rename-me Change AppSec::Context ivars

lib/datadog/appsec/context.rb

@@ -7,7 +7,10 @@ module AppSec
     class Context
       ActiveContextError = Class.new(StandardError)
 
-      attr_reader :trace, :service_entry_span, :processor_context
+      # XXX: Continue from here:
+      #        1. Replace naming of processor_context into waf_runner
+      #        2. Replace calls of waf run
+      attr_reader :trace, :span, :processor_context
 
       class << self
         def activate(context)
@@ -32,14 +35,22 @@ def initialize(trace, span, security_engine)
         @trace = trace
         @span = span
         @security_engine = security_engine
+        @waf_runner = security_engine.new_context
 
-        # TODO: Rename
-        @service_entry_span = span
-        @processor_context = security_engine.new_context
+        # FIXME: Left for compatibility now
+        @processor_context = @waf_runner
+      end
+
+      def run_waf(persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
+        @waf_runner.run(persistent_data, ephemeral_data, timeout)
+      end
+
+      def run_rasp(_type, persistent_data, ephemeral_data, timeout = WAF::LibDDWAF::DDWAF_RUN_TIMEOUT)
+        @waf_runner.run(persistent_data, ephemeral_data, timeout)
       end
 
       def finalize
-        @processor_context.finalize
+        @waf_runner.finalize
       end
     end
   end

lib/datadog/appsec/contrib/active_record/instrumentation.rb

@@ -31,7 +31,7 @@ def detect_sql_injection(sql, adapter_name)
               event = {
                 waf_result: result,
                 trace: context.trace,
-                span: context.service_entry_span,
+                span: context.span,
                 sql: sql,
                 actions: result.actions
               }

lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb

@@ -40,7 +40,7 @@ def validate(resource, &block)
 
                 Tracking.track_login_success(
                   appsec_context.trace,
-                  appsec_context.service_entry_span,
+                  appsec_context.span,
                   user_id: event_information.user_id,
                   **event_information.to_h
                 )
@@ -60,7 +60,7 @@ def validate(resource, &block)
 
               Tracking.track_login_failure(
                 appsec_context.trace,
-                appsec_context.service_entry_span,
+                appsec_context.span,
                 user_id: event_information.user_id,
                 user_exists: user_exists,
                 **event_information.to_h

lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb

@@ -37,7 +37,7 @@ def create
 
                   Tracking.track_signup(
                     appsec_context.trace,
-                    appsec_context.service_entry_span,
+                    appsec_context.span,
                     user_id: event_information.user_id,
                     **event_information.to_h
                   )

lib/datadog/appsec/contrib/graphql/gateway/watcher.rb

@@ -32,7 +32,7 @@ def watch_multiplex(gateway = Instrumentation.gateway)
                       event = {
                         waf_result: result,
                         trace: context.trace,
-                        span: context.service_entry_span,
+                        span: context.span,
                         multiplex: gateway_multiplex,
                         actions: result.actions
                       }

lib/datadog/appsec/contrib/rack/gateway/watcher.rb

@@ -35,7 +35,7 @@ def watch_request(gateway = Instrumentation.gateway)
                       event = {
                         waf_result: result,
                         trace: context.trace,
-                        span: context.service_entry_span,
+                        span: context.span,
                         request: gateway_request,
                         actions: result.actions
                       }
@@ -73,7 +73,7 @@ def watch_response(gateway = Instrumentation.gateway)
                       event = {
                         waf_result: result,
                         trace: context.trace,
-                        span: context.service_entry_span,
+                        span: context.span,
                         response: gateway_response,
                         actions: result.actions
                       }
@@ -111,7 +111,7 @@ def watch_request_body(gateway = Instrumentation.gateway)
                       event = {
                         waf_result: result,
                         trace: context.trace,
-                        span: context.service_entry_span,
+                        span: context.span,
                         request: gateway_request,
                         actions: result.actions
                       }

lib/datadog/appsec/contrib/rack/request_middleware.rb

@@ -99,7 +99,7 @@ def call(env)
             if result
               ctx.processor_context.events << {
                 trace: ctx.trace,
-                span: ctx.service_entry_span,
+                span: ctx.span,
                 waf_result: result,
               }
             end
@@ -109,7 +109,7 @@ def call(env)
               e[:request]  ||= gateway_request
             end
 
