search

DataDog / dd-trace-php

Datadog PHP Clients
https://docs.datadoghq.com/tracing/setup/php
Other
485 stars 151 forks source link

[Bug]: ddappsec gets installed without the cli option provided #2411

Open TomKeur opened 9 months ago

TomKeur commented 9 months ago

Bug report

When I'm installing the PHP Extension in a Docker container, the ddappsec php extensions gets installed, but I do not want it.

I'm using the following Docker image: php:8.2.13-fpm-bookworm

I'm installing Datadog via the PHP installer (inside a Dockerfile)

RUN set -xe \
    # Install Datadog APM
    && cd /tmp && curl -LO https://github.com/DataDog/dd-trace-php/releases/latest/download/datadog-setup.php \
    && php /tmp/datadog-setup.php --php-bin=/usr/local/bin/php --php-bin=/usr/local/sbin/php-fpm \
    && rm -rf /tmp/*

The CLI commands have been found at: https://docs.datadoghq.com/tracing/trace_collection/dd_libraries/php/

PHP version

8.2.13

Tracer or profiler version

0.94.1

Installed extensions

[PHP Modules] amqp apcu bcmath Core ctype curl date ddappsec ddtrace dom fileinfo filter ftp gettext gmp hash iconv intl json libxml mbstring mysqlnd openssl pcntl pcre PDO pdo_mysql pdo_pgsql pdo_sqlite pdo_sqlsrv Phar posix random readline redis Reflection session SimpleXML sockets sodium SPL sqlite3 sqlsrv standard sysvmsg sysvsem sysvshm tokenizer xml xmlreader xmlwriter xsl Zend OPcache zip zlib [Zend Modules] Zend OPcache ddappsec ddtrace

Output of phpinfo()

No response

Upgrading from

No response

Anilm3 commented 9 months ago

We always install the appsec extension when using this particular installer in order to allow customers to enable application security automatically through the dashboard without having to go through a separate installation process. When using --enable-appsec, we also set datadog.appsec.enabled to On so that the extension isn't only loaded but also active.

If you don't wish to load the appsec extension, my suggestion would be to comment out extension = ddappsec.so from your 98-ddtrace.ini configuration file. Although we'll looking into adding more installer options to allow you to customise your installation.

bertoost commented 9 months ago

I agree with @TomKeur and it should be possible to disable installing the appsec extension. Installing it could be the default, with keeping the --enable-appsec. But a --disable-appsec should be an option to avoid installing the extension at all