appsec: implement waf.error and rasp.error#3963
Conversation
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 169947b8fc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
169947b to
e312115
Compare
Benchmarks [ tracer ]Benchmark execution time: 2026-06-08 20:33:06 Comparing candidate commit 5cbd457 in PR branch Found 1 performance improvements and 3 performance regressions! Performance is the same for 190 metrics, 0 unstable metrics.
|
| @@ -118,7 +118,6 @@ class TelemetryTests { | |||
| TelemetryHelpers.Metric connSuccess | |||
There was a problem hiding this comment.
is there no test checking for this new tags?
There was a problem hiding this comment.
These tags are only issued if there is a bug. libddwaf doesn't return failures otherwise. Initially, I added new environment variables to simulate a failure and tested those, but environment variables and filtered on libdatadog, so it became too complicated.
The codecov CLI install fetched the signing key from https://keybase.io/codecovsecurity/pgp_keys.asc, which now returns HTTP 404 ("SELF-SIGNED PUBLIC KEY NOT FOUND"). Since the curl had no -f, it piped the 404 body into `gpg --import`, which found no key and exited non-zero, killing the step under `set -e` (exit 2) before any coverage was produced. This broke all three coverage jobs (appsec code coverage, helper-rust code coverage, helper-rust integration coverage) on every branch, including master. Fetch the same key (fingerprint 27034E7FDB850E0BBC2C62FF806BB28AED779869) from keyserver.ubuntu.com instead, and add -fsSL so curl fails fast on future breakage rather than silently piping an error page into gpg. Verified the key validates codecov.SHA256SUM.sig. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
5cbd457 to
3f67532
Compare
Description
See APPSEC-62689
Reviewer checklist