diff --git a/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb b/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb index 269e16d7466..af3f44802eb 100644 --- a/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb +++ b/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb @@ -32,23 +32,10 @@ def self.subscribe(op, waf_context) waf_timeout = Datadog.configuration.appsec.waf_timeout result = waf_context.run(waf_args, waf_timeout) - Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - - case result.status - when :match - Datadog.logger.debug { "WAF: #{result.inspect}" } - - yield result - throw(:block, true) unless result.actions.empty? - when :ok - Datadog.logger.debug { "WAF OK: #{result.inspect}" } - when :invalid_call - Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } - when :invalid_rule, :invalid_flow, :no_rule - Datadog.logger.debug { "WAF RULE ERROR: #{result.inspect}" } - else - Datadog.logger.debug { "WAF UNKNOWN: #{result.status.inspect} #{result.inspect}" } - end + next if result.status != :match + + yield result + throw(:block, true) unless result.actions.empty? end end end diff --git a/lib/datadog/appsec/contrib/rack/reactive/request.rb b/lib/datadog/appsec/contrib/rack/reactive/request.rb index 5dfe98eaeea..b250daa568c 100644 --- a/lib/datadog/appsec/contrib/rack/reactive/request.rb +++ b/lib/datadog/appsec/contrib/rack/reactive/request.rb @@ -33,6 +33,7 @@ def self.publish(op, gateway_request) def self.subscribe(op, waf_context) op.subscribe(*ADDRESSES) do |*values| Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" } + headers = values[0] headers_no_cookies = headers.dup.tap { |h| h.delete('cookie') } uri_raw = values[1] @@ -54,23 +55,10 @@ def self.subscribe(op, waf_context) waf_timeout = Datadog.configuration.appsec.waf_timeout result = waf_context.run(waf_args, waf_timeout) - Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - - case result.status - when :match - Datadog.logger.debug { "WAF: #{result.inspect}" } + next if result.status != :match - yield result - throw(:block, true) unless result.actions.empty? - when :ok - Datadog.logger.debug { "WAF OK: #{result.inspect}" } - when :invalid_call - Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } - when :invalid_rule, :invalid_flow, :no_rule - Datadog.logger.debug { "WAF RULE ERROR: #{result.inspect}" } - else - Datadog.logger.debug { "WAF UNKNOWN: #{result.status.inspect} #{result.inspect}" } - end + yield result + throw(:block, true) unless result.actions.empty? end end end diff --git a/lib/datadog/appsec/contrib/rack/reactive/request_body.rb b/lib/datadog/appsec/contrib/rack/reactive/request_body.rb index 7120de77048..ccd2c09eb21 100644 --- a/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +++ b/lib/datadog/appsec/contrib/rack/reactive/request_body.rb @@ -33,23 +33,10 @@ def self.subscribe(op, waf_context) waf_timeout = Datadog.configuration.appsec.waf_timeout result = waf_context.run(waf_args, waf_timeout) - Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - - case result.status - when :match - Datadog.logger.debug { "WAF: #{result.inspect}" } - - yield result - throw(:block, true) unless result.actions.empty? - when :ok - Datadog.logger.debug { "WAF OK: #{result.inspect}" } - when :invalid_call - Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } - when :invalid_rule, :invalid_flow, :no_rule - Datadog.logger.debug { "WAF RULE ERROR: #{result.inspect}" } - else - Datadog.logger.debug { "WAF UNKNOWN: #{result.status.inspect} #{result.inspect}" } - end + next if result.status != :match + + yield result + throw(:block, true) unless result.actions.empty? end end end diff --git a/lib/datadog/appsec/contrib/rack/reactive/response.rb b/lib/datadog/appsec/contrib/rack/reactive/response.rb index 794f130d97d..44306d13d19 100644 --- a/lib/datadog/appsec/contrib/rack/reactive/response.rb +++ b/lib/datadog/appsec/contrib/rack/reactive/response.rb @@ -39,23 +39,10 @@ def self.subscribe(op, waf_context) waf_timeout = Datadog.configuration.appsec.waf_timeout result = waf_context.run(waf_args, waf_timeout) - Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout + next if result.status != :match - case result.status - when :match - Datadog.logger.debug { "WAF: #{result.inspect}" } - - yield result - throw(:block, true) unless result.actions.empty? - when :ok - Datadog.logger.debug { "WAF OK: #{result.inspect}" } - when :invalid_call - Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } - when :invalid_rule, :invalid_flow, :no_rule - Datadog.logger.debug { "WAF RULE ERROR: #{result.inspect}" } - else - Datadog.logger.debug { "WAF UNKNOWN: #{result.status.inspect} #{result.inspect}" } - end + yield result + throw(:block, true) unless result.actions.empty? end end end diff --git a/lib/datadog/appsec/contrib/rails/reactive/action.rb b/lib/datadog/appsec/contrib/rails/reactive/action.rb index d2463d2baa7..f11fe9581b4 100644 --- a/lib/datadog/appsec/contrib/rails/reactive/action.rb +++ b/lib/datadog/appsec/contrib/rails/reactive/action.rb @@ -39,23 +39,10 @@ def self.subscribe(op, waf_context) waf_timeout = Datadog.configuration.appsec.waf_timeout result = waf_context.run(waf_args, waf_timeout) - Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout + next if result.status != :match - case result.status - when :match - Datadog.logger.debug { "WAF: #{result.inspect}" } - - yield result - throw(:block, true) unless result.actions.empty? - when :ok - Datadog.logger.debug { "WAF OK: #{result.inspect}" } - when :invalid_call - Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } - when :invalid_rule, :invalid_flow, :no_rule - Datadog.logger.debug { "WAF RULE ERROR: #{result.inspect}" } - else - Datadog.logger.debug { "WAF UNKNOWN: #{result.status.inspect} #{result.inspect}" } - end + yield result + throw(:block, true) unless result.actions.empty? end end end diff --git a/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb b/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb index ed19633e3c9..7541456e9be 100644 --- a/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +++ b/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb @@ -34,23 +34,10 @@ def self.subscribe(op, waf_context) waf_timeout = Datadog.configuration.appsec.waf_timeout result = waf_context.run(waf_args, waf_timeout) - Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - - case result.status - when :match - Datadog.logger.debug { "WAF: #{result.inspect}" } - - yield result - throw(:block, true) unless result.actions.empty? - when :ok - Datadog.logger.debug { "WAF OK: #{result.inspect}" } - when :invalid_call - Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } - when :invalid_rule, :invalid_flow, :no_rule - Datadog.logger.debug { "WAF RULE ERROR: #{result.inspect}" } - else - Datadog.logger.debug { "WAF UNKNOWN: #{result.status.inspect} #{result.inspect}" } - end + next if result.status != :match + + yield result + throw(:block, true) unless result.actions.empty? end end end diff --git a/lib/datadog/appsec/monitor/reactive/set_user.rb b/lib/datadog/appsec/monitor/reactive/set_user.rb index 5df07d51f72..cfd6a60eb4f 100644 --- a/lib/datadog/appsec/monitor/reactive/set_user.rb +++ b/lib/datadog/appsec/monitor/reactive/set_user.rb @@ -32,23 +32,10 @@ def self.subscribe(op, waf_context) waf_timeout = Datadog.configuration.appsec.waf_timeout result = waf_context.run(waf_args, waf_timeout) - Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - - case result.status - when :match - Datadog.logger.debug { "WAF: #{result.inspect}" } - - yield result - throw(:block, true) unless result.actions.empty? - when :ok - Datadog.logger.debug { "WAF OK: #{result.inspect}" } - when :invalid_call - Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } - when :invalid_rule, :invalid_flow, :no_rule - Datadog.logger.debug { "WAF RULE ERROR: #{result.inspect}" } - else - Datadog.logger.debug { "WAF UNKNOWN: #{result.status.inspect} #{result.inspect}" } - end + next if result.status != :match + + yield result + throw(:block, true) unless result.actions.empty? end end end