Documentation
¶
Overview ¶
Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0. This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2023-present Datadog, Inc.
Index ¶
Constants ¶
const ( // EnvAPISecEnabled is the env var used to enable API Security EnvAPISecEnabled = "DD_API_SECURITY_ENABLED" // EnvAPISecSampleRate is the env var used to set the sampling rate of API Security schema extraction EnvAPISecSampleRate = "DD_API_SECURITY_REQUEST_SAMPLE_RATE" // EnvObfuscatorKey is the env var used to provide the WAF key obfuscation regexp EnvObfuscatorKey = "DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP" // EnvObfuscatorValue is the env var used to provide the WAF value obfuscation regexp EnvObfuscatorValue = "DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP" // EnvWAFTimeout is the env var used to specify the timeout value for a WAF run EnvWAFTimeout = "DD_APPSEC_WAF_TIMEOUT" // EnvTraceRateLimit is the env var used to set the ASM trace limiting rate EnvTraceRateLimit = "DD_APPSEC_TRACE_RATE_LIMIT" // EnvRules is the env var used to provide a path to a local security rule file EnvRules = "DD_APPSEC_RULES" // EnvRASPEnabled is the env var used to enable/disable RASP functionalities for ASM EnvRASPEnabled = "DD_APPSEC_RASP_ENABLED" )
Configuration environment variables
const ( // DefaultAPISecSampleRate is the default rate at which API Security schemas are extracted from requests DefaultAPISecSampleRate = .1 // DefaultObfuscatorKeyRegex is the default regexp used to obfuscate keys DefaultObfuscatorKeyRegex = `` /* 190-byte string literal not displayed */ // DefaultObfuscatorValueRegex is the default regexp used to obfuscate values DefaultObfuscatorValueRegex = `` /* 550-byte string literal not displayed */ // DefaultWAFTimeout is the default time limit past which a WAF run will timeout DefaultWAFTimeout = time.Millisecond // DefaultTraceRate is the default limit (trace/sec) past which ASM traces are sampled out DefaultTraceRate uint = 100 // up to 100 appsec traces/s )
Configuration constants and default values
Variables ¶
var StaticRecommendedRules string
StaticRecommendedRules holds the recommended AppSec security rules (v1.13.2) Source: https://github.com/DataDog/appsec-event-rules/blob/1.13.2/build/recommended.json
Functions ¶
func DefaultRuleset ¶ added in v1.0.2
DefaultRuleset returns the marshaled default recommended security rules for AppSec
func DefaultRulesetMap ¶ added in v1.2.0
DefaultRulesetMap returns the unmarshaled default recommended security rules for AppSec
func RASPEnabled ¶ added in v1.6.0
func RASPEnabled() bool
RASPEnabled returns true if RASP functionalities are enabled through the env, or if DD_APPSEC_RASP_ENABLED is not set
func RateLimitFromEnv ¶ added in v1.1.0
func RateLimitFromEnv() (rate uint)
RateLimitFromEnv reads and parses the trace rate limit set through the env If not set, it defaults to `DefaultTraceRate`
func RulesFromEnv ¶ added in v1.1.0
RulesFromEnv returns the security rules provided through the environment If the env var is not set, the default recommended rules are returned instead
func WAFTimeoutFromEnv ¶ added in v1.1.0
WAFTimeoutFromEnv reads and parses the WAF timeout value set through the env If not set, it defaults to `DefaultWAFTimeout`
Types ¶
type APISecConfig ¶ added in v1.1.0
APISecConfig holds the configuration for API Security schemas reporting It is used to enabled/disable the feature as well as to configure the rate at which schemas get reported,
func NewAPISecConfig ¶ added in v1.1.0
func NewAPISecConfig() APISecConfig
NewAPISecConfig creates and returns a new API Security configuration by reading the env
type ObfuscatorConfig ¶ added in v1.1.0
ObfuscatorConfig wraps the key and value regexp to be passed to the WAF to perform obfuscation.
func NewObfuscatorConfig ¶ added in v1.1.0
func NewObfuscatorConfig() ObfuscatorConfig
NewObfuscatorConfig creates and returns a new WAF obfuscator configuration by reading the env
Source Files