From 3c068ca1a2502001a47511618e9364adda6dbd37 Mon Sep 17 00:00:00 2001 From: Gustavo Caso Date: Tue, 14 Feb 2023 18:12:04 +0100 Subject: [PATCH] rack watch for user_id events --- .../appsec/contrib/rack/gateway/watcher.rb | 42 ++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/lib/datadog/appsec/contrib/rack/gateway/watcher.rb b/lib/datadog/appsec/contrib/rack/gateway/watcher.rb index f2f1751e334..25a09e483d0 100644 --- a/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +++ b/lib/datadog/appsec/contrib/rack/gateway/watcher.rb @@ -21,6 +21,7 @@ def watch watch_request(gateway) watch_response(gateway) watch_request_body(gateway) + watch_user_id(gateway) end def watch_request(gateway = Instrumentation.gateway) @@ -152,8 +153,47 @@ def watch_request_body(gateway = Instrumentation.gateway) end end + def watch_user_id(gateway = Instrumentation.gateway) + gateway.watch('identity.set_user', :appsec) do |stack, user| + block = false + event = nil + waf_context = Datadog::AppSec::Processor.current_context + + AppSec::Reactive::Operation.new('identity.set_user') do |op| + trace = active_trace + span = active_span - [ret, res] + Rack::Reactive::SetUser.subscribe(op, waf_context) do |result, _block| + if result.status == :match + # TODO: should this hash be an Event instance instead? + event = { + waf_result: result, + trace: trace, + span: span, + user: user, + actions: result.actions + } + + span.set_tag('appsec.event', 'true') if span + + waf_context.events << event + end + end + + _result, block = Rack::Reactive::SetUser.publish(op, user) + end + + next [nil, [[:block, event]]] if block + + ret, res = stack.call(request) + + if event + res ||= [] + res << [:monitor, event] + end + + [ret, res] + end end private