-            AppSec::Event.record(ctx.service_entry_span, *ctx.processor_context.events)
+            AppSec::Event.record(ctx.span, *ctx.processor_context.events)
 
             if response_response
               blocked_event = response_response.find { |action, _options| action == :block }
@@ -148,7 +148,7 @@ def active_span
           end
 
           def add_appsec_tags(processor, context)
-            span = context.service_entry_span
+            span = context.span
             trace = context.trace
 
             return unless trace && span
@@ -185,7 +185,7 @@ def add_appsec_tags(processor, context)
           end
 
           def add_request_tags(context, env)
-            span = context.service_entry_span
+            span = context.span
 
             return unless span
 
@@ -208,7 +208,7 @@ def add_request_tags(context, env)
           end
 
           def add_waf_runtime_tags(context)
-            span = context.service_entry_span
+            span = context.span
             context = context.processor_context
 
             return unless span && context

lib/datadog/appsec/contrib/rails/gateway/watcher.rb

@@ -31,7 +31,7 @@ def watch_request_action(gateway = Instrumentation.gateway)
                       event = {
                         waf_result: result,
                         trace: context.trace,
-                        span: context.service_entry_span,
+                        span: context.span,
                         request: gateway_request,
                         actions: result.actions
                       }

lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb

@@ -33,7 +33,7 @@ def watch_request_dispatch(gateway = Instrumentation.gateway)
                       event = {
                         waf_result: result,
                         trace: context.trace,
-                        span: context.service_entry_span,
+                        span: context.span,
                         request: gateway_request,
                         actions: result.actions
                       }
@@ -71,7 +71,7 @@ def watch_request_routed(gateway = Instrumentation.gateway)
                       event = {
                         waf_result: result,
                         trace: context.trace,
-                        span: context.service_entry_span,
+                        span: context.span,
                         request: gateway_request,
                         actions: result.actions
                       }

lib/datadog/appsec/event.rb

@@ -141,9 +141,9 @@ def tag_and_keep!(context, waf_result)
           # We want to keep the trace in case of security event
           context.trace.keep! if context.trace
 
-          if context.service_entry_span
-            context.service_entry_span.set_tag('appsec.blocked', 'true') if waf_result.actions.key?('block_request')
-            context.service_entry_span.set_tag('appsec.event', 'true')
+          if context.span
+            context.span.set_tag('appsec.blocked', 'true') if waf_result.actions.key?('block_request')
+            context.span.set_tag('appsec.event', 'true')
           end
 
           add_distributed_tags(context.trace)

lib/datadog/appsec/monitor/gateway/watcher.rb

@@ -29,7 +29,7 @@ def watch_user_id(gateway = Instrumentation.gateway)
                     event = {
                       waf_result: result,
                       trace: context.trace,
-                      span: context.service_entry_span,
+                      span: context.span,
                       user: user,
                       actions: result.actions
                     }

lib/datadog/kit/appsec/events.rb

@@ -138,7 +138,7 @@ def track(event, trace = nil, span = nil, **others)
           def set_trace_and_span_context(method, trace = nil, span = nil)
             if (appsec_context = Datadog::AppSec.active_context)
               trace = appsec_context.trace
-              span = appsec_context.service_entry_span
+              span = appsec_context.span
             end
 
             trace ||= Datadog::Tracing.active_trace

lib/datadog/kit/identity.rb

@@ -80,7 +80,7 @@ def set_user(
         def set_trace_and_span_context(method, trace = nil, span = nil)
           if (appsec_context = Datadog::AppSec.active_context)
             trace = appsec_context.trace
-            span = appsec_context.service_entry_span
+            span = appsec_context.span
           end
 
