From e95cee0e73bcb6f089dbe0414027da01d1cfe069 Mon Sep 17 00:00:00 2001 From: Gustavo Caso Date: Fri, 28 Apr 2023 17:54:12 +0200 Subject: [PATCH] apply feedback --- lib/datadog/appsec/remote.rb | 12 ++- sig/datadog/appsec/remote.rbs | 2 - spec/datadog/appsec/remote_spec.rb | 136 ++++++++++++----------------- 3 files changed, 59 insertions(+), 91 deletions(-) diff --git a/lib/datadog/appsec/remote.rb b/lib/datadog/appsec/remote.rb index 932dc5e03ad..1c95229c352 100644 --- a/lib/datadog/appsec/remote.rb +++ b/lib/datadog/appsec/remote.rb @@ -48,8 +48,6 @@ def products remote_features_enabled? ? ASM_PRODUCTS : [] end - ASM_DATA_CONFIG_TYPES = ['blocked_ips', 'blocked_users'].freeze - # rubocop:disable Metrics/MethodLength def receivers return [] unless remote_features_enabled? @@ -66,17 +64,17 @@ def receivers exclusions = [] repository.contents.each do |content| + parsed_content = parse_content(content) + case content.path.product when 'ASM_DD' - rules << parse_content(content) + rules << parsed_content when 'ASM_DATA' - data << parse_content(content) if ASM_DATA_CONFIG_TYPES.include?(content.path.config_id) + data << parsed_content if parsed_content['rules_data'] when 'ASM' - parsed_content = parse_content(content) - if parsed_content['rules_override'] overrides << parsed_content - else + elsif parsed_content['exclusions'] exclusions << parsed_content end end diff --git a/sig/datadog/appsec/remote.rbs b/sig/datadog/appsec/remote.rbs index b2d6966e157..50be3d0963d 100644 --- a/sig/datadog/appsec/remote.rbs +++ b/sig/datadog/appsec/remote.rbs @@ -29,8 +29,6 @@ module Datadog ASM_PRODUCTS: ::Array[String] - ASM_DATA_CONFIG_TYPES: ::Array[String] - def self.capabilities: () -> ::Array[Integer] def self.products: () -> ::Array[String] diff --git a/spec/datadog/appsec/remote_spec.rb b/spec/datadog/appsec/remote_spec.rb index 791db51f073..223017d0000 100644 --- a/spec/datadog/appsec/remote_spec.rb +++ b/spec/datadog/appsec/remote_spec.rb @@ -178,50 +178,44 @@ [Datadog::AppSec::Processor::RuleLoader.load_rules(ruleset: Datadog.configuration.appsec.ruleset)] end - context 'ASM' do - let(:overrides) do + let(:target) do + Datadog::Core::Remote::Configuration::Target.parse( { - 'rules_override' => { - - } + 'custom' => { + 'v' => 1, + }, + 'hashes' => { 'sha256' => Digest::SHA256.hexdigest(data.to_json) }, + 'length' => data.to_s.length } - end + ) + end - let(:exclusions) do + let(:content) do + Datadog::Core::Remote::Configuration::Content.parse( { - 'exclusions' => { - - } + path: path, + content: StringIO.new(data.to_json) } - end + ) + end + + context 'ASM' do + let(:path) { 'datadog/603646/ASM/whatevername/config' } context 'overrides' do - let(:target) do - Datadog::Core::Remote::Configuration::Target.parse( - { - 'custom' => { - 'v' => 1, - }, - 'hashes' => { 'sha256' => Digest::SHA256.hexdigest(overrides.to_json) }, - 'length' => overrides.to_s.length - } - ) - end + let(:data) do + { + 'rules_override' => { - let(:content) do - Datadog::Core::Remote::Configuration::Content.parse( - { - path: 'datadog/603646/ASM/whatevername/config', - content: StringIO.new(overrides.to_json) } - ) + } end it 'pass the right values to RuleMerger' do expect(Datadog::AppSec::Processor::RuleMerger).to receive(:merge).with( rules: default_ruleset, data: [], - overrides: [overrides], + overrides: [data], exclusions: [], ) @@ -231,25 +225,12 @@ end context 'exclusions' do - let(:target) do - Datadog::Core::Remote::Configuration::Target.parse( - { - 'custom' => { - 'v' => 1, - }, - 'hashes' => { 'sha256' => Digest::SHA256.hexdigest(exclusions.to_json) }, - 'length' => exclusions.to_s.length - } - ) - end + let(:data) do + { + 'exclusions' => { - let(:content) do - Datadog::Core::Remote::Configuration::Content.parse( - { - path: 'datadog/603646/ASM/whatevername/config', - content: StringIO.new(exclusions.to_json) } - ) + } end it 'pass the right values to RuleMerger' do @@ -257,52 +238,27 @@ rules: default_ruleset, data: [], overrides: [], - exclusions: [exclusions], + exclusions: [data], ) changes = transaction receiver.call(repository, changes) end end - end - - context 'ASM_DATA' do - let(:data) do - { - 'rules_data' => { - - } - } - end - let(:target) do - Datadog::Core::Remote::Configuration::Target.parse( + context 'unsupported key' do + let(:data) do { - 'custom' => { - 'v' => 1, - }, - 'hashes' => { 'sha256' => Digest::SHA256.hexdigest(data.to_json) }, - 'length' => data.to_s.length - } - ) - end + 'unsupported' => { - let(:content) do - Datadog::Core::Remote::Configuration::Content.parse( - { - path: path, - content: StringIO.new(data.to_json) + } } - ) - end - - context 'blocking ips' do - let(:path) { 'datadog/603646/ASM_DATA/blocked_ips/config' } + end it 'pass the right values to RuleMerger' do expect(Datadog::AppSec::Processor::RuleMerger).to receive(:merge).with( rules: default_ruleset, - data: [data], + data: [], overrides: [], exclusions: [], ) @@ -311,9 +267,19 @@ receiver.call(repository, changes) end end + end + + context 'ASM_DATA' do + let(:path) { 'datadog/603646/ASM_DATA/whatevername/config' } - context 'blocking users' do - let(:path) { 'datadog/603646/ASM_DATA/blocked_users/config' } + context 'with rules_data information' do + let(:data) do + { + 'rules_data' => { + + } + } + end it 'pass the right values to RuleMerger' do expect(Datadog::AppSec::Processor::RuleMerger).to receive(:merge).with( @@ -328,8 +294,14 @@ end end - context 'non blocking users or blocking ips' do - let(:path) { 'datadog/603646/ASM_DATA/something_else/config' } + context 'without rules_data information' do + let(:data) do + { + 'other_key' => { + + } + } + end it 'pass the right values to RuleMerger' do expect(Datadog::AppSec::Processor::RuleMerger).to receive(:merge).with(