datadog 2.12.2 → 2.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +74 -2
- data/ext/datadog_profiling_native_extension/collectors_thread_context.c +16 -14
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +3 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.c +69 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.h +7 -0
- data/ext/datadog_profiling_native_extension/http_transport.c +25 -32
- data/ext/datadog_profiling_native_extension/profiling.c +2 -0
- data/ext/datadog_profiling_native_extension/stack_recorder.c +22 -21
- data/ext/libdatadog_api/datadog_ruby_common.h +3 -0
- data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb +89 -0
- data/lib/datadog/appsec/actions_handler.rb +22 -1
- data/lib/datadog/appsec/anonymizer.rb +16 -0
- data/lib/datadog/appsec/assets/waf_rules/README.md +50 -5
- data/lib/datadog/appsec/assets/waf_rules/processors.json +239 -10
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +0 -1344
- data/lib/datadog/appsec/assets/waf_rules/scanners.json +926 -17
- data/lib/datadog/appsec/assets/waf_rules/strict.json +0 -1344
- data/lib/datadog/appsec/component.rb +19 -17
- data/lib/datadog/appsec/compressed_json.rb +40 -0
- data/lib/datadog/appsec/configuration/settings.rb +62 -10
- data/lib/datadog/appsec/contrib/active_record/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
- data/lib/datadog/appsec/contrib/devise/configuration.rb +7 -31
- data/lib/datadog/appsec/contrib/devise/data_extractor.rb +79 -0
- data/lib/datadog/appsec/contrib/devise/ext.rb +21 -0
- data/lib/datadog/appsec/contrib/devise/integration.rb +0 -1
- data/lib/datadog/appsec/contrib/devise/patcher.rb +36 -23
- data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +102 -0
- data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb +69 -0
- data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} +2 -2
- data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +93 -0
- data/lib/datadog/appsec/contrib/rack/ext.rb +14 -0
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +10 -3
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +0 -2
- data/lib/datadog/appsec/event.rb +22 -51
- data/lib/datadog/appsec/ext.rb +4 -2
- data/lib/datadog/appsec/instrumentation/gateway/argument.rb +4 -2
- data/lib/datadog/appsec/monitor/gateway/watcher.rb +8 -3
- data/lib/datadog/appsec/remote.rb +4 -0
- data/lib/datadog/appsec/security_engine/runner.rb +2 -2
- data/lib/datadog/appsec/utils.rb +0 -2
- data/lib/datadog/core/configuration/components.rb +2 -1
- data/lib/datadog/core/configuration/ext.rb +4 -0
- data/lib/datadog/core/configuration/options.rb +2 -2
- data/lib/datadog/core/configuration/settings.rb +53 -30
- data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
- data/lib/datadog/core/environment/agent_info.rb +4 -3
- data/lib/datadog/core/metrics/client.rb +1 -1
- data/lib/datadog/core/remote/client.rb +1 -1
- data/lib/datadog/core/remote/component.rb +3 -6
- data/lib/datadog/core/remote/configuration/repository.rb +2 -1
- data/lib/datadog/core/remote/negotiation.rb +9 -9
- data/lib/datadog/core/remote/transport/config.rb +4 -3
- data/lib/datadog/core/remote/transport/http/client.rb +4 -3
- data/lib/datadog/core/remote/transport/http/config.rb +6 -32
- data/lib/datadog/core/remote/transport/http/negotiation.rb +6 -32
- data/lib/datadog/core/remote/transport/http.rb +22 -57
- data/lib/datadog/core/remote/transport/negotiation.rb +4 -3
- data/lib/datadog/core/runtime/metrics.rb +8 -1
