Module: Datadog::AppSec::Remote

Defined in:
lib/datadog/appsec/remote.rb

Overview

Remote

Defined Under Namespace

Classes: NoRulesError, ReadError

Constant Summary collapse

CAP_ASM_ACTIVATION =

Remote activation via ASM_FEATURES product

1 << 1
CAP_ASM_IP_BLOCKING =

accept IP blocking data from ASM_DATA product

1 << 2
CAP_ASM_DD_RULES =

read ASM rules from ASM_DD product

1 << 3
CAP_ASM_EXCLUSIONS =

exclusion filters (passlist) via ASM product

1 << 4
CAP_ASM_REQUEST_BLOCKING =

can block on request info

1 << 5
CAP_ASM_RESPONSE_BLOCKING =

can block on response info

1 << 6
CAP_ASM_USER_BLOCKING =

accept user blocking data from ASM_DATA product

1 << 7
CAP_ASM_CUSTOM_RULES =

accept custom rules

1 << 8
CAP_ASM_CUSTOM_BLOCKING_RESPONSE =

supports custom http code or redirect sa blocking response

1 << 9
ASM_CAPABILITIES =

TODO: we need to dynamically add CAP_ASM_ACTIVATION once we support it

[
  CAP_ASM_IP_BLOCKING,
  CAP_ASM_USER_BLOCKING,
  CAP_ASM_CUSTOM_RULES,
  CAP_ASM_EXCLUSIONS,
  CAP_ASM_REQUEST_BLOCKING,
  CAP_ASM_RESPONSE_BLOCKING,
  CAP_ASM_DD_RULES,
].freeze
ASM_PRODUCTS = 
[
  'ASM_DD',       # Datadog employee issued configuration
  'ASM',          # customer issued configuration (rulesets, passlist...)
  'ASM_FEATURES', # capabilities
  'ASM_DATA',     # config files (IP addresses or users for blocking)
].freeze

Class Method Summary collapse

Class Method Details

.capabilitiesObject 



43
44
45
 
# File 'lib/datadog/appsec/remote.rb', line 43

def capabilities
  remote_features_enabled? ? ASM_CAPABILITIES : []
end

.productsObject 



47
48
49
 
# File 'lib/datadog/appsec/remote.rb', line 47

def products
  remote_features_enabled? ? ASM_PRODUCTS : []
end

.receiversObject

rubocop:disable Metrics/MethodLength



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/datadog/appsec/remote.rb', line 52

def receivers
  return [] unless remote_features_enabled?

  matcher = Core::Remote::Dispatcher::Matcher::Product.new(ASM_PRODUCTS)
  receiver = Core::Remote::Dispatcher::Receiver.new(matcher) do |repository, changes|
    changes.each do |change|
      Datadog.logger.debug { "remote config change: '#{change.path}'" }
    end

    rules = []
    data = []
    overrides = []
    exclusions = []

    asm_data_config_types = ['blocked_ips', 'blocked_users']
    asm_overrides_config_types = ['blocking', 'disabled_rules']

    repository.contents.each do |content|
      case content.path.product
      when 'ASM_DD'
        rules << parse_content(content)
      when 'ASM_DATA'
        data << parse_content(content) if asm_data_config_types.include?(content.path.config_id)
      when 'ASM'
        overrides << parse_content(content) if asm_overrides_config_types.include?(content.path.config_id)
        exclusions << parse_content(content) if content.path.config_id == 'exclusion_filters'
      end
    end

    if rules.empty?
      settings_rules = AppSec::Processor::RuleLoader.load_rules(ruleset: Datadog.configuration.appsec.ruleset)

      raise NoRulesError, 'no default rules available' unless settings_rules

      rules = [settings_rules]
    end

    ruleset = AppSec::Processor::RuleMerger.merge(
      rules: rules,
      data: data,
      overrides: overrides,
      exclusions: exclusions,
    )

    Datadog::AppSec.reconfigure(ruleset: ruleset)
  end

  [receiver]
end