graceful fallback if appsec template files are missing

[tlhunter]

What does this PR do?

• if the template files used by appsec are missing on disk then gently fallback to basic inlined version

Motivation

• this fixes an upcoming issue with bundler support where template files are not bundled

[github-actions]

Overall package size

Self size: 3.84 MB
Deduped: 57.5 MB
No deduping: 57.55 MB

Dependency sizes

name	version	self size	total size
@datadog/native-iast-taint-tracking	1.1.1	13.38 MB	13.39 MB
@datadog/native-appsec	2.0.0	12.33 MB	12.34 MB
@datadog/pprof	2.0.0	10.47 MB	11.35 MB
@datadog/native-metrics	1.5.0	7.1 MB	7.11 MB
protobufjs	7.1.2	2.76 MB	6.55 MB
@datadog/native-iast-rewriter	2.0.1	2.09 MB	2.1 MB
opentracing	0.14.7	194.81 kB	194.81 kB
@datadog/sketches-js	2.1.0	109.9 kB	109.9 kB
lodash.sortby	4.7.0	75.76 kB	75.76 kB
lru-cache	7.14.0	74.95 kB	74.95 kB
semver	5.7.1	61.58 kB	61.58 kB
ipaddr.js	2.0.1	59.52 kB	59.52 kB
ignore	5.2.0	48.87 kB	48.87 kB
import-in-the-middle	1.3.4	32.7 kB	37.17 kB
istanbul-lib-coverage	3.2.0	29.34 kB	29.34 kB
retry	0.10.1	27.44 kB	27.44 kB
lodash.uniq	4.5.0	25.01 kB	25.01 kB
limiter	1.1.5	23.17 kB	23.17 kB
lodash.kebabcase	4.1.1	17.75 kB	17.75 kB
lodash.pick	4.4.0	16.33 kB	16.33 kB
node-abort-controller	3.0.1	14.33 kB	14.33 kB
crypto-randomuuid	1.0.0	11.18 kB	11.18 kB
diagnostics_channel	1.1.0	7.07 kB	7.07 kB
path-to-regexp	0.1.7	6.78 kB	6.78 kB
koalas	1.0.2	6.47 kB	6.47 kB
methods	1.1.2	5.29 kB	5.29 kB
module-details-from-path	1.0.3	4.47 kB	4.47 kB

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

Merging #2841 (2016762) into master (09d605f) will increase coverage by 2.21%.
The diff coverage is 55.55%.

@@            Coverage Diff             @@
##           master    #2841      +/-   ##
==========================================
+ Coverage   89.26%   91.47%   +2.21%     
==========================================
  Files         317      269      -48     
  Lines       11282     9459    -1823     
  Branches       33       33              
==========================================
- Hits        10071     8653    -1418     
+ Misses       1211      806     -405     

Impacted Files	Coverage Δ
packages/dd-trace/src/appsec/blocking.js	82.22% <55.55%> (-17.78%)	⬇️

... and 48 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[Qard]

Perhaps it would be better to just inline the current files with template strings or something?

[Qard]

You could just set these to the template* variables directly and skip needing these extra vars.

[tlhunter]

Change has been made

[pr-commenter]

Benchmarks

Comparing candidate commit 4d5a1a9 in PR branch tlhunter/appsec-missing-file-graceful with baseline commit 09d605f in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 676 metrics, 32 unstable metrics.

[simon-id]

There is another file which is read at runtime, it's dd-trace/src/appsec/recommended.json, it is read by dd-trace/src/appsec/index.js.
Shouldn't we do something about that too ?

[simon-id]

Shouldn't we have some tests for this ?

[simon-id]

@iunanua

[simon-id]

After discussion with the guild, the best solution would I think be to embed the html and json templates directly in js files as a string and require those files. As for the rules files I mentionned above, basically just require it. I'm not sure if we should require those 3 files at startup time or we can keep it during runtime like it is currently.

[iunanua]

to embed the html and json templates directly in js files

this is the simplest solution but templates and rules file are configurable by the user.
In the case of blockedTemplateHtml you would need to wrap the html content inside a string and export it and then you could require it.
Something like this:

module.exports = '
<!DOCTYPE html>
<html lang="en">
...
'

And blockedTemplateHtml property is a path so yo will have to differentiate when a user has configured it to not require and readFile it like before because user will continue to use an html file.

[iunanua]

Another detail, esbuild can bundle requires with packages that it can resolve during build time but it cannot with things like:

const rules = require(_config.appsec.rules || path.join(__dirname, 'recommended.json'))

I'm trying to extend Thomas esbuild plugin to detect the load of certain files like appsec/index.js or appsec/blocking.js and make some expression replacements in order to embed the template and json files content inside them

[iunanua]

one solution using require #2913