Module: Datadog::AppSec::ActionsHandler

Defined in:

lib/datadog/appsec/actions_handler.rb,
lib/datadog/appsec/actions_handler/serializable_backtrace.rb

Overview

this module encapsulates functions for handling actions that libddawf returns

Defined Under Namespace

Classes: SerializableBacktrace

Class Method Summary

• .generate_schema(_action_params) ⇒ Object
• .generate_stack(action_params) ⇒ Object
• .handle(actions_hash) ⇒ Object
• .interrupt_execution(action_params) ⇒ Object

Class Method Details

.generate_schema(_action_params) ⇒ Object

# File 'lib/datadog/appsec/actions_handler.rb', line 45

def generate_schema(_action_params); end

.generate_stack(action_params) ⇒ Object

# File 'lib/datadog/appsec/actions_handler.rb', line 24

def generate_stack(action_params)
  return unless Datadog.configuration.appsec.stack_trace.enabled

  stack_id = action_params['stack_id']
  return unless stack_id

  active_span = AppSec.active_context&.span
  return unless active_span

  event_category = Ext::EXPLOIT_PREVENTION_EVENT_CATEGORY
  tag_key = Ext::TAG_METASTRUCT_STACK_TRACE

  existing_stack_data = active_span.get_metastruct_tag(tag_key).dup || { event_category => [] }
  max_stack_traces = Datadog.configuration.appsec.stack_trace.max_stack_traces
  return if max_stack_traces != 0 && existing_stack_data[event_category].count >= max_stack_traces

  backtrace = SerializableBacktrace.new(locations: Array(caller_locations), stack_id: stack_id)
  existing_stack_data[event_category] << backtrace
  active_span.set_metastruct_tag(tag_key, existing_stack_data)
end

.handle(actions_hash) ⇒ Object

# File 'lib/datadog/appsec/actions_handler.rb', line 11

def handle(actions_hash)
  # handle actions according their precedence
  # stack and schema generation should be done before we throw an interrupt signal
  generate_stack(actions_hash['generate_stack']) if actions_hash.key?('generate_stack')
  generate_schema(actions_hash['generate_schema']) if actions_hash.key?('generate_schema')
  interrupt_execution(actions_hash['redirect_request']) if actions_hash.key?('redirect_request')
  interrupt_execution(actions_hash['block_request']) if actions_hash.key?('block_request')
end

.interrupt_execution(action_params) ⇒ Object

# File 'lib/datadog/appsec/actions_handler.rb', line 20

def interrupt_execution(action_params)
  throw(Datadog::AppSec::Ext::INTERRUPT, action_params)
end