Merge pull request #4029 from DataDog/appsec-55378-refactor-processor-context

[APPSEC-55378] Move AppSec Context creation into Processor

Author: Strech

lib/datadog/appsec/processor.rb

@@ -1,16 +1,19 @@
 # frozen_string_literal: true
 
+require_relative 'processor/context'
+
 module Datadog
   module AppSec
     # Processor integrates libddwaf into datadog/appsec
     class Processor
       attr_reader :diagnostics, :addresses
 
       def initialize(ruleset:, telemetry:)
+        @telemetry = telemetry
         @diagnostics = nil
         @addresses = []
+
         settings = Datadog.configuration.appsec
-        @telemetry = telemetry
 
         # TODO: Refactor to make it easier to test
         unless require_libddwaf && libddwaf_provides_waf? && create_waf_handle(settings, ruleset)
@@ -26,9 +29,9 @@ def finalize
         @handle.finalize
       end
 
-      protected
-
-      attr_reader :handle
+      def new_context
+        Context.new(@handle, telemetry: @telemetry)
+      end
 
       private
 

lib/datadog/appsec/processor/context.rb

@@ -7,8 +7,10 @@ class Processor
       class Context
         attr_reader :time_ns, :time_ext_ns, :timeouts, :events
 
-        def initialize(processor)
-          @context = Datadog::AppSec::WAF::Context.new(processor.send(:handle))
+        def initialize(handle, telemetry:)
+          @context = Datadog::AppSec::WAF::Context.new(handle)
+          @telemetry = telemetry
+
           @time_ns = 0.0
           @time_ext_ns = 0.0
           @timeouts = 0

lib/datadog/appsec/scope.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require_relative 'processor/context'
-
 module Datadog
   module AppSec
     # Capture context essential to consistently call processor and report via traces
@@ -22,8 +20,7 @@ class << self
         def activate_scope(trace, service_entry_span, processor)
           raise ActiveScopeError, 'another scope is active, nested scopes are not supported' if active_scope
 
-          context = Datadog::AppSec::Processor::Context.new(processor)
-
+          context = processor.new_context
           self.active_scope = new(trace, service_entry_span, context)
         end
 

sig/datadog/appsec/processor.rbs

@@ -1,29 +1,39 @@
 module Datadog
   module AppSec
     class Processor
-      def self.active_context: () -> Context
+      type rule = bool | ::Integer | ::String | ::Hash[::String, rule] | ::Array[rule]
+      type ruleset = ::Hash[::String, rule]
 
-      private
+      @telemetry: Core::Telemetry::Component
+
+      @diagnostics: WAF::LibDDWAF::Object?
+
+      @addresses: ::Array[::String]
+
+      @handle: WAF::Handle
 
       attr_reader diagnostics: WAF::LibDDWAF::Object?
+
       attr_reader addresses: ::Array[::String]
 
-      @handle: WAF::Handle
-      @ruleset: ::Hash[::String, untyped]
-      @addresses: ::Array[::String]
+      def initialize: (ruleset: ruleset, telemetry: Core::Telemetry::Component) -> void
 
-      def initialize: (ruleset: ::Hash[untyped, untyped], telemetry: Core::Telemetry::Component) -> void
       def ready?: () -> bool
+
       def finalize: () -> void
 
-      attr_reader handle: untyped
+      def new_context: () -> Context
 
       private
 
       def require_libddwaf: () -> bool
+
       def libddwaf_provides_waf?: () -> bool
-      def create_waf_handle: (Core::Configuration::Settings::_AppSec settings, ::Hash[String, untyped] ruleset) -> bool
+
+      def create_waf_handle: (Core::Configuration::Settings::_AppSec settings, ruleset ruleset) -> bool
+
       def libddwaf_platform: () -> ::String
+
       def ruby_platforms: () -> ::Array[::String]
     end
   end

sig/datadog/appsec/processor/context.rbs

@@ -2,24 +2,38 @@ module Datadog
   module AppSec
     class Processor
       class Context
-        type event = untyped
-        type data = WAF::data
+        @context: WAF::Context
+
+        @telemetry: Core::Telemetry::Component
+
+        @time_ns: ::Float
+
+        @time_ext_ns: ::Float
+
+        @timeouts: ::Integer
+
+        @events: ::Array[untyped]
+
+        @run_mutex: ::Thread::Mutex
 
         attr_reader time_ns: ::Float
+
         attr_reader time_ext_ns: ::Float
+
         attr_reader timeouts: ::Integer
-        attr_reader events: ::Array[event]
 
-        @context: WAF::Context
+        attr_reader events: ::Array[untyped]
 
-        @run_mutex: ::Thread::Mutex
+        def initialize: (WAF::Handle handle, telemetry: Core::Telemetry::Component) -> void
 
-        def initialize: (Processor processor) -> void
         def run: (Hash[untyped, untyped] input, ?::Integer timeout) -> WAF::Result
+
         def extract_schema: () -> WAF::Result?
+
         def finalize: () -> void
 
         private
+
         def extract_schema?: () -> bool
       end
     end

spec/datadog/appsec/processor/context_spec.rb

@@ -18,9 +18,7 @@
   let(:input_client_ip) { { 'http.client_ip' => '1.2.3.4' } }
 
   let(:client_ip) { '1.2.3.4' }
-
   let(:input) { input_scanner }
-
   let(:processor) { Datadog::AppSec::Processor.new(ruleset: ruleset, telemetry: telemetry) }
 
   let(:run_count) { 1 }
@@ -36,12 +34,9 @@
     results.first
   end
 
-  subject(:context) { described_class.new(processor) }
-
-  before do
-    runs
-  end
+  subject(:context) { processor.new_context }
 
+  before { runs }
   after do
     context.finalize
     processor.finalize

spec/datadog/appsec/processor_spec.rb

@@ -283,4 +283,10 @@ def diagnostics
       end
     end
   end
+
+  describe '#new_context' do
+    let(:processor) { described_class.new(ruleset: ruleset, telemetry: telemetry) }
+
+    it { expect(processor.new_context).to be_instance_of(described_class::Context) }
+  end
 end