From 1817ade14215249129c6f2df7501c13652e294f4 Mon Sep 17 00:00:00 2001 From: Yury Lebedev Date: Thu, 6 Feb 2025 16:26:23 +0100 Subject: [PATCH] Remove reactive engine from AppSec monitor --- lib/datadog/appsec/monitor/gateway/watcher.rb | 44 +++++++-------- .../appsec/monitor/reactive/set_user.rb | 45 ---------------- .../appsec/monitor/reactive/set_user.rbs | 15 ------ .../appsec/monitor/reactive/set_user_spec.rb | 53 ------------------- 4 files changed, 19 insertions(+), 138 deletions(-) delete mode 100644 lib/datadog/appsec/monitor/reactive/set_user.rb delete mode 100644 sig/datadog/appsec/monitor/reactive/set_user.rbs delete mode 100644 spec/datadog/appsec/monitor/reactive/set_user_spec.rb diff --git a/lib/datadog/appsec/monitor/gateway/watcher.rb b/lib/datadog/appsec/monitor/gateway/watcher.rb index 764ec88095a..c2624948d95 100644 --- a/lib/datadog/appsec/monitor/gateway/watcher.rb +++ b/lib/datadog/appsec/monitor/gateway/watcher.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true require_relative '../../instrumentation/gateway' -require_relative '../../reactive/engine' -require_relative '../reactive/set_user' module Datadog module AppSec @@ -19,31 +17,27 @@ def watch def watch_user_id(gateway = Instrumentation.gateway) gateway.watch('identity.set_user', :appsec) do |stack, user| - event = nil context = Datadog::AppSec.active_context - engine = AppSec::Reactive::Engine.new - - Monitor::Reactive::SetUser.subscribe(engine, context) do |result| - if result.match? - # TODO: should this hash be an Event instance instead? - event = { - waf_result: result, - trace: context.trace, - span: context.span, - user: user, - actions: result.actions - } - - # We want to keep the trace in case of security event - context.trace.keep! if context.trace - Datadog::AppSec::Event.tag_and_keep!(context, result) - context.events << event - - Datadog::AppSec::ActionsHandler.handle(result.actions) - end - end - Monitor::Reactive::SetUser.publish(engine, user) + persistent_data = { + 'usr.id' => user.id + } + + result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout) + + if result.match? + Datadog::AppSec::Event.tag_and_keep!(context, result) + + context.events << { + waf_result: result, + trace: context.trace, + span: context.span, + user: user, + actions: result.actions + } + + Datadog::AppSec::ActionsHandler.handle(result.actions) + end stack.call(user) end diff --git a/lib/datadog/appsec/monitor/reactive/set_user.rb b/lib/datadog/appsec/monitor/reactive/set_user.rb deleted file mode 100644 index 995af5d3dcb..00000000000 --- a/lib/datadog/appsec/monitor/reactive/set_user.rb +++ /dev/null @@ -1,45 +0,0 @@ -# frozen_string_literal: true - -module Datadog - module AppSec - module Monitor - module Reactive - # Dispatch data from Datadog::Kit::Identity.set_user to the WAF context - module SetUser - ADDRESSES = [ - 'usr.id', - ].freeze - private_constant :ADDRESSES - - def self.publish(engine, user) - catch(:block) do - engine.publish('usr.id', user.id) - - nil - end - end - - def self.subscribe(engine, context) - engine.subscribe(*ADDRESSES) do |*values| - Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" } - - user_id = values[0] - - persistent_data = { - 'usr.id' => user_id, - } - - waf_timeout = Datadog.configuration.appsec.waf_timeout - result = context.run_waf(persistent_data, {}, waf_timeout) - - next unless result.match? - - yield result - throw(:block, true) unless result.actions.empty? - end - end - end - end - end - end -end diff --git a/sig/datadog/appsec/monitor/reactive/set_user.rbs b/sig/datadog/appsec/monitor/reactive/set_user.rbs deleted file mode 100644 index 1efd5ff8277..00000000000 --- a/sig/datadog/appsec/monitor/reactive/set_user.rbs +++ /dev/null @@ -1,15 +0,0 @@ -module Datadog - module AppSec - module Monitor - module Reactive - module SetUser - ADDRESSES: ::Array[::String] - - def self.publish: (AppSec::Reactive::Engine engine, AppSec::Instrumentation::Gateway::User user) -> untyped - - def self.subscribe: (AppSec::Reactive::Engine engine, untyped waf_context) { (untyped) -> untyped } -> untyped - end - end - end - end -end diff --git a/spec/datadog/appsec/monitor/reactive/set_user_spec.rb b/spec/datadog/appsec/monitor/reactive/set_user_spec.rb deleted file mode 100644 index 00018716a23..00000000000 --- a/spec/datadog/appsec/monitor/reactive/set_user_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -# frozen_string_literal: true - -require 'datadog/appsec/spec_helper' -require 'datadog/appsec/reactive/engine' -require 'datadog/appsec/monitor/reactive/set_user' -require 'datadog/appsec/reactive/shared_examples' - -RSpec.describe Datadog::AppSec::Monitor::Reactive::SetUser do - let(:engine) { Datadog::AppSec::Reactive::Engine.new } - let(:user) { double(:user, id: 1) } - - describe '.publish' do - it 'propagates request body attributes to the engine' do - expect(engine).to receive(:publish).with('usr.id', 1) - - described_class.publish(engine, user) - end - end - - describe '.subscribe' do - let(:appsec_context) { instance_double(Datadog::AppSec::Context) } - - context 'not all addresses have been published' do - it 'does not call the waf context' do - expect(engine).to receive(:subscribe).with('usr.id').and_call_original - expect(appsec_context).to_not receive(:run_waf) - described_class.subscribe(engine, appsec_context) - end - end - - context 'all addresses have been published' do - let(:waf_result) do - Datadog::AppSec::SecurityEngine::Result::Ok.new( - events: [], actions: {}, derivatives: {}, timeout: false, duration_ns: 0, duration_ext_ns: 0 - ) - end - - it 'does call the waf context with the right arguments' do - expect(engine).to receive(:subscribe).and_call_original - expect(appsec_context).to receive(:run_waf) - .with({ 'usr.id' => 1 }, {}, Datadog.configuration.appsec.waf_timeout) - .and_return(waf_result) - - described_class.subscribe(engine, appsec_context) - expect(described_class.publish(engine, user)).to be_nil - end - end - - it_behaves_like 'waf result' do - let(:gateway) { user } - end - end -end