Skip to content

Commit

Permalink
add session blocking
Browse files Browse the repository at this point in the history
  • Loading branch information
@simon-id
simon-id committed Jan 18, 2025
1 parent e487811 commit 1914a35
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 0 deletions.
1 change: 1 addition & 0 deletions packages/dd-trace/src/appsec/addresses.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ module.exports = {

USER_ID: 'usr.id',
USER_LOGIN: 'usr.login',
USER_SESSION_ID: 'usr.session_id',

WAF_CONTEXT_PROCESSOR: 'waf.context.processor',

Expand Down
1 change: 1 addition & 0 deletions packages/dd-trace/src/appsec/channels.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ module.exports = {
incomingHttpRequestStart: dc.channel('dd-trace:incomingHttpRequestStart'),
incomingHttpRequestEnd: dc.channel('dd-trace:incomingHttpRequestEnd'),
passportVerify: dc.channel('datadog:passport:verify:finish'),
expressSession: dc.channel('datadog:express-session:middleware:finish'),
queryParser: dc.channel('datadog:query:read:finish'),
setCookieChannel: dc.channel('datadog:iast:set-cookie'),
nextBodyParsed: dc.channel('apm:next:body-parsed'),
Expand Down
19 changes: 19 additions & 0 deletions packages/dd-trace/src/appsec/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ const {
incomingHttpRequestStart,
incomingHttpRequestEnd,
passportVerify,
expressSession,
queryParser,
nextBodyParsed,
nextQueryParsed,
Expand Down Expand Up @@ -67,6 +68,7 @@ function enable (_config) {
incomingHttpRequestStart.subscribe(incomingHttpStartTranslator)
incomingHttpRequestEnd.subscribe(incomingHttpEndTranslator)
passportVerify.subscribe(onPassportVerify) // possible optimization: only subscribe if collection mode is enabled
expressSession.subscribe(onExpressSession)
queryParser.subscribe(onRequestQueryParsed)
nextBodyParsed.subscribe(onRequestBodyParsed)
nextQueryParsed.subscribe(onRequestQueryParsed)
Expand Down Expand Up @@ -197,6 +199,22 @@ function onPassportVerify ({ framework, login, user, success, abortController })
handleResults(results, store.req, store.req.res, rootSpan, abortController)
}

function onExpressSession ({ req, res, sessionId, abortController }) {
const rootSpan = web.root(req)
if (!rootSpan) {
log.warn('[ASM] No rootSpan found in onExpressSession')
return
}

const results = waf.run({
persistent: {
[addresses.USER_SESSION_ID]: sessionId
}
}, req)

handleResults(results, req, res, rootSpan, abortController)
}

function onRequestQueryParsed ({ req, res, query, abortController }) {
if (!query || typeof query !== 'object') return

Expand Down Expand Up @@ -310,6 +328,7 @@ function disable () {
if (incomingHttpRequestStart.hasSubscribers) incomingHttpRequestStart.unsubscribe(incomingHttpStartTranslator)
if (incomingHttpRequestEnd.hasSubscribers) incomingHttpRequestEnd.unsubscribe(incomingHttpEndTranslator)
if (passportVerify.hasSubscribers) passportVerify.unsubscribe(onPassportVerify)
if (expressSession.hasSubscribers) expressSession.unsubscribe(onExpressSession)
if (queryParser.hasSubscribers) queryParser.unsubscribe(onRequestQueryParsed)
if (nextBodyParsed.hasSubscribers) nextBodyParsed.unsubscribe(onRequestBodyParsed)
if (nextQueryParsed.hasSubscribers) nextQueryParsed.unsubscribe(onRequestQueryParsed)
Expand Down

0 comments on commit 1914a35

Please sign in to comment.