Added stack trace collection settings

DataDog · Jan 14, 2025 · 2456cd3 · 2456cd3
1 parent f7a0ce1
commit 2456cd3
Show file tree

Hide file tree

Showing 2 changed files with 164 additions and 0 deletions.
diff --git a/lib/datadog/appsec/configuration/settings.rb b/lib/datadog/appsec/configuration/settings.rb
@@ -205,6 +205,40 @@ def self.add_settings!(base)
                   o.default false
                 end
               end
+
+              settings :stack_trace do
+                option :enabled do |o|
+                  o.type :bool
+                  o.env 'DD_APPSEC_STACK_TRACE_ENABLED'
+                  o.default true
+                end
+
+                # The maximum number of stack frames to collect for each stack trace.
+                # If the number of frames in a stack trace exceeds this value,
+                # max_depth / 4 frames will be collected from the top, and max_depth * 3 / 4 from the bottom.
+                option :max_depth do |o|
+                  o.type :int
+                  o.env 'DD_APPSEC_MAX_STACK_TRACE_DEPTH'
+                  o.default 32
+                  o.setter do |value|
+                    value = 0 if value.negative?
+                    value
+                  end
+                end
+
+                # The maximum number of stack traces to collect for each exploit prevention event.
+                option :max_collect do |o|
+                  o.type :int
+                  o.env 'DD_APPSEC_MAX_STACK_TRACES'
+                  o.default 2
+                  # If we don't want to collect stack traces we should disable stack trace collection
+                  # Which is why the minimum value for max_depth is 1
+                  o.setter do |value|
+                    value = 1 if value < 1
+                    value
+                  end
+                end
+              end
             end
           end
         end

diff --git a/spec/datadog/appsec/configuration/settings_spec.rb b/spec/datadog/appsec/configuration/settings_spec.rb
@@ -797,5 +797,135 @@ def patcher
         end
       end
     end
+
+    describe 'stack_trace' do
+      describe '#enabled' do
+        subject(:enabled) { settings.appsec.stack_trace.enabled }
+
+        context 'when DD_APPSEC_STACK_TRACE_ENABLED' do
+          around do |example|
+            ClimateControl.modify('DD_APPSEC_STACK_TRACE_ENABLED' => stack_trace_enabled) do
+              example.run
+            end
+          end
+
+          context 'is not defined' do
+            let(:stack_trace_enabled) { nil }
+
+            it { is_expected.to eq true }
+          end
+
+          [true, false].each do |value|
+            context "is defined as #{value}" do
+              let(:stack_trace_enabled) { value.to_s }
+
+              it { is_expected.to eq value }
+            end
+          end
+        end
+      end
+
+      describe '#enabled=' do
+        subject(:set_stack_trace_enabled) { settings.appsec.stack_trace.enabled = stack_trace_enabled }
+
+        [true, false].each do |value|
+          context "when given #{value}" do
+            let(:stack_trace_enabled) { value }
+
+            before { set_stack_trace_enabled }
+
+            it { expect(settings.appsec.stack_trace.enabled).to eq(value) }
+          end
+        end
+      end
+
+      describe '#max_depth' do
+        subject(:max_depth) { settings.appsec.stack_trace.max_depth }
+
+        context 'when DD_APPSEC_MAX_STACK_TRACE_DEPTH' do
+          around do |example|
+            ClimateControl.modify('DD_APPSEC_MAX_STACK_TRACE_DEPTH' => stack_trace_max_depth) do
+              example.run
+            end
+          end
+
+          context 'is not defined' do
+            let(:stack_trace_max_depth) { nil }
+
+            it { is_expected.to eq 32 }
+          end
+
+          context 'is defined' do
+            let(:stack_trace_max_depth) { '64' }
+
+            it { is_expected.to eq(64) }
+          end
+        end
+      end
+
+      describe '#max_depth=' do
+        subject(:set_stack_trace_max_depth) { settings.appsec.stack_trace.max_depth = stack_trace_max_depth }
+
+        context 'when given a value' do
+          let(:stack_trace_max_depth) { 64 }
+
+          before { set_stack_trace_max_depth }
+
+          it { expect(settings.appsec.stack_trace.max_depth).to eq(64) }
+        end
+
+        context 'when given a negative value' do
+          let(:stack_trace_max_depth) { -1 }
+
+          before { set_stack_trace_max_depth }
+
+          it { expect(settings.appsec.stack_trace.max_depth).to eq(0) }
+        end
+      end
+
+      describe '#max_collect' do
+        subject(:max_collect) { settings.appsec.stack_trace.max_collect }
+
+        context 'when DD_APPSEC_MAX_STACK_TRACES' do
+          around do |example|
+            ClimateControl.modify('DD_APPSEC_MAX_STACK_TRACES' => stack_trace_max_collect) do
+              example.run
+            end
+          end
+
+          context 'is not defined' do
+            let(:stack_trace_max_collect) { nil }
+
+            it { is_expected.to eq 2 }
+          end
+
+          context 'is defined' do
+            let(:stack_trace_max_collect) { '4' }
+
+            it { is_expected.to eq(4) }
+          end
+        end
+      end
+
+      describe '#max_collect=' do
+        subject(:set_stack_trace_max_collect) { settings.appsec.stack_trace.max_collect = stack_trace_max_collect }
+
+        context 'when given a value' do
+          let(:stack_trace_max_collect) { 4 }
+
+          before { set_stack_trace_max_collect }
+
+          it { expect(settings.appsec.stack_trace.max_collect).to eq(4) }
+        end
+
+        context 'when given a negative value' do
+          let(:stack_trace_max_collect) { -1 }
+
+          before { set_stack_trace_max_collect }
+
+          it { expect(settings.appsec.stack_trace.max_collect).to eq(1) }
+        end
+      end
+    end
   end
 end