diff --git a/lib/datadog/appsec/contrib/rack/gateway/watcher.rb b/lib/datadog/appsec/contrib/rack/gateway/watcher.rb index b4741d7be5..241acdaa16 100644 --- a/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +++ b/lib/datadog/appsec/contrib/rack/gateway/watcher.rb @@ -26,8 +26,8 @@ def self.watch trace = active_trace span = active_span - Rack::Reactive::Request.subscribe(op, waf_context) do |action, result, _block| - record = [:block, :monitor].include?(action) + Rack::Reactive::Request.subscribe(op, waf_context) do |result, _block| + record = [:match].include?(result.status) if record # TODO: should this hash be an Event instance instead? event = { @@ -42,7 +42,7 @@ def self.watch end end - _action, _result, block = Rack::Reactive::Request.publish(op, request) + _result, block = Rack::Reactive::Request.publish(op, request) end next [nil, [[:block, event]]] if block @@ -66,8 +66,8 @@ def self.watch trace = active_trace span = active_span - Rack::Reactive::Response.subscribe(op, waf_context) do |action, result, _block| - record = [:block, :monitor].include?(action) + Rack::Reactive::Response.subscribe(op, waf_context) do |result, _block| + record = [:match].include?(result.status) if record # TODO: should this hash be an Event instance instead? event = { @@ -82,7 +82,7 @@ def self.watch end end - _action, _result, block = Rack::Reactive::Response.publish(op, response) + _result, block = Rack::Reactive::Response.publish(op, response) end next [nil, [[:block, event]]] if block @@ -107,7 +107,7 @@ def self.watch span = active_span Rack::Reactive::RequestBody.subscribe(op, waf_context) do |action, result, _block| - record = [:block, :monitor].include?(action) + record = [:match].include?(result.status) if record # TODO: should this hash be an Event instance instead? event = { @@ -122,7 +122,7 @@ def self.watch end end - _action, _result, block = Rack::Reactive::RequestBody.publish(op, request) + _result, block = Rack::Reactive::RequestBody.publish(op, request) end next [nil, [[:block, event]]] if block diff --git a/lib/datadog/appsec/contrib/rack/reactive/request.rb b/lib/datadog/appsec/contrib/rack/reactive/request.rb index eeac0cea35..abaa5761c5 100644 --- a/lib/datadog/appsec/contrib/rack/reactive/request.rb +++ b/lib/datadog/appsec/contrib/rack/reactive/request.rb @@ -54,20 +54,20 @@ def self.subscribe(op, waf_context) } waf_timeout = Datadog::AppSec.settings.waf_timeout - action, result = waf_context.run(waf_args, waf_timeout) + result = waf_context.run(waf_args, waf_timeout) Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - # TODO: encapsulate return array in a type - case action - when :monitor + case result.status + when :match Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, false] - when :block - Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, true] - throw(:block, [action, result, true]) - when :good + + block = result.actions.include?('block') + + yield [result, block] + + throw(:block, [result, true]) if block + when :ok Datadog.logger.debug { "WAF OK: #{result.inspect}" } when :invalid_call Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } diff --git a/lib/datadog/appsec/contrib/rack/reactive/request_body.rb b/lib/datadog/appsec/contrib/rack/reactive/request_body.rb index b9d6614954..8057ce4cf3 100644 --- a/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +++ b/lib/datadog/appsec/contrib/rack/reactive/request_body.rb @@ -32,20 +32,20 @@ def self.subscribe(op, waf_context) } waf_timeout = Datadog::AppSec.settings.waf_timeout - action, result = waf_context.run(waf_args, waf_timeout) + result = waf_context.run(waf_args, waf_timeout) Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - # TODO: encapsulate return array in a type - case action - when :monitor + case result.status + when :match Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, false] - when :block - Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, true] - throw(:block, [action, result, true]) - when :good + + block = result.actions.include?('block') + + yield [result, block] + + throw(:block, [result, true]) if block + when :ok Datadog.logger.debug { "WAF OK: #{result.inspect}" } when :invalid_call Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } diff --git a/lib/datadog/appsec/contrib/rack/reactive/response.rb b/lib/datadog/appsec/contrib/rack/reactive/response.rb index a1d8e95582..6fd15055c1 100644 --- a/lib/datadog/appsec/contrib/rack/reactive/response.rb +++ b/lib/datadog/appsec/contrib/rack/reactive/response.rb @@ -32,20 +32,20 @@ def self.subscribe(op, waf_context) } waf_timeout = Datadog::AppSec.settings.waf_timeout - action, result = waf_context.run(waf_args, waf_timeout) + result = waf_context.run(waf_args, waf_timeout) Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - # TODO: encapsulate return array in a type - case action - when :monitor + case result.status + when :match Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, false] - when :block - Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, true] - throw(:block, [action, result, true]) - when :good + + block = result.actions.include?