Module: Datadog::AppSec::Contrib::RestClient::RequestSSRFDetectionPatch
- Defined in:
- lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb
Overview
Module that adds SSRF detection to RestClient::Request#execute
Instance Method Summary collapse
Instance Method Details
#execute(&block) ⇒ Object
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb', line 13 def execute(&block) context = AppSec.active_context return super unless context && AppSec.rasp_enabled? timeout = Datadog.configuration.appsec.waf_timeout ephemeral_data = { 'server.io.net.url' => url, 'server.io.net.request.method' => method.to_s.upcase, 'server.io.net.request.headers' => normalize_request_headers } result = context.run_rasp(Ext::RASP_SSRF, {}, ephemeral_data, timeout, phase: Ext::RASP_REQUEST_PHASE) handle(result, context: context) if result.match? response = super ephemeral_data = { 'server.io.net.response.status' => response.code.to_s, 'server.io.net.response.headers' => normalize_response_headers(response) } result = context.run_rasp(Ext::RASP_SSRF, {}, ephemeral_data, timeout, phase: Ext::RASP_RESPONSE_PHASE) handle(result, context: context) if result.match? response end |