Skip to content

Commit

Permalink
Merge pull request #4029 from DataDog/appsec-55378-refactor-processor…
Browse files Browse the repository at this point in the history 
…-context

[APPSEC-55378] Move AppSec Context creation into Processor
  • Loading branch information
@Strech
Strech authored Oct 28, 2024
2 parents 7d65372 + 4f25696 commit cf6bd45
Show file tree
Hide file tree
Showing 7 changed files with 58 additions and 31 deletions.
11 changes: 7 additions & 4 deletions lib/datadog/appsec/processor.rb
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
# frozen_string_literal: true

require_relative 'processor/context'

module Datadog
module AppSec
# Processor integrates libddwaf into datadog/appsec
class Processor
attr_reader :diagnostics, :addresses

def initialize(ruleset:, telemetry:)
@telemetry = telemetry
@diagnostics = nil
@addresses = []

settings = Datadog.configuration.appsec
@telemetry = telemetry

# TODO: Refactor to make it easier to test
unless require_libddwaf && libddwaf_provides_waf? && create_waf_handle(settings, ruleset)
Expand All @@ -26,9 +29,9 @@ def finalize
@handle.finalize
end

protected

attr_reader :handle
def new_context
Context.new(@handle, telemetry: @telemetry)
end

private

Expand Down
6 changes: 4 additions & 2 deletions lib/datadog/appsec/processor/context.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,10 @@ class Processor
class Context
attr_reader :time_ns, :time_ext_ns, :timeouts, :events

def initialize(processor)
@context = Datadog::AppSec::WAF::Context.new(processor.send(:handle))
def initialize(handle, telemetry:)
@context = Datadog::AppSec::WAF::Context.new(handle)
@telemetry = telemetry

@time_ns = 0.0
@time_ext_ns = 0.0
@timeouts = 0
Expand Down
5 changes: 1 addition & 4 deletions lib/datadog/appsec/scope.rb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
# frozen_string_literal: true

require_relative 'processor/context'

module Datadog
module AppSec
# Capture context essential to consistently call processor and report via traces
Expand All @@ -22,8 +20,7 @@ class << self
def activate_scope(trace, service_entry_span, processor)
raise ActiveScopeError, 'another scope is active, nested scopes are not supported' if active_scope

context = Datadog::AppSec::Processor::Context.new(processor)

context = processor.new_context
self.active_scope = new(trace, service_entry_span, context)
end

Expand Down
26 changes: 18 additions & 8 deletions sig/datadog/appsec/processor.rbs
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,39 @@
module Datadog
module AppSec
class Processor
def self.active_context: () -> Context
type rule = bool | ::Integer | ::String | ::Hash[::String, rule] | ::Array[rule]
type ruleset = ::Hash[::String, rule]

private
@telemetry: Core::Telemetry::Component

@diagnostics: WAF::LibDDWAF::Object?

@addresses: ::Array[::String]

@handle: WAF::Handle

attr_reader diagnostics: WAF::LibDDWAF::Object?

attr_reader addresses: ::Array[::String]

@handle: WAF::Handle
@ruleset: ::Hash[::String, untyped]
@addresses: ::Array[::String]
def initialize: (ruleset: ruleset, telemetry: Core::Telemetry::Component) -> void

def initialize: (ruleset: ::Hash[untyped, untyped], telemetry: Core::Telemetry::Component) -> void
def ready?: () -> bool

def finalize: () -> void

attr_reader handle: untyped
def new_context: () -> Context

private

def require_libddwaf: () -> bool

def libddwaf_provides_waf?: () -> bool
def create_waf_handle: (Core::Configuration::Settings::_AppSec settings, ::Hash[String, untyped] ruleset) -> bool

def create_waf_handle: (Core::Configuration::Settings::_AppSec settings, ruleset ruleset) -> bool

def libddwaf_platform: () -> ::String

def ruby_platforms: () -> ::Array[::String]
end
end
Expand Down
26 changes: 20 additions & 6 deletions sig/datadog/appsec/processor/context.rbs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,38 @@ module Datadog
module AppSec
class Processor
class Context
type event = untyped
type data = WAF::data
@context: WAF::Context

@telemetry: Core::Telemetry::Component

@time_ns: ::Float

@time_ext_ns: ::Float

@timeouts: ::Integer

@events: ::Array[untyped]

@run_mutex: ::Thread::Mutex

attr_reader time_ns: ::Float

attr_reader time_ext_ns: ::Float

attr_reader timeouts: ::Integer
attr_reader events: ::Array[event]

@context: WAF::Context
attr_reader events: ::Array[untyped]

@run_mutex: ::Thread::Mutex
def initialize: (WAF::Handle handle, telemetry: Core::Telemetry::Component) -> void

def initialize: (Processor processor) -> void
def run: (Hash[untyped, untyped] input, ?::Integer timeout) -> WAF::Result

def extract_schema: () -> WAF::Result?

def finalize: () -> void

private

def extract_schema?: () -> bool
end
end
Expand Down
9 changes: 2 additions & 7 deletions spec/datadog/appsec/processor/context_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,7 @@
let(:input_client_ip) { { 'http.client_ip' => '1.2.3.4' } }

let(:client_ip) { '1.2.3.4' }

let(:input) { input_scanner }

let(:processor) { Datadog::AppSec::Processor.new(ruleset: ruleset, telemetry: telemetry) }

let(:run_count) { 1 }
Expand All @@ -36,12 +34,9 @@
results.first
end

subject(:context) { described_class.new(processor) }

before do
runs
end
subject(:context) { processor.new_context }

before { runs }
after do
context.finalize
processor.finalize
Expand Down
6 changes: 6 additions & 0 deletions spec/datadog/appsec/processor_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,4 +283,10 @@ def diagnostics
end
end
end

describe '#new_context' do
let(:processor) { described_class.new(ruleset: ruleset, telemetry: telemetry) }

it { expect(processor.new_context).to be_instance_of(described_class::Context) }
end
end

0 comments on commit cf6bd45

Please sign in to comment.