry

Yes. AppSec: Add downstream request body analysis.

Additional Notes:

This is 2/3 of the original RFC and the announcement will come with a third one. You can spot that all contribs changes look-a-like and it's known issue due to the lack of events system we slowly moving to (i.e will be refactored one day)

How to test the change?

CI + ST

@Strech Strech requested review from a team as code owners February 5, 2026 14:26
@github-actions github-actions bot added core Involves Datadog core libraries integrations Involves tracing integrations appsec Application Security monitoring product labels Feb 5, 2026
@github-actions
Copy link

github-actions bot commented Feb 5, 2026
edited
Loading

Typing analysis

Note: Ignored files are excluded from the next sections.

steep:ignore comments

This PR introduces 8 steep:ignore comments, and clears 6 steep:ignore comments.

steep:ignore comments (+8-6)Introduced: 
lib/datadog/appsec/context.rb:19
lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb:90
lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb:91
lib/datadog/appsec/utils/http/body.rb:17
lib/datadog/appsec/utils/http/body.rb:19
lib/datadog/appsec/utils/http/body.rb:20
lib/datadog/appsec/utils/http/media_type.rb:68
lib/datadog/appsec/utils/http/media_type.rb:72
Cleared: 
lib/datadog/appsec/context.rb:18
lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb:57
lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb:58
lib/datadog/appsec/utils/http/media_type.rb:13
lib/datadog/appsec/utils/http/media_type.rb:84
lib/datadog/appsec/utils/http/media_type.rb:88

Untyped other declarations

This PR clears 1 partially typed other declaration. It increases the percentage of typed other declarations from 76.49% to 76.75% (+0.26%).

Partially typed other declarations (+0-1)Cleared: 
sig/datadog/appsec/security_engine/runner.rbs:5
└── type input_data = ::Hash[::String, untyped]

@pr-commenter
Copy link

pr-commenter bot commented Feb 5, 2026
edited
Loading

Benchmarks

Benchmark execution time: 2026-02-10 11:40:17

Comparing candidate commit ff906db in PR branch appsec-60450-add-parsed-body-address-to-downstream-request with baseline commit 1fdc59c in branch master.

Found 0 performance improvements and 2 performance regressions! Performance is the same for 42 metrics, 2 unstable metrics.

scenario:profiling - Allocations ()

  • 🟥 throughput [-247460.130op/s; -240111.180op/s] or [-7.410%; -7.190%]

scenario:tracing - Propagation - Datadog

  • 🟥 throughput [-2926.631op/s; -2853.298op/s] or [-9.274%; -9.042%]

@Strech Strech force-pushed the appsec-60450-add-parsed-body-address-to-downstream-request branch 2 times, most recently from 7f6cab6 to bf94d2d Compare February 5, 2026 16:34
@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Feb 5, 2026
edited
Loading

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage
Patch Coverage: 90.48%
Overall Coverage: 95.14% (-0.04%)

View detailed report

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: ff906db | Docs | Datadog PR Page | Was this helpful? Give us feedback!

Strech
Strech commented Feb 5, 2026
View reviewed changes
y9v
y9v approved these changes Feb 9, 2026
View reviewed changes
Copy link
Member

@y9v y9v left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great job!

Strech added 18 commits February 10, 2026 12:07
@Strech
Add parsed body to the excon client
cc19c6c
@Strech
Add response body parsing
5d5d91c
@Strech
Add new helpers into MediaType class
006e334
@Strech
Remove multipart/form-data from supported types
731d299
@Strech
Add Utils::HTTP::URLEncoded module
c2cc77d
@Strech
Add Utils::HTTP::Body module
6f96535
@Strech
Add Utils::HTTP::MediaRange.parse method
b183641
@Strech
Update Rack request query parsing
78bde1f
@Strech
Add body parsing to excon contrib
8da1b55
@Strech
Add request body processing to faraday contrib
fd8aef2
@Strech
Add request body processing to rest_client contrib
691ef7e
@Strech
Add AppSec::CounterSampler with counter
85ef015
@Strech
Add downstream body analysis configuration
e599af8
@Strech
Add simple registry into AppSec::Context
f86ee6e
@Strech
Add downstream request body sampler into Context
e8d4732 
* Update Faraday contrib with body analysis conditions
* Update Faraday vendor RBS stab
@Strech
Update MediaType and MediaRange typespecs
fb86b76
@Strech
Add body sampling into excon and rest_client
cbabb1f
@Strech
Update RestClient RBS stab
34c26b5
@Strech Strech force-pushed the appsec-60450-add-parsed-body-address-to-downstream-request branch from b3d873b to ff906db Compare February 10, 2026 11:08
@Strech Strech merged commit 476256d into master Feb 10, 2026
619 checks passed
@Strech Strech deleted the appsec-60450-add-parsed-body-address-to-downstream-request branch February 10, 2026 11:42
@github-actions github-actions bot added this to the 2.29.0 milestone Feb 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@y9v y9v y9v approved these changes

Assignees

No one assigned

Labels

appsec Application Security monitoring product core Involves Datadog core libraries integrations Involves tracing integrations

Projects

None yet

Milestone

2.29.0

Development

Successfully merging this pull request may close these issues.

2 participants

@Strech @y9v