- data/lib/datadog/core/telemetry/http/adapters/net.rb +1 -1
- data/lib/datadog/core/telemetry/metric.rb +5 -5
- data/lib/datadog/core/telemetry/request.rb +1 -1
- data/lib/datadog/core/transport/http/api/instance.rb +17 -0
- data/lib/datadog/core/transport/http/api/spec.rb +17 -0
- data/lib/datadog/core/transport/http/builder.rb +5 -3
- data/lib/datadog/core/transport/http.rb +39 -2
- data/lib/datadog/di/component.rb +0 -2
- data/lib/datadog/di/probe_notification_builder.rb +1 -1
- data/lib/datadog/di/probe_notifier_worker.rb +16 -16
- data/lib/datadog/di/transport/diagnostics.rb +4 -3
- data/lib/datadog/di/transport/http/api.rb +2 -12
- data/lib/datadog/di/transport/http/client.rb +4 -3
- data/lib/datadog/di/transport/http/diagnostics.rb +7 -34
- data/lib/datadog/di/transport/http/input.rb +7 -34
- data/lib/datadog/di/transport/http.rb +14 -62
- data/lib/datadog/di/transport/input.rb +4 -3
- data/lib/datadog/di/utils.rb +5 -0
- data/lib/datadog/kit/appsec/events.rb +12 -0
- data/lib/datadog/kit/identity.rb +5 -1
- data/lib/datadog/opentelemetry/api/baggage.rb +90 -0
- data/lib/datadog/opentelemetry/api/baggage.rbs +26 -0
- data/lib/datadog/opentelemetry/api/context.rb +16 -2
- data/lib/datadog/opentelemetry/sdk/trace/span.rb +1 -1
- data/lib/datadog/opentelemetry.rb +2 -1
- data/lib/datadog/profiling/collectors/info.rb +3 -0
- data/lib/datadog/profiling/collectors/thread_context.rb +1 -1
- data/lib/datadog/profiling/encoded_profile.rb +11 -0
- data/lib/datadog/profiling/exporter.rb +2 -3
- data/lib/datadog/profiling/ext.rb +0 -1
- data/lib/datadog/profiling/flush.rb +4 -7
- data/lib/datadog/profiling/http_transport.rb +10 -59
- data/lib/datadog/profiling/stack_recorder.rb +4 -4
- data/lib/datadog/profiling.rb +6 -2
- data/lib/datadog/tracing/component.rb +15 -12
- data/lib/datadog/tracing/configuration/ext.rb +7 -1
- data/lib/datadog/tracing/configuration/settings.rb +18 -2
- data/lib/datadog/tracing/context_provider.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +4 -5
- data/lib/datadog/tracing/contrib/excon/middleware.rb +5 -3
- data/lib/datadog/tracing/contrib/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +5 -3
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +7 -1
- data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +0 -15
- data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +4 -1
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +5 -5
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +5 -11
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +6 -10
- data/lib/datadog/tracing/contrib/karafka/configuration/settings.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +46 -0
- data/lib/datadog/tracing/contrib/karafka/ext.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/integration.rb +45 -0
- data/lib/datadog/tracing/contrib/karafka/monitor.rb +66 -0
- data/lib/datadog/tracing/contrib/karafka/patcher.rb +71 -0
- data/lib/datadog/tracing/contrib/karafka.rb +37 -0
- data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
- data/lib/datadog/tracing/contrib/opensearch/ext.rb +9 -0
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +5 -1
- data/lib/datadog/tracing/contrib/rack/request_queue.rb +1 -1
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +5 -3
- data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +6 -1
- data/lib/datadog/tracing/contrib/sidekiq/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +1 -1
