pkg.gl

Categorygithub.com/DataDog/appsec-internal-goappsec

package

1.9.0

Repository: https://github.com/datadog/appsec-internal-go.git

Documentation: pkg.go.dev

# Functions

DefaultRuleset

DefaultRuleset returns the marshaled default recommended security rules for AppSec.

DefaultRulesetMap

DefaultRulesetMap returns the unmarshaled default recommended security rules for AppSec.

NewAPISecConfig

NewAPISecConfig creates and returns a new API Security configuration by reading the env.

NewObfuscatorConfig

NewObfuscatorConfig creates and returns a new WAF obfuscator configuration by reading the env.

RASPEnabled

RASPEnabled returns true if RASP functionalities are enabled through the env, or if DD_APPSEC_RASP_ENABLED is not set.

RateLimitFromEnv

RateLimitFromEnv reads and parses the trace rate limit set through the env If not set, it defaults to `DefaultTraceRate`.

RulesFromEnv

RulesFromEnv returns the security rules provided through the environment If the env var is not set, the default recommended rules are returned instead.

WAFTimeoutFromEnv

WAFTimeoutFromEnv reads and parses the WAF timeout value set through the env If not set, it defaults to `DefaultWAFTimeout`.

# Constants

DefaultAPISecSampleRate

DefaultAPISecSampleRate is the default rate at which API Security schemas are extracted from requests.

DefaultObfuscatorKeyRegex

DefaultObfuscatorKeyRegex is the default regexp used to obfuscate keys.

DefaultObfuscatorValueRegex

DefaultObfuscatorValueRegex is the default regexp used to obfuscate values.

DefaultTraceRate

up to 100 appsec traces/s.

DefaultWAFTimeout

DefaultWAFTimeout is the default time limit past which a WAF run will timeout.

EnvAPISecEnabled

EnvAPISecEnabled is the env var used to enable API Security.

EnvAPISecSampleRate

EnvAPISecSampleRate is the env var used to set the sampling rate of API Security schema extraction.

EnvObfuscatorKey

EnvObfuscatorKey is the env var used to provide the WAF key obfuscation regexp.

EnvObfuscatorValue

EnvObfuscatorValue is the env var used to provide the WAF value obfuscation regexp.

EnvRASPEnabled

EnvRASPEnabled is the env var used to enable/disable RASP functionalities for ASM.

EnvRules

EnvRules is the env var used to provide a path to a local security rule file.

EnvTraceRateLimit

EnvTraceRateLimit is the env var used to set the ASM trace limiting rate.

EnvWAFTimeout

EnvWAFTimeout is the env var used to specify the timeout value for a WAF run.

# Variables

StaticRecommendedRules

StaticRecommendedRules holds the recommended AppSec security rules (v1.13.2) Source: https://github.com/DataDog/appsec-event-rules/blob/1.13.2/build/recommended.json go:embed rules.json.

# Structs

APISecConfig

APISecConfig holds the configuration for API Security schemas reporting It is used to enabled/disable the feature as well as to configure the rate at which schemas get reported,.

ObfuscatorConfig

ObfuscatorConfig wraps the key and value regexp to be passed to the WAF to perform obfuscation.