Embed AppSec rules and templates files to be compatible with bundlers

[iunanua]

What does this PR do?

Move templates/blocked.html and templates/blocked.json file contents to blocked_templates.js file and require it in order to load the appsec templates.
Now is in config.js where the template and rules are loaded, establishing the corresponding values for config.appsec.blockedTemplateHtml and config.appsec.blockedTemplateJson.

Closes #2841
Closes #2899

Motivation

Avoid errors with esbuild bundles

[github-actions]

Overall package size

Self size: 3.99 MB
Deduped: 59.59 MB
No deduping: 59.63 MB

Dependency sizes

name	version	self size	total size
@datadog/native-iast-taint-tracking	1.3.1	13.47 MB	13.47 MB
@datadog/pprof	2.1.0	12.31 MB	13.2 MB
@datadog/native-appsec	2.0.0	12.33 MB	12.34 MB
@datadog/native-metrics	1.5.0	7.1 MB	7.11 MB
protobufjs	7.1.2	2.76 MB	6.55 MB
@datadog/native-iast-rewriter	2.0.1	2.09 MB	2.1 MB
opentracing	0.14.7	194.81 kB	194.81 kB
@datadog/sketches-js	2.1.0	109.9 kB	109.9 kB
lodash.sortby	4.7.0	75.76 kB	75.76 kB
lru-cache	7.14.0	74.95 kB	74.95 kB
semver	5.7.1	61.58 kB	61.58 kB
ipaddr.js	2.0.1	59.52 kB	59.52 kB
ignore	5.2.0	48.87 kB	48.87 kB
import-in-the-middle	1.3.4	32.7 kB	37.17 kB
istanbul-lib-coverage	3.2.0	29.34 kB	29.34 kB
retry	0.10.1	27.44 kB	27.44 kB
lodash.uniq	4.5.0	25.01 kB	25.01 kB
limiter	1.1.5	23.17 kB	23.17 kB
lodash.kebabcase	4.1.1	17.75 kB	17.75 kB
lodash.pick	4.4.0	16.33 kB	16.33 kB
node-abort-controller	3.0.1	14.33 kB	14.33 kB
crypto-randomuuid	1.0.0	11.18 kB	11.18 kB
diagnostics_channel	1.1.0	7.07 kB	7.07 kB
path-to-regexp	0.1.7	6.78 kB	6.78 kB
koalas	1.0.2	6.47 kB	6.47 kB
methods	1.1.2	5.29 kB	5.29 kB
module-details-from-path	1.0.3	4.47 kB	4.47 kB

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

Merging #2913 (89288e5) into master (692048f) will decrease coverage by 15.52%.
The diff coverage is 66.66%.

@@             Coverage Diff             @@
##           master    #2913       +/-   ##
===========================================
- Coverage   87.26%   71.75%   -15.52%     
===========================================
  Files         321      167      -154     
  Lines       11453     6558     -4895     
  Branches       33       33               
===========================================
- Hits         9995     4706     -5289     
- Misses       1458     1852      +394     

Impacted Files	Coverage Δ
...ackages/dd-trace/src/appsec/remote_config/index.js	33.33% <0.00%> (-66.67%)	⬇️
packages/dd-trace/src/plugins/ci_plugin.js	10.00% <ø> (ø)
packages/dd-trace/src/plugins/util/test.js	79.84% <ø> (-0.16%)	⬇️
packages/dd-trace/src/appsec/index.js	17.10% <25.00%> (-82.90%)	⬇️
packages/dd-trace/src/appsec/blocking.js	28.00% <71.42%> (-72.00%)	⬇️
packages/dd-trace/src/appsec/blocked_templates.js	100.00% <100.00%> (ø)
packages/dd-trace/src/appsec/sdk/index.js	57.14% <100.00%> (-42.86%)	⬇️
packages/dd-trace/src/config.js	98.81% <100.00%> (+0.58%)	⬆️

... and 204 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[pr-commenter]

Benchmarks

Comparing candidate commit 89288e5 in PR branch igor/appsec-require-template-files with baseline commit 60b4fde in branch master.

Found 4 performance improvements and 0 performance regressions! Performance is the same for 663 metrics, 41 unstable metrics.

scenario:plugin-graphql-with-depth-off-16

• 🟩 max_rss_usage [-0.180MB; -0.166MB] or [-17.678%; -16.303%]

scenario:plugin-graphql-with-depth-on-max-16

• 🟩 max_rss_usage [-0.182MB; -0.171MB] or [-18.108%; -17.027%]

scenario:plugin-graphql-with-depth-and-collapse-on-16

• 🟩 max_rss_usage [-0.198MB; -0.163MB] or [-19.620%; -16.169%]

scenario:plugin-dns-with-tracer-16

• 🟩 max_rss_usage [-3.284KB; -2.967KB] or [-6.027%; -5.445%]

[Qard]

Seems to me like it would be a whole lot cleaner to just do all the file loading stuff in config.js rather than spreading this file loading stuff all over the codebase.

That's what trace is doing for DD_SPAN_SAMPLING_RULES_FILE here. 🤔

[iunanua]

@Qard @simon-id It is possible to change appsec rules or template paths via remote config?

[simon-id]

Problem of reading the files directly in config.js: telemetry sends the config object at startup, and it would also include the files we read, which is a bit dirty.

[tlhunter]

I do prefer this approach compared to #2899. I could see #2899 being upstreamed into esbuild itself somehow. Maybe a community plugin that somehow interacts with fs, similar to Go's embed functionality. If it were made into an external plugin then I could see us making use of it. Otherwise the approach in #2899 seems pretty heavy for just the two files.

[simon-id]

This is really not good coverage, please use more precise asserts like

expect(log.error).to.have.been.calledTwice
expect(log.error.firstCall).to.have.been.calledWithExactly('...')
expect(log.error.secondCall).to.have.been.calledWithExactly('...')

or something like that

[iunanua]

yes, but have we decided the error message?

[tlhunter]

I think this is adequate: dd-trace: Error reading file /not/found/file/path. Is the 'DD_APPSEC_RULES' environment variable correct?