- data/lib/datadog/tracing/contrib.rb +1 -0
- data/lib/datadog/tracing/correlation.rb +9 -2
- data/lib/datadog/tracing/distributed/baggage.rb +131 -0
- data/lib/datadog/tracing/distributed/datadog.rb +2 -0
- data/lib/datadog/tracing/distributed/propagation.rb +25 -4
- data/lib/datadog/tracing/distributed/propagation_policy.rb +42 -0
- data/lib/datadog/tracing/metadata/ext.rb +5 -0
- data/lib/datadog/tracing/sampling/span/rule.rb +0 -1
- data/lib/datadog/tracing/span_event.rb +1 -1
- data/lib/datadog/tracing/span_operation.rb +2 -1
- data/lib/datadog/tracing/sync_writer.rb +1 -2
- data/lib/datadog/tracing/trace_digest.rb +9 -2
- data/lib/datadog/tracing/trace_operation.rb +29 -17
- data/lib/datadog/tracing/trace_segment.rb +6 -4
- data/lib/datadog/tracing/tracer.rb +38 -2
- data/lib/datadog/tracing/transport/http/api.rb +2 -10
- data/lib/datadog/tracing/transport/http/client.rb +5 -4
- data/lib/datadog/tracing/transport/http/traces.rb +13 -41
- data/lib/datadog/tracing/transport/http.rb +11 -44
- data/lib/datadog/tracing/transport/trace_formatter.rb +7 -0
- data/lib/datadog/tracing/transport/traces.rb +26 -9
- data/lib/datadog/tracing/workers/trace_writer.rb +2 -6
- data/lib/datadog/tracing/writer.rb +2 -6
- data/lib/datadog/tracing.rb +16 -3
- data/lib/datadog/version.rb +2 -2
- data/lib/datadog.rb +1 -1
- metadata +28 -13
- data/lib/datadog/appsec/contrib/devise/event.rb +0 -54
- data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +0 -72
- data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +0 -47
- data/lib/datadog/appsec/contrib/devise/resource.rb +0 -35
- data/lib/datadog/appsec/contrib/devise/tracking.rb +0 -57
- data/lib/datadog/appsec/utils/trace_operation.rb +0 -15
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Datadog
|
|
4
|
+
module AppSec
|
|
5
|
+
module ActionsHandler
|
|
6
|
+
# This module serves encapsulates MessagePack serialization for caller locations.
|
|
7
|
+
#
|
|
8
|
+
# It serializes part of the stack:
|
|
9
|
+
# up to 32 frames (configurable)
|
|
10
|
+
# keeping frames from top and bottom of the stack (75% to 25%, configurable).
|
|
11
|
+
#
|
|
12
|
+
# It represents the stack trace that is added to span metastruct field.
|
|
13
|
+
class SerializableBacktrace
|
|
14
|
+
CLASS_AND_FUNCTION_NAME_REGEX = /\b((?:\w+::)*\w+)?[#.]?\b(\w+)\z/.freeze
|
|
15
|
+
|
|
16
|
+
def initialize(locations:, stack_id:)
|
|
17
|
+
@stack_id = stack_id
|
|
18
|
+
@locations = locations
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def to_msgpack(packer = nil)
|
|
22
|
+
# JRuby doesn't pass the packer
|
|
23
|
+
packer ||= MessagePack::Packer.new
|
|
24
|
+
|
|
25
|
+
packer.write_map_header(3)
|
|
26
|
+
|
|
27
|
+
packer.write('id')
|
|
28
|
+
packer.write(@stack_id.encode('UTF-8'))
|
|
29
|
+
|
|
30
|
+
packer.write('language')
|
|
31
|
+
packer.write('ruby'.encode('UTF-8'))
|
|
32
|
+
|
|
33
|
+
serializable_locations_map = build_serializable_locations_map
|
|
34
|
+
|
|
35
|
+
packer.write('frames')
|
|
36
|
+
packer.write_array_header(serializable_locations_map.size)
|
|
37
|
+
|
|
38
|
+
serializable_locations_map.each do |frame_id, location|
|
|
39
|
+
packer.write_map_header(6)
|
|
40
|
+
|
|
41
|
+
packer.write('id')
|
|
42
|
+
packer.write(frame_id)
|
|
43
|
+
|
|
44
|
+
packer.write('text')
|
|
45
|
+
packer.write(location.to_s.encode('UTF-8'))
|
|
46
|
+
|
|
47
|
+
packer.write('file')
|
|
48
|
+
packer.write(location.path&.encode('UTF-8'))
|
|
49
|
+
|
|
50
|
+
packer.write('line')
|
|
51
|
+
packer.write(location.lineno)
|
|
52
|
+
|
|
53
|
+
class_name, function_name = location.label&.match(CLASS_AND_FUNCTION_NAME_REGEX)&.captures
|
|
54
|
+
|
|
55
|
+
packer.write('class_name')
|
|
56
|
+
packer.write(class_name&.encode('UTF-8'))
|
|
57
|
+
|
|
58
|
+
packer.write('function')
|
|
59
|
+
packer.write(function_name&.encode('UTF-8'))
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
packer
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
private
|
|
66
|
+
|
|
67
|
+
def build_serializable_locations_map
|
|
68
|
+
max_depth = Datadog.configuration.appsec.stack_trace.max_depth
|
|
69
|
+
top_percent = Datadog.configuration.appsec.stack_trace.top_percentage
