config

package

v2.2.0-dev Latest Latest Go to latest Published: Jun 19, 2025 License: Apache-2.0, BSD-3-Clause, Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/colinking/dd-trace-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func IsEnabledByEnvironment() (enabled bool, set bool, err error)
type AddressSet
- func NewAddressSet(addrs []string) AddressSet
- func (set AddressSet) AnyOf(anyOf ...string) bool
type Config
type EnablementMode
type StartConfig
- func NewStartConfig(opts ...StartOption) *StartConfig
- func (c *StartConfig) NewConfig() (*Config, error)
type StartOption
type WAFManager
- func NewWAFManager(obfuscator appsec.ObfuscatorConfig, defaultRules []byte) (*WAFManager, error)

Constants ¶

View Source

const (
	// EnvEnabled controls ASM Threats Protection's enablement.
	EnvEnabled = "DD_APPSEC_ENABLED"
	// EnvSCAEnabled controls ASM Software Composition Analysis (SCA)'s enablement.
	EnvSCAEnabled = "DD_APPSEC_SCA_ENABLED"
)

The following environment variables dictate the enablement of different the ASM products.

Variables ¶

This section is empty.

Functions ¶

func IsEnabledByEnvironment ¶

func IsEnabledByEnvironment() (enabled bool, set bool, err error)

IsEnabledByEnvironment returns true when appsec is enabled by the environment variable EnvEnabled being set to a truthy value, as well as whether the environment variable was set at all or not (so it is possible to distinguish between explicitly false, and false-by-default). If the EnvEnabled variable is set to a value that is not a valid boolean (according to strconv.ParseBool), it is considered false-y, and a detailed error is also returned.

Types ¶

type AddressSet ¶

type AddressSet map[string]struct{}

AddressSet is a set of WAF addresses.

func NewAddressSet ¶

func NewAddressSet(addrs []string) AddressSet

func (AddressSet) AnyOf ¶

func (set AddressSet) AnyOf(anyOf ...string) bool

AnyOf returns true if any of the addresses in the set are in the given list.

type Config ¶

type Config struct {
	*WAFManager

	// WAFTimeout is the maximum WAF execution time
	WAFTimeout time.Duration
	// TraceRateLimit is the AppSec trace rate limit (traces per second).
	TraceRateLimit int64
	// APISec configuration
	APISec internal.APISecConfig
	// RC is the remote configuration client used to receive product configuration updates. Nil if RC is disabled (default)
	RC *remoteconfig.ClientConfig
	// RASP determines whether RASP features are enabled or not.
	RASP bool
	// SupportedAddresses are the addresses that the AppSec listener will bind to.
	SupportedAddresses AddressSet
	// MetaStructAvailable is true if meta struct is supported by the trace agent.
	MetaStructAvailable bool
	// BlockingUnavailable is true when the application run in an environment where blocking is not possible
	BlockingUnavailable bool
	// TracingAsTransport is true if APM is disabled and manually force keeping a trace is the only way for it to be sent.
	TracingAsTransport bool
}

Config is the AppSec configuration.

type EnablementMode ¶

type EnablementMode int8

const (
	// ForcedOff is the mode where AppSec is forced to be disabled, not allowing remote activation.
	ForcedOff EnablementMode = -1
	// RCStandby is the mode where AppSec is in stand-by, waiting remote activation.
	RCStandby EnablementMode = 0
	// ForcedOn is the mode where AppSec is forced to be enabled.
	ForcedOn EnablementMode = 1
)

type StartConfig ¶

type StartConfig struct {
	// RC is the remote config client configuration to be used.
	RC *remoteconfig.ClientConfig
	// IsEnabled is a function that determines whether AppSec is enabled or not. When unset, the
	// default [IsEnabled] function is used.
	EnablementMode func() (EnablementMode, telemetry.Origin, error)
	// MetaStructAvailable is true if meta struct is supported by the trace agent.
	MetaStructAvailable bool

	APISecOptions []internal.APISecOption

	// BlockingUnavailable is true when the application run in an environment where blocking is not possible
	BlockingUnavailable bool
}

func NewStartConfig ¶

func NewStartConfig(opts ...StartOption) *StartConfig

func (*StartConfig) NewConfig ¶

func (c *StartConfig) NewConfig() (*Config, error)

NewConfig returns a fresh appsec configuration read from the env

type StartOption ¶

type StartOption func(c *StartConfig)

StartOption is used to customize the AppSec configuration when invoked with appsec.Start()

func WithAPISecOptions ¶

func WithAPISecOptions(opts ...internal.APISecOption) StartOption

func WithBlockingUnavailable ¶

func WithBlockingUnavailable(unavailable bool) StartOption

func WithEnablementMode ¶

func WithEnablementMode(mode EnablementMode) StartOption

WithEnablementMode forces AppSec enablement, replacing the default initialization conditions implemented by IsEnabledByEnvironment.

func WithMetaStructAvailable ¶

func WithMetaStructAvailable(available bool) StartOption

func WithRCConfig ¶

func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption

WithRCConfig sets the AppSec remote config client configuration to the specified cfg

type WAFManager ¶

type WAFManager struct {
	// contains filtered or unexported fields
}

WAFManager holds a libddwaf.Builder and allows managing its configuration.

func NewWAFManager ¶

func NewWAFManager(obfuscator appsec.ObfuscatorConfig, defaultRules []byte) (*WAFManager, error)

NewWAFManager creates a new WAFManager with the provided appsec.ObfuscatorConfig and initial rules (if any).

func (*WAFManager) AddOrUpdateConfig ¶

func (m *WAFManager) AddOrUpdateConfig(path string, fragment any) (libddwaf.Diagnostics, error)

AddOrUpdateConfig adds or updates a configuration in the receiving WAFManager.

func (*WAFManager) Close ¶

func (m *WAFManager) Close()

Close releases all resources associated with this WAFManager.

func (*WAFManager) ConfigPaths ¶

func (m *WAFManager) ConfigPaths(filter string) []string

ConfigPaths returns the list of configuration paths currently loaded in the receiving WAFManager. This is typically used for testing purposes. An optional filter regular expression can be provided to limit what paths are returned.

func (*WAFManager) NewHandle ¶

func (m *WAFManager) NewHandle() (*libddwaf.Handle, string)

NewHandle returns a new *libddwaf.Handle (which may be nil if no valid WAF could be built) and the version of the rules that were used to build it.

func (*WAFManager) RemoveConfig ¶

func (m *WAFManager) RemoveConfig(path string)

RemoveConfig removes a configuration from the receiving WAFManager.

func (*WAFManager) RemoveDefaultConfig ¶

func (m *WAFManager) RemoveDefaultConfig() bool

RemoveDefaultConfig removes the initial configuration from the receiving WAFManager. Returns true if the default config was actually removed; false otherwise (e.g, if it had previously been removed, or there was no default config to begin with).

func (*WAFManager) Reset ¶

func (m *WAFManager) Reset() error

Reset resets the WAF manager to its initial state.

func (*WAFManager) RestoreDefaultConfig ¶

func (m *WAFManager) RestoreDefaultConfig() error

RestoreDefaultConfig restores the initial configurations to the receiving WAFManager.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL