Skip to content

Commit

Permalink
appsec: missing SQLi and LFI RC capabilities (#2851)
Browse files Browse the repository at this point in the history
Signed-off-by: Eliott Bouhana <[email protected]>
  • Loading branch information
eliottness authored Sep 10, 2024
1 parent 4b164f8 commit 4574919
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 4 deletions.
10 changes: 9 additions & 1 deletion internal/appsec/remoteconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (

"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/config"
"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
"gopkg.in/DataDog/dd-trace-go.v1/internal/orchestrion"
"gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig"

internal "github.com/DataDog/appsec-internal-go/appsec"
Expand Down Expand Up @@ -409,7 +410,14 @@ func (a *appsec) enableRASP() {
if err := remoteconfig.RegisterCapability(remoteconfig.ASMRASPSSRF); err != nil {
log.Debug("appsec: Remote config: couldn't register RASP SSRF: %v", err)
}
// TODO: register other RASP capabilities when supported
if err := remoteconfig.RegisterCapability(remoteconfig.ASMRASPSQLI); err != nil {
log.Debug("appsec: Remote config: couldn't register RASP SQLI: %v", err)
}
if orchestrion.Enabled() {
if err := remoteconfig.RegisterCapability(remoteconfig.ASMRASPLFI); err != nil {
log.Debug("appsec: Remote config: couldn't register RASP LFI: %v", err)
}
}
}

func (a *appsec) disableRCBlocking() {
Expand Down
18 changes: 15 additions & 3 deletions internal/remoteconfig/remoteconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,14 +70,26 @@ const (
APMTracingHTTPHeaderTags
// APMTracingCustomTags enables APM client to set custom tags on all spans
APMTracingCustomTags
// ASMProcessorOverrides adds support for processor overrides through the ASM RC Product
ASMProcessorOverrides
// ASMCustomDataScanners adds support for custom data scanners through the ASM RC Product
ASMCustomDataScanners
// ASMExclusionData adds support configurable exclusion filter data from the ASM_DATA Product
ASMExclusionData
// APMTracingEnabled enables APM tracing
APMTracingEnabled
// APMTracingDataStreamsEnabled enables Data Streams Monitoring
APMTracingDataStreamsEnabled
// ASMRASPSQLI enables ASM support for runtime protection against SQL Injection attacks
ASMRASPSQLI
// ASMRASPLFI enables ASM support for runtime protection against Local File Inclusion attacks
ASMRASPLFI
// ASMRASPSSRF enables ASM support for runtime protection against SSRF attacks
ASMRASPSSRF = 23
ASMRASPSSRF
)

// Additional capability bit index values that are non-consecutive from above.
const (
// APMTracingEnabled enables APM tracing
APMTracingEnabled Capability = 19
// APMTracingSampleRules represents the sampling rate using matching rules from APM client libraries
APMTracingSampleRules = 29
)
Expand Down

0 comments on commit 4574919

Please sign in to comment.