Skip to content

Commit 91ae7aa

Browse files
bwoebibwoebi
committed
Obfuscate the :name placeholders in PDO away for DBM correlation
1 parent ad5a7e6 commit 91ae7aa

2 files changed

Lines changed: 12 additions & 2 deletions

File tree

src/DDTrace/Integrations/PDO/PDOIntegration.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,8 @@ public static function init(): int
128128

129129
PDOIntegration::injectDBIntegration($instance, $hook, true);
130130
PDOIntegration::handleRasp($instance, $span);
131+
132+
$span->resource = PDOIntegration::useQuestionMarkPlaceholders($span->resource);
131133
}, static function (HookData $hook) {
132134
$pdo = $hook->returned;
133135
ObjectKVStore::propagate($hook->instance, $pdo, PDOIntegration::CONNECTION_TAGS_KEY);
@@ -170,6 +172,8 @@ static function (HookData $hook) {
170172
PDOIntegration::setCommonSpanInfo($instance, $span);
171173
PDOIntegration::addTraceAnalyticsIfEnabled($span);
172174
PDOIntegration::detectError($instance, $span);
175+
176+
$span->resource = PDOIntegration::useQuestionMarkPlaceholders($span->resource);
173177
}
174178
);
175179

@@ -352,4 +356,10 @@ function_exists('datadog\appsec\push_addresses');
352356
);
353357
\datadog\appsec\push_addresses($addresses, "sqli");
354358
}
359+
360+
public static function useQuestionMarkPlaceholders($query)
361+
{
362+
// Regex according to rules from pdo_sql_parser.re
363+
return \preg_replace('((?:/\*([^*]++|\*++[^/])*\*/(*COMMIT)|--.*(*SKIP)(*F)|"(?:""|[^"]++)*"(*COMMIT)|\'(?:\'\'|[^\']++)*\'(*COMMIT)|[^/:\'"-]++|.)*?\K:[a-zA-Z0-9_]+)s', "?", $query);
364+
}
355365
}

tests/Integrations/PDO/PDOTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -415,11 +415,11 @@ public function testPDOCommit()
415415

416416
public function testPDOStatementOk()
417417
{
418-
$query = "SELECT * FROM tests WHERE id = ?";
418+
$query = "SELECT * FROM tests WHERE id = :param";
419419
$traces = $this->isolateTracer(function () use ($query) {
420420
$pdo = $this->pdoInstance();
421421
$stmt = $pdo->prepare($query);
422-
$stmt->execute([1]);
422+
$stmt->execute(["param" => 1]);
423423
$results = $stmt->fetchAll();
424424
$this->assertEquals('Tom', $results[0]['name']);
425425
$stmt->closeCursor();

0 commit comments

Comments
 (0)