Module: Datadog::AppSec::Remote

Defined in:
lib/datadog/appsec/remote.rb

Overview

Remote

Defined Under Namespace

Classes: NoRulesError

Constant Summary collapse

CAP_ASM_RESERVED_1 = 
1 << 0
CAP_ASM_ACTIVATION = 
1 << 1
CAP_ASM_IP_BLOCKING = 
1 << 2
CAP_ASM_DD_RULES = 
1 << 3
CAP_ASM_EXCLUSIONS = 
1 << 4
CAP_ASM_REQUEST_BLOCKING = 
1 << 5
CAP_ASM_RESPONSE_BLOCKING = 
1 << 6
CAP_ASM_USER_BLOCKING = 
1 << 7
CAP_ASM_CUSTOM_RULES = 
1 << 8
CAP_ASM_CUSTOM_BLOCKING_RESPONSE = 
1 << 9
CAP_ASM_TRUSTED_IPS = 
1 << 10
CAP_ASM_PROCESSOR_OVERRIDES = 
1 << 16
CAP_ASM_CUSTOM_DATA_SCANNERS = 
1 << 17
CAP_ASM_RASP_SSRF = 
1 << 23
CAP_ASM_RASP_SQLI = 
1 << 21
CAP_ASM_AUTO_USER_INSTRUM_MODE = 
1 << 31
CAP_ASM_ENDPOINT_FINGERPRINT = 
1 << 32
CAP_ASM_SESSION_FINGERPRINT = 
1 << 33
CAP_ASM_NETWORK_FINGERPRINT = 
1 << 34
CAP_ASM_HEADER_FINGERPRINT = 
1 << 35
CAP_ASM_TRACE_TAGGING_RULES = 
1 << 43
ASM_CAPABILITIES =

TODO: we need to dynamically add CAP_ASM_ACTIVATION once we support it

[
  CAP_ASM_IP_BLOCKING,
  CAP_ASM_USER_BLOCKING,
  CAP_ASM_EXCLUSIONS,
  CAP_ASM_REQUEST_BLOCKING,
  CAP_ASM_RESPONSE_BLOCKING,
  CAP_ASM_DD_RULES,
  CAP_ASM_CUSTOM_RULES,
  CAP_ASM_CUSTOM_BLOCKING_RESPONSE,
  CAP_ASM_TRUSTED_IPS,
  CAP_ASM_PROCESSOR_OVERRIDES,
  CAP_ASM_CUSTOM_DATA_SCANNERS,
  CAP_ASM_RASP_SSRF,
  CAP_ASM_RASP_SQLI,
  CAP_ASM_AUTO_USER_INSTRUM_MODE,
  CAP_ASM_ENDPOINT_FINGERPRINT,
  CAP_ASM_SESSION_FINGERPRINT,
  CAP_ASM_NETWORK_FINGERPRINT,
  CAP_ASM_HEADER_FINGERPRINT,
  CAP_ASM_TRACE_TAGGING_RULES,
].freeze
ASM_PRODUCTS = 
[
  'ASM_DD',       # Datadog employee issued configuration
  'ASM',          # customer issued configuration (rulesets, passlist...)
  'ASM_FEATURES', # capabilities
  'ASM_DATA',     # config files (IP addresses or users for blocking)
].freeze

Class Method Summary collapse

Class Method Details

.capabilitiesObject 



65
66
67
 
# File 'lib/datadog/appsec/remote.rb', line 65

def capabilities
  remote_features_enabled? ? ASM_CAPABILITIES : []
end

.productsObject 



69
70
71
 
# File 'lib/datadog/appsec/remote.rb', line 69

def products
  remote_features_enabled? ? ASM_PRODUCTS : []
end

.receivers(telemetry) ⇒ Object 



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/datadog/appsec/remote.rb', line 73

def receivers(telemetry)
  return [] unless remote_features_enabled?

  matcher = Core::Remote::Dispatcher::Matcher::Product.new(ASM_PRODUCTS)
  receiver = Core::Remote::Dispatcher::Receiver.new(matcher) do |repository, changes|
    engine = AppSec.security_engine
    next unless engine

    changes.each do |change|
      content = repository[change.path]
      next unless content || change.type == :delete

      case change.type
      when :insert, :update
        # @type var content: Core::Remote::Configuration::Content
        engine.add_or_update_config(parse_content(content), path: change.path.to_s)
        content.applied
      when :delete
        engine.remove_config_at_path(change.path.to_s)
      end
    end

    # This is subject to change - we need to remove the reconfiguration mutex
    # and track usages of each WAF handle instead, so that we know when an old
    # WAF handle can be finalized.
    AppSec.reconfigure!
  end

  [receiver]
end