Contents

# typed: ignore

require_relative '../../instrumentation/gateway'
require_relative '../../assets'

module Datadog
  module AppSec
    module Contrib
      module Rack
        # Rack request body middleware for AppSec
        # This should be inserted just below Rack::JSONBodyParser or
        # legacy Rack::PostBodyContentTypeParser from rack-contrib
        class RequestBodyMiddleware
          def initialize(app, opt = {})
            @app = app
          end

          def call(env)
            context = env['datadog.waf.context']

            return @app.call(env) unless context

            # TODO: handle exceptions, except for @app.call

            request = ::Rack::Request.new(env)

            request_return, request_response = Instrumentation.gateway.push('rack.request.body', request) do
              @app.call(env)
            end

            if request_response && request_response.any? { |action, _event| action == :block }
              request_return = [403, { 'Content-Type' => 'text/html' }, [Datadog::AppSec::Assets.blocked]]
            end

            request_return
          end
        end
      end
    end
  end
end

Version data entries

9 entries across 9 versions & 1 rubygems

Version	Path
ddtrace-1.6.1	lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.6.0	lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.5.2	lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.5.1	lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.5.0	lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.4.2	lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.4.1	lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.4.0	lib/datadog/appsec/contrib/rack/request_body_middleware.rb
ddtrace-1.3.0	lib/datadog/appsec/contrib/rack/request_body_middleware.rb