Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[APPSEC-55936] Remove Reactive::Operation #4138

Merged
merged 4 commits into from
Dec 12, 2024
Merged

[APPSEC-55936] Remove Reactive::Operation #4138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2279292
Remove use of Reactive::Operation in code
Strech Nov 21, 2024
5e3a4b0
Remove use of Reactive::Operation in specs
Strech Nov 21, 2024
c017af2
Merge branch 'master' into appsec-55936-remove-reactive-operation
Strech Nov 25, 2024
220c0a1
Merge branch 'master' into appsec-55936-remove-reactive-operation
Strech Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 14 additions & 16 deletions lib/datadog/appsec/contrib/graphql/gateway/watcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@

require 'json'
require_relative '../../../instrumentation/gateway'
require_relative '../../../reactive/engine'
require_relative '../reactive/multiplex'
require_relative '../../../reactive/operation'

module Datadog
module AppSec
Expand All @@ -24,26 +24,24 @@ def watch_multiplex(gateway = Instrumentation.gateway)
gateway.watch('graphql.multiplex', :appsec) do |stack, gateway_multiplex|
block = false
event = nil

scope = AppSec::Scope.active_scope
engine = AppSec::Reactive::Engine.new

if scope
AppSec::Reactive::Operation.new('graphql.multiplex') do |op|
GraphQL::Reactive::Multiplex.subscribe(op, scope.processor_context) do |result|
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
multiplex: gateway_multiplex,
actions: result.actions
}

Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end
GraphQL::Reactive::Multiplex.subscribe(engine, scope.processor_context) do |result|
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
multiplex: gateway_multiplex,
actions: result.actions
}

block = GraphQL::Reactive::Multiplex.publish(op, gateway_multiplex)
Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end

block = GraphQL::Reactive::Multiplex.publish(engine, gateway_multiplex)
end

next [nil, [[:block, event]]] if block
Expand Down
8 changes: 4 additions & 4 deletions lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,16 @@ module Multiplex
].freeze
private_constant :ADDRESSES

def self.publish(op, gateway_multiplex)
def self.publish(engine, gateway_multiplex)
catch(:block) do
op.publish('graphql.server.all_resolvers', gateway_multiplex.arguments)
engine.publish('graphql.server.all_resolvers', gateway_multiplex.arguments)

nil
end
end

def self.subscribe(op, waf_context)
op.subscribe(*ADDRESSES) do |*values|
def self.subscribe(engine, waf_context)
engine.subscribe(*ADDRESSES) do |*values|
Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
arguments = values[0]

Expand Down
121 changes: 55 additions & 66 deletions lib/datadog/appsec/contrib/rack/gateway/watcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# frozen_string_literal: true

require_relative '../../../instrumentation/gateway'
require_relative '../../../reactive/operation'
require_relative '../../../reactive/engine'
require_relative '../reactive/request'
require_relative '../reactive/request_body'
require_relative '../reactive/response'
Expand All @@ -25,32 +25,29 @@ def watch

def watch_request(gateway = Instrumentation.gateway)
gateway.watch('rack.request', :appsec) do |stack, gateway_request|
block = false
event = nil
scope = gateway_request.env[Datadog::AppSec::Ext::SCOPE_KEY]

AppSec::Reactive::Operation.new('rack.request') do |op|
Rack::Reactive::Request.subscribe(op, scope.processor_context) do |result|
if result.status == :match
# TODO: should this hash be an Event instance instead?
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
request: gateway_request,
actions: result.actions
}

# We want to keep the trace in case of security event
scope.trace.keep! if scope.trace
Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end
engine = AppSec::Reactive::Engine.new

Rack::Reactive::Request.subscribe(engine, scope.processor_context) do |result|
if result.status == :match
# TODO: should this hash be an Event instance instead?
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
request: gateway_request,
actions: result.actions
}

