don't allocate new dictionary

Author: anna-git

tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.cs

@@ -106,23 +106,21 @@ internal readonly partial struct SecurityCoordinator
             var additiveContext = GetOrCreateAdditiveContext();
             if (additiveContext?.ShouldRunWith(_security, userId, userLogin, userSessionId, fromSdk) is { Count: > 0 } userAddresses)
             {
-                addresses = userAddresses.ToDictionary(k => k.Key, object (v) => v.Value);
-
                 if (otherTags is not null)
                 {
                     foreach (var kvp in otherTags)
                     {
-                        if (!addresses.ContainsKey(kvp.Key))
+                        if (!userAddresses.ContainsKey(kvp.Key))
                         {
-                            addresses.Add(kvp.Key, kvp.Value);
+                            userAddresses.Add(kvp.Key, kvp.Value);
                         }
                     }
                 }
 
-                SecurityReporter.LogAddressIfDebugEnabled(addresses);
+                SecurityReporter.LogAddressIfDebugEnabled(userAddresses);
 
                 // run the WAF and execute the results
-                result = additiveContext.Run(addresses, _security.Settings.WafTimeoutMicroSeconds);
+                result = additiveContext.Run(userAddresses, _security.Settings.WafTimeoutMicroSeconds);
                 additiveContext.CommitUserRuns(userAddresses, fromSdk);
                 RecordTelemetry(result);
 

tracer/src/Datadog.Trace/AppSec/Waf/Context.cs

@@ -63,9 +63,9 @@ private Context(IntPtr contextHandle, IWaf waf, IWafLibraryInvoker wafLibraryInv
     public IResult? RunWithEphemeral(IDictionary<string, object> ephemeralAddressData, ulong timeoutMicroSeconds, bool isRasp)
         => RunInternal(null, ephemeralAddressData, timeoutMicroSeconds, isRasp);
 
-    public Dictionary<string, string> ShouldRunWith(IDatadogSecurity security, string? userId = null, string? userLogin = null, string? userSessionId = null, bool fromSdk = false)
+    public Dictionary<string, object> ShouldRunWith(IDatadogSecurity security, string? userId = null, string? userLogin = null, string? userSessionId = null, bool fromSdk = false)
     {
-        var addresses = new Dictionary<string, string>();
+        var addresses = new Dictionary<string, object>();
         ShouldRun(_userEventsState.Id, userId, AddressesConstants.UserId);
         ShouldRun(_userEventsState.Login, userLogin, AddressesConstants.UserLogin);
         ShouldRun(_userEventsState.SessionId, userSessionId, AddressesConstants.UserSessionId);
@@ -92,21 +92,21 @@ void ShouldRun(UserEventsState.UserRecord? userRecord, string? value, string add
         }
     }
 
-    public void CommitUserRuns(IDictionary<string, string> addresses, bool fromSdk)
+    public void CommitUserRuns(Dictionary<string, object> addresses, bool fromSdk)
     {
         if (addresses.TryGetValue(AddressesConstants.UserId, out var address))
         {
-            _userEventsState.Id = new(address, fromSdk);
+            _userEventsState.Id = new(address.ToString(), fromSdk);
         }
 
         if (addresses.TryGetValue(AddressesConstants.UserLogin, out address))
         {
-            _userEventsState.Login = new(address, fromSdk);
+            _userEventsState.Login = new(address.ToString(), fromSdk);
         }
 
         if (addresses.TryGetValue(AddressesConstants.UserSessionId, out address))
         {
-            _userEventsState.SessionId = new(address, fromSdk);
+            _userEventsState.SessionId = new(address.ToString(), fromSdk);
         }
     }
 

tracer/src/Datadog.Trace/AppSec/Waf/IContext.cs

@@ -16,7 +16,7 @@ internal interface IContext : IDisposable
 
     IResult? RunWithEphemeral(IDictionary<string, object> ephemeralAddressData, ulong timeoutMicroSeconds, bool isRasp);
 
