13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# File 'lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb', line 13
def call(request_env)
context = AppSec.active_context
return @app.call(request_env) unless context && AppSec.rasp_enabled?
ephemeral_data = {
'server.io.net.url' => request_env.url.to_s
}
result = context.run_rasp(Ext::RASP_SSRF, {}, ephemeral_data, Datadog.configuration.appsec.waf_timeout)
if result.match?
AppSec::Event.tag(context, result)
TraceKeeper.keep!(context.trace) if result.keep?
context.events.push(
AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
)
AppSec::ActionsHandler.handle(result.actions)
end
@app.call(request_env)
end
|