Class: Datadog::AppSec::Component

Inherits:

Object

• Object
• Datadog::AppSec::Component

Defined in:

lib/datadog/appsec/component.rb

Overview

Core-pluggable component for AppSec

Instance Attribute Summary

• #processor ⇒ Object readonly

  Returns the value of attribute processor.

• #telemetry ⇒ Object readonly

  Returns the value of attribute telemetry.

Class Method Summary

• .build_appsec_component(settings, telemetry:) ⇒ Object

Instance Method Summary

• #initialize(processor, telemetry) ⇒ Component constructor

  A new instance of Component.

• #reconfigure(ruleset:, telemetry:) ⇒ Object
• #reconfigure_lock(&block) ⇒ Object
• #shutdown! ⇒ Object

Constructor Details

#initialize(processor, telemetry) ⇒ Component

Returns a new instance of Component.

# File 'lib/datadog/appsec/component.rb', line 87

def initialize(processor, telemetry)
  @processor = processor
  @telemetry = telemetry

  @mutex = Mutex.new
end

Instance Attribute Details

#processor ⇒ Object (readonly)

Returns the value of attribute processor.

# File 'lib/datadog/appsec/component.rb', line 85

def processor
  @processor
end

#telemetry ⇒ Object (readonly)

Returns the value of attribute telemetry.

# File 'lib/datadog/appsec/component.rb', line 85

def telemetry
  @telemetry
end

Class Method Details

.build_appsec_component(settings, telemetry:) ⇒ Object

# File 'lib/datadog/appsec/component.rb', line 13

def build_appsec_component(settings, telemetry:)
  return if !settings.respond_to?(:appsec) || !settings.appsec.enabled

  ffi_version = Gem.loaded_specs['ffi']&.version
  unless ffi_version
    Datadog.logger.warn('FFI gem is not loaded, AppSec will be disabled.')
    telemetry.error('AppSec: Component not loaded, due to missing FFI gem')

    return
  end

  if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.3') && ffi_version < Gem::Version.new('1.16.0')
    Datadog.logger.warn(
      'AppSec is not supported in Ruby versions above 3.3.0 when using `ffi` versions older than 1.16.0, ' \
      'and will be forcibly disabled due to a memory leak in `ffi`. ' \
      'Please upgrade your `ffi` version to 1.16.0 or higher.'
    )
    telemetry.error('AppSec: Component not loaded, ffi version is leaky with ruby > 3.3.0')

    return
  end

  processor = create_processor(settings, telemetry)

  # We want to always instrument user events when AppSec is enabled.
  # There could be cases in which users use the DD_APPSEC_ENABLED Env variable to
  # enable AppSec, in that case, Devise is already instrumented.
  # In the case that users do not use DD_APPSEC_ENABLED, we have to instrument it,
  # hence the lines above.
  devise_integration = Datadog::AppSec::Contrib::Devise::Integration.new
  settings.appsec.instrument(:devise) unless devise_integration.patcher.patched?

  new(processor, telemetry)
end

Instance Method Details

#reconfigure(ruleset:, telemetry:) ⇒ Object

# File 'lib/datadog/appsec/component.rb', line 94

def reconfigure(ruleset:, telemetry:)
  @mutex.synchronize do
    new_processor = Processor.new(ruleset: ruleset, telemetry: telemetry)

    if new_processor&.ready?
      old_processor = @processor

      @telemetry = telemetry
      @processor = new_processor

      old_processor&.finalize
    end
  end
end

#reconfigure_lock(&block) ⇒ Object

# File 'lib/datadog/appsec/component.rb', line 109

def reconfigure_lock(&block)
  @mutex.synchronize(&block)
end

#shutdown! ⇒ Object

# File 'lib/datadog/appsec/component.rb', line 113

def shutdown!
  @mutex.synchronize do
    if processor&.ready?
      processor.finalize
      @processor = nil
    end
  end
end