UNPKG

dd-trace

Version:

Datadog APM tracing client for JavaScript

github.com/DataDog/dd-trace-js

DataDog/dd-trace-js

136 lines (107 loc) 3.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
'use strict' const { storage } = require('../../../../datadog-core') const log = require('../../log') const Reporter = require('../reporter') const Limiter = require('../../rate_limiter') const { keepTrace } = require('../../priority_sampler') const { ASM } = require('../../standalone/product') const web = require('../../plugins/util/web') const { updateRateLimitedMetric } = require('../telemetry') class WafUpdateError extends Error { constructor (diagnosticErrors) { super('WafUpdateError') this.name = 'WafUpdateError' this.diagnosticErrors = diagnosticErrors } } let limiter = new Limiter(100) const waf = { wafManager: null, init, destroy, updateConfig, removeConfig, checkAsmDdFallback, run: noop, disposeContext: noop, WafUpdateError } function init (rules, config) { destroy() limiter = new Limiter(config.rateLimit) // dirty require to make startup faster for serverless const WAFManager = require('./waf_manager') waf.wafManager = new WAFManager(rules, config) waf.run = run waf.disposeContext = disposeContext } function destroy () { if (waf.wafManager) { waf.wafManager.destroy() waf.wafManager = null } waf.run = noop waf.disposeContext = noop } function checkAsmDdFallback () { if (!waf.wafManager) throw new Error('Cannot update disabled WAF') try { waf.wafManager.setAsmDdFallbackConfig() } catch { log.error('[ASM] Could not apply default ruleset back as fallback') } } function updateConfig (product, configId, configPath, config) { if (!waf.wafManager) throw new Error('Cannot update disabled WAF') try { if (product === 'ASM_DD') { waf.wafManager.removeConfig(waf.wafManager.constructor.defaultWafConfigPath) } const updateSucceeded = waf.wafManager.updateConfig(configPath, config) Reporter.reportWafConfigUpdate(product, configId, waf.wafManager.ddwaf.diagnostics, waf.wafManager.ddwafVersion) if (!updateSucceeded) { throw new WafUpdateError(waf.wafManager.ddwaf.diagnostics) } } catch (err) { log.error('[ASM] Could not update config from RC') throw err } } function removeConfig (configPath) { if (!waf.wafManager) throw new Error('Cannot update disabled WAF') try { waf.wafManager.removeConfig(configPath) } catch (err) { log.error('[ASM] Could not remove config from RC') throw err } } function run (data, req, raspRule) { if (!req) { const store = storage('legacy').getStore() if (!store || !store.req) { log.warn('[ASM] Request object not available in waf.run') return } req = store.req } const wafContext = waf.wafManager.getWAFContext(req) const result = wafContext.run(data, raspRule) if (result?.keep) { if (limiter.isAllowed()) { const rootSpan = web.root(req) keepTrace(rootSpan, ASM) } else { updateRateLimitedMetric(req) } } return result } function disposeContext (req) { const wafContext = waf.wafManager.getWAFContext(req) if (wafContext && !wafContext.ddwafContext.disposed) { wafContext.dispose() } } function noop () {} module.exports = waf