Implement SSRF

[estringana]

Description

Expand rasp capabilities with SSRF. This PR changes also the php method push_address. The reason is that now there are php functions which need to push mulitple addresses. Each call to push_address was doing a call to the WAF. This method has been changed to push_addresses allowing to push one or more at the same time.

APPSEC-52930

Reviewer checklist

• Test coverage seems ok.
• Appropriate labels assigned.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 33.33333% with 18 lines in your changes missing coverage. Please review.

Project coverage is 72.98%. Comparing base (8c19ef9) to head (1ee08fa).

Files with missing lines	Patch %	Lines
.../Integrations/Filesystem/FilesystemIntegration.php	0.00%	14 Missing ⚠️
appsec/src/extension/ddappsec.c	42.85%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #3014      +/-   ##
============================================
- Coverage     74.79%   72.98%   -1.81%     
- Complexity     2787     2791       +4     
============================================
  Files           112      139      +27     
  Lines         11033    15275    +4242     
  Branches          0     1043    +1043     
============================================
+ Hits           8252    11149    +2897     
- Misses         2781     3575     +794     
- Partials          0      551     +551     

Flag	Coverage Δ
appsec-extension	68.38% <42.85%> (?)
tracer-php	74.75% <30.00%> (-0.05%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...DTrace/Integrations/Laravel/LaravelIntegration.php	80.22% <100.00%> (ø)
...DTrace/Integrations/Symfony/SymfonyIntegration.php	82.71% <100.00%> (ø)
...ce/Integrations/WordPress/WordPressIntegration.php	94.11% <100.00%> (ø)
appsec/src/extension/ddappsec.c	78.81% <42.85%> (ø)
.../Integrations/Filesystem/FilesystemIntegration.php	0.00% <0.00%> (ø)

... and 26 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8c19ef9...1ee08fa. Read the comment docs.

[pr-commenter]

Benchmarks [ tracer ]

Benchmark execution time: 2025-01-03 12:12:49

Comparing candidate commit 537c557 in PR branch estringana/implement-ssrf with baseline commit c69df0a in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 178 metrics, 0 unstable metrics.

[cataphract]

This doesn't seem sufficient to actually subscribe to the ASM_RASP_* products. In fact, it seems we're not subscribed even to ASM_RASP_LFI (see the logic in ddog_init_remote_config).

To avoid these situations, I would strong recommend that you implement an appsec/tests/integration test that submits the RASP configuration via remote config.

[cataphract]

This doesn't seem sufficient to actually subscribe to the ASM_RASP_* products. In fact, it seems we're not subscribed even to ASM_RASP_LFI (see the logic in ddog_init_remote_config).

To avoid these situations, I would strong recommend that you implement an appsec/tests/integration test that submits the RASP configuration via remote config.

Anil brought to me attention the fact that there are no new products related to RASP, only capabilities. So:

• Add SSRF Rasp capability libdatadog#814 should be reverted,
• the addition of RemoteConfigProduct::AsmRaspLfi should be reverted as well,
• this PR should not contain any references to these nonexistent products on the helper c++ files,
• ddog_init_remote_config should be modified to send these rasp capabilities,
• change integration tests so that it's tested that these capabilities are sent (there is already a test that checks the sent capabilities),
• add integration test for rasp rules, with configuration either via remote config or a local json file.

[estringana]

@cataphract I have addressed all your points