Use new capabilities helper

DataDog · Sep 12, 2024 · 3532ae2 · 3532ae2
1 parent 3afbc29
commit 3532ae2
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 23 deletions.
diff --git a/tracer/src/Datadog.Trace/AppSec/AttackerFingerprint/AttackerFingerprintHelper.cs b/tracer/src/Datadog.Trace/AppSec/AttackerFingerprint/AttackerFingerprintHelper.cs
@@ -14,7 +14,6 @@ namespace Datadog.Trace.AppSec.AttackerFingerprint;
 
 internal static class AttackerFingerprintHelper
 {
-    public const string MinimumWAFVersion = "1.19.0";
     private static readonly IDatadogLogger Log = DatadogLogging.GetLoggerFor(typeof(AttackerFingerprintHelper));
     private static readonly Dictionary<string, object> _fingerprintRequest = new() { { AddressesConstants.WafContextProcessor, new Dictionary<string, object> { { "fingerprint", true } } } };
 

diff --git a/tracer/src/Datadog.Trace/AppSec/Security.cs b/tracer/src/Datadog.Trace/AppSec/Security.cs
@@ -504,11 +504,10 @@ private void SetRemoteConfigCapabilites()
             rcm.SetCapability(RcmCapabilitiesIndices.AsmRaspShi, _settings.RaspEnabled && _noLocalRules && WafSupportsCapability(RcmCapabilitiesIndices.AsmRaspShi));
             rcm.SetCapability(RcmCapabilitiesIndices.AsmRaspSqli, _settings.RaspEnabled && _noLocalRules && WafSupportsCapability(RcmCapabilitiesIndices.AsmRaspSqli));
             rcm.SetCapability(RcmCapabilitiesIndices.AsmExclusionData, _noLocalRules && WafSupportsCapability(RcmCapabilitiesIndices.AsmExclusionData));
-            var fingerPrintSupported = WafVersionEqualOrAbove(AttackerFingerprintHelper.MinimumWAFVersion);
-            rcm.SetCapability(RcmCapabilitiesIndices.AsmEnpointFingerprint, _noLocalRules && fingerPrintSupported);
-            rcm.SetCapability(RcmCapabilitiesIndices.AsmHeaderFingerprint, _noLocalRules && fingerPrintSupported);
-            rcm.SetCapability(RcmCapabilitiesIndices.AsmNetworkFingerprint, _noLocalRules && fingerPrintSupported);
-            rcm.SetCapability(RcmCapabilitiesIndices.AsmSessionFingerprint, _noLocalRules && fingerPrintSupported);
+            rcm.SetCapability(RcmCapabilitiesIndices.AsmEnpointFingerprint, _noLocalRules && WafSupportsCapability(RcmCapabilitiesIndices.AsmEnpointFingerprint));
+            rcm.SetCapability(RcmCapabilitiesIndices.AsmHeaderFingerprint, _noLocalRules && WafSupportsCapability(RcmCapabilitiesIndices.AsmHeaderFingerprint));
+            rcm.SetCapability(RcmCapabilitiesIndices.AsmNetworkFingerprint, _noLocalRules && WafSupportsCapability(RcmCapabilitiesIndices.AsmNetworkFingerprint));
+            rcm.SetCapability(RcmCapabilitiesIndices.AsmSessionFingerprint, _noLocalRules && WafSupportsCapability(RcmCapabilitiesIndices.AsmSessionFingerprint));
             // follows a different pattern to rest of ASM remote config, if available it's the RC value
             // that takes precedence. This follows what other products do.
             rcm.SetCapability(RcmCapabilitiesIndices.AsmAutoUserInstrumentationMode, true);
@@ -519,23 +518,6 @@ private bool WafSupportsCapability(BigInteger capability)
             return RCMCapabilitiesHelper.WafSupportsCapability(capability, _waf?.Version);
         }
 
-        private bool WafVersionEqualOrAbove(string version)
-        {
-            if (string.IsNullOrWhiteSpace(version))
-            {
-                return false;
-            }
-
-            var currentVersion = _waf?.Version;
-
-            if (string.IsNullOrWhiteSpace(currentVersion))
-            {
-                return false;
-            }
-
-            return Version.Parse(currentVersion) >= Version.Parse(version);
-        }
-
         private void InitWafAndInstrumentations(bool configurationFromRcm = false)
         {
             // initialization of WafLibraryInvoker

diff --git a/tracer/src/Datadog.Trace/AppSec/Waf/RCMCapabilitiesHelper.cs b/tracer/src/Datadog.Trace/AppSec/Waf/RCMCapabilitiesHelper.cs
@@ -24,6 +24,10 @@ internal static class RCMCapabilitiesHelper
         { RcmCapabilitiesIndices.AsmRaspSsrf, new Version(2, 51) },
         { RcmCapabilitiesIndices.AsmRaspShi, new Version(3, 2) },
         { RcmCapabilitiesIndices.AsmExclusionData, new Version(3, 2) },
+        { RcmCapabilitiesIndices.AsmEnpointFingerprint, new Version(1, 19) },
+        { RcmCapabilitiesIndices.AsmHeaderFingerprint, new Version(1, 19) },
+        { RcmCapabilitiesIndices.AsmNetworkFingerprint, new Version(1, 19) },
+        { RcmCapabilitiesIndices.AsmSessionFingerprint, new Version(1, 19) },
     };
 
     internal static bool WafSupportsCapability(BigInteger capability, string? wafVersion)