config

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 1, 2024 License: Apache-2.0, BSD-3-Clause, Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// EnvEnabled controls ASM Threats Protection's enablement.
	EnvEnabled = "DD_APPSEC_ENABLED"
	// EnvSCAEnabled controls ASM Software Composition Analysis (SCA)'s enablement.
	EnvSCAEnabled = "DD_APPSEC_SCA_ENABLED"
)

The following environment variables dictate the enablement of different the ASM products.

Variables

This section is empty.

Functions

func IsEnabled

func IsEnabled() (enabled bool, set bool, err error)

IsEnabled returns true when appsec is enabled by the environment variable DD_APPSEC_ENABLED (as of strconv's boolean parsing rules). When false, it also returns whether the env var was actually set or not. In case of a parsing error, it returns a detailed error.

Types

type AddressSet

type AddressSet map[string]struct{}

AddressSet is a set of WAF addresses.

func NewAddressSet

func NewAddressSet(addrs []string) AddressSet

func (AddressSet) AnyOf

func (set AddressSet) AnyOf(anyOf ...string) bool

AnyOf returns true if any of the addresses in the set are in the given list.

type Config

type Config struct {
	// rules loaded via the env var DD_APPSEC_RULES. When not set, the builtin rules will be used
	// and live-updated with remote configuration.
	RulesManager *RulesManager
	// Maximum WAF execution time
	WAFTimeout time.Duration
	// AppSec trace rate limit (traces per second).
	TraceRateLimit int64
	// Obfuscator configuration
	Obfuscator internal.ObfuscatorConfig
	// APISec configuration
	APISec internal.APISecConfig
	// RC is the remote configuration client used to receive product configuration updates. Nil if RC is disabled (default)
	RC   *remoteconfig.ClientConfig
	RASP bool
	// SupportedAddresses are the addresses that the AppSec listener will bind to.
	SupportedAddresses AddressSet
}

Config is the AppSec configuration.

func NewConfig

func NewConfig() (*Config, error)

NewConfig returns a fresh appsec configuration read from the env

type DataEntry

type DataEntry rc.ASMDataRuleData

DataEntry represents an entry in the "rules_data" top level field of a rules file

type RulesFragment

type RulesFragment struct {
	Version       string      `json:"version,omitempty"`
	Metadata      any         `json:"metadata,omitempty"`
	Rules         []any       `json:"rules,omitempty"`
	Overrides     []any       `json:"rules_override,omitempty"`
	Exclusions    []any       `json:"exclusions,omitempty"`
	ExclusionData []DataEntry `json:"exclusion_data,omitempty"`
	RulesData     []DataEntry `json:"rules_data,omitempty"`
	Actions       []any       `json:"actions,omitempty"`
	CustomRules   []any       `json:"custom_rules,omitempty"`
	Processors    []any       `json:"processors,omitempty"`
	Scanners      []any       `json:"scanners,omitempty"`
}

RulesFragment can represent a full ruleset or a fragment of it.

func DefaultRulesFragment

func DefaultRulesFragment() RulesFragment

DefaultRulesFragment returns a RulesFragment created using the default static recommended rules

type RulesManager

type RulesManager struct {
	Latest   RulesFragment
	Base     RulesFragment
	BasePath string
	Edits    map[string]RulesFragment
}

RulesManager is used to build a full rules file from a combination of rules fragments The `Base` fragment is the default rules (either local or received through ASM_DD), and the `Edits` fragments each represent a remote configuration update that affects the rules. `BasePath` is either empty if the local Base rules are used, or holds the path of the ASM_DD config.

func NewRulesManager

func NewRulesManager(rules []byte) (*RulesManager, error)

NewRulesManager initializes and returns a new RulesManager using the provided rules. If no rules are provided (nil), the default rules are used instead. If the provided rules are invalid, an error is returned

func (*RulesManager) AddEdit

func (r *RulesManager) AddEdit(cfgPath string, f RulesFragment)

AddEdit appends the configuration to the map of edits in the rules manager

func (*RulesManager) ChangeBase

func (r *RulesManager) ChangeBase(f RulesFragment, basePath string)

ChangeBase sets a new rules fragment base for the rules manager

func (*RulesManager) Clone

func (r *RulesManager) Clone() (clone RulesManager)

Clone returns a duplicate of the current rules manager object

func (*RulesManager) Compile

func (r *RulesManager) Compile()

Compile compiles the RulesManager fragments together stores the result in r.Latest

func (*RulesManager) Raw

func (r *RulesManager) Raw() []byte

Raw returns a compact json version of the rules

func (*RulesManager) RemoveEdit

func (r *RulesManager) RemoveEdit(cfgPath string)

RemoveEdit deletes the configuration associated to `cfgPath` in the edits slice

func (*RulesManager) String

func (r *RulesManager) String() string

String returns the string representation of the Latest compiled json rules.

type StartOption

type StartOption func(c *Config)

StartOption is used to customize the AppSec configuration when invoked with appsec.Start()

func WithRCConfig

func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption

WithRCConfig sets the AppSec remote config client configuration to the specified cfg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL