Module: Datadog::AppSec::Processor::RuleLoader
- Defined in:
- lib/datadog/appsec/processor/rule_loader.rb
Overview
RuleLoader utility modules that load appsec rules and data from settings
Class Method Summary collapse
- .load_data(ip_denylist: [], user_id_denylist: []) ⇒ Object
- .load_exclusions(ip_passlist: []) ⇒ Object
- .load_rules(ruleset:) ⇒ Object
Class Method Details
.load_data(ip_denylist: [], user_id_denylist: []) ⇒ Object
42 43 44 45 46 47 48 |
# File 'lib/datadog/appsec/processor/rule_loader.rb', line 42 def load_data(ip_denylist: [], user_id_denylist: []) data = [] data << [denylist_data('blocked_ips', ip_denylist)] if ip_denylist.any? data << [denylist_data('blocked_users', user_id_denylist)] if user_id_denylist.any? data end |
.load_exclusions(ip_passlist: []) ⇒ Object
50 51 52 53 54 55 |
# File 'lib/datadog/appsec/processor/rule_loader.rb', line 50 def load_exclusions(ip_passlist: []) exclusions = [] exclusions << [passlist_exclusions(ip_passlist)] if ip_passlist.any? exclusions end |
.load_rules(ruleset:) ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/datadog/appsec/processor/rule_loader.rb', line 12 def load_rules(ruleset:) begin case ruleset when :recommended, :strict JSON.parse(Datadog::AppSec::Assets.waf_rules(ruleset)) when :risky Datadog.logger.warn( 'The :risky Application Security Management ruleset has been deprecated and no longer available.'\ 'The `:recommended` ruleset will be used instead.'\ 'Please remove the `appsec.ruleset = :risky` setting from your Datadog.configure block.' ) JSON.parse(Datadog::AppSec::Assets.waf_rules(:recommended)) when String JSON.parse(File.read(File.(ruleset))) when File, StringIO JSON.parse(ruleset.read || '').tap { ruleset.rewind } when Hash ruleset else raise ArgumentError, "unsupported value for ruleset setting: #{ruleset.inspect}" end rescue StandardError => e Datadog.logger.error do "libddwaf ruleset failed to load, ruleset: #{ruleset.inspect} error: #{e.inspect}" end nil end end |