Module: Datadog::AppSec::Event
- Defined in:
- lib/datadog/appsec/event.rb
Overview
AppSec event
Constant Summary collapse
- DERIVATIVE_SCHEMA_KEY_PREFIX =
'_dd.appsec.s.'- DERIVATIVE_SCHEMA_MAX_COMPRESSED_SIZE =
25000- ALLOWED_REQUEST_HEADERS =
%w[ x-forwarded-for x-client-ip x-real-ip x-forwarded x-cluster-client-ip forwarded-for forwarded via true-client-ip content-length content-type content-encoding content-language host user-agent accept accept-encoding accept-language ].freeze
- ALLOWED_RESPONSE_HEADERS =
%w[ content-length content-type content-encoding content-language ].freeze
Class Method Summary collapse
Class Method Details
.record(context, request: nil, response: nil) ⇒ Object
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/datadog/appsec/event.rb', line 57 def record(context, request: nil, response: nil) return if context.events.empty? || context.span.nil? Datadog::AppSec::RateLimiter.thread_local.limit do context.events.group_by(&:trace).each do |trace, event_group| unless trace next Datadog.logger.debug do "AppSec: Cannot record event group with #{event_group.count} events because it has no trace" end end if event_group.any? { |event| event.attack? || event.schema? } trace.keep! trace[Tracing::Metadata::Ext::Distributed::TAG_DECISION_MAKER] = Tracing::Sampling::Ext::Decision::ASM context.span['_dd.origin'] = 'appsec' context.span.((request)) if request context.span.((response)) if response end context.span.((event_group)) end end end |
.tag_and_keep!(context, waf_result) ⇒ Object
42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/datadog/appsec/event.rb', line 42 def tag_and_keep!(context, waf_result) # We want to keep the trace in case of security event context.trace&.keep! if context.span if waf_result.actions.key?('block_request') || waf_result.actions.key?('redirect_request') context.span.set_tag('appsec.blocked', 'true') end context.span.set_tag('appsec.event', 'true') end (context.trace) end |