Add ActiveRecord instrumentation to detect SQLi in AppSec

[y9v]

What does this PR do?
This PR adds ActiveRecord instrumentation to AppSec for detecting SQL injections.

Motivation:
We want to enable SQL injection detection for users using AppSec. Libddwaf already supports this, so this is just about providing required data to libddwaf.

Change log entry
Add SQL injection detection for ActiveRecord for following adapters: mysql2, postgresql, and sqlite3

Additional Notes:
This is the initial implementation - without blocking, and without passing the SQL span ID with the appsec event.
Passing the span ID of the SQL span is currently not possible without major changes, since tracing creates the SQL span at a later time point than we do our instrumentation.

How to test the change?
This feature can be tested using https://github.com/DataDog/appsec-app-generator (activerecord-sqli variant):

bin/run activerecord-sqli -R 7.2.0 -d postgresql

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 95.85253% with 9 lines in your changes missing coverage. Please review.

Project coverage is 97.74%. Comparing base (28675b6) to head (971f329).

Files with missing lines	Patch %	Lines
...og/appsec/contrib/active_record/instrumentation.rb	93.75%	2 Missing ⚠️
...ib/datadog/appsec/contrib/active_record/patcher.rb	92.30%	2 Missing ⚠️
...c/contrib/active_record/postgresql_adapter_spec.rb	95.83%	2 Missing ⚠️
...atadog/appsec/contrib/active_record/integration.rb	95.00%	1 Missing ⚠️
...ppsec/contrib/active_record/mysql2_adapter_spec.rb	97.77%	1 Missing ⚠️
...psec/contrib/active_record/sqlite3_adapter_spec.rb	97.77%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4167      +/-   ##
==========================================
- Coverage   97.76%   97.74%   -0.02%     
==========================================
  Files        1351     1357       +6     
  Lines       81733    81950     +217     
  Branches     4147     4168      +21     
==========================================
+ Hits        79904    80106     +202     
- Misses       1829     1844      +15     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-12-02 11:12:20

Comparing candidate commit 971f329 in PR branch appsec-add-sqli with baseline commit 28675b6 in branch master.

Found 1 performance improvements and 1 performance regressions! Performance is the same for 29 metrics, 2 unstable metrics.

scenario:profiler - stack collector

• 🟩 throughput [+182.526op/s; +184.412op/s] or [+6.563%; +6.631%]

scenario:tracing - Propagation - Datadog

• 🟥 throughput [-3161.325op/s; -3090.602op/s] or [-9.438%; -9.227%]

[Strech]

🔎 Woah, lots of the digging into internals, congrats on our first RAS(P).

I think we can slightly simplify few bits and pieces on a way.

[datadog-datadog-prod-us1]

Datadog Report

Branch report: appsec-add-sqli
Commit report: 971f329
Test service: dd-trace-rb

✅ 0 Failed, 22036 Passed, 1459 Skipped, 6m 0.31s Total Time

[Strech]

LGTM 👍🏼