Class: Datadog::AppSec::Context Private

Inherits:

Object

• Object
• Datadog::AppSec::Context

Defined in:

lib/datadog/appsec/context.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Request-bound context providing threat detection interface.

Activated at the start of a request (see Contrib::Rack::RequestMiddleware) and shared across all instrumentations within that request’s lifecycle.

Accumulates security events, metrics, and state needed for coordinated threat detection.

Constant Summary

ActiveContextError =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Steep: github.com/soutaro/steep/issues/1880

Class.new(StandardError)

Instance Attribute Summary

• #downstream_body_sampler ⇒ Object readonly private

  Sampler for downstream HTTP request/response body analysis.

• #span ⇒ Object readonly private

  TODO: add delegators for active trace span.

• #state ⇒ Object readonly private

  Shared mutable storage for counters, flags, and data accumulated during the request’s lifecycle.

• #trace ⇒ Object readonly private

  TODO: add delegators for active trace span.

Class Method Summary

• .activate(context) ⇒ Object private
• .active ⇒ Object private
• .deactivate ⇒ Object private

Instance Method Summary

• #events ⇒ Object private
• #export_metrics ⇒ Object private
• #export_request_telemetry ⇒ Object private
• #extract_schema! ⇒ Object private
• #finalize! ⇒ Object private
• #initialize(trace, span, waf_runner) ⇒ Context constructor private

  A new instance of Context.

• #interrupted? ⇒ Boolean private
• #mark_as_interrupted! ⇒ Object private
• #run_rasp(type, persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT, phase: nil) ⇒ Object private
• #run_waf(persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT) ⇒ Object private
• #waf_runner_known_addresses ⇒ Object private
• #waf_runner_ruleset_version ⇒ Object private

Constructor Details

#initialize(trace, span, waf_runner) ⇒ Context

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of Context.

# File 'lib/datadog/appsec/context.rb', line 54

def initialize(trace, span, waf_runner)
  @trace = trace
  @span = span
  @waf_runner = waf_runner
  @metrics = Metrics::Collector.new
  @downstream_body_sampler = CounterSampler.new(
    Datadog.configuration.appsec.api_security.downstream_body_analysis.sample_rate
  )
  @state = {
    events: [],
    interrupted: false,
    downstream_body_analyzed_count: 0
  }
end

Instance Attribute Details

#downstream_body_sampler ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sampler for downstream HTTP request/response body analysis.

# File 'lib/datadog/appsec/context.rb', line 33

def downstream_body_sampler
  @downstream_body_sampler
end

#span ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

TODO: add delegators for active trace span

# File 'lib/datadog/appsec/context.rb', line 23

def span
  @span
end

#state ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Shared mutable storage for counters, flags, and data accumulated during the request’s lifecycle.

NOTE: This attribute is a subject to change, but in a current form

it's a `Hash`-like structure.

# File 'lib/datadog/appsec/context.rb', line 30

def state
  @state
end

#trace ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

TODO: add delegators for active trace span

# File 'lib/datadog/appsec/context.rb', line 23

def trace
  @trace
end

Class Method Details

.activate(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raises:

• (ArgumentError)

# File 'lib/datadog/appsec/context.rb', line 36

def activate(context)
  raise ArgumentError, 'not a Datadog::AppSec::Context' unless context.instance_of?(Context)
  raise ActiveContextError, 'another context is active, nested contexts are not supported' if active

  Thread.current[Ext::ACTIVE_CONTEXT_KEY] = context
end

.active ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 49

def active
  Thread.current[Ext::ACTIVE_CONTEXT_KEY]
end

.deactivate ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 43

def deactivate
  active&.finalize!
ensure
  Thread.current[Ext::ACTIVE_CONTEXT_KEY] = nil
end

Instance Method Details

#events ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 85

def events
  @state[:events]
end

#export_metrics ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 114

def export_metrics
  return if @span.nil?

  Metrics::Exporter.export_waf_metrics(@metrics.waf, @span)
  Metrics::Exporter.export_rasp_metrics(@metrics.rasp, @span)
end

#export_request_telemetry ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 121

def export_request_telemetry
  return if @trace.nil?

  Metrics::TelemetryExporter.export_waf_request_metrics(@metrics.waf, self)
  Metrics::TelemetryExporter.export_api_security_metrics(self)
end

#extract_schema! ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 105

def extract_schema!
  waf_result = @waf_runner.run({'waf.context.processor' => {'extract-schema' => true}}, {})
  security_event = AppSec::SecurityEvent.new(waf_result, trace: trace, span: span)

  @state[:schema_extracted] = security_event.schema?

  events.push(security_event)
end

#finalize! ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 128

def finalize!
  @waf_runner.finalize!
end

#interrupted? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (Boolean)

# File 'lib/datadog/appsec/context.rb', line 93

def interrupted?
  @state[:interrupted]
end

#mark_as_interrupted! ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 89

def mark_as_interrupted!
  @state[:interrupted] = true
end

#run_rasp(type, persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT, phase: nil) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 76

def run_rasp(type, persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT, phase: nil)
  result = @waf_runner.run(persistent_data, ephemeral_data, timeout)

  Metrics::Telemetry.report_rasp(type, result, phase: phase)
  @metrics.record_rasp(result, type: type, phase: phase)

  result
end

#run_waf(persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 69

def run_waf(persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
  result = @waf_runner.run(persistent_data, ephemeral_data, timeout)

  @metrics.record_waf(result)
  result
end

#waf_runner_known_addresses ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 101

def waf_runner_known_addresses
  @waf_runner.waf_addresses
end

#waf_runner_ruleset_version ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/appsec/context.rb', line 97

def waf_runner_ruleset_version
  @waf_runner.ruleset_version
end