Module: Datadog::AppSec::Remote

Defined in:
lib/datadog/appsec/remote.rb

Overview

Remote

Defined Under Namespace

Classes: NoRulesError, ReadError

Constant Summary collapse

CAP_ASM_RESERVED_1 =

RESERVED

1 << 0
CAP_ASM_ACTIVATION =

Remote activation via ASM_FEATURES product

1 << 1
CAP_ASM_IP_BLOCKING =

accept IP blocking data from ASM_DATA product

1 << 2
CAP_ASM_DD_RULES =

read ASM rules from ASM_DD product

1 << 3
CAP_ASM_EXCLUSIONS =

exclusion filters (passlist) via ASM product

1 << 4
CAP_ASM_REQUEST_BLOCKING =

can block on request info

1 << 5
CAP_ASM_RESPONSE_BLOCKING =

can block on response info

1 << 6
CAP_ASM_USER_BLOCKING =

accept user blocking data from ASM_DATA product

1 << 7
CAP_ASM_CUSTOM_RULES =

accept custom rules

1 << 8
CAP_ASM_CUSTOM_BLOCKING_RESPONSE =

supports custom http code or redirect sa blocking response

1 << 9
CAP_ASM_TRUSTED_IPS =

supports trusted ip

1 << 10
CAP_ASM_RASP_SSRF =

support for server-side request forgery exploit prevention rules

1 << 23
CAP_ASM_RASP_SQLI =

support for SQL injection exploit prevention rules

1 << 21
ASM_CAPABILITIES =

TODO: we need to dynamically add CAP_ASM_ACTIVATION once we support it

[
  CAP_ASM_IP_BLOCKING,
  CAP_ASM_USER_BLOCKING,
  CAP_ASM_EXCLUSIONS,
  CAP_ASM_REQUEST_BLOCKING,
  CAP_ASM_RESPONSE_BLOCKING,
  CAP_ASM_DD_RULES,
  CAP_ASM_CUSTOM_RULES,
  CAP_ASM_CUSTOM_BLOCKING_RESPONSE,
  CAP_ASM_TRUSTED_IPS,
  CAP_ASM_RASP_SSRF,
  CAP_ASM_RASP_SQLI,
].freeze
ASM_PRODUCTS = 
[
  'ASM_DD',       # Datadog employee issued configuration
  'ASM',          # customer issued configuration (rulesets, passlist...)
  'ASM_FEATURES', # capabilities
  'ASM_DATA',     # config files (IP addresses or users for blocking)
].freeze

Class Method Summary collapse

Class Method Details

.capabilitiesObject 



51
52
53
 
# File 'lib/datadog/appsec/remote.rb', line 51

def capabilities
  remote_features_enabled? ? ASM_CAPABILITIES : []
end

.productsObject 



55
56
57
 
# File 'lib/datadog/appsec/remote.rb', line 55

def products
  remote_features_enabled? ? ASM_PRODUCTS : []
end

.receivers(telemetry) ⇒ Object 



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/datadog/appsec/remote.rb', line 59

def receivers(telemetry)
  return [] unless remote_features_enabled?

  matcher = Core::Remote::Dispatcher::Matcher::Product.new(ASM_PRODUCTS)
  receiver = Core::Remote::Dispatcher::Receiver.new(matcher) do |repository, changes|
    next unless AppSec.security_engine

    changes.each do |change|
      content = repository[change.path]
      next unless content || change.type == :delete

      case change.type
      when :insert, :update
        AppSec.security_engine.add_or_update_config(parse_content(content), path: change.path.to_s) # steep:ignore

        content.applied # steep:ignore
      when :delete
        AppSec.security_engine.remove_config_at_path(change.path.to_s) # steep:ignore
      end
    end

    # This is subject to change - we need to remove the reconfiguration mutex
    # and track usages of each WAF handle instead, so that we know when an old
    # WAF handle can be finalized.
    AppSec.reconfigure!
  end

  [receiver]
end