|
|
70
|
+
|
|
71
|
+
drop_from_idx = max_depth * top_percent / 100
|
|
72
|
+
drop_until_idx = @locations.size - (max_depth - drop_from_idx)
|
|
73
|
+
|
|
74
|
+
frame_idx = -1
|
|
75
|
+
@locations.each_with_object({}) do |location, map|
|
|
76
|
+
# we are dropping frames from library code without increasing frame index
|
|
77
|
+
next if location.path&.include?('lib/datadog')
|
|
78
|
+
|
|
79
|
+
frame_idx += 1
|
|
80
|
+
|
|
81
|
+
next if max_depth != 0 && frame_idx >= drop_from_idx && frame_idx < drop_until_idx
|
|
82
|
+
|
|
83
|
+
map[frame_idx] = location
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
end
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require_relative 'actions_handler/serializable_backtrace'
|
|
4
|
+
|
|
3
5
|
module Datadog
|
|
4
6
|
module AppSec
|
|
5
7
|
# this module encapsulates functions for handling actions that libddawf returns
|
|
@@ -19,7 +21,26 @@ module Datadog
|
|
|
19
21
|
throw(Datadog::AppSec::Ext::INTERRUPT, action_params)
|
|
20
22
|
end
|
|
21
23
|
|
|
22
|
-
def generate_stack(
|
|
24
|
+
def generate_stack(action_params)
|
|
25
|
+
return unless Datadog.configuration.appsec.stack_trace.enabled
|
|
26
|
+
|
|
27
|
+
stack_id = action_params['stack_id']
|
|
28
|
+
return unless stack_id
|
|
29
|
+
|
|
30
|
+
active_span = AppSec.active_context&.span
|
|
31
|
+
return unless active_span
|
|
32
|
+
|
|
33
|
+
event_category = Ext::EXPLOIT_PREVENTION_EVENT_CATEGORY
|
|
34
|
+
tag_key = Ext::TAG_METASTRUCT_STACK_TRACE
|
|
35
|
+
|
|
36
|
+
existing_stack_data = active_span.get_metastruct_tag(tag_key).dup || { event_category => [] }
|
|
37
|
+
max_stack_traces = Datadog.configuration.appsec.stack_trace.max_stack_traces
|
|
38
|
+
return if max_stack_traces != 0 && existing_stack_data[event_category].count >= max_stack_traces
|
|
39
|
+
|
|
40
|
+
backtrace = SerializableBacktrace.new(locations: Array(caller_locations), stack_id: stack_id)
|
|
41
|
+
existing_stack_data[event_category] << backtrace
|
|
42
|
+
active_span.set_metastruct_tag(tag_key, existing_stack_data)
|
|
43
|
+
end
|
|
23
44
|
|
|
24
45
|
def generate_schema(_action_params); end
|
|
25
46
|
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'digest/sha2'
|
|
4
|
+
|
|
5
|
+
module Datadog
|
|
6
|
+
module AppSec
|
|
7
|
+
# Manual anonymization of the potential PII data
|
|
8
|
+
module Anonymizer
|
|
9
|
+
def self.anonymize(payload)
|
|
10
|
+
raise ArgumentError, "expected String, received #{payload.class}" unless payload.is_a?(String)
|
|
11
|
+
|
|
12
|
+
"anon_#{Digest::SHA256.hexdigest(payload)[0, 32]}"
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -1,7 +1,52 @@
|
|
|
1
|
-
|
|
1
|
+
AppSec WAF rules based on [appsec-event-rules](https://github.com/datadog/appsec-event-rules) builds
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
these rules.
|
|
3
|
+
## How to update
|
|
5
4
|
|
|
6
|
-
|
|
7
|
-
|
|
5
|
+
> [!WARNING]
|
|
6
|
+
> This process is a temporary workaround to maintain compatibility with the existing code structure and will be changed.
|
|
7
|
+
|
|
8
|
+
1. Download `recommended.json` and `strict.json` of the desired version from [appsec-event-rules](https://github.com/datadog/appsec-event-rules) (example: [v1.13.3](https://github.com/DataDog/appsec-event-rules/tree/1.13.3/build))
|
|
9
|
+
2. Run the script below inside `waf_rules` folder to extract scanners and processors into separate files
|
|
10
|
+
|
|
11
|
+
```ruby
|
|
12
|
+
require 'json'
|
|
13
|
+
|
|
14
|
+
recommended_rules = JSON.parse(File.read(File.expand_path('recommended.json', __dir__)))
|
|
15
|
+
strict_rules = JSON.parse(File.read(File.expand_path('strict.json', __dir__)))
|
|
16
|
+
|
|
17
|
+
recommended_processors = recommended_rules.delete('processors')
|
|
18
|
+
strict_processors = strict_rules.delete('processors')
|
|
19
|
+
|
|
20
|
+
if recommended_processors.sort_by { |processor| processor['id'] } !=
|
|
21
|
+
strict_processors.sort_by { |processor| processor['id'] }
|
|
22
|
+
raise 'Processors are not the same, unable to extract them'
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
puts 'Extracting processors...'
