Skip to content

Implement SSRF

Implement SSRF #3423

Workflow file for this run

name: Profiling ASAN Tests
on:
pull_request:
jobs:
prof-asan:
runs-on: ubuntu-24.04
strategy:
matrix:
php-version: [8.3, 8.4]
container:
image: datadog/dd-trace-ci:php-${{matrix.php-version}}_bookworm-5
# https://docs.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user
options: --user root --privileged
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: Restore build cache
uses: actions/cache/restore@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-asan-${{ hashFiles('**/Cargo.lock') }}
- name: Build and install profiler
run: |
set -eux
switch-php nts-asan
rm $(php-config --ini-dir)/sqlsrv.ini #sqlsrv leaks memory and triggers asan
cd profiling
export CARGO_TARGET_DIR=/tmp/build-cargo
export CC=clang-17
export CFLAGS='-fsanitize=address -fno-omit-frame-pointer'
export LDFLAGS='-fsanitize=address -shared-libasan'
export RUSTC_LINKER=lld-17
triplet=$(uname -m)-unknown-linux-gnu
RUST_NIGHTLY_VERSION="-2025-01-03"
RUSTFLAGS='-Zsanitizer=address' cargo +nightly${RUST_NIGHTLY_VERSION} build -Zbuild-std --target $triplet --release
cp -v "$CARGO_TARGET_DIR/$triplet/release/libdatadog_php_profiling.so" "$(php-config --extension-dir)/datadog-profiling.so"
- name: Cache build dependencies
uses: actions/cache/save@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
/tmp/build-cargo/
key: ${{ runner.os }}-cargo-asan-${{ hashFiles('**/Cargo.lock') }}
- name: Run phpt tests
run: |
set -eux
switch-php nts-asan
cd profiling/tests
cp -v $(php-config --prefix)/lib/php/build/run-tests.php .
export DD_PROFILING_OUTPUT_PPROF=/tmp/pprof
php run-tests.php --show-diff --asan -d extension=datadog-profiling.so phpt