Module: Datadog::AppSec::Remote

Defined in:

lib/datadog/appsec/remote.rb

Overview

Remote

Defined Under Namespace

Classes: NoRulesError, ReadError

Constant Summary

CAP_ASM_RESERVED_1 =

RESERVED

1 << 0

CAP_ASM_ACTIVATION =

Remote activation via ASM_FEATURES product

1 << 1

CAP_ASM_IP_BLOCKING =

accept IP blocking data from ASM_DATA product

1 << 2

CAP_ASM_DD_RULES =

read ASM rules from ASM_DD product

1 << 3

CAP_ASM_EXCLUSIONS =

exclusion filters (passlist) via ASM product

1 << 4

CAP_ASM_REQUEST_BLOCKING =

can block on request info

1 << 5

CAP_ASM_RESPONSE_BLOCKING =

can block on response info

1 << 6

CAP_ASM_USER_BLOCKING =

accept user blocking data from ASM_DATA product

1 << 7

CAP_ASM_CUSTOM_RULES =

accept custom rules

1 << 8

CAP_ASM_CUSTOM_BLOCKING_RESPONSE =

supports custom http code or redirect sa blocking response

1 << 9

CAP_ASM_TRUSTED_IPS =

supports trusted ip

1 << 10

ASM_CAPABILITIES =

TODO: we need to dynamically add CAP_ASM_ACTIVATION once we support it

[
  CAP_ASM_IP_BLOCKING,
  CAP_ASM_USER_BLOCKING,
  CAP_ASM_EXCLUSIONS,
  CAP_ASM_REQUEST_BLOCKING,
  CAP_ASM_RESPONSE_BLOCKING,
  CAP_ASM_DD_RULES,
  CAP_ASM_CUSTOM_RULES,
  CAP_ASM_CUSTOM_BLOCKING_RESPONSE,
  CAP_ASM_TRUSTED_IPS,
].freeze

ASM_PRODUCTS =

[
  'ASM_DD',       # Datadog employee issued configuration
  'ASM',          # customer issued configuration (rulesets, passlist...)
  'ASM_FEATURES', # capabilities
  'ASM_DATA',     # config files (IP addresses or users for blocking)
].freeze

Class Method Summary

• .capabilities ⇒ Object
• .products ⇒ Object
• .receivers(telemetry) ⇒ Object

  rubocop:disable Metrics/MethodLength.

Class Method Details

.capabilities ⇒ Object

# File 'lib/datadog/appsec/remote.rb', line 47

def capabilities
  remote_features_enabled? ? ASM_CAPABILITIES : []
end

.products ⇒ Object

# File 'lib/datadog/appsec/remote.rb', line 51

def products
  remote_features_enabled? ? ASM_PRODUCTS : []
end

.receivers(telemetry) ⇒ Object

rubocop:disable Metrics/MethodLength

# File 'lib/datadog/appsec/remote.rb', line 56

def receivers(telemetry)
  return [] unless remote_features_enabled?

  matcher = Core::Remote::Dispatcher::Matcher::Product.new(ASM_PRODUCTS)
  receiver = Core::Remote::Dispatcher::Receiver.new(matcher) do |repository, changes|
    changes.each do |change|
      Datadog.logger.debug { "remote config change: '#{change.path}'" }
    end

    rules = []
    custom_rules = []
    data = []
    overrides = []
    exclusions = []
    actions = []

    repository.contents.each do |content|
      parsed_content = parse_content(content)

      case content.path.product
      when 'ASM_DD'
        rules << parsed_content
      when 'ASM_DATA'
        data << parsed_content['rules_data'] if parsed_content['rules_data']
      when 'ASM'
        overrides << parsed_content['rules_override'] if parsed_content['rules_override']
        exclusions << parsed_content['exclusions'] if parsed_content['exclusions']
        custom_rules << parsed_content['custom_rules'] if parsed_content['custom_rules']
        actions.concat(parsed_content['actions']) if parsed_content['actions']
      end
    end

    if rules.empty?
      settings_rules = AppSec::Processor::RuleLoader.load_rules(
        telemetry: telemetry,
        ruleset: Datadog.configuration.appsec.ruleset
      )

      raise NoRulesError, 'no default rules available' unless settings_rules

      rules = [settings_rules]
    end

    ruleset = AppSec::Processor::RuleMerger.merge(
      rules: rules,
      data: data,
      overrides: overrides,
      exclusions: exclusions,
      custom_rules: custom_rules,
      telemetry: telemetry
    )

    Datadog::AppSec.reconfigure(ruleset: ruleset, actions: actions, telemetry: telemetry)
  end

  [receiver]
end