Skip to content

Commit

Permalink
check for defined actions when building the appsec component
Browse files Browse the repository at this point in the history
  • Loading branch information
@GustavoCaso
GustavoCaso committed Sep 6, 2023
1 parent c322d06 commit bddb865
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 1 deletion.
6 changes: 5 additions & 1 deletion lib/datadog/appsec/component.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@ def build_appsec_component(settings)
return unless settings.respond_to?(:appsec) && settings.appsec.enabled

processor = create_processor(settings)

# We want to always instrument user events when AppSec is enabled.
# There could be cases in which users use the DD_APPSEC_ENABLED Env variable to
# enable AppSec, in that case, Devise is already instrumented.
# In the case that users do not use DD_APPSEC_ENABLED, we have to instrument it,
# hence the lines above.

devise_integration = Datadog::AppSec::Contrib::Devise::Integration.new
settings.appsec.instrument(:devise) unless devise_integration.patcher.patched?

Expand All @@ -32,6 +32,10 @@ def create_processor(settings)
rules = AppSec::Processor::RuleLoader.load_rules(ruleset: settings.appsec.ruleset)
return nil unless rules

actions = rules['actions']

AppSec::Processor::Actions.merge(actions) if actions

data = AppSec::Processor::RuleLoader.load_data(
ip_denylist: settings.appsec.ip_denylist,
user_id_denylist: settings.appsec.user_id_denylist
Expand Down
80 changes: 80 additions & 0 deletions spec/datadog/appsec/component_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,86 @@
expect(component.processor).to be_nil
end
end

context 'when static rules have actions defined' do
it 'calls Datadog::AppSec::Processor::Actions.merge' do
actions = [
{
'id' => 'block',
'type' => 'block_request',
'parameters' => {
'type' => 'auto',
'status_code' => 403,

}
}
]
ruleset =
{
'version' => '2.2',
'rules' => [{
'conditions' => [{
'operator' => 'ip_match',
'parameters' => {
'data' => 'blocked_ips',
'inputs' => [{
'address' => 'http.client_ip'
}]
}
}],
'id' => 'blk-001-001',
'name' => 'Block IP Addresses',
'on_match' => ['block'],
'tags' => {
'category' => 'security_response', 'type' => 'block_ip'
},
'transformers' => []
}],
'actions' => actions
}

expect(Datadog::AppSec::Processor::Actions).to receive(:merge).with(actions)
expect(Datadog::AppSec::Processor::RuleLoader).to receive(:load_rules).and_return(ruleset)

component = described_class.build_appsec_component(settings)

expect(component.processor).to be_a(Datadog::AppSec::Processor)
end
end

context 'when static rules do not have actions defined' do
it 'calls Datadog::AppSec::Processor::Actions.merge' do
ruleset =
{
'version' => '2.2',
'rules' => [{
'conditions' => [{
'operator' => 'ip_match',
'parameters' => {
'data' => 'blocked_ips',
'inputs' => [{
'address' => 'http.client_ip'
}]
}
}],
'id' => 'blk-001-001',
'name' => 'Block IP Addresses',
'on_match' => ['block'],
'tags' => {
'category' => 'security_response', 'type' => 'block_ip'
},
'transformers' => []
}],
}

expect(Datadog::AppSec::Processor::Actions).to_not receive(:merge)
expect(Datadog::AppSec::Processor::RuleLoader).to receive(:load_rules).and_return(ruleset)

component = described_class.build_appsec_component(settings)

expect(component.processor).to be_a(Datadog::AppSec::Processor)
end
end
end

context 'when appsec is not enabled' do
Expand Down

0 comments on commit bddb865

Please sign in to comment.