Move AppSec context creation into processor

Strech · Strech · commit e3f599d799bb · 2024-10-25T17:07:16.000+02:00
Since Context is a part of the Processor it can't call handle on the
injected dependency. Instead, Processor is going to create a fully
operational context and provide all requirements to it.
diff --git a/lib/datadog/appsec/processor.rb b/lib/datadog/appsec/processor.rb
@@ -1,16 +1,19 @@
 # frozen_string_literal: true
 
+require_relative 'processor/context'
+
 module Datadog
   module AppSec
     # Processor integrates libddwaf into datadog/appsec
     class Processor
       attr_reader :diagnostics, :addresses
 
       def initialize(ruleset:, telemetry:)
+        @telemetry = telemetry
         @diagnostics = nil
         @addresses = []
+
         settings = Datadog.configuration.appsec
-        @telemetry = telemetry
 
         # TODO: Refactor to make it easier to test
         unless require_libddwaf && libddwaf_provides_waf? && create_waf_handle(settings, ruleset)
@@ -26,9 +29,9 @@ def finalize
         @handle.finalize
       end
 
-      protected
-
-      attr_reader :handle
+      def new_context
+        Context.new(@handle, telemetry: @telemetry)
+      end
 
       private
 
diff --git a/lib/datadog/appsec/processor/context.rb b/lib/datadog/appsec/processor/context.rb
@@ -7,8 +7,10 @@ class Processor
       class Context
         attr_reader :time_ns, :time_ext_ns, :timeouts, :events
 
-        def initialize(processor)
-          @context = Datadog::AppSec::WAF::Context.new(processor.send(:handle))
+        def initialize(handle, telemetry:)
+          @context = Datadog::AppSec::WAF::Context.new(handle)
+          @telemetry = telemetry
+
           @time_ns = 0.0
           @time_ext_ns = 0.0
           @timeouts = 0
@@ -39,6 +41,7 @@ def run(input, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
           @time_ext_ns += (stop_ns - start_ns)
           @timeouts += 1 if res.timeout
 
+          # TODO: handle the response
           res
         ensure
           @run_mutex.unlock
diff --git a/lib/datadog/appsec/scope.rb b/lib/datadog/appsec/scope.rb
@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require_relative 'processor/context'
-
 module Datadog
   module AppSec
     # Capture context essential to consistently call processor and report via traces
@@ -22,8 +20,7 @@ class << self
         def activate_scope(trace, service_entry_span, processor)
           raise ActiveScopeError, 'another scope is active, nested scopes are not supported' if active_scope
 
-          context = Datadog::AppSec::Processor::Context.new(processor)
-
+          context = processor.new_context
           self.active_scope = new(trace, service_entry_span, context)
         end
 
diff --git a/spec/datadog/appsec/processor/context_spec.rb b/spec/datadog/appsec/processor/context_spec.rb
@@ -18,9 +18,7 @@
   let(:input_client_ip) { { 'http.client_ip' => '1.2.3.4' } }
 
   let(:client_ip) { '1.2.3.4' }
-
   let(:input) { input_scanner }
-
   let(:processor) { Datadog::AppSec::Processor.new(ruleset: ruleset, telemetry: telemetry) }
 
   let(:run_count) { 1 }
@@ -36,12 +34,9 @@
     results.first
   end
 
-  subject(:context) { described_class.new(processor) }
-
-  before do
-    runs
-  end
+  subject(:context) { processor.new_context }
 
+  before { runs }
   after do
     context.finalize
     processor.finalize
diff --git a/spec/datadog/appsec/processor_spec.rb b/spec/datadog/appsec/processor_spec.rb
@@ -283,4 +283,10 @@ def diagnostics
       end
     end
   end
+
+  describe '#new_context' do
+    let(:processor) { described_class.new(ruleset: ruleset, telemetry: telemetry) }
+
+    it { expect(processor.new_context).to be_instance_of(described_class::Context) }
+  end
 end
