Sha256: 1accc6082482057e8d186a8d12b04cd27ecdcf2d161a0b290182d831881bb455

Contents?: true

Size: 1.09 KB

Versions: 3

Compression:

Stored size: 1.09 KB

Contents

# typed: ignore

require_relative '../../instrumentation/gateway'
require_relative '../../response'

module Datadog
  module AppSec
    module Contrib
      module Rack
        # Rack request body middleware for AppSec
        # This should be inserted just below Rack::JSONBodyParser or
        # legacy Rack::PostBodyContentTypeParser from rack-contrib
        class RequestBodyMiddleware
          def initialize(app, opt = {})
            @app = app
          end

          def call(env)
            context = env['datadog.waf.context']

            return @app.call(env) unless context

            # TODO: handle exceptions, except for @app.call

            request = ::Rack::Request.new(env)

            request_return, request_response = Instrumentation.gateway.push('rack.request.body', request) do
              @app.call(env)
            end

            if request_response && request_response.any? { |action, _event| action == :block }
              request_return = AppSec::Response.negotiate(env).to_rack
            end

            request_return
          end
        end
      end
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
ddtrace-1.9.0 lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.8.0 lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.7.0 lib/datadog/appsec/contrib/rack/request_body_middleware.rb