-    Dictionary<string, string> ShouldRunWith(IDatadogSecurity security, string? userId = null, string? userLogin = null, string? userSessionId = null, bool fromSdk = false);
+    Dictionary<string, object> ShouldRunWith(IDatadogSecurity security, string? userId = null, string? userLogin = null, string? userSessionId = null, bool fromSdk = false);
 
-    void CommitUserRuns(IDictionary<string, string> addresses, bool fromSdk);
+    void CommitUserRuns(Dictionary<string, object> addresses, bool fromSdk);
 }

tracer/test/Datadog.Trace.Security.Unit.Tests/ContextUserEventTests.cs

@@ -28,12 +28,12 @@ public void NewValuesTests()
         var userId = "toto";
         var addresses = context!.ShouldRunWith(security.Object, userId: userId);
         addresses.Should().HaveCount(1);
-        addresses.Should().Contain(new KeyValuePair<string, string>(AddressesConstants.UserId, userId));
+        addresses.Should().Contain(new KeyValuePair<string, object>(AddressesConstants.UserId, userId));
         context.CommitUserRuns(addresses, false);
         userId = "tata";
         // should run with a different value
         addresses = context!.ShouldRunWith(security.Object, userId: userId);
-        addresses.Should().Contain(new KeyValuePair<string, string>(AddressesConstants.UserId, userId));
+        addresses.Should().Contain(new KeyValuePair<string, object>(AddressesConstants.UserId, userId));
         addresses.Should().HaveCount(1);
         context.CommitUserRuns(addresses, false);
 
@@ -55,17 +55,17 @@ public void NewValuesSessionTests()
         var userId = "toto";
         var addresses = context!.ShouldRunWith(security.Object, userId: userId, fromSdk: true);
         addresses.Should().HaveCount(1);
-        addresses.Should().Contain(new KeyValuePair<string, string>(AddressesConstants.UserId, userId));
+        addresses.Should().Contain(new KeyValuePair<string, object>(AddressesConstants.UserId, userId));
         context.CommitUserRuns(addresses, true);
         var ssessionId = "234";
         addresses = context!.ShouldRunWith(security.Object, userSessionId: ssessionId);
         addresses.Should().HaveCount(1);
-        addresses.Should().Contain(new KeyValuePair<string, string>(AddressesConstants.UserSessionId, ssessionId));
+        addresses.Should().Contain(new KeyValuePair<string, object>(AddressesConstants.UserSessionId, ssessionId));
         context.CommitUserRuns(addresses, false);
         ssessionId = "tata";
         // should run with a different value
         addresses = context!.ShouldRunWith(security.Object, userSessionId: ssessionId);
-        addresses.Should().Contain(new KeyValuePair<string, string>(AddressesConstants.UserSessionId, ssessionId));
+        addresses.Should().Contain(new KeyValuePair<string, object>(AddressesConstants.UserSessionId, ssessionId));
         addresses.Should().HaveCount(1);
         context.CommitUserRuns(addresses, false);
 
@@ -92,7 +92,7 @@ public void AddressDisabledNo()
 
         // should run with a different value
         addresses = context!.ShouldRunWith(security.Object, userId: userId, userSessionId: userSessionId);
-        addresses.Should().Contain(new KeyValuePair<string, string>(AddressesConstants.UserSessionId, userSessionId));
+        addresses.Should().Contain(new KeyValuePair<string, object>(AddressesConstants.UserSessionId, userSessionId));
         addresses.Should().HaveCount(1);
         context.CommitUserRuns(addresses, false);
     }
@@ -122,7 +122,7 @@ public void SdkOverrideTest()
         var userId = "toto";
         var addresses = context!.ShouldRunWith(security.Object, userId: userId);
         addresses.Should().HaveCount(1);
-        addresses.Should().Contain(new KeyValuePair<string, string>(AddressesConstants.UserId, userId));
+        addresses.Should().Contain(new KeyValuePair<string, object>(AddressesConstants.UserId, userId));
         context.CommitUserRuns(addresses, true);
         addresses = context!.ShouldRunWith(security.Object, userId: "other");
         addresses.Should().HaveCount(0);