o iE @sddlZddlZddlZddlmZddlZddlmZddlmZddlm Z ddlm Z ddlm Z ddl m Z dd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z ddl!m"Z"ddl!m#Z#ddl!m$Z$ddl!m%Z%ddl&m'Z'ddl&m(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z/ddl0m1Z1dd l2m3Z3dd!l4m5Z5dd"l6m7Z8e1e9Z:d#e e;eeees r7cCs tjptjSr5) asm_config_asm_static_rule_filer RULESr1r1r1r2 get_rulesDs r;cCstttdtjS)NDD_APPSEC_TRACE_RATE_LIMIT)r!intosgetenvr TRACE_RATE_LIMITr1r1r1r2_get_rate_limiterHsrAF)eqc@seZdZUejedZeed<ejddZ e ed<ejddZ e ed<eje dZ e eed<ejedZeed<d Zeeded <ed8d d Zed8ddZed efddZd8ddZd8ddZd8ddZdeeeefdeeeeefd efddZ ed efddZ!ed efddZ"ed efd d!Z#ed efd"d#Z$ed efd$d%Z%d&e&d d fd'd(Z' d9d)e&d*e(d+ee)ee*fd,eed-eed.ed ee+fd/d0Z,d1ed efd2d3Z-d&e&d d fd4d5Z.ed8d6d7Z/d S):AppSecSpanProcessor)default_factory rule_filenameF)init obfuscation_parameter_key_regexp"obfuscation_parameter_value_regexp_addresses_to_keep _rate_limiterN _instancer%cCs&|jdur|}|_|dSdS)z!Enable the AppSec span processor.N)rKregister)clsinstancer1r1r2enableUs   zAppSecSpanProcessor.enablecCs"|jdur|jd|_dSdS)z"Disable the AppSec span processor.N)rK unregisterrMr1r1r2disable\s   zAppSecSpanProcessor.disablecCs |jduSr5)_ddwafselfr1r1r2enabledcs zAppSecSpanProcessor.enabledc Cstj|_tj|_d|_z t|jd}| |_WdWdS1s(wYWdSt yQ}z|j t j krEt d|jt d|jd}~wty_t d|jtymt d|jw)NbrzO[DDAS-0001-03] ASM could not read the rule file %s. Reason: file does not existz3[DDAS-0001-03] ASM could not read the rule file %s.zM[DDAS-0001-03] ASM could not read the rule file %s. Reason: invalid JSON file)r8%_asm_obfuscation_parameter_key_regexpencoderG'_asm_obfuscation_parameter_value_regexprH_rulesopenrEreadEnvironmentErrorerrnoENOENTlogerrorr Exception)rUferrr1r1r2 __post_init__gs4   &   z!AppSecSpanProcessor.__post_init__cCszF|jdurEt|dsEddlm}ddlmm}|}|dur,tdd|_ WdS||_ ||j|j |j ||_ |j |j j|j jWntyYtjdddd|_ Ynw|dS)NrSr) waf_modulez\}}|t"j#kr=|}q/|t"j$krL|}d|t"j%<q/|t"j&krl|d}t'd|||t(j)d|j*D]}||t+j,<qcq/|j-!D] \} }|| |qs|j.!D] \} }|/| |q|j*rtd|j*|j0|rt1t2di|d }|j3rj45}t6jj7j8t9|||| |j*rt:|j*|r|;tjt j?}|r|d||t@dur|t@tjA|j3r|rtB||S)ax Call the `WAF` with the given parameters. If `custom_data_names` is specified as a list of `(WAF_NAME, WAF_STR)` tuples specifying what values of the `WAF_DATA_NAMES` constant class will be checked. Else, it will check all the possible values from `WAF_DATA_NAMES`. If `custom_data_values` is specified, it must be a dictionary where the key is the `WAF_DATA_NAMES` key and the value the custom value. If not used, the values will be retrieved from the `core`. This can be used when you don't want to store the value in the `core` before checking the `WAF`. rSNPROCESSOR_SETTINGSzextract-schemaFcSsg|]}|t|fqSr1r).0keyr1r1r2 sz3AppSecSpanProcessor._waf_action.. waf_addresses__call__z[action] WAF got value %s)ephemeral_data timeout_mszappsec::processor::waf::runTrhcsjjSr5)rSrrr1rTr1r2Fsz1AppSecSpanProcessor._waf_action..rinonestack_idzexploit detected)r namespacez5[DDAS-011-00] ASM In-App WAF returned: %s. Timeout %struezactor.ipr1)CrjrSr get_blockedgetr get_data_sentsetPERSISTENT_ADDRESSESr7rr get_valueryrarrunr8 _waf_timeoutrcr set_waf_info return_coder RASP_ERROR WAF_ERRORget_tagrstrr= ValueErrormaxactionsr)r BLOCK_ACTIONREDIRECT_ACTIONTYPE STACK_ACTIONrrRASPr$r STACK_TRACE_ID meta_tagsrprtimeout set_blockedrkeeprJ is_allowedset_waf_telemetry_resultsrrversionboolstore_waf_results_dataset_tagBLOCKEDEVENTget_waf_addressrr ORIGIN_VALUEr)rUrrrrrrr$r iter_datadata_already_sent force_keysrr4r/ waf_results error_tagprevious int_previousblockedaction parametersstack_trace_idruleallowed remote_ipr1rTr2rs                   zAppSecSpanProcessor._waf_actionr}cCs ||jvSr5)rIr|r1r1r2rs zAppSecSpanProcessor._is_neededcCs:t|dddur dS|jtjvrtt|dSdS)NrS)getattrrr8rr $call_waf_callback_no_instrumentation end_context)rUrr1r1r2on_span_finishs  z"AppSecSpanProcessor.on_span_finishcCs|tjr |dSdS)z Reset the AppSec span processor.N)rRr8 _asm_enabledrOrQr1r1r2_resets zAppSecSpanProcessor._reset)r%N)NNNF)0__name__ __module__ __qualname__ dataclassesfieldr;rEr__annotations__rGbytesrHrrIrArJr!rKrr classmethodrOrRpropertyrrVrfrvrtrtupler"rrrrrrr rrdictrrrrrrr1r1r1r2rCLst        = rCr~rcCs tjdurtj||dSdS)ztypingrrrrrddtrace._trace.processorrddtrace._trace.spanr ddtrace.appsecr ddtrace.appsec._constantsr r r rrrrddtrace.appsec._ddwaf.waf_stubsrr/ddtrace.appsec._exploit_prevention.stack_tracesrddtrace.appsec._trace_utilsrddtrace.appsec._utilsrrrrddtrace.constantsrr ddtrace.extrddtrace.internalrddtrace.internal._unpatchedrr\ddtrace.internal.loggerr ddtrace.internal.rate_limiterr!ddtrace.internal.remoteconfigr"ddtrace.internal.settings.asmr#r8rrar rr(r r3r7r;rA dataclassrCronrr1r1r1r2sn                                 B Y