           trace ||= Datadog::Tracing.active_trace

spec/datadog/appsec/contrib/devise/patcher/authenticatable_patch_spec.rb

@@ -82,7 +82,7 @@ def initialize(id, email, username)
   context 'when logging in from Rememberable devise strategy' do
     let(:appsec_enabled) { true }
     let(:track_user_events_enabled) { true }
-    let(:appsec_context) { instance_double(Datadog::AppSec::Context, trace: double, service_entry_span: double) }
+    let(:appsec_context) { instance_double(Datadog::AppSec::Context, trace: double, span: double) }
 
     let(:mock_klass) do
       Class.new do
@@ -109,7 +109,7 @@ def initialize(result)
   context 'successful login' do
     let(:appsec_enabled) { true }
     let(:track_user_events_enabled) { true }
-    let(:appsec_context) { instance_double(Datadog::AppSec::Context, trace: double, service_entry_span: double) }
+    let(:appsec_context) { instance_double(Datadog::AppSec::Context, trace: double, span: double) }
 
     context 'with resource ID' do
       context 'safe mode' do
@@ -118,7 +118,7 @@ def initialize(result)
         it 'tracks event' do
           expect(Datadog::AppSec::Contrib::Devise::Tracking).to receive(:track_login_success).with(
             appsec_context.trace,
-            appsec_context.service_entry_span,
+            appsec_context.span,
             user_id: resource.id,
             **{}
           )
@@ -132,7 +132,7 @@ def initialize(result)
         it 'tracks event' do
           expect(Datadog::AppSec::Contrib::Devise::Tracking).to receive(:track_login_success).with(
             appsec_context.trace,
-            appsec_context.service_entry_span,
+            appsec_context.span,
             user_id: resource.id,
             **{ username: 'John', email: '[email protected]' }
           )
@@ -150,7 +150,7 @@ def initialize(result)
         it 'tracks event' do
           expect(Datadog::AppSec::Contrib::Devise::Tracking).to receive(:track_login_success).with(
             appsec_context.trace,
-            appsec_context.service_entry_span,
+            appsec_context.span,
             user_id: nil,
             **{}
           )
@@ -164,7 +164,7 @@ def initialize(result)
         it 'tracks event' do
           expect(Datadog::AppSec::Contrib::Devise::Tracking).to receive(:track_login_success).with(
             appsec_context.trace,
-            appsec_context.service_entry_span,
+            appsec_context.span,
             user_id: nil,
             **{ username: 'John', email: '[email protected]' }
           )
@@ -177,7 +177,7 @@ def initialize(result)
   context 'unsuccessful login' do
     let(:appsec_enabled) { true }
     let(:track_user_events_enabled) { true }
-    let(:appsec_context) { instance_double(Datadog::AppSec::Context, trace: double, service_entry_span: double) }
+    let(:appsec_context) { instance_double(Datadog::AppSec::Context, trace: double, span: double) }
 
     context 'with resource' do
       context 'safe mode' do
@@ -186,7 +186,7 @@ def initialize(result)
         it 'tracks event' do
           expect(Datadog::AppSec::Contrib::Devise::Tracking).to receive(:track_login_failure).with(
             appsec_context.trace,
-            appsec_context.service_entry_span,
+            appsec_context.span,
             user_id: resource.id,
             user_exists: true,
             **{}
@@ -201,7 +201,7 @@ def initialize(result)
         it 'tracks event' do
           expect(Datadog::AppSec::Contrib::Devise::Tracking).to receive(:track_login_failure).with(
             appsec_context.trace,
-            appsec_context.service_entry_span,
+            appsec_context.span,
             user_id: resource.id,
             user_exists: true,
             **{ username: 'John', email: '[email protected]' }
@@ -218,7 +218,7 @@ def initialize(result)
         it 'tracks event' do
           expect(Datadog::AppSec::Contrib::Devise::Tracking).to receive(:track_login_failure).with(
             appsec_context.trace,
-            appsec_context.service_entry_span,
+            appsec_context.span,
             user_id: nil,
             user_exists: false,
             **{}
@@ -233,7 +233,7 @@ def initialize(result)
         it 'tracks event' do
           expect(Datadog::AppSec::Contrib::Devise::Tracking).to receive(:track_login_failure).with(
             appsec_context.trace,
-            appsec_context.service_entry_span,
+            appsec_context.span,
             user_id: nil,
             user_exists: false,
             **{}