Module: Datadog::AppSec::Processor::RuleLoader

Defined in:
lib/datadog/appsec/processor/rule_loader.rb

Overview

RuleLoader utility modules that load appsec rules and data from settings

Class Method Summary collapse

Class Method Details

.load_data(ip_denylist: [], user_id_denylist: []) ⇒ Object 



44
45
46
47
48
49
50
 
# File 'lib/datadog/appsec/processor/rule_loader.rb', line 44

def load_data(ip_denylist: [], user_id_denylist: [])
  data = []
  data << [denylist_data('blocked_ips', ip_denylist)] if ip_denylist.any?
  data << [denylist_data('blocked_users', user_id_denylist)] if user_id_denylist.any?

  data
end

.load_exclusions(ip_passlist: []) ⇒ Object 



52
53
54
55
56
57
 
# File 'lib/datadog/appsec/processor/rule_loader.rb', line 52

def load_exclusions(ip_passlist: [])
  exclusions = []
  exclusions << [passlist_exclusions(ip_passlist)] if ip_passlist.any?

  exclusions
end

.load_rules(ruleset:, telemetry:) ⇒ Object 



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/datadog/appsec/processor/rule_loader.rb', line 12

def load_rules(ruleset:, telemetry:)
  begin
    case ruleset
    when :recommended, :strict
      JSON.parse(Datadog::AppSec::Assets.waf_rules(ruleset))
    when :risky
      Datadog.logger.warn(
        'The :risky Application Security Management ruleset has been deprecated and no longer available.'\
        'The `:recommended` ruleset will be used instead.'\
        'Please remove the `appsec.ruleset = :risky` setting from your Datadog.configure block.'
      )
      JSON.parse(Datadog::AppSec::Assets.waf_rules(:recommended))
    when String
      JSON.parse(File.read(File.expand_path(ruleset)))
    when File, StringIO
      JSON.parse(ruleset.read || '').tap { ruleset.rewind }
    when Hash
      ruleset
    else
      raise ArgumentError, "unsupported value for ruleset setting: #{ruleset.inspect}"
    end
  rescue StandardError => e
    Datadog.logger.error do
      "libddwaf ruleset failed to load, ruleset: #{ruleset.inspect} error: #{e.inspect}"
    end

    telemetry.report(e, description: 'libddwaf ruleset failed to load')

    nil
  end
end