Remove reactive engine from AppSec monitor

DataDog · Feb 6, 2025 · 1817ade · 1817ade
1 parent 08c552f
commit 1817ade
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 138 deletions.
diff --git a/lib/datadog/appsec/monitor/gateway/watcher.rb b/lib/datadog/appsec/monitor/gateway/watcher.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 require_relative '../../instrumentation/gateway'
-require_relative '../../reactive/engine'
-require_relative '../reactive/set_user'
 
 module Datadog
   module AppSec
@@ -19,31 +17,27 @@ def watch
 
             def watch_user_id(gateway = Instrumentation.gateway)
               gateway.watch('identity.set_user', :appsec) do |stack, user|
-                event = nil
                 context = Datadog::AppSec.active_context
-                engine = AppSec::Reactive::Engine.new
-
-                Monitor::Reactive::SetUser.subscribe(engine, context) do |result|
-                  if result.match?
-                    # TODO: should this hash be an Event instance instead?
-                    event = {
-                      waf_result: result,
-                      trace: context.trace,
-                      span: context.span,
-                      user: user,
-                      actions: result.actions
-                    }
-
-                    # We want to keep the trace in case of security event
-                    context.trace.keep! if context.trace
-                    Datadog::AppSec::Event.tag_and_keep!(context, result)
-                    context.events << event
-
-                    Datadog::AppSec::ActionsHandler.handle(result.actions)
-                  end
-                end
 
-                Monitor::Reactive::SetUser.publish(engine, user)
+                persistent_data = {
+                  'usr.id' => user.id
+                }
+
+                result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
+
+                if result.match?
+                  Datadog::AppSec::Event.tag_and_keep!(context, result)
+
+                  context.events << {
+                    waf_result: result,
+                    trace: context.trace,
+                    span: context.span,
+                    user: user,
+                    actions: result.actions
+                  }
+
+                  Datadog::AppSec::ActionsHandler.handle(result.actions)
+                end
 
                 stack.call(user)
               end

diff --git a/lib/datadog/appsec/monitor/reactive/set_user.rb b/lib/datadog/appsec/monitor/reactive/set_user.rb
diff --git a/sig/datadog/appsec/monitor/reactive/set_user.rbs b/sig/datadog/appsec/monitor/reactive/set_user.rbs
diff --git a/spec/datadog/appsec/monitor/reactive/set_user_spec.rb b/spec/datadog/appsec/monitor/reactive/set_user_spec.rb