Class: Datadog::AppSec::SecurityEvent

Inherits:

Object

• Object
• Datadog::AppSec::SecurityEvent

Defined in:

lib/datadog/appsec/security_event.rb

Overview

A class that represents a security event of any kind. It could be an event representing an attack or fingerprinting results as derivatives or an API security check with extracted schema.

Constant Summary

SCHEMA_KEY_PREFIX =

'_dd.appsec.s.'

FINGERPRINT_KEY_PREFIX =

'_dd.appsec.fp.'

Instance Attribute Summary

• #span ⇒ Object readonly

  Returns the value of attribute span.

• #trace ⇒ Object readonly

  Returns the value of attribute trace.

• #waf_result ⇒ Object readonly

  Returns the value of attribute waf_result.

Instance Method Summary

• #attack? ⇒ Boolean
• #fingerprint? ⇒ Boolean
• #initialize(waf_result, trace:, span:) ⇒ SecurityEvent constructor

  A new instance of SecurityEvent.

• #schema? ⇒ Boolean

Constructor Details

#initialize(waf_result, trace:, span:) ⇒ SecurityEvent

Returns a new instance of SecurityEvent.

# File 'lib/datadog/appsec/security_event.rb', line 14

def initialize(waf_result, trace:, span:)
  @waf_result = waf_result
  @trace = trace
  @span = span
end

Instance Attribute Details

#span ⇒ Object (readonly)

Returns the value of attribute span.

# File 'lib/datadog/appsec/security_event.rb', line 12

def span
  @span
end

#trace ⇒ Object (readonly)

Returns the value of attribute trace.

# File 'lib/datadog/appsec/security_event.rb', line 12

def trace
  @trace
end

#waf_result ⇒ Object (readonly)

Returns the value of attribute waf_result.

# File 'lib/datadog/appsec/security_event.rb', line 12

def waf_result
  @waf_result
end

Instance Method Details

#attack? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/datadog/appsec/security_event.rb', line 20

def attack?
  return @is_attack if defined?(@is_attack)

  @is_attack = @waf_result.is_a?(SecurityEngine::Result::Match)
end

#fingerprint? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/datadog/appsec/security_event.rb', line 32

def fingerprint?
  return @has_fingerprint if defined?(@has_fingerprint)

  @has_fingerprint = @waf_result.derivatives.any? { |name, _| name.start_with?(FINGERPRINT_KEY_PREFIX) }
end

#schema? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/datadog/appsec/security_event.rb', line 26

def schema?
  return @has_schema if defined?(@has_schema)

  @has_schema = @waf_result.derivatives.any? { |name, _| name.start_with?(SCHEMA_KEY_PREFIX) }
end