Module: Datadog::AppSec::Processor::RuleLoader

Defined in:
lib/datadog/appsec/processor/rule_loader.rb

Overview

RuleLoader utility modules that load appsec rules and data from settings

Class Method Summary collapse

Class Method Details

.load_data(ip_denylist: [], user_id_denylist: []) ⇒ Object 



42
43
44
45
46
47
48
 
# File 'lib/datadog/appsec/processor/rule_loader.rb', line 42

def load_data(ip_denylist: [], user_id_denylist: [])
  data = []
  data << [denylist_data('blocked_ips', ip_denylist)] if ip_denylist.any?
  data << [denylist_data('blocked_users', user_id_denylist)] if user_id_denylist.any?

  data
end

.load_exclusions(ip_passlist: []) ⇒ Object 



50
51
52
53
54
55
 
# File 'lib/datadog/appsec/processor/rule_loader.rb', line 50

def load_exclusions(ip_passlist: [])
  exclusions = []
  exclusions << [passlist_exclusions(ip_passlist)] if ip_passlist.any?

  exclusions
end

.load_rules(ruleset:, telemetry:) ⇒ Object 



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/datadog/appsec/processor/rule_loader.rb', line 12

def load_rules(ruleset:, telemetry:)
  case ruleset
  when :recommended, :strict
    JSON.parse(Datadog::AppSec::Assets.waf_rules(ruleset))
  when :risky
    Datadog.logger.warn(
      'The :risky Application Security Management ruleset has been deprecated and no longer available.' \
      'The `:recommended` ruleset will be used instead.' \
      'Please remove the `appsec.ruleset = :risky` setting from your Datadog.configure block.'
    )
    JSON.parse(Datadog::AppSec::Assets.waf_rules(:recommended))
  when String
    JSON.parse(File.read(File.expand_path(ruleset)))
  when File, StringIO
    JSON.parse(ruleset.read || '').tap { ruleset.rewind }
  when Hash
    ruleset
  else
    raise ArgumentError, "unsupported value for ruleset setting: #{ruleset.inspect}"
  end
rescue => e
  Datadog.logger.error do
    "libddwaf ruleset failed to load, ruleset: #{ruleset.inspect} error: #{e.inspect}"
  end

  telemetry.report(e, description: 'libddwaf ruleset failed to load')

  nil
end