config

package
v1.63.0-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 17, 2024 License: Apache-2.0, BSD-3-Clause, Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// EnvEnabled controls ASM Threats Protection's enablement.
	EnvEnabled = "DD_APPSEC_ENABLED"
	// EnvSCAEnabled controls ASM Software Composition Analysis (SCA)'s enablement.
	EnvSCAEnabled = "DD_APPSEC_SCA_ENABLED"
)

The following environment variables dictate the enablement of different the ASM products.

Variables

This section is empty.

Functions

func IsEnabled

func IsEnabled() (enabled bool, set bool, err error)

IsEnabled returns true when appsec is enabled by the environment variable DD_APPSEC_ENABLED (as of strconv's boolean parsing rules). When false, it also returns whether the env var was actually set or not. In case of a parsing error, it returns a detailed error.

Types

type ActionEntry

type ActionEntry struct {
	ID         string `json:"id"`
	Type       string `json:"type"`
	Parameters struct {
		StatusCode     int    `json:"status_code"`
		GRPCStatusCode *int   `json:"grpc_status_code,omitempty"`
		Type           string `json:"type,omitempty"`
		Location       string `json:"location,omitempty"`
	} `json:"parameters,omitempty"`
}

ActionEntry represents an entry in the "actions" top level field of a rules file

type Config

type Config struct {
	// rules loaded via the env var DD_APPSEC_RULES. When not set, the builtin rules will be used
	// and live-updated with remote configuration.
	RulesManager *RulesManager
	// Maximum WAF execution time
	WAFTimeout time.Duration
	// AppSec trace rate limit (traces per second).
	TraceRateLimit int64
	// Obfuscator configuration
	Obfuscator internal.ObfuscatorConfig
	// APISec configuration
	APISec internal.APISecConfig
	// RC is the remote configuration client used to receive product configuration updates. Nil if RC is disabled (default)
	RC *remoteconfig.ClientConfig
}

Config is the AppSec configuration.

func NewConfig

func NewConfig() (*Config, error)

NewConfig returns a fresh appsec configuration read from the env

type RuleDataEntry

type RuleDataEntry rc.ASMDataRuleData

RuleDataEntry represents an entry in the "rules_data" top level field of a rules file

type RulesData

type RulesData struct {
	RulesData []RuleDataEntry `json:"rules_data"`
}

RulesData is a slice of RulesDataEntry

type RulesFragment

type RulesFragment struct {
	Version     string          `json:"version,omitempty"`
	Metadata    interface{}     `json:"metadata,omitempty"`
	Rules       []interface{}   `json:"rules,omitempty"`
	Overrides   []interface{}   `json:"rules_override,omitempty"`
	Exclusions  []interface{}   `json:"exclusions,omitempty"`
	RulesData   []RuleDataEntry `json:"rules_data,omitempty"`
	Actions     []ActionEntry   `json:"actions,omitempty"`
	CustomRules []interface{}   `json:"custom_rules,omitempty"`
	Processors  []interface{}   `json:"processors,omitempty"`
	Scanners    []interface{}   `json:"scanners,omitempty"`
}

RulesFragment can represent a full ruleset or a fragment of it.

func DefaultRulesFragment

func DefaultRulesFragment() RulesFragment

DefaultRulesFragment returns a RulesFragment created using the default static recommended rules

type RulesManager

type RulesManager struct {
	Latest   RulesFragment
	Base     RulesFragment
	BasePath string
	Edits    map[string]RulesFragment
}

RulesManager is used to build a full rules file from a combination of rules fragments The `Base` fragment is the default rules (either local or received through ASM_DD), and the `Edits` fragments each represent a remote configuration update that affects the rules. `BasePath` is either empty if the local Base rules are used, or holds the path of the ASM_DD config.

func NewRulesManeger

func NewRulesManeger(rules []byte) (*RulesManager, error)

NewRulesManeger initializes and returns a new RulesManager using the provided rules. If no rules are provided (nil), the default rules are used instead. If the provided rules are invalid, an error is returned

func (*RulesManager) AddEdit

func (r *RulesManager) AddEdit(cfgPath string, f RulesFragment)

AddEdit appends the configuration to the map of edits in the rules manager

func (*RulesManager) ChangeBase

func (r *RulesManager) ChangeBase(f RulesFragment, basePath string)

ChangeBase sets a new rules fragment base for the rules manager

func (*RulesManager) Clone

func (r *RulesManager) Clone() (clone RulesManager)

Clone returns a duplicate of the current rules manager object

func (*RulesManager) Compile

func (r *RulesManager) Compile()

Compile compiles the RulesManager fragments together stores the result in r.Latest

func (*RulesManager) Raw

func (r *RulesManager) Raw() []byte

Raw returns a compact json version of the rules

func (*RulesManager) RemoveEdit

func (r *RulesManager) RemoveEdit(cfgPath string)

RemoveEdit deletes the configuration associated to `cfgPath` in the edits slice

func (*RulesManager) String

func (r *RulesManager) String() string

String returns the string representation of the Latest compiled json rules.

type StartOption

type StartOption func(c *Config)

StartOption is used to customize the AppSec configuration when invoked with appsec.Start()

func WithRCConfig

func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption

WithRCConfig sets the AppSec remote config client configuration to the specified cfg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL