Module: Datadog::AppSec::Contrib::ActiveRecord::Instrumentation

Defined in:: lib/datadog/appsec/contrib/active_record/instrumentation.rb

Overview

AppSec module that will be prepended to ActiveRecord adapter

Defined Under Namespace

Modules: ExecQueryAdapterPatch, ExecuteAndClearAdapterPatch, InternalExecQueryAdapterPatch

Class Method Summary collapse

.detect_sql_injection(sql, adapter_name) ⇒ Object

Class Method Details

.detect_sql_injection(sql, adapter_name) ⇒ `Object`

# File 'lib/datadog/appsec/contrib/active_record/instrumentation.rb', line 11

def detect_sql_injection(sql, adapter_name)
  scope = AppSec.active_scope
  return unless scope

  # libddwaf expects db system to be lowercase,
  # in case of sqlite adapter, libddwaf expects 'sqlite' as db system
  db_system = adapter_name.downcase
  db_system = 'sqlite' if db_system == 'sqlite3'

  ephemeral_data = {
    'server.db.statement' => sql,
    'server.db.system' => db_system
  }

  waf_timeout = Datadog.configuration.appsec.waf_timeout
  result = scope.processor_context.run({}, ephemeral_data, waf_timeout)

  if result.status == :match
    Datadog::AppSec::Event.tag_and_keep!(scope, result)

    event = {
      waf_result: result,
      trace: scope.trace,
      span: scope.service_entry_span,
      sql: sql,
      actions: result.actions
    }
    scope.processor_context.events << event
  end
end

Module: Datadog::AppSec::Contrib::ActiveRecord::Instrumentation

Overview

Defined Under Namespace

Class Method Summary collapse

Class Method Details

.detect_sql_injection(sql, adapter_name) ⇒ Object

.detect_sql_injection(sql, adapter_name) ⇒ `Object`