[ASM] Refactor hardcoded secret analyzer (#5883)

NachoEchevarria · web-flow · commit 496d4206f5c5 · 2024-08-13T18:40:19.000+02:00
## Summary of changes The Hardcoded analyzer has been refactored. These are the main changes: - Replaced the manual sleep and polling mechanism with an asynchronous delay using `Task.Delay`. - Added `ConfigureAwait(false)` to avoid capturing the synchronization context, which can prevent potential deadlocks and improve performance. - Introduced a `CancellationTokenSource` for managing the lifecycle of the polling operation. - Removed the `_started` flag as the `CancellationToken` now controls the start/stop logic. - Ensured proper disposal of resources by calling `_cancellationTokenSource.Cancel()` in the `Dispose` method. ## Reason for change This change was requested. ## Implementation details ## Test coverage ## Other details
diff --git a/tracer/src/Datadog.Trace/Iast/Analyzers/HardcodedSecretsAnalyzer.cs b/tracer/src/Datadog.Trace/Iast/Analyzers/HardcodedSecretsAnalyzer.cs
@@ -23,28 +23,26 @@ internal class HardcodedSecretsAnalyzer : IDisposable
     private static readonly IDatadogLogger Log = DatadogLogging.GetLoggerFor<HardcodedSecretsAnalyzer>();
     private static HardcodedSecretsAnalyzer? _instance = null;
 
-    private readonly ManualResetEventSlim _waitEvent = new(false);
+    private readonly CancellationTokenSource _cancellationTokenSource = new();
     private readonly TimeSpan _regexTimeout;
-    private bool _started = false;
     private List<SecretRegex>? _secretRules = null;
 
     // Internal for testing
     internal HardcodedSecretsAnalyzer(TimeSpan regexTimeout)
     {
         Log.Debug("HardcodedSecretsAnalyzer -> Init");
         _regexTimeout = regexTimeout;
-        _started = true;
-        Task.Run(() => PoolingThread())
-                    .ContinueWith(t => Log.Error(t.Exception, "Error in Hardcoded secret analyzer"), TaskContinuationOptions.OnlyOnFaulted);
+        Task.Run(() => PollingThread(_cancellationTokenSource.Token))
+            .ContinueWith(t => Log.Error(t.Exception, "Error in Hardcoded secret analyzer"), TaskContinuationOptions.OnlyOnFaulted);
     }
 
-    private void PoolingThread()
+    private async Task PollingThread(CancellationToken cancellationToken)
     {
         try
         {
             Log.Debug("HardcodedSecretsAnalyzer polling thread -> Started");
             var userStrings = new UserStringInterop[UserStringsArraySize];
-            while (_started)
+            while (!cancellationToken.IsCancellationRequested)
             {
                 if (Tracer.Instance.Settings.IsIntegrationEnabled(IntegrationId.HardcodedSecret))
                 {
@@ -81,7 +79,7 @@ private void PoolingThread()
                                         IntegrationId.HardcodedSecret));
                                 }
                             }
-                            catch (Exception err)
+                            catch (Exception err) when (!(err is OperationCanceledException))
                             {
                                 Log.Warning(err, "Exception in HardcodedSecretsAnalyzer polling thread loop.");
                             }
@@ -94,12 +92,11 @@ private void PoolingThread()
                     }
                 }
 
-                _waitEvent.Wait(2_000);
+                await Task.Delay(2_000, cancellationToken).ConfigureAwait(false);
             }
         }
-        catch (Exception err)
+        catch (Exception err) when (!(err is OperationCanceledException))
         {
-            _started = false;
             Log.Warning(err, "Exception in HardcodedSecretsAnalyzer polling thread. Disabling feature.");
         }
 
