diff --git a/lib/datadog/appsec/component.rb b/lib/datadog/appsec/component.rb index e6366da0514..4fd86edb106 100644 --- a/lib/datadog/appsec/component.rb +++ b/lib/datadog/appsec/component.rb @@ -53,7 +53,7 @@ def reconfigure(ruleset:) if new && new.ready? old = @processor @processor = new - old.finalize + old.finalize if old end end end diff --git a/spec/datadog/appsec/component_spec.rb b/spec/datadog/appsec/component_spec.rb index 3575ff9548e..490254c8ce8 100644 --- a/spec/datadog/appsec/component_spec.rb +++ b/spec/datadog/appsec/component_spec.rb @@ -70,6 +70,49 @@ end describe '#reconfigure' do + let(:ruleset) do + { + 'exclusions' => [{ + 'conditions' => [{ + 'operator' => 'ip_match', + 'parameters' => { + 'inputs' => [{ + 'address' => 'http.client_ip' + }] + } + }] + }], + 'metadata' => { + 'rules_version' => '1.5.2' + }, + 'rules' => [{ + 'conditions' => [{ + 'operator' => 'ip_match', + 'parameters' => { + 'data' => 'blocked_ips', + 'inputs' => [{ + 'address' => 'http.client_ip' + }] + } + }], + 'id' => 'blk-001-001', + 'name' => 'Block IP Addresses', + 'on_match' => ['block'], + 'tags' => { + 'category' => 'security_response', 'type' => 'block_ip' + }, + 'transformers' => [] + }], + 'rules_data' => [{ + 'data' => [{ + 'expiration' => 1678972458, + 'value' => '42.42.42.1' + }] + }], + 'version' => '2.2' + } + end + context 'lock' do it 'makes sure to synchronize' do mutex = Mutex.new @@ -88,47 +131,6 @@ old_processor = component.processor - ruleset = { - 'exclusions' => [{ - 'conditions' => [{ - 'operator' => 'ip_match', - 'parameters' => { - 'inputs' => [{ - 'address' => 'http.client_ip' - }] - } - }] - }], - 'metadata' => { - 'rules_version' => '1.5.2' - }, - 'rules' => [{ - 'conditions' => [{ - 'operator' => 'ip_match', - 'parameters' => { - 'data' => 'blocked_ips', - 'inputs' => [{ - 'address' => 'http.client_ip' - }] - } - }], - 'id' => 'blk-001-001', - 'name' => 'Block IP Addresses', - 'on_match' => ['block'], - 'tags' => { - 'category' => 'security_response', 'type' => 'block_ip' - }, - 'transformers' => [] - }], - 'rules_data' => [{ - 'data' => [{ - 'expiration' => 1678972458, - 'value' => '42.42.42.1' - }] - }], - 'version' => '2.2' - } - expect(old_processor).to receive(:finalize) component.reconfigure(ruleset: ruleset) new_processor = component.processor @@ -137,6 +139,21 @@ end end + context 'when the new processor is ready, and old processor is nil' do + it 'swaps the processor instance and do not finalize the old processor' do + processor = nil + component = described_class.new(processor: processor) + + old_processor = component.processor + + expect(old_processor).to_not receive(:finalize) + component.reconfigure(ruleset: ruleset) + new_processor = component.processor + expect(new_processor).to_not eq(old_processor) + new_processor.finalize + end + end + context 'when the new processor is not ready' do it 'does not swap the processor instance and finalize the old processor' do processor = instance_double(Datadog::AppSec::Processor)