Class: Datadog::AppSec::RateLimiter

Inherits:

Object

Object
Datadog::AppSec::RateLimiter

show all

Defined in:: lib/datadog/appsec/rate_limiter.rb

Overview

Per-thread rate limiter based on token bucket rate limiter.

Since AppSec marks sampling to keep on a security event, this limits the flood of egress traces involving AppSec

Constant Summary collapse

THREAD_KEY =

:datadog_security_appsec_rate_limiter

Class Method Summary collapse

.reset! ⇒ Object

reset a rate limiter: used for testing.
.thread_local ⇒ Object

Instance Method Summary collapse

#initialize(rate) ⇒ RateLimiter constructor

A new instance of RateLimiter.
#limit ⇒ Object

Constructor Details

#initialize(rate) ⇒ `RateLimiter`

Returns a new instance of RateLimiter.



34
35
36

# File 'lib/datadog/appsec/rate_limiter.rb', line 34

def initialize(rate)
  @rate_limiter = Core::TokenBucket.new(rate)
end

Class Method Details

.reset! ⇒ `Object`

reset a rate limiter: used for testing



23
24
25

# File 'lib/datadog/appsec/rate_limiter.rb', line 23

def reset!
  Thread.current.thread_variable_set(THREAD_KEY, nil)
end

.thread_local ⇒ `Object`

# File 'lib/datadog/appsec/rate_limiter.rb', line 15

def thread_local
  rate_limiter = Thread.current.thread_variable_get(THREAD_KEY)
  return rate_limiter unless rate_limiter.nil?

  Thread.current.thread_variable_set(THREAD_KEY, new(trace_rate_limit))
end

Instance Method Details

#limit ⇒ `Object`

# File 'lib/datadog/appsec/rate_limiter.rb', line 38

def limit
  return yield if @rate_limiter.allow?

  Datadog.logger.debug { "Rate limit hit: #{@rate_limiter.current_window_rate} AppSec traces/second" }
end