Implement SSRF #5034
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Profiling correctness | |
on: | |
pull_request: | |
schedule: | |
- cron: '0 0 * * *' | |
jobs: | |
prof-correctness: | |
runs-on: ubuntu-24.04 | |
strategy: | |
matrix: | |
php-version: [8.0, 8.1, 8.2, 8.3, 8.4] | |
phpts: [nts, zts] | |
include: | |
- phpts: zts | |
extensions: parallel | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: Setup PHP | |
uses: shivammathur/[email protected] | |
with: | |
php-version: ${{ matrix.php-version }} | |
extensions: ${{ matrix.extensions }} | |
env: | |
phpts: ${{ matrix.phpts }} | |
- name: Restore build cache | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.php-version }}-${{ matrix.phpts }} | |
- name: Build profiler | |
run: | | |
echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-17 main" | sudo tee -a /etc/apt/sources.list | |
echo "deb-src http://apt.llvm.org/jammy/ llvm-toolchain-jammy-17 main" | sudo tee -a /etc/apt/sources.list | |
curl https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - | |
curl https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc | |
sudo apt remove -y clang-* | |
sudo apt-get update | |
sudo apt install -y clang-17 | |
cd profiling | |
version_number=$(awk -F' = ' '$1 == "channel" { gsub(/"/, "", $2); print $2 }' rust-toolchain.toml) | |
curl https://sh.rustup.rs -sSf | sh -s -- --profile minimal -y --default-toolchain "$version_number" | |
cargo rustc --features="trigger_time_sample" --release --crate-type=cdylib | |
- name: Cache build dependencies | |
uses: actions/cache/save@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.php-version }}-${{ matrix.phpts }} | |
- name: Run no profile test | |
run: | | |
export DD_PROFILING_ENABLED=Off | |
export DD_PROFILING_EXPERIMENTAL_FEATURES_ENABLED=1 | |
export DD_PROFILING_EXCEPTION_MESSAGE_ENABLED=1 | |
php -v | |
php -d extension=target/release/libdatadog_php_profiling.so --ri datadog-profiling | |
for test_case in "allocations" "time" "strange_frames" "timeline" "exceptions"; do | |
mkdir -p profiling/tests/correctness/"$test_case"/ | |
export DD_PROFILING_OUTPUT_PPROF=$PWD/profiling/tests/correctness/"$test_case"/test.pprof | |
php -d extension=$PWD/target/release/libdatadog_php_profiling.so profiling/tests/correctness/"$test_case".php | |
if [ -f "$DD_PROFILING_OUTPUT_PPROF".1.lz4 ]; then | |
echo "File $DD_PROFILING_OUTPUT_PPROF.1.lz4 should not exist!" | |
exit 1; | |
fi | |
done | |
- name: Run tests | |
run: | | |
export DD_PROFILING_LOG_LEVEL=trace | |
export DD_PROFILING_EXPERIMENTAL_FEATURES_ENABLED=1 | |
export DD_PROFILING_EXPERIMENTAL_EXCEPTION_SAMPLING_DISTANCE=1 | |
export DD_PROFILING_EXCEPTION_MESSAGE_ENABLED=1 | |
php -v | |
php -d extension=target/release/libdatadog_php_profiling.so --ri datadog-profiling | |
for test_case in "allocations" "time" "strange_frames" "timeline" "exceptions"; do | |
mkdir -p profiling/tests/correctness/"$test_case"/ | |
export DD_PROFILING_OUTPUT_PPROF=$PWD/profiling/tests/correctness/"$test_case"/test.pprof | |
php -d extension=$PWD/target/release/libdatadog_php_profiling.so profiling/tests/correctness/"$test_case".php | |
done | |
- name: Run ZTS tests | |
if: matrix.phpts == 'zts' | |
run: | | |
export DD_PROFILING_LOG_LEVEL=trace | |
export DD_PROFILING_EXPERIMENTAL_FEATURES_ENABLED=1 | |
export DD_PROFILING_EXPERIMENTAL_EXCEPTION_SAMPLING_DISTANCE=1 | |
export DD_PROFILING_EXCEPTION_MESSAGE_ENABLED=1 | |
php -v | |
php -d extension=target/release/libdatadog_php_profiling.so --ri datadog-profiling | |
for test_case in "exceptions_zts"; do | |
mkdir -p profiling/tests/correctness/"$test_case"/ | |
export DD_PROFILING_OUTPUT_PPROF=$PWD/profiling/tests/correctness/"$test_case"/test.pprof | |
php -d extension=$PWD/target/release/libdatadog_php_profiling.so profiling/tests/correctness/"$test_case".php | |
done | |
- name: Check profiler correctness for allocations | |
if: matrix.phpts != 'zts' | |
uses: Datadog/prof-correctness/analyze@main | |
with: | |
expected_json: profiling/tests/correctness/allocations.json | |
pprof_path: profiling/tests/correctness/allocations/ | |
- name: Check profiler correctness for time | |
uses: Datadog/prof-correctness/analyze@main | |
with: | |
expected_json: profiling/tests/correctness/time.json | |
pprof_path: profiling/tests/correctness/time/ | |
- name: Check profiler correctness for strange frames | |
uses: Datadog/prof-correctness/analyze@main | |
with: | |
expected_json: profiling/tests/correctness/strange_frames.json | |
pprof_path: profiling/tests/correctness/strange_frames/ | |
- name: Check profiler correctness for timeline | |
uses: Datadog/prof-correctness/analyze@main | |
with: | |
expected_json: profiling/tests/correctness/timeline.json | |
pprof_path: profiling/tests/correctness/timeline/ | |
- name: Check profiler correctness for exceptions ZTS | |
if: matrix.phpts == 'zts' | |
uses: Datadog/prof-correctness/analyze@main | |
with: | |
expected_json: profiling/tests/correctness/exceptions_zts.json | |
pprof_path: profiling/tests/correctness/exceptions_zts/ | |
- name: Check profiler correctness for exceptions | |
uses: Datadog/prof-correctness/analyze@main | |
with: | |
expected_json: profiling/tests/correctness/exceptions.json | |
pprof_path: profiling/tests/correctness/exceptions/ | |
- name: Notify Slack | |
if: failure() && github.ref == 'refs/heads/master' | |
run: | | |
curl -X POST "${{ secrets.SLACK_WEBHOOK }}" \ | |
-H 'Content-Type: application/json' \ | |
-d "{'scenarios': 'PHP', 'failed_run_url': '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'}" |