Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ddappsec.so to datadog extension #457

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add ddappsec.so to datadog extension #457

wants to merge 3 commits into from

Conversation

annuh
Copy link
Contributor

@annuh annuh commented May 31, 2023
edited
Loading

Fixes #456.

Proposed fix:
Include the ddappsec.so module in the Datadog layer.

Without this fix, I'm getting the following errors:

Warning: PHP Startup: Unable to load dynamic library 'ddappsec.so' (tried: /opt/bref/extensions/ddappsec.so (/opt/bref/extensions/ddappsec.so: cannot open shared object file: No such file or directory), /opt/bref/extensions/ddappsec.so.so (/opt/bref/extensions/ddappsec.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0

annuh
annuh commented May 31, 2023
View reviewed changes
layers/datadog/Dockerfile
cp "$(php-config --ini-dir)/98-ddtrace.ini" /tmp/ext.ini

RUN sed -i 's/extension = ddtrace\.so/extension = \/opt\/bref-extra\/ddtrace.so/' /tmp/ext.ini && \
sed -i 's/extension = datadog-profiling\.so/extension = \/opt\/bref-extra\/datadog-profiling.so/' /tmp/ext.ini && \
sed -i 's/extension = ddappsec\.so/\/opt\/bref-extra\/ddappsec.so/' /tmp/ext.ini && \
Copy link
Contributor Author

@annuh annuh May 31, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another solution could be to simply disable loading the extension, but it looks the datadog-setup script assumes this extension is always there: https://github.com/DataDog/dd-trace-php/blob/master/datadog-setup.php#L577-L580
Possible related: DataDog/dd-trace-php#2014

Suggested change
sed -i 's/extension = ddappsec\.so/\/opt\/bref-extra\/ddappsec.so/' /tmp/ext.ini && \
sed -i 's/extension = ddappsec\.so/;extension = ddappsec\.so/' /tmp/ext.ini && \

@annuh annuh marked this pull request as ready for review May 31, 2023 10:30
GrahamCampbell
GrahamCampbell suggested changes May 31, 2023
View reviewed changes
Copy link
Contributor

@GrahamCampbell GrahamCampbell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should fix this here, and instead wait for the upstream fix to be completed.

@annuh
Copy link
Contributor Author

annuh commented May 31, 2023
edited
Loading

I don't think we should fix this here, and instead wait for the upstream fix to be completed.

Based on that ticket (DataDog/dd-trace-php#2014), it's not clear to me what exactly will be fixed. Maybe this fix (or: work-around) will still be needed, because the datadog-php-trace setup script assumes ddappsec.so is always present, in a normal installation.

EDIT: this is also described in the documentation:

When you do not specify --enable-appsec, the AppSec extension loads shortly at startup, and is not enabled by default. It immediately short-circuits, causing negligible performance overhead.
Source: https://docs.datadoghq.com/tracing/trace_collection/dd_libraries/php/?tab=otherenvironments

@annuh annuh requested a review from GrahamCampbell June 2, 2023 10:48
@Nyholm
Copy link
Collaborator

Nyholm commented Sep 16, 2023

Hm... I think this is reasonable.
Anything happened for DataDog the past few months?

@annuh
Copy link
Contributor Author

annuh commented Oct 17, 2023
edited
Loading

Hm... I think this is reasonable. Anything happened for DataDog the past few months?

Not as far I know.
The Datadog docs still mention that “the AppSec extension loads shortly at startup”. Also, the Unable to load dynamic library 'ddappsec.so' warning is still logged. To avoid this warning, it would be nice if this PR could be merged 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GrahamCampbell GrahamCampbell Awaiting requested review from GrahamCampbell

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Datadog] PHP Startup: Unable to load dynamic library 'ddappsec.so'
3 participants
@annuh @Nyholm @GrahamCampbell