Suspicious Attacker Blocking

packages/dd-trace/src/appsec/remote_config/capabilities.js

@@ -16,6 +16,7 @@
   APM_TRACING_LOGS_INJECTION: 1n << 13n,
   APM_TRACING_HTTP_HEADER_TAGS: 1n << 14n,
   APM_TRACING_CUSTOM_TAGS: 1n << 15n,
+  ASM_EXCLUSION_DATA:  1n << 18n,
   APM_TRACING_ENABLED: 1n << 19n,
   ASM_RASP_SQLI: 1n << 21n,
   ASM_RASP_LFI: 1n << 22n,

packages/dd-trace/src/appsec/remote_config/index.js

@@ -92,6 +92,7 @@ function enableWafUpdate (appsecConfig) {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_RULES, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, true)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_EXCLUSION_DATA, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_ENDPOINT_FINGERPRINT, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_NETWORK_FINGERPRINT, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_HEADER_FINGERPRINT, true)
@@ -126,6 +127,7 @@ function disableWafUpdate () {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_RULES, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, false)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_EXCLUSION_DATA, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_ENDPOINT_FINGERPRINT, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_NETWORK_FINGERPRINT, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_HEADER_FINGERPRINT, false)

packages/dd-trace/src/appsec/rule_manager.js

@@ -9,6 +9,7 @@ const blocking = require('./blocking')
 let defaultRules
 
 let appliedRulesData = new Map()
+let appliedExclusionData = new Map()
 let appliedRulesetId
 let appliedRulesOverride = new Map()
 let appliedExclusions = new Map()
@@ -29,6 +30,7 @@ function updateWafFromRC ({ toUnapply, toApply, toModify }) {
   const batch = new Set()
 
   const newRulesData = new SpyMap(appliedRulesData)
+  const newExclusionData = new SpyMap(appliedExclusionData)
   let newRuleset
   let newRulesetId
   const newRulesOverride = new SpyMap(appliedRulesOverride)
@@ -41,6 +43,7 @@ function updateWafFromRC ({ toUnapply, toApply, toModify }) {
 
     if (product === 'ASM_DATA') {
       newRulesData.delete(id)
+      newExclusionData.delete(id)
     } else if (product === 'ASM_DD') {
       if (appliedRulesetId === id) {
         newRuleset = defaultRules
@@ -57,10 +60,14 @@ function updateWafFromRC ({ toUnapply, toApply, toModify }) {
     const { product, id, file } = item
 
     if (product === 'ASM_DATA') {
-      if (file && file.rules_data && file.rules_data.length) {
+      if (file?.rules_data?.length) {
         newRulesData.set(id, file.rules_data)
       }
 
+      if (file?.exclusion_data?.length) {
+        newExclusionData.set(id, file.exclusion_data)
+      }
+
       batch.add(item)
     } else if (product === 'ASM_DD') {
       if (appliedRulesetId && appliedRulesetId !== id && newRuleset !== defaultRules) {
@@ -101,6 +108,7 @@ function updateWafFromRC ({ toUnapply, toApply, toModify }) {
   let newApplyError
 
   if (newRulesData.modified ||
+    newExclusionData.modified ||
     newRuleset ||
     newRulesOverride.modified ||
     newExclusions.modified ||
@@ -112,6 +120,9 @@ function updateWafFromRC ({ toUnapply, toApply, toModify }) {
     if (newRulesData.modified) {
       payload.rules_data = mergeRulesData(newRulesData)
     }
+    if (newExclusionData.modified) {
+      payload.exclusion_data = mergeRulesData(newExclusionData)
+    }
     if (newRulesOverride.modified) {
       payload.rules_override = concatArrays(newRulesOverride)
     }
@@ -131,6 +142,9 @@ function updateWafFromRC ({ toUnapply, toApply, toModify }) {
       if (newRulesData.modified) {
         appliedRulesData = newRulesData
       }
+      if (newExclusionData.modified) {
+        appliedExclusionData = newExclusionData
+      }
       if (newRuleset) {
         appliedRulesetId = newRulesetId
       }
@@ -243,6 +257,7 @@ function clearAllRules () {
   defaultRules = undefined
 
   appliedRulesData.clear()
+  appliedExclusionData.clear()
   appliedRulesetId = undefined
   appliedRulesOverride.clear()
   appliedExclusions.clear()