Module: Datadog::AppSec::Monitor::Gateway::Watcher

Defined in:
lib/datadog/appsec/monitor/gateway/watcher.rb

Overview

Watcher for Apssec internal events

Class Method Summary collapse

Class Method Details

.watchObject 



12
13
14
15
16
 
# File 'lib/datadog/appsec/monitor/gateway/watcher.rb', line 12

def watch
  gateway = Instrumentation.gateway

  watch_user_id(gateway)
end

.watch_user_id(gateway = Instrumentation.gateway) ⇒ Object 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/datadog/appsec/monitor/gateway/watcher.rb', line 18

def watch_user_id(gateway = Instrumentation.gateway)
  gateway.watch('identity.set_user', :appsec) do |stack, user|
    context = Datadog::AppSec.active_context

    if user.id.nil? && user..nil?
      Datadog.logger.debug { 'AppSec: skipping WAF check because no user information was provided' }
      next stack.call(user)
    end

    persistent_data = {}
    persistent_data['usr.id'] = user.id if user.id
    persistent_data['usr.login'] = user. if user.

    result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)

    if result.match?
      Datadog::AppSec::Event.tag_and_keep!(context, result)

      context.events << {
        waf_result: result,
        trace: context.trace,
        span: context.span,
        user: user,
        actions: result.actions
      }

      Datadog::AppSec::ActionsHandler.handle(result.actions)
    end

    stack.call(user)
  end
end