|
|
26
|
+
File.open(File.expand_path('processors.json', __dir__), 'wb') do |file|
|
|
27
|
+
file.write(JSON.pretty_generate(recommended_processors))
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
recommended_scanners = recommended_rules.delete('scanners')
|
|
31
|
+
strict_scanners = strict_rules.delete('scanners')
|
|
32
|
+
|
|
33
|
+
if recommended_scanners.sort_by { |processor| processor['id'] } !=
|
|
34
|
+
strict_scanners.sort_by { |processor| processor['id'] }
|
|
35
|
+
raise 'Scanners are not the same, unable to extract them'
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
puts 'Extracting scanners...'
|
|
39
|
+
File.open(File.expand_path('scanners.json', __dir__), 'wb') do |file|
|
|
40
|
+
file.write(JSON.pretty_generate(recommended_scanners))
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
puts 'Updating rules...'
|
|
44
|
+
|
|
45
|
+
File.open(File.expand_path('recommended.json', __dir__), 'wb') do |file|
|
|
46
|
+
file.write(JSON.pretty_generate(recommended_rules))
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
File.open(File.expand_path('strict.json', __dir__), 'wb') do |file|
|
|
50
|
+
file.write(JSON.pretty_generate(strict_rules))
|
|
51
|
+
end
|
|
52
|
+
```
|
|
@@ -1,6 +1,57 @@
|
|
|
1
1
|
[
|
|
2
2
|
{
|
|
3
|
-
"id": "
|
|
3
|
+
"id": "http-endpoint-fingerprint",
|
|
4
|
+
"generator": "http_endpoint_fingerprint",
|
|
5
|
+
"conditions": [
|
|
6
|
+
{
|
|
7
|
+
"operator": "exists",
|
|
8
|
+
"parameters": {
|
|
9
|
+
"inputs": [
|
|
10
|
+
{
|
|
11
|
+
"address": "waf.context.event"
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"address": "server.business_logic.users.login.failure"
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"address": "server.business_logic.users.login.success"
|
|
18
|
+
}
|
|
19
|
+
]
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
],
|
|
23
|
+
"parameters": {
|
|
24
|
+
"mappings": [
|
|
25
|
+
{
|
|
26
|
+
"method": [
|
|
27
|
+
{
|
|
28
|
+
"address": "server.request.method"
|
|
29
|
+
}
|
|
30
|
+
],
|
|
31
|
+
"uri_raw": [
|
|
32
|
+
{
|
|
33
|
+
"address": "server.request.uri.raw"
|
|
34
|
+
}
|
|
35
|
+
],
|
|
36
|
+
"body": [
|
|
37
|
+
{
|
|
38
|
+
"address": "server.request.body"
|
|
39
|
+
}
|
|
40
|
+
],
|
|
41
|
+
"query": [
|
|
42
|
+
{
|
|
43
|
+
"address": "server.request.query"
|
|
44
|
+
}
|
|
45
|
+
],
|
|
46
|
+
"output": "_dd.appsec.fp.http.endpoint"
|
|
47
|
+
}
|
|
48
|
+
]
|
|
49
|
+
},
|
|
50
|
+
"evaluate": false,
|
|
51
|
+
"output": true
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"id": "extract-content",
|
|
4
55
|
"generator": "extract_schema",
|
|
5
56
|
"conditions": [
|
|
6
57
|
{
|
|
@@ -32,10 +83,10 @@
|
|
|
32
83
|
{
|
|
33
84
|
"inputs": [
|
|
34
85
|
{
|
|
35
|
-
"address": "server.request.
|
|
86
|
+
"address": "server.request.cookies"
|
|
36
87
|
}
|
|
37
88
|
],
|
|
38
|
-
"output": "_dd.appsec.s.req.
