Module: Datadog::AppSec::Contrib::Rails::Gateway::Watcher

Defined in:
lib/datadog/appsec/contrib/rails/gateway/watcher.rb

Overview

Watcher for Rails gateway events

Class Method Summary collapse

Class Method Details

.watchObject 



15
16
17
18
19
20
 
# File 'lib/datadog/appsec/contrib/rails/gateway/watcher.rb', line 15

def watch
  gateway = Instrumentation.gateway

  watch_request_action(gateway)
  watch_response_body_json(gateway)
end

.watch_request_action(gateway = Instrumentation.gateway) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/datadog/appsec/contrib/rails/gateway/watcher.rb', line 22

def watch_request_action(gateway = Instrumentation.gateway)
  gateway.watch('rails.request.action', :appsec) do |stack, gateway_request|
    context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]

    persistent_data = {
      'server.request.body' => gateway_request.parsed_body,
      'server.request.path_params' => gateway_request.route_params
    }

    result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)

    if result.match?
      context.events.push(
        AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
      )

      AppSec::Event.tag_and_keep!(context, result)
      AppSec::ActionsHandler.handle(result.actions)
    end

    stack.call(gateway_request.request)
  end
end

.watch_response_body_json(gateway = Instrumentation.gateway) ⇒ Object 



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/datadog/appsec/contrib/rails/gateway/watcher.rb', line 46

def watch_response_body_json(gateway = Instrumentation.gateway)
  gateway.watch('rails.response.body.json', :appsec) do |stack, container|
    context = container.context

    persistent_data = {
      'server.response.body' => container.data
    }
    result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)

    if result.match?
      context.events.push(
        AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
      )

      AppSec::Event.tag_and_keep!(context, result)
      AppSec::ActionsHandler.handle(result.actions)
    end

    stack.call(container)
  end
end