@@ -215,12 +212,8 @@ private static List<SecretRegex> GenerateSecretRules(TimeSpan timeout)
 
     public void Dispose()
     {
-        try
-        {
-            _started = false;
-            _waitEvent.Set();
-        }
-        catch { }
+        _cancellationTokenSource.Cancel();
+        Log.Debug("HardcodedSecretsAnalyzer -> Disposed");
     }
 
     private readonly struct SecretRegex

Original file line number	Diff line number	Diff line change
`@@ -23,28 +23,26 @@ internal class HardcodedSecretsAnalyzer : IDisposable`
`23`	`23`	`private static readonly IDatadogLogger Log = DatadogLogging.GetLoggerFor<HardcodedSecretsAnalyzer>();`
`24`	`24`	`private static HardcodedSecretsAnalyzer? _instance = null;`
`25`	`25`
`26`		`- private readonly ManualResetEventSlim _waitEvent = new(false);`
	`26`	`+ private readonly CancellationTokenSource _cancellationTokenSource = new();`
`27`	`27`	`private readonly TimeSpan _regexTimeout;`
`28`		`- private bool _started = false;`
`29`	`28`	`private List<SecretRegex>? _secretRules = null;`
`30`	`29`
`31`	`30`	`// Internal for testing`
`32`	`31`	`internal HardcodedSecretsAnalyzer(TimeSpan regexTimeout)`
`33`	`32`	`{`
`34`	`33`	`Log.Debug("HardcodedSecretsAnalyzer -> Init");`
`35`	`34`	`_regexTimeout = regexTimeout;`
`36`		`- _started = true;`
`37`		`- Task.Run(() => PoolingThread())`
`38`		`- .ContinueWith(t => Log.Error(t.Exception, "Error in Hardcoded secret analyzer"), TaskContinuationOptions.OnlyOnFaulted);`
	`35`	`+ Task.Run(() => PollingThread(_cancellationTokenSource.Token))`
	`36`	`+ .ContinueWith(t => Log.Error(t.Exception, "Error in Hardcoded secret analyzer"), TaskContinuationOptions.OnlyOnFaulted);`
`39`	`37`	`}`
`40`	`38`
`41`		`- private void PoolingThread()`
	`39`	`+ private async Task PollingThread(CancellationToken cancellationToken)`
`42`	`40`	`{`
`43`	`41`	`try`
`44`	`42`	`{`
`45`	`43`	`Log.Debug("HardcodedSecretsAnalyzer polling thread -> Started");`
`46`	`44`	`var userStrings = new UserStringInterop[UserStringsArraySize];`
`47`		`- while (_started)`
	`45`	`+ while (!cancellationToken.IsCancellationRequested)`
`48`	`46`	`{`
`49`	`47`	`if (Tracer.Instance.Settings.IsIntegrationEnabled(IntegrationId.HardcodedSecret))`
`50`	`48`	`{`
`@@ -81,7 +79,7 @@ private void PoolingThread()`
`81`	`79`	`IntegrationId.HardcodedSecret));`
`82`	`80`	`}`
`83`	`81`	`}`
`84`		`- catch (Exception err)`
	`82`	`+ catch (Exception err) when (!(err is OperationCanceledException))`
`85`	`83`	`{`
`86`	`84`	`Log.Warning(err, "Exception in HardcodedSecretsAnalyzer polling thread loop.");`
`87`	`85`	`}`
`@@ -94,12 +92,11 @@ private void PoolingThread()`
`94`	`92`	`}`
`95`	`93`	`}`
`96`	`94`
`97`		`- _waitEvent.Wait(2_000);`
	`95`	`+ await Task.Delay(2_000, cancellationToken).ConfigureAwait(false);`
`98`	`96`	`}`
`99`	`97`	`}`
`100`		`- catch (Exception err)`
	`98`	`+ catch (Exception err) when (!(err is OperationCanceledException))`
`101`	`99`	`{`
`102`		`- _started = false;`
`103`	`100`	`Log.Warning(err, "Exception in HardcodedSecretsAnalyzer polling thread. Disabling feature.");`
`104`	`101`	`}`
`105`	`102`
`@@ -215,12 +212,8 @@ private static List<SecretRegex> GenerateSecretRules(TimeSpan timeout)`
`215`	`212`
`216`	`213`	`public void Dispose()`
`217`	`214`	`{`
`218`		`- try`
`219`		`- {`
`220`		`- _started = false;`
`221`		`- _waitEvent.Set();`
`222`		`- }`
`223`		`- catch { }`
	`215`	`+ _cancellationTokenSource.Cancel();`
	`216`	`+ Log.Debug("HardcodedSecretsAnalyzer -> Disposed");`
`224`	`217`	`}`
`225`	`218`
`226`	`219`	`private readonly struct SecretRegex`