config

package
v1.60.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2024 License: Apache-2.0, BSD-3-Clause, Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const EnvEnabled = "DD_APPSEC_ENABLED"

EnvEnabled is the env var used to enable/disable appsec

Variables

This section is empty.

Functions

func IsEnabled 

func IsEnabled() (enabled bool, set bool, err error)

IsEnabled returns true when appsec is enabled when the environment variable DD_APPSEC_ENABLED is set to true. It also returns whether the env var is actually set in the env or not.

Types

type ActionEntry 

type ActionEntry struct {
	ID         string `json:"id"`
	Type       string `json:"type"`
	Parameters struct {
		StatusCode     int    `json:"status_code"`
		GRPCStatusCode *int   `json:"grpc_status_code,omitempty"`
		Type           string `json:"type,omitempty"`
		Location       string `json:"location,omitempty"`
	} `json:"parameters,omitempty"`
}

ActionEntry represents an entry in the "actions" top level field of a rules file

type Config 

type Config struct {
	// rules loaded via the env var DD_APPSEC_RULES. When not set, the builtin rules will be used
	// and live-updated with remote configuration.
	RulesManager *RulesManager
	// Maximum WAF execution time
	WAFTimeout time.Duration
	// AppSec trace rate limit (traces per second).
	TraceRateLimit int64
	// Obfuscator configuration
	Obfuscator internal.ObfuscatorConfig
	// APISec configuration
	APISec internal.APISecConfig
	// RC is the remote configuration client used to receive product configuration updates. Nil if RC is disabled (default)
	RC *remoteconfig.ClientConfig
}

Config is the AppSec configuration.

func NewConfig 

func NewConfig() (*Config, error)

NewConfig returns a fresh appsec configuration read from the env

type RuleDataEntry 

type RuleDataEntry rc.ASMDataRuleData

RuleDataEntry represents an entry in the "rules_data" top level field of a rules file

type RulesData 

type RulesData struct {
	RulesData []RuleDataEntry `json:"rules_data"`
}

RulesData is a slice of RulesDataEntry

type RulesFragment 

type RulesFragment struct {
	Version     string          `json:"version,omitempty"`
	Metadata    interface{}     `json:"metadata,omitempty"`
	Rules       []interface{}   `json:"rules,omitempty"`
	Overrides   []interface{}   `json:"rules_override,omitempty"`
	Exclusions  []interface{}   `json:"exclusions,omitempty"`
	RulesData   []RuleDataEntry `json:"rules_data,omitempty"`
	Actions     []ActionEntry   `json:"actions,omitempty"`
	CustomRules []interface{}   `json:"custom_rules,omitempty"`
	Processors  []interface{}   `json:"processors,omitempty"`
	Scanners    []interface{}   `json:"scanners,omitempty"`
}

RulesFragment can represent a full ruleset or a fragment of it.

func DefaultRulesFragment 

func DefaultRulesFragment() RulesFragment

DefaultRulesFragment returns a RulesFragment created using the default static recommended rules

type RulesManager 

type RulesManager struct {
	Latest   RulesFragment
	Base     RulesFragment
	BasePath string
	Edits    map[string]RulesFragment
}

RulesManager is used to build a full rules file from a combination of rules fragments The `Base` fragment is the default rules (either local or received through ASM_DD), and the `Edits` fragments each represent a remote configuration update that affects the rules. `BasePath` is either empty if the local Base rules are used, or holds the path of the ASM_DD config.

func NewRulesManeger 

func NewRulesManeger(rules []byte) (*RulesManager, error)

NewRulesManeger initializes and returns a new RulesManager using the provided rules. If no rules are provided (nil), the default rules are used instead. If the provided rules are invalid, an error is returned

func (*RulesManager) AddEdit 

func (r *RulesManager) AddEdit(cfgPath string, f RulesFragment)

AddEdit appends the configuration to the map of edits in the rules manager

func (*RulesManager) ChangeBase 

func (r *RulesManager) ChangeBase(f RulesFragment, basePath string)

ChangeBase sets a new rules fragment base for the rules manager

func (*RulesManager) Clone 

func (r *RulesManager) Clone() (clone RulesManager)

Clone returns a duplicate of the current rules manager object

func (*RulesManager) Compile 

func (r *RulesManager) Compile()

Compile compiles the RulesManager fragments together stores the result in r.Latest

func (*RulesManager) Raw 

func (r *RulesManager) Raw() []byte

Raw returns a compact json version of the rules

func (*RulesManager) RemoveEdit 

func (r *RulesManager) RemoveEdit(cfgPath string)

RemoveEdit deletes the configuration associated to `cfgPath` in the edits slice

func (*RulesManager) String 

func (r *RulesManager) String() string

String returns the string representation of the Latest compiled json rules.

type StartOption 

type StartOption func(c *Config)

StartOption is used to customize the AppSec configuration when invoked with appsec.Start()

func WithRCConfig 

func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption

WithRCConfig sets the AppSec remote config client configuration to the specified cfg

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.