Documentation ¶
Index ¶
- Constants
- func IsEnabled() (enabled bool, set bool, err error)
- type AddressSet
- type Config
- type DataEntry
- type RulesFragment
- type RulesManager
- func (r *RulesManager) AddEdit(cfgPath string, f RulesFragment)
- func (r *RulesManager) ChangeBase(f RulesFragment, basePath string)
- func (r *RulesManager) Clone() (clone RulesManager)
- func (r *RulesManager) Compile()
- func (r *RulesManager) Raw() []byte
- func (r *RulesManager) RemoveEdit(cfgPath string)
- func (r *RulesManager) String() string
- type StartOption
Constants ¶
const ( // EnvEnabled controls ASM Threats Protection's enablement. EnvEnabled = "DD_APPSEC_ENABLED" // EnvSCAEnabled controls ASM Software Composition Analysis (SCA)'s enablement. EnvSCAEnabled = "DD_APPSEC_SCA_ENABLED" )
The following environment variables dictate the enablement of different the ASM products.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AddressSet ¶
type AddressSet map[string]struct{}
AddressSet is a set of WAF addresses.
func NewAddressSet ¶
func NewAddressSet(addrs []string) AddressSet
func (AddressSet) AnyOf ¶
func (set AddressSet) AnyOf(anyOf ...string) bool
AnyOf returns true if any of the addresses in the set are in the given list.
type Config ¶
type Config struct { // rules loaded via the env var DD_APPSEC_RULES. When not set, the builtin rules will be used // and live-updated with remote configuration. RulesManager *RulesManager // Maximum WAF execution time WAFTimeout time.Duration // AppSec trace rate limit (traces per second). TraceRateLimit int64 // Obfuscator configuration Obfuscator internal.ObfuscatorConfig // APISec configuration APISec internal.APISecConfig // RC is the remote configuration client used to receive product configuration updates. Nil if RC is disabled (default) RC *remoteconfig.ClientConfig RASP bool // SupportedAddresses are the addresses that the AppSec listener will bind to. SupportedAddresses AddressSet }
Config is the AppSec configuration.
type DataEntry ¶
type DataEntry rc.ASMDataRuleData
DataEntry represents an entry in the "rules_data" top level field of a rules file
type RulesFragment ¶
type RulesFragment struct { Version string `json:"version,omitempty"` Metadata any `json:"metadata,omitempty"` Rules []any `json:"rules,omitempty"` Overrides []any `json:"rules_override,omitempty"` Exclusions []any `json:"exclusions,omitempty"` ExclusionData []DataEntry `json:"exclusion_data,omitempty"` RulesData []DataEntry `json:"rules_data,omitempty"` Actions []any `json:"actions,omitempty"` CustomRules []any `json:"custom_rules,omitempty"` Processors []any `json:"processors,omitempty"` Scanners []any `json:"scanners,omitempty"` }
RulesFragment can represent a full ruleset or a fragment of it.
func DefaultRulesFragment ¶
func DefaultRulesFragment() RulesFragment
DefaultRulesFragment returns a RulesFragment created using the default static recommended rules
type RulesManager ¶
type RulesManager struct { Latest RulesFragment Base RulesFragment BasePath string Edits map[string]RulesFragment }
RulesManager is used to build a full rules file from a combination of rules fragments The `Base` fragment is the default rules (either local or received through ASM_DD), and the `Edits` fragments each represent a remote configuration update that affects the rules. `BasePath` is either empty if the local Base rules are used, or holds the path of the ASM_DD config.
func NewRulesManager ¶
func NewRulesManager(rules []byte) (*RulesManager, error)
NewRulesManager initializes and returns a new RulesManager using the provided rules. If no rules are provided (nil), the default rules are used instead. If the provided rules are invalid, an error is returned
func (*RulesManager) AddEdit ¶
func (r *RulesManager) AddEdit(cfgPath string, f RulesFragment)
AddEdit appends the configuration to the map of edits in the rules manager
func (*RulesManager) ChangeBase ¶
func (r *RulesManager) ChangeBase(f RulesFragment, basePath string)
ChangeBase sets a new rules fragment base for the rules manager
func (*RulesManager) Clone ¶
func (r *RulesManager) Clone() (clone RulesManager)
Clone returns a duplicate of the current rules manager object
func (*RulesManager) Compile ¶
func (r *RulesManager) Compile()
Compile compiles the RulesManager fragments together stores the result in r.Latest
func (*RulesManager) Raw ¶
func (r *RulesManager) Raw() []byte
Raw returns a compact json version of the rules
func (*RulesManager) RemoveEdit ¶
func (r *RulesManager) RemoveEdit(cfgPath string)
RemoveEdit deletes the configuration associated to `cfgPath` in the edits slice
func (*RulesManager) String ¶
func (r *RulesManager) String() string
String returns the string representation of the Latest compiled json rules.
type StartOption ¶
type StartOption func(c *Config)
StartOption is used to customize the AppSec configuration when invoked with appsec.Start()
func WithRCConfig ¶
func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption
WithRCConfig sets the AppSec remote config client configuration to the specified cfg