('block') + + yield [result, block] + + throw(:block, [result, true]) if block + when :ok Datadog.logger.debug { "WAF OK: #{result.inspect}" } when :invalid_call Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } diff --git a/lib/datadog/appsec/contrib/rails/gateway/watcher.rb b/lib/datadog/appsec/contrib/rails/gateway/watcher.rb index c8fcdfc5ea..6c781a4247 100644 --- a/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +++ b/lib/datadog/appsec/contrib/rails/gateway/watcher.rb @@ -22,8 +22,8 @@ def self.watch trace = active_trace span = active_span - Rails::Reactive::Action.subscribe(op, waf_context) do |action, result, _block| - record = [:block, :monitor].include?(action) + Rails::Reactive::Action.subscribe(op, waf_context) do |result, _block| + record = [:match].include?(result[:code]) if record # TODO: should this hash be an Event instance instead? event = { @@ -38,7 +38,7 @@ def self.watch end end - _action, _result, block = Rails::Reactive::Action.publish(op, request) + _result, block = Rails::Reactive::Action.publish(op, request) end next [nil, [[:block, event]]] if block diff --git a/lib/datadog/appsec/contrib/rails/reactive/action.rb b/lib/datadog/appsec/contrib/rails/reactive/action.rb index 4d00c5676e..6efcf519df 100644 --- a/lib/datadog/appsec/contrib/rails/reactive/action.rb +++ b/lib/datadog/appsec/contrib/rails/reactive/action.rb @@ -36,20 +36,20 @@ def self.subscribe(op, waf_context) } waf_timeout = Datadog::AppSec.settings.waf_timeout - action, result = waf_context.run(waf_args, waf_timeout) + _code, result = waf_context.run(waf_args, waf_timeout) Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - # TODO: encapsulate return array in a type - case action - when :monitor + case result[:code] + when :match Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, false] - when :block - Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, true] - throw(:block, [action, result, true]) - when :good + + block = result.actions.include?('block') + + yield [result, block] + + throw(:block, [result, true]) if block + when :ok Datadog.logger.debug { "WAF OK: #{result.inspect}" } when :invalid_call Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" } diff --git a/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb b/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb index b975a1d0c6..bb291aa9b0 100644 --- a/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +++ b/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb @@ -24,8 +24,8 @@ def self.watch trace = active_trace span = active_span - Rack::Reactive::RequestBody.subscribe(op, waf_context) do |action, result, _block| - record = [:block, :monitor].include?(action) + Rack::Reactive::RequestBody.subscribe(op, waf_context) do |result, _block| + record = [:match].include?(result[:code]) if record # TODO: should this hash be an Event instance instead? event = { @@ -40,7 +40,7 @@ def self.watch end end - _action, _result, block = Rack::Reactive::RequestBody.publish(op, request) + _result, block = Rack::Reactive::RequestBody.publish(op, request) end next [nil, [[:block, event]]] if block @@ -64,8 +64,8 @@ def self.watch trace = active_trace span = active_span - Sinatra::Reactive::Routed.subscribe(op, waf_context) do |action, result, _block| - record = [:block, :monitor].include?(action) + Sinatra::Reactive::Routed.subscribe(op, waf_context) do |result, _block| + record = [:match].include?(result[:code]) if record # TODO: should this hash be an Event instance instead? event = { @@ -80,7 +80,7 @@ def self.watch end end - _action, _result, block = Sinatra::Reactive::Routed.publish(op, [request, route_params]) + _result, block = Sinatra::Reactive::Routed.publish(op, [request, route_params]) end next [nil, [[:block, event]]] if block diff --git a/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb b/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb index fe89e20fe1..b871702e44 100644 --- a/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +++ b/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb @@ -31,20 +31,20 @@ def self.subscribe(op, waf_context) } waf_timeout = Datadog::AppSec.settings.waf_timeout - action, result = waf_context.run(waf_args, waf_timeout) + _code, result = waf_context.run(waf_args, waf_timeout) Datadog.logger.debug { "WAF TIMEOUT: #{result.inspect}" } if result.timeout - # TODO: encapsulate return array in a type - case action - when :monitor + case result[:code] + when :match Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, false] - when :block - Datadog.logger.debug { "WAF: #{result.inspect}" } - yield [action, result, true] - throw(:block, [action, result, true]) - when :good + + block = result.actions.include?('block') + + yield [result, block] + + throw(:block, [result, true]) if block + when :ok Datadog.logger.debug { "WAF OK: #{result.inspect}" } when :invalid_call Datadog.logger.debug { "WAF CALL ERROR: #{result.inspect}" }