appsec

Documentation

Index

• func Enabled() bool
• func Start(opts ...StartOption)
• func Stop()
• type Config
• type Limiter
• type ObfuscatorConfig
• type StartOption
  • func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption
• type TokenTicker
  • func NewTokenTicker(tokens, maxTokens int64) *TokenTicker
  • func (t *TokenTicker) Allow() bool
  • func (t *TokenTicker) Start()
  • func (t *TokenTicker) Stop()

Functions

func Enabled

func Enabled() bool

Enabled returns true when AppSec is up and running. Meaning that the appsec build tag is enabled, the env var DD_APPSEC_ENABLED is set to true, and the tracer is started.

func Start

func Start(opts ...StartOption)

Start AppSec when enabled is enabled by both using the appsec build tag and setting the environment variable DD_APPSEC_ENABLED to true.

func Stop

func Stop()

Stop AppSec.

Types

type Config

type Config struct {
	// contains filtered or unexported fields
}

Config is the AppSec configuration.

type Limiter

type Limiter interface {
	Allow() bool
}

Limiter is used to abstract the rate limiter implementation to only expose the needed function for rate limiting. This is for example useful for testing, allowing us to use a modified rate limiter tuned for testing through the same interface.

type ObfuscatorConfig

type ObfuscatorConfig struct {
	KeyRegex   string
	ValueRegex string
}

ObfuscatorConfig wraps the key and value regexp to be passed to the WAF to perform obfuscation.

type StartOption

type StartOption func(c *Config)

StartOption is used to customize the AppSec configuration when invoked with appsec.Start()

func WithRCConfig

func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption

WithRCConfig sets the AppSec remote config client configuration to the specified cfg

type TokenTicker

type TokenTicker struct {
	// contains filtered or unexported fields
}

TokenTicker is a thread-safe and lock-free rate limiter based on a token bucket. The idea is to have a goroutine that will update the bucket with fresh tokens at regular intervals using a time.Ticker. The advantage of using a goroutine here is that the implementation becomes easily thread-safe using a few atomic operations with little overhead overall. TokenTicker.Start() *should* be called before the first call to TokenTicker.Allow() and TokenTicker.Stop() *must* be called once done using. Note that calling TokenTicker.Allow() before TokenTicker.Start() is valid, but it means the bucket won't be refilling until the call to TokenTicker.Start() is made

func NewTokenTicker

func NewTokenTicker(tokens, maxTokens int64) *TokenTicker

NewTokenTicker is a utility function that allocates a token ticker, initializes necessary fields and returns it

func (*TokenTicker) Allow

func (t *TokenTicker) Allow() bool

Allow checks and returns whether a token can be retrieved from the bucket and consumed. Thread-safe.

func (*TokenTicker) Start

func (t *TokenTicker) Start()

Start starts the ticker and launches the goroutine responsible for updating the token bucket. The ticker is set to tick at a fixed rate of 500us.

func (*TokenTicker) Stop

func (t *TokenTicker) Stop()

Stop shuts down the rate limiter, taking care stopping the ticker and closing all channels