Add AppSec::ActionHandler to unify action handling #4300
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
integrations
![datadog-datadog-prod-us1[bot]](https://avatars.githubusercontent.com/u/365230?s=60&v=4){kind=small}
y9v
commented
Jan 16, 2025
Datadog ReportBranch report: ✅ 0 Failed, 22064 Passed, 1477 Skipped, 5m 32.97s Total Time |
BenchmarksBenchmark execution time: 2025-01-20 15:52:20 Comparing candidate commit 11512de in PR branch Found 1 performance improvements and 0 performance regressions! Performance is the same for 30 metrics, 2 unstable metrics. scenario:profiler - sample timeline=false
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #4300 +/- ##
=======================================
Coverage 97.71% 97.71%
=======================================
Files 1358 1359 +1
Lines 82501 82477 -24
Branches 4223 4198 -25
=======================================
- Hits 80614 80591 -23
+ Misses 1887 1886 -1 ☔ View full report in Codecov by Sentry. |
y9v
force-pushed
the
appsec-add-action-handler
branch
from
5d7a7f9 to
3343f03
Compare
7 tasks
vpellan
reviewed
Jan 17, 2025
Because we need to handle actions according their precedence.
We want to test that ActionsHandler handles actions correctly according their precedence.
These examples have to be rewritten with Hash#merge, since older versions of Ruby do not support double-splat operator.
y9v
force-pushed
the
appsec-add-action-handler
branch
from
4c28ff6 to
4d47360
Compare
Strech
approved these changes
Jan 20, 2025
This method should replace both ActionsHandler#block_request and ActionsHandler#redirect_request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
It adds
Datadog::AppSec::ActionHandlermodule and unifies blocked response generation.https://github.com/DataDog/libddwaf/blob/master/UPGRADING.md#action-semantics
https://github.com/DataDog/appsec-diagrams/blob/main/action-handling.md
Motivation:
We want to have a simple and unified way of handling
libddwafactions.Change log entry
None.
Additional Notes:
Since Sinatra and Rails instrumentations always insert
Datadog::AppSec::Contrib::Rack::RequestMiddleware, we don't need to catch interrupt signals anywhere other than in this Rack Middleware.How to test the change?
CI and manual testing with app generator.