# We want to keep the trace in case of security event
scope.trace.keep! if scope.trace
Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end

block = Rack::Reactive::Request.publish(op, gateway_request)
end

block = Rack::Reactive::Request.publish(engine, gateway_request)
next [nil, [[:block, event]]] if block

ret, res = stack.call(gateway_request.request)
Expand All @@ -66,33 +63,29 @@ def watch_request(gateway = Instrumentation.gateway)

def watch_response(gateway = Instrumentation.gateway)
gateway.watch('rack.response', :appsec) do |stack, gateway_response|
block = false

event = nil
scope = gateway_response.scope

AppSec::Reactive::Operation.new('rack.response') do |op|
Rack::Reactive::Response.subscribe(op, scope.processor_context) do |result|
if result.status == :match
# TODO: should this hash be an Event instance instead?
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
response: gateway_response,
actions: result.actions
}

# We want to keep the trace in case of security event
scope.trace.keep! if scope.trace
Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end
engine = AppSec::Reactive::Engine.new

Rack::Reactive::Response.subscribe(engine, scope.processor_context) do |result|
if result.status == :match
# TODO: should this hash be an Event instance instead?
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
response: gateway_response,
actions: result.actions
}

# We want to keep the trace in case of security event
scope.trace.keep! if scope.trace
Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end

block = Rack::Reactive::Response.publish(op, gateway_response)
end

block = Rack::Reactive::Response.publish(engine, gateway_response)
next [nil, [[:block, event]]] if block

ret, res = stack.call(gateway_response.response)
Expand All @@ -108,33 +101,29 @@ def watch_response(gateway = Instrumentation.gateway)

def watch_request_body(gateway = Instrumentation.gateway)
gateway.watch('rack.request.body', :appsec) do |stack, gateway_request|
block = false

event = nil
scope = gateway_request.env[Datadog::AppSec::Ext::SCOPE_KEY]

AppSec::Reactive::Operation.new('rack.request.body') do |op|
Rack::Reactive::RequestBody.subscribe(op, scope.processor_context) do |result|
if result.status == :match
# TODO: should this hash be an Event instance instead?
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
request: gateway_request,
actions: result.actions
}

# We want to keep the trace in case of security event
scope.trace.keep! if scope.trace
Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end
engine = AppSec::Reactive::Engine.new

Rack::Reactive::RequestBody.subscribe(engine, scope.processor_context) do |result|
if result.status == :match
# TODO: should this hash be an Event instance instead?
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
request: gateway_request,
actions: result.actions
}

# We want to keep the trace in case of security event
scope.trace.keep! if scope.trace
Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end

block = Rack::Reactive::RequestBody.publish(op, gateway_request)
end

block = Rack::Reactive::RequestBody.publish(engine, gateway_request)
next [nil, [[:block, event]]] if block

ret, res = stack.call(gateway_request.request)
Expand Down
18 changes: 9 additions & 9 deletions lib/datadog/appsec/contrib/rack/reactive/request.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,21 +17,21 @@ module Request
].freeze
private_constant :ADDRESSES

def self.publish(op, gateway_request)
def self.publish(engine, gateway_request)
catch(:block) do
op.publish('request.query', gateway_request.query)
op.publish('request.headers', gateway_request.headers)
op.publish('request.uri.raw', gateway_request.fullpath)
op.publish('request.cookies', gateway_request.cookies)
op.publish('request.client_ip', gateway_request.client_ip)
op.publish('server.request.method', gateway_request.method)
engine.publish('request.query', gateway_request.query)
engine.publish('request.headers', gateway_request.headers)
engine.publish('request.uri.raw', gateway_request.fullpath)
engine.publish('request.cookies', gateway_request.cookies)
engine.publish('request.client_ip', gateway_request.client_ip)
engine.publish('server.request.method', gateway_request.method)

nil
end
end

def self.subscribe(op, waf_context)
op.subscribe(*ADDRESSES) do |*values|
def self.subscribe(engine, waf_context)
engine.subscribe(*ADDRESSES) do |*values|
Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }

headers = values[0]
Expand Down
8 changes: 4 additions & 4 deletions lib/datadog/appsec/contrib/rack/reactive/request_body.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,17 @@ module RequestBody
].freeze
private_constant :ADDRESSES

def self.publish(op, gateway_request)
def self.publish(engine, gateway_request)
catch(:block) do
# params have been parsed from the request body
op.publish('request.body', gateway_request.form_hash)
engine.publish('request.body', gateway_request.form_hash)

nil
end
end

def self.subscribe(op, waf_context)
op.subscribe(*ADDRESSES) do |*values|
def self.subscribe(engine, waf_context)
engine.subscribe(*ADDRESSES) do |*values|
Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
body = values[0]

