Skip to content

Commit 8295f62

Browse files
y9vy9v
authored
Merge pull request #4355 from DataDog/appsec-remove-reactive-engine
Remove reactive engine from AppSec rack instrumentation
2 parents e1c3be1 + 325ffae commit 8295f62

File tree

34 files changed

+152
-1473
lines changed

34 files changed

+152
-1473
lines changed

lib/datadog/appsec/contrib/graphql/gateway/watcher.rb

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,6 @@
22

33
require 'json'
44
require_relative '../../../instrumentation/gateway'
5-
require_relative '../../../reactive/engine'
6-
require_relative '../reactive/multiplex'
75

86
module Datadog
97
module AppSec
@@ -19,30 +17,30 @@ def watch
1917
watch_multiplex(gateway)
2018
end
2119

22-
# This time we don't throw but use next
2320
def watch_multiplex(gateway = Instrumentation.gateway)
2421
gateway.watch('graphql.multiplex', :appsec) do |stack, gateway_multiplex|
25-
event = nil
2622
context = AppSec::Context.active
27-
engine = AppSec::Reactive::Engine.new
2823

2924
if context
30-
GraphQL::Reactive::Multiplex.subscribe(engine, context) do |result|
31-
event = {
25+
persistent_data = {
26+
'graphql.server.all_resolvers' => gateway_multiplex.arguments
27+
}
28+
29+
result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
30+
31+
if result.match?
32+
Datadog::AppSec::Event.tag_and_keep!(context, result)
33+
34+
context.events << {
3235
waf_result: result,
3336
trace: context.trace,
3437
span: context.span,
3538
multiplex: gateway_multiplex,
3639
actions: result.actions
3740
}
3841

39-
Datadog::AppSec::Event.tag_and_keep!(context, result)
40-
context.events << event
41-
4242
Datadog::AppSec::ActionsHandler.handle(result.actions)
4343
end
44-
45-
GraphQL::Reactive::Multiplex.publish(engine, gateway_multiplex)
4644
end
4745

4846
stack.call(gateway_multiplex.arguments)

lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb

Lines changed: 0 additions & 46 deletions
This file was deleted.

lib/datadog/appsec/contrib/rack/gateway/watcher.rb

Lines changed: 65 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,6 @@
11
# frozen_string_literal: true
22

33
require_relative '../../../instrumentation/gateway'
4-
require_relative '../../../reactive/engine'
5-
require_relative '../reactive/request'
6-
require_relative '../reactive/request_body'
7-
require_relative '../reactive/response'
84
require_relative '../../../event'
95

106
module Datadog
@@ -25,95 +21,91 @@ def watch
2521

2622
def watch_request(gateway = Instrumentation.gateway)
2723
gateway.watch('rack.request', :appsec) do |stack, gateway_request|
28-
event = nil
2924
context = gateway_request.env[Datadog::AppSec::Ext::CONTEXT_KEY]
30-
engine = AppSec::Reactive::Engine.new
31-
32-
Rack::Reactive::Request.subscribe(engine, context) do |result|
33-
if result.match?
34-
# TODO: should this hash be an Event instance instead?
35-
event = {
36-
waf_result: result,
37-
trace: context.trace,
38-
span: context.span,
39-
request: gateway_request,
40-
actions: result.actions
41-
}
42-
43-
# We want to keep the trace in case of security event
44-
context.trace.keep! if context.trace
45-
Datadog::AppSec::Event.tag_and_keep!(context, result)
46-
context.events << event
47-
48-
Datadog::AppSec::ActionsHandler.handle(result.actions)
49-
end
50-
end
5125

52-
Rack::Reactive::Request.publish(engine, gateway_request)
26+
persistent_data = {
27+
'server.request.cookies' => gateway_request.cookies,
28+
'server.request.query' => gateway_request.query,
29+
'server.request.uri.raw' => gateway_request.fullpath,
30+
'server.request.headers' => gateway_request.headers,
31+
'server.request.headers.no_cookies' => gateway_request.headers.dup.tap { |h| h.delete('cookie') },
32+
'http.client_ip' => gateway_request.client_ip,
33+
'server.request.method' => gateway_request.method
34+
}
35+
36+
result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
37+
38+
if result.match?
39+
Datadog::AppSec::Event.tag_and_keep!(context, result)
40+
41+
context.events << {
42+
waf_result: result,
43+
trace: context.trace,
44+
span: context.span,
45+
request: gateway_request,
46+
actions: result.actions
47+
}
48+
49+
Datadog::AppSec::ActionsHandler.handle(result.actions)
50+
end
5351

