o i)@sddlZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m m ZddlmZdd lmZd ZeZd ZeeZ Gd d d ejdZeD] \ZZeeejqTddddZedBdededededdf ddZ dededdfddZ!dededdfddZ"ej#j$j%d ej#j$j&d!ej#j$j'd"ej#j$j(d#ej#j$j)d$ej#j$j*d%ej#j$j+d&iZ,d'Z-d(Z.d)Z/d*eddfd+d,Z0d-e1d.ed/ej2eddfd0d1Z3d2eddfd3d4Z4dCd6ed7e1d8eddfd9d:Z5d/ed;eddfded?eddfd@dAZ7dS)DN) _constants) deduplication) DDWaf_info)Telemetry_result) _observator) telemetry)TELEMETRY_LOG_LEVEL)TELEMETRY_NAMESPACEunknown)falsetruec@seZdZdZdZdS) WARNING_TAGStelemetry_logstelemetry_metricsN)__name__ __module__ __qualname__TELEMETRY_LOGSTELEMETRY_METRICSrrK/home/ubuntu/.local/lib/python3.10/site-packages/ddtrace/appsec/_metrics.pyr sr ) metaclassappsec)product stack_limit exec_limitTmsgversionaction error_levelreturncCszt|ptd}|r tjntj}tjj|||dWnty2dddd}t j t j |ddYnwzd tfd |p;tfd |ff}tjj tjd d |dWdStygdddd}t j t j|ddYdSw)z!used for waf configuration errors) waf_versionevent_rules_versiontagsrz :waf:errorrr more_infoTextraexc_infor"r#rwaf.config_errorsz:waf:config_errorsN) ddwaf_versionUNKNOWN_VERSIONrERRORWARNINGrtelemetry_writeradd_log Exceptionloggerwarningr radd_count_metricr APPSECr)rrrr log_tagslevelr*r%rrr_set_waf_error_log"s(     r;infosuccesscCstz d|jptfdtff}tjjtjdd|dt|ffdWdSt y9ddd d }t j t j |d d YdSw) Nr#r"z waf.updatesr-r=r$rr&z :waf:updatesr'Tr)rr/r.rr2r7r r8bool_strr4r5r6r rr<r=r%r*rrr_set_waf_updates_metric;s   rAcCsz2d|jptfdtff}tjjtjdd|dt|ffd|s0tjjtjdd|ddWdSWdSt yKd d d d }t j t j |d dYdSw)Nr#r"zwaf.initr-r=r$r,))rinitrr&z :waf:initr'Tr)r>r@rrr_set_waf_init_metricJs     rC) rule_typecommand_injection) rule_variantexec)rD)rGshell))rElfi)rEssrf)rK)rGrequest)rK)rGresponse))rE sql_injection))truncation_reason1))rP2))rP4 observatorcCszVd}|jdur|dO}tjtjd|jt|jdur+|dO}tjtjd|jt|j dur?|dO}tjtjd|j t |rTtjj tjdddt |ffdWdSWdSt yod d d d }tjtj|d dYdSw)Nrr-zwaf.truncated_value_sizerzwaf.input_truncatedrPr$rr&z:waf:truncationsr'Tr)) string_lengthrr2add_distribution_metricr r8TAGS_STRING_LENGTHcontainer_sizeTAGS_CONTAINER_SIZEcontainer_depthTAGS_CONTAINER_DEPTHr7strr4r5r6r r)rTbitfieldr*rrr_report_waf_truncationsls:          r_error rule_versionrEcCszD|dur"dtfd|p tfdt|ff}tjjtjdd|dWdSdtfd|p)tfdt|fft |d}tjjtjd d|dWdSt y`d d d |pQd d}t j t j|ddw)zused for waf run errorsNr"r# waf_errorz waf.errorr-r$rz rasp.errorrr&z:waf:run_error:srbr'Tr))r.r/r]rr2r7r r8_TYPES_AND_TAGSgetr4r5r6r r)r`rarEwaf_tags rasp_tagsr*rrr_report_waf_run_errors&      rhresultc Csdz|j}t|jp |jp |j}d|jptfdtfdt|j fdt|j fdtt|j fdt|fdt|j dkfd t|j ff}tjjtjd d |d |j}|jrd D]A\}}t||D]2\}}|rt|ddtfd|jprtff} |dkr| dddg|j ff} tjjtj||| d q_qTWdSWdStydddd} tjtj| ddYdSw)Nr#r"rule_triggeredrequest_blocked waf_timeoutinput_truncatedrbr rate_limitedz waf.requestsr-r$))evalzrasp.rule.eval)matchzrasp.rule.match)timeoutz rasp.timeoutrrpblock irrelevantr=rr&z :waf:requestr'Tr)) truncationboolrVrYr[rr/r.r? triggeredblockedrqr`rnrr2r7r r8raspsum_evalgetattritemsrdrer4r5r6r r) rirtrm tags_requestrxtnrEvaluer%r*rrr_set_waf_request_metricssB          rrouteschemas frameworkcCsz,|r|dkr dnd}tjjtj|dd|ffdWdStjjtjddd|ffdWdStyEdd d d }tjtj |d d YdSw)Nrzapi_security.request.schemazapi_security.request.no_schemar-rr$zapi_security.missing_routerr&z :api_securityr'Tr) rr2r7r r8r4r5r6r r)rrr metric_namer*rrr_report_api_securitys   r import_errorc Cszzt|dd|r dndff}tjjtjdd|dWdSty<dd d |d |d }tj t j |d dYdSw)Nrreasonz app-startupzout-of-requestzrasp.rule.skippedr-r$rr&z:waf:rasp_rule_skipped::r'Tr)) rdrerr2r7r r8r4r5r6r r)rErr%r*rrr_report_rasp_skippeds r event_typev2c Csx|rdnd}zd|fd|ff}tjjtjdd|dWdSty;dd d |d |d }tjtj |d dYdSw)Nrv1r sdk_versionz sdk.eventr-r$rr&z:waf:sdk.event:rr'Tr)r)rrrr%r*rrr_report_ato_sdk_usages  r)T)r)8typingddtrace.appsecrddtrace.appsec._deduplicationsrddtrace.appsec._utilsrrrddtrace.internalrddtrace.internal.loggerinternalr5ddlogger$ddtrace.internal.telemetry.constantsrr r/r.r? get_loggerrConstant_Classr _tagset_tag_rate_limitHOUR log_extrar]rur;rArCEXPLOIT_PREVENTIONTYPECMDISHILFISSRFSSRF_REQSSRF_RESSQLIrdrXrZr\r_intOptionalrhrrrrrrrrsN           "         !