Skip to content
This repository was archived by the owner on Apr 3, 2026. It is now read-only.

fix: make appsec.DefaultRuleset reutrn the ruleset as-is #46

Merged
RomainMuller merged 2 commits into from
May 19, 2025
Merged

fix: make appsec.DefaultRuleset reutrn the ruleset as-is #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fedc4ca
fix: make appsec.DefaultRuleset reutrn the ruleset as-is
RomainMuller May 19, 2025
425bfea
Merge branch 'main' into romain.marcadier/APPSEC-57708/inefficiencies
eliottness May 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions appsec/embed.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,16 @@

package appsec

import _ "embed" // Blank import comment for golint compliance
import (
_ "embed" // Blank import comment for golint compliance
"unsafe"
)

// StaticRecommendedRules holds the recommended AppSec security rules (v1.14.2)
// Source: https://github.com/DataDog/appsec-event-rules/blob/1.14.2/build/recommended.json
//
//go:embed rules.json
var StaticRecommendedRules string
var (
//go:embed rules.json
staticRecommendedRules []byte

// StaticRecommendedRules holds the recommended AppSec security rules (v1.14.2)
// Source: https://github.com/DataDog/appsec-event-rules/blob/1.14.2/build/recommended.json
StaticRecommendedRules = unsafe.String(&staticRecommendedRules[0], len(staticRecommendedRules))
Copy link
Copy Markdown
Contributor Author

@RomainMuller RomainMuller May 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is to retain the exported symbol (otherwise it's a breaking change) while avoiding to cause a full copy of the backing data to be done (because it's unnecessary).

That symbol would be dropped in a future version.

)
9 changes: 3 additions & 6 deletions appsec/rules.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,20 @@
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2023-present Datadog, Inc.

package appsec

import "encoding/json"

// DefaultRuleset returns the marshaled default recommended security rules for AppSec
func DefaultRuleset() ([]byte, error) {
rules, err := DefaultRulesetMap()
if err != nil {
return nil, err
}
return json.Marshal(rules)
return staticRecommendedRules, nil
}

// DefaultRulesetMap returns the unmarshaled default recommended security rules for AppSec
func DefaultRulesetMap() (map[string]any, error) {
var rules map[string]any
if err := json.Unmarshal([]byte(StaticRecommendedRules), &rules); err != nil {
if err := json.Unmarshal(staticRecommendedRules, &rules); err != nil {
return nil, err
}

Expand Down
24 changes: 24 additions & 0 deletions appsec/rules_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2023-present Datadog, Inc.

package appsec

import (
"testing"

"github.com/stretchr/testify/require"
)

func TestDefaultRuleset(t *testing.T) {
rules, err := DefaultRuleset()
require.NoError(t, err)
require.NotEmpty(t, rules)
}

func TestDefaultRulesetMap(t *testing.T) {
rules, err := DefaultRulesetMap()
require.NoError(t, err)
require.NotEmpty(t, rules)
}
Loading