Module: Datadog::AppSec::Processor::RuleLoader

Defined in:

lib/datadog/appsec/processor/rule_loader.rb

Overview

RuleLoader utility modules that load appsec rules and data from settings

Class Method Summary

• .load_data(ip_denylist: [], user_id_denylist: []) ⇒ Object
• .load_rules(ruleset:) ⇒ Object

Class Method Details

.load_data(ip_denylist: [], user_id_denylist: []) ⇒ Object

# File 'lib/datadog/appsec/processor/rule_loader.rb', line 42

def load_data(ip_denylist: [], user_id_denylist: [])
  data = []
  data << { 'rules_data' => [denylist_data('blocked_ips', ip_denylist)] } if ip_denylist.any?
  data << { 'rules_data' => [denylist_data('blocked_users', user_id_denylist)] } if user_id_denylist.any?

  data.any? ? data : nil
end

.load_rules(ruleset:) ⇒ Object

# File 'lib/datadog/appsec/processor/rule_loader.rb', line 12

def load_rules(ruleset:)
  begin
    case ruleset
    when :recommended, :strict
      JSON.parse(Datadog::AppSec::Assets.waf_rules(ruleset))
    when :risky
      Datadog.logger.warn(
        'The :risky Application Security Management ruleset has been deprecated and no longer available.'\
        'The `:recommended` ruleset will be used instead.'\
        'Please remove the `appsec.ruleset = :risky` setting from your Datadog.configure block.'
      )
      JSON.parse(Datadog::AppSec::Assets.waf_rules(:recommended))
    when String
      JSON.parse(File.read(File.expand_path(ruleset)))
    when File, StringIO
      JSON.parse(ruleset.read || '').tap { ruleset.rewind }
    when Hash
      ruleset
    else
      raise ArgumentError, "unsupported value for ruleset setting: #{ruleset.inspect}"
    end
  rescue StandardError => e
    Datadog.logger.error do
      "libddwaf ruleset failed to load, ruleset: #{ruleset.inspect} error: #{e.inspect}"
    end

    nil
  end
end