Class: Datadog::AppSec::Contrib::Rack::RequestMiddleware

Inherits:
Object
  • Object
show all
Defined in:
lib/datadog/appsec/contrib/rack/request_middleware.rb

Overview

Topmost Rack middleware for AppSec This should be inserted just below Datadog::Tracing::Contrib::Rack::TraceMiddleware

Instance Method Summary collapse

Constructor Details

#initialize(app, opt = {}) ⇒ RequestMiddleware

Returns a new instance of RequestMiddleware.



32
33
34
35
36
37
 
# File 'lib/datadog/appsec/contrib/rack/request_middleware.rb', line 32

def initialize(app, opt = {})
  @app = app

  @oneshot_tags_sent = false
  @rack_headers = {}
end

Instance Method Details

#call(env) ⇒ Object

rubocop:disable Metrics/AbcSize,Metrics/MethodLength



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/datadog/appsec/contrib/rack/request_middleware.rb', line 40

def call(env)
  return @app.call(env) unless Datadog::AppSec.enabled?

  boot = Datadog::Core::Remote::Tie.boot
  Datadog::Core::Remote::Tie::Tracing.tag(boot, active_span)

  processor = nil
  ready = false
  ctx = nil

  # For a given request, keep using the first Rack stack scope for
  # nested apps. Don't set `context` local variable so that on popping
  # out of this nested stack we don't finalize the parent's context
  return @app.call(env) if active_context(env)

  Datadog::AppSec.reconfigure_lock do
    processor = Datadog::AppSec.processor

    if !processor.nil? && processor.ready?
      ctx = Datadog::AppSec::Context.activate(
        Datadog::AppSec::Context.new(active_trace, active_span, processor)
      )

      env[Datadog::AppSec::Ext::CONTEXT_KEY] = ctx
      ready = true
    end
  end

  # TODO: handle exceptions, except for @app.call

  return @app.call(env) unless ready

  add_appsec_tags(processor, ctx)
  add_request_tags(ctx, env)

  http_response = nil
  gateway_request = Gateway::Request.new(env)
  gateway_response = nil

  block_actions = catch(::Datadog::AppSec::Ext::INTERRUPT) do
    http_response, = Instrumentation.gateway.push('rack.request', gateway_request) do
      @app.call(env)
    end

    gateway_response = Gateway::Response.new(
      http_response[2], http_response[0], http_response[1], context: ctx
    )

    Instrumentation.gateway.push('rack.response', gateway_response)

    nil
  end

  http_response = AppSec::Response.negotiate(env, block_actions).to_rack if block_actions

  if (result = ctx.waf_runner.extract_schema)
    ctx.waf_runner.events << {
      trace: ctx.trace,
      span: ctx.span,
      waf_result: result,
    }
  end

  ctx.waf_runner.events.each do |e|
    e[:response] ||= gateway_response
    e[:request]  ||= gateway_request
  end

  AppSec::Event.record(ctx.span, *ctx.waf_runner.events)

  http_response
ensure
  if ctx
    add_waf_runtime_tags(ctx)
    Datadog::AppSec::Context.deactivate
  end
end