File tree 4 files changed +59
-0
lines changed
lib/datadog/appsec/contrib/active_record
spec/datadog/appsec/contrib/active_record
4 files changed +59
-0
lines changed Original file line number Diff line number Diff line change @@ -9,6 +9,8 @@ module Instrumentation
99 module_function
1010
1111 def detect_sql_injection ( sql , adapter_name )
12+ return unless AppSec . rasp_enabled?
13+
1214 context = AppSec . active_context
1315 return unless context
1416
Original file line number Diff line number Diff line change 1616 let ( :ruleset ) { Datadog ::AppSec ::Processor ::RuleLoader . load_rules ( ruleset : :recommended , telemetry : telemetry ) }
1717 let ( :processor ) { Datadog ::AppSec ::Processor . new ( ruleset : ruleset , telemetry : telemetry ) }
1818 let ( :context ) { Datadog ::AppSec ::Context . new ( trace , span , processor ) }
19+ let ( :rasp_enabled ) { true }
1920
2021 let ( :span ) { Datadog ::Tracing ::SpanOperation . new ( 'root' ) }
2122 let ( :trace ) { Datadog ::Tracing ::TraceOperation . new }
5455
5556 Datadog ::AppSec ::Context . activate ( context )
5657
58+ allow ( Datadog ::AppSec ) . to receive ( :rasp_enabled? ) . and_return ( rasp_enabled )
59+
5760 raise_on_rails_deprecation!
5861 end
5962
6467 processor . finalize
6568 end
6669
70+ context 'when RASP is disabled' do
71+ let ( :rasp_enabled ) { false }
72+
73+ it 'does not call waf when querying using .where' do
74+ expect ( Datadog ::AppSec . active_context ) . not_to receive ( :run_rasp )
75+
76+ User . where ( name : 'Bob' ) . to_a
77+ end
78+
79+ it 'does not call waf when querying using .find_by_sql' do
80+ expect ( Datadog ::AppSec . active_context ) . not_to receive ( :run_rasp )
81+
82+ User . find_by_sql ( "SELECT * FROM users WHERE name = 'Bob'" ) . to_a
83+ end
84+ end
85+
6786 it 'calls waf with correct arguments when querying using .where' do
6887 expect ( Datadog ::AppSec . active_context ) . to (
6988 receive ( :run_rasp ) . with (
Original file line number Diff line number Diff line change 1616 let ( :ruleset ) { Datadog ::AppSec ::Processor ::RuleLoader . load_rules ( ruleset : :recommended , telemetry : telemetry ) }
1717 let ( :processor ) { Datadog ::AppSec ::Processor . new ( ruleset : ruleset , telemetry : telemetry ) }
1818 let ( :context ) { Datadog ::AppSec ::Context . new ( trace , span , processor ) }
19+ let ( :rasp_enabled ) { true }
1920
2021 let ( :span ) { Datadog ::Tracing ::SpanOperation . new ( 'root' ) }
2122 let ( :trace ) { Datadog ::Tracing ::TraceOperation . new }
5556
5657 Datadog ::AppSec ::Context . activate ( context )
5758
59+ allow ( Datadog ::AppSec ) . to receive ( :rasp_enabled? ) . and_return ( rasp_enabled )
60+
5861 raise_on_rails_deprecation!
5962 end
6063
6568 processor . finalize
6669 end
6770
71+ context 'when RASP is disabled' do
72+ let ( :rasp_enabled ) { false }
73+
74+ it 'does not call waf when querying using .where' do
75+ expect ( Datadog ::AppSec . active_context ) . not_to receive ( :run_rasp )
76+
77+ User . where ( name : 'Bob' ) . to_a
78+ end
79+
80+ it 'does not call waf when querying using .find_by_sql' do
81+ expect ( Datadog ::AppSec . active_context ) . not_to receive ( :run_rasp )
82+
83+ User . find_by_sql ( "SELECT * FROM users WHERE name = 'Bob'" ) . to_a
84+ end
85+ end
86+
6887 it 'calls waf with correct arguments when querying using .where' do
6988 expected_db_statement = if PlatformHelpers . jruby?
7089 'SELECT "users".* FROM "users" WHERE "users"."name" = ?'
Original file line number Diff line number Diff line change 1616 let ( :ruleset ) { Datadog ::AppSec ::Processor ::RuleLoader . load_rules ( ruleset : :recommended , telemetry : telemetry ) }
1717 let ( :processor ) { Datadog ::AppSec ::Processor . new ( ruleset : ruleset , telemetry : telemetry ) }
1818 let ( :context ) { Datadog ::AppSec ::Context . new ( trace , span , processor ) }
19+ let ( :rasp_enabled ) { true }
1920
2021 let ( :span ) { Datadog ::Tracing ::SpanOperation . new ( 'root' ) }
2122 let ( :trace ) { Datadog ::Tracing ::TraceOperation . new }
4849
4950 Datadog ::AppSec ::Context . activate ( context )
5051
52+ allow ( Datadog ::AppSec ) . to receive ( :rasp_enabled? ) . and_return ( rasp_enabled )
53+
5154 raise_on_rails_deprecation!
5255 end
5356
5861 processor . finalize
5962 end
6063
64+ context 'when RASP is disabled' do
65+ let ( :rasp_enabled ) { false }
66+
67+ it 'does not call waf when querying using .where' do
68+ expect ( Datadog ::AppSec . active_context ) . not_to receive ( :run_rasp )
69+
70+ User . where ( name : 'Bob' ) . to_a
71+ end
72+
73+ it 'does not call waf when querying using .find_by_sql' do
74+ expect ( Datadog ::AppSec . active_context ) . not_to receive ( :run_rasp )
75+
76+ User . find_by_sql ( "SELECT * FROM users WHERE name = 'Bob'" ) . to_a
77+ end
78+ end
79+
6180 it 'calls waf with correct arguments when querying using .where' do
6281 expect ( Datadog ::AppSec . active_context ) . to (
6382 receive ( :run_rasp ) . with (
You can’t perform that action at this time.
0 commit comments