Expand Down
10 changes: 5 additions & 5 deletions lib/datadog/appsec/contrib/rack/reactive/response.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,17 @@ module Response
].freeze
private_constant :ADDRESSES

def self.publish(op, gateway_response)
def self.publish(engine, gateway_response)
catch(:block) do
op.publish('response.status', gateway_response.status)
op.publish('response.headers', gateway_response.headers)
engine.publish('response.status', gateway_response.status)
engine.publish('response.headers', gateway_response.headers)

nil
end
end

def self.subscribe(op, waf_context)
op.subscribe(*ADDRESSES) do |*values|
def self.subscribe(engine, waf_context)
engine.subscribe(*ADDRESSES) do |*values|
Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }

response_status = values[0]
Expand Down
38 changes: 17 additions & 21 deletions lib/datadog/appsec/contrib/rails/gateway/watcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# frozen_string_literal: true

require_relative '../../../instrumentation/gateway'
require_relative '../../../reactive/operation'
require_relative '../../../reactive/engine'
require_relative '../reactive/action'
require_relative '../../../event'

Expand All @@ -21,33 +21,29 @@ def watch

def watch_request_action(gateway = Instrumentation.gateway)
gateway.watch('rails.request.action', :appsec) do |stack, gateway_request|
block = false

event = nil
scope = gateway_request.env[Datadog::AppSec::Ext::SCOPE_KEY]
engine = AppSec::Reactive::Engine.new

AppSec::Reactive::Operation.new('rails.request.action') do |op|
Rails::Reactive::Action.subscribe(op, scope.processor_context) do |result|
if result.status == :match
# TODO: should this hash be an Event instance instead?
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
request: gateway_request,
actions: result.actions
}
Rails::Reactive::Action.subscribe(engine, scope.processor_context) do |result|
if result.status == :match
# TODO: should this hash be an Event instance instead?
event = {
waf_result: result,
trace: scope.trace,
span: scope.service_entry_span,
request: gateway_request,
actions: result.actions
}

# We want to keep the trace in case of security event
scope.trace.keep! if scope.trace
Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end
# We want to keep the trace in case of security event
scope.trace.keep! if scope.trace
Datadog::AppSec::Event.tag_and_keep!(scope, result)
scope.processor_context.events << event
end

block = Rails::Reactive::Action.publish(op, gateway_request)
end

block = Rails::Reactive::Action.publish(engine, gateway_request)
next [nil, [[:block, event]]] if block

ret, res = stack.call(gateway_request.request)
Expand Down
10 changes: 5 additions & 5 deletions lib/datadog/appsec/contrib/rails/reactive/action.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,18 @@ module Action
].freeze
private_constant :ADDRESSES

def self.publish(op, gateway_request)
def self.publish(engine, gateway_request)
catch(:block) do
# params have been parsed from the request body
op.publish('rails.request.body', gateway_request.parsed_body)
op.publish('rails.request.route_params', gateway_request.route_params)
engine.publish('rails.request.body', gateway_request.parsed_body)
engine.publish('rails.request.route_params', gateway_request.route_params)

nil
end
end

def self.subscribe(op, waf_context)
op.subscribe(*ADDRESSES) do |*values|
def self.subscribe(engine, waf_context)
engine.subscribe(*ADDRESSES) do |*values|
Datadog.logger.debug { "reacted to #{ADDRESSES.inspect}: #{values.inspect}" }
body = values[0]
path_params = values[1]
Expand Down
Loading
Loading