|
|
89
|
+
"output": "_dd.appsec.s.req.cookies"
|
|
39
90
|
},
|
|
40
91
|
{
|
|
41
92
|
"inputs": [
|
|
@@ -56,29 +107,89 @@
|
|
|
56
107
|
{
|
|
57
108
|
"inputs": [
|
|
58
109
|
{
|
|
59
|
-
"address": "server.
|
|
110
|
+
"address": "server.response.body"
|
|
60
111
|
}
|
|
61
112
|
],
|
|
62
|
-
"output": "_dd.appsec.s.
|
|
113
|
+
"output": "_dd.appsec.s.res.body"
|
|
63
114
|
},
|
|
64
115
|
{
|
|
65
116
|
"inputs": [
|
|
66
117
|
{
|
|
67
|
-
"address": "server.
|
|
118
|
+
"address": "graphql.server.all_resolvers"
|
|
68
119
|
}
|
|
69
120
|
],
|
|
70
|
-
"output": "_dd.appsec.s.
|
|
121
|
+
"output": "_dd.appsec.s.graphql.all_resolvers"
|
|
71
122
|
},
|
|
72
123
|
{
|
|
73
124
|
"inputs": [
|
|
74
125
|
{
|
|
75
|
-
"address": "server.
|
|
126
|
+
"address": "graphql.server.resolver"
|
|
76
127
|
}
|
|
77
128
|
],
|
|
78
|
-
"output": "_dd.appsec.s.
|
|
129
|
+
"output": "_dd.appsec.s.graphql.resolver"
|
|
130
|
+
}
|
|
131
|
+
],
|
|
132
|
+
"scanners": [
|
|
133
|
+
{
|
|
134
|
+
"tags": {
|
|
135
|
+
"category": "payment"
|
|
136
|
+
}
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
"tags": {
|
|
140
|
+
"category": "pii"
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
]
|
|
144
|
+
},
|
|
145
|
+
"evaluate": false,
|
|
146
|
+
"output": true
|
|
147
|
+
},
|
|
148
|
+
{
|
|
149
|
+
"id": "extract-headers",
|
|
150
|
+
"generator": "extract_schema",
|
|
151
|
+
"conditions": [
|
|
152
|
+
{
|
|
153
|
+
"operator": "equals",
|
|
154
|
+
"parameters": {
|
|
155
|
+
"inputs": [
|
|
156
|
+
{
|
|
157
|
+
"address": "waf.context.processor",
|
|
158
|
+
"key_path": [
|
|
159
|
+
"extract-schema"
|
|
160
|
+
]
|
|
161
|
+
}
|
|
162
|
+
],
|
|
163
|
+
"type": "boolean",
|
|
164
|
+
"value": true
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
],
|
|
168
|
+
"parameters": {
|
|
169
|
+
"mappings": [
|
|
170
|
+
{
|
|
171
|
+
"inputs": [
|
|
172
|
+
{
|
|
173
|
+
"address": "server.request.headers.no_cookies"
|
|
174
|
+
}
|
|
175
|
+
],
|
|
176
|
+
"output": "_dd.appsec.s.req.headers"
|
|
177
|
+
},
|
|
178
|
+
{
|
|
179
|
+
"inputs": [
|
|
180
|
+
{
|
|
181
|
+
"address": "server.response.headers.no_cookies"
|
|
182
|
+
}
|
|
183
|
+
],
|
|
184
|
+
"output": "_dd.appsec.s.res.headers"
|
|
79
185
|
}
|
|
80
186
|
],
|
|
81
187
|
"scanners": [
|
|
188
|
+
{
|
|
189
|
+
"tags": {
|
|
190
|
+
"category": "credentials"
|
|
191
|
+
}
|
|
192
|
+
},
|
|
82
193
|
{
|
|
83
194
|
"tags": {
|
|
84
195
|
"category": "pii"
|
|
@@ -88,5 +199,123 @@
|
|
|
88
199
|
},
|
|
89
200
|
"evaluate": false,
|
|
90
201
|
"output": true
|
|
202
|
+
},
|
|
203
|
+
{
|
|
204
|
+
"id": "http-header-fingerprint",
|
|
205
|
+
"generator": "http_header_fingerprint",
|
|
206
|
+
"conditions": [
|
|
207
|
+
{
|
|
208
|
+
"operator": "exists",
|
|
209
|
+