5452
stack.call(gateway_request.request)
5553
end
5654
end
5755

5856
def watch_response(gateway = Instrumentation.gateway)
5957
gateway.watch('rack.response', :appsec) do |stack, gateway_response|
60-
event = nil
6158
context = gateway_response.context
62-
engine = AppSec::Reactive::Engine.new
63-
64-
Rack::Reactive::Response.subscribe(engine, context) do |result|
65-
if result.match?
66-
# TODO: should this hash be an Event instance instead?
67-
event = {
68-
waf_result: result,
69-
trace: context.trace,
70-
span: context.span,
71-
response: gateway_response,
72-
actions: result.actions
73-
}
74-
75-
# We want to keep the trace in case of security event
76-
context.trace.keep! if context.trace
77-
Datadog::AppSec::Event.tag_and_keep!(context, result)
78-
context.events << event
79-
80-
Datadog::AppSec::ActionsHandler.handle(result.actions)
81-
end
82-
end
8359

84-
Rack::Reactive::Response.publish(engine, gateway_response)
60+
persistent_data = {
61+
'server.response.status' => gateway_response.status.to_s,
62+
'server.response.headers' => gateway_response.headers,
63+
'server.response.headers.no_cookies' => gateway_response.headers.dup.tap { |h| h.delete('set-cookie') }
64+
}
65+
66+
result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
67+
68+
if result.match?
69+
Datadog::AppSec::Event.tag_and_keep!(context, result)
70+
71+
context.events << {
72+
waf_result: result,
73+
trace: context.trace,
74+
span: context.span,
75+
response: gateway_response,
76+
actions: result.actions
77+
}
78+
79+
Datadog::AppSec::ActionsHandler.handle(result.actions)
80+
end
8581

8682
stack.call(gateway_response.response)
8783
end
8884
end
8985

9086
def watch_request_body(gateway = Instrumentation.gateway)
9187
gateway.watch('rack.request.body', :appsec) do |stack, gateway_request|
92-
event = nil
9388
context = gateway_request.env[Datadog::AppSec::Ext::CONTEXT_KEY]
94-
engine = AppSec::Reactive::Engine.new
95-
96-
Rack::Reactive::RequestBody.subscribe(engine, context) do |result|
97-
if result.match?
98-
# TODO: should this hash be an Event instance instead?
99-
event = {
100-
waf_result: result,
101-
trace: context.trace,
102-
span: context.span,
103-
request: gateway_request,
104-
actions: result.actions
105-
}
106-
107-
# We want to keep the trace in case of security event
108-
context.trace.keep! if context.trace
109-
Datadog::AppSec::Event.tag_and_keep!(context, result)
110-
context.events << event
111-
112-
Datadog::AppSec::ActionsHandler.handle(result.actions)
113-
end
114-
end
11589

116-
Rack::Reactive::RequestBody.publish(engine, gateway_request)
90+
persistent_data = {
91+
'server.request.body' => gateway_request.form_hash
92+
}
93+
94+
result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
95+
96+
if result.match?
97+
Datadog::AppSec::Event.tag_and_keep!(context, result)
98+
99+
context.events << {
100+
waf_result: result,
101+
trace: context.trace,
102+
span: context.span,
103+
request: gateway_request,
104+
actions: result.actions
105+
}
106+
107+
Datadog::AppSec::ActionsHandler.handle(result.actions)
108+
end
117109

118110
stack.call(gateway_request.request)
119111
end

lib/datadog/appsec/contrib/rack/reactive/request.rb

Lines changed: 0 additions & 69 deletions
This file was deleted.

lib/datadog/appsec/contrib/rack/reactive/request_body.rb

Lines changed: 0 additions & 47 deletions
This file was deleted.

0 commit comments

Comments
 (0)