Module: Datadog::AppSec::Contrib::Sinatra::Gateway::Watcher

Defined in:
lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb

Overview

Watcher for Sinatra gateway events

Class Method Summary collapse

Class Method Details

.watchObject 



15
16
17
18
19
20
 
# File 'lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb', line 15

def watch
  gateway = Instrumentation.gateway

  watch_request_dispatch(gateway)
  watch_request_routed(gateway)
end

.watch_request_dispatch(gateway = Instrumentation.gateway) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb', line 22

def watch_request_dispatch(gateway = Instrumentation.gateway)
  gateway.watch('sinatra.request.dispatch', :appsec) do |stack, gateway_request|
    context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]

    persistent_data = {
      'server.request.body' => gateway_request.form_hash
    }

    result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)

    if result.match? || !result.derivatives.empty?
      context.events.push(
        AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
      )
    end

    if result.match?
      AppSec::Event.tag_and_keep!(context, result)
      AppSec::ActionsHandler.handle(result.actions)
    end

    stack.call(gateway_request.request)
  end
end

.watch_request_routed(gateway = Instrumentation.gateway) ⇒ Object 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb', line 47

def watch_request_routed(gateway = Instrumentation.gateway)
  gateway.watch('sinatra.request.routed', :appsec) do |stack, (gateway_request, gateway_route_params)|
    context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]

    persistent_data = {
      'server.request.path_params' => gateway_route_params.params
    }

    result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)

    if result.match?
      AppSec::Event.tag_and_keep!(context, result)

      context.events.push(
        AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
      )

      AppSec::ActionsHandler.handle(result.actions)
    end

    stack.call(gateway_request.request)
  end
end