"parameters": {
|
|
210
|
+
"inputs": [
|
|
211
|
+
{
|
|
212
|
+
"address": "waf.context.event"
|
|
213
|
+
},
|
|
214
|
+
{
|
|
215
|
+
"address": "server.business_logic.users.login.failure"
|
|
216
|
+
},
|
|
217
|
+
{
|
|
218
|
+
"address": "server.business_logic.users.login.success"
|
|
219
|
+
}
|
|
220
|
+
]
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
],
|
|
224
|
+
"parameters": {
|
|
225
|
+
"mappings": [
|
|
226
|
+
{
|
|
227
|
+
"headers": [
|
|
228
|
+
{
|
|
229
|
+
"address": "server.request.headers.no_cookies"
|
|
230
|
+
}
|
|
231
|
+
],
|
|
232
|
+
"output": "_dd.appsec.fp.http.header"
|
|
233
|
+
}
|
|
234
|
+
]
|
|
235
|
+
},
|
|
236
|
+
"evaluate": false,
|
|
237
|
+
"output": true
|
|
238
|
+
},
|
|
239
|
+
{
|
|
240
|
+
"id": "http-network-fingerprint",
|
|
241
|
+
"generator": "http_network_fingerprint",
|
|
242
|
+
"conditions": [
|
|
243
|
+
{
|
|
244
|
+
"operator": "exists",
|
|
245
|
+
"parameters": {
|
|
246
|
+
"inputs": [
|
|
247
|
+
{
|
|
248
|
+
"address": "waf.context.event"
|
|
249
|
+
},
|
|
250
|
+
{
|
|
251
|
+
"address": "server.business_logic.users.login.failure"
|
|
252
|
+
},
|
|
253
|
+
{
|
|
254
|
+
"address": "server.business_logic.users.login.success"
|
|
255
|
+
}
|
|
256
|
+
]
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
],
|
|
260
|
+
"parameters": {
|
|
261
|
+
"mappings": [
|
|
262
|
+
{
|
|
263
|
+
"headers": [
|
|
264
|
+
{
|
|
265
|
+
"address": "server.request.headers.no_cookies"
|
|
266
|
+
}
|
|
267
|
+
],
|
|
268
|
+
"output": "_dd.appsec.fp.http.network"
|
|
269
|
+
}
|
|
270
|
+
]
|
|
271
|
+
},
|
|
272
|
+
"evaluate": false,
|
|
273
|
+
"output": true
|
|
274
|
+
},
|
|
275
|
+
{
|
|
276
|
+
"id": "session-fingerprint",
|
|
277
|
+
"generator": "session_fingerprint",
|
|
278
|
+
"conditions": [
|
|
279
|
+
{
|
|
280
|
+
"operator": "exists",
|
|
281
|
+
"parameters": {
|
|
282
|
+
"inputs": [
|
|
283
|
+
{
|
|
284
|
+
"address": "waf.context.event"
|
|
285
|
+
},
|
|
286
|
+
{
|
|
287
|
+
"address": "server.business_logic.users.login.failure"
|
|
288
|
+
},
|
|
289
|
+
{
|
|
290
|
+
"address": "server.business_logic.users.login.success"
|
|
291
|
+
}
|
|
292
|
+
]
|
|
293
|
+
}
|
|
294
|
+
}
|
|
295
|
+
],
|
|
296
|
+
"parameters": {
|
|
297
|
+
"mappings": [
|
|
298
|
+
{
|
|
299
|
+
"cookies": [
|
|
300
|
+
{
|
|
301
|
+
"address": "server.request.cookies"
|
|
302
|
+
}
|
|
303
|
+
],
|
|
304
|
+
"session_id": [
|
|
305
|
+
{
|
|
306
|
+
"address": "usr.session_id"
|
|
307
|
+
}
|
|
308
|
+
],
|
|
309
|
+
"user_id": [
|
|
310
|
+
{
|
|
311
|
+
"address": "usr.id"
|
|
312
|
+
}
|
|
313
|
+
],
|
|
314
|
+
"output": "_dd.appsec.fp.session"
|
|
315
|
+
}
|
|
316
|
+
]
|
|
317
|
+
},
|
|
318
|
+
"evaluate": false,
|
|
319
|
+
"output": true
|
|
91
320
|
}
|
|
92
|
-
]
|
|
321
|
+
]
|