-
Notifications
You must be signed in to change notification settings - Fork 415
/
actions.go
69 lines (57 loc) · 1.83 KB
/
actions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2022 Datadog, Inc.
//go:build appsec
// +build appsec
package grpcsec
import (
"sync"
"google.golang.org/grpc/codes"
)
// Action is used to identify any action kind
type Action interface {
isAction()
}
// ActionsHandler handles WAF actions registration and execution
type ActionsHandler struct {
mu sync.RWMutex
actions map[string]Action
}
// NewActionsHandler returns an action handler holding the default ASM actions.
// Currently, only the default "block" action is supported
func NewActionsHandler() ActionsHandler {
// Register the default "block" action as specified in the blocking RFC
actions := map[string]Action{"block": &BlockRequestAction{Status: codes.Aborted}}
return ActionsHandler{
actions: actions,
}
}
// RegisterAction registers a specific action to the actions handler. If the action kind is unknown
// the action will have no effect
func (h *ActionsHandler) RegisterAction(id string, a Action) {
h.mu.Lock()
defer h.mu.Unlock()
h.actions[id] = a
}
// Apply executes the action identified by `id`
func (h *ActionsHandler) Apply(id string, op *HandlerOperation) bool {
h.mu.RLock()
a, ok := h.actions[id]
h.mu.RUnlock()
if !ok {
return false
}
// Currently, only the "block_request" type is supported, so we only need to check for blockRequestParams
if p, ok := a.(*BlockRequestAction); ok {
op.BlockedCode = &p.Status
return true
}
return false
}
// BlockRequestAction is the struct used to perform the request blocking action
type BlockRequestAction struct {
// Status is the return code to use when blocking the request
Status codes.Code
}
func (*BlockRequestAction) isAction() {}