Correct typing for ephemeral data

Strech · Strech · commit 7f6cab636748 · 2026-02-05T17:32:53.000+01:00
diff --git a/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb b/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb
@@ -23,6 +23,7 @@ def request_call(data)
             mark_body_sampling!(data, context: context)
 
             headers = normalize_headers(data[:headers])
+            # @type var ephemeral_data: ::Datadog::AppSec::Context::input_data
             ephemeral_data = {
               'server.io.net.url' => request_url(data),
               'server.io.net.request.method' => data[:method].to_s.upcase,
@@ -45,6 +46,7 @@ def response_call(data)
             return super unless context && AppSec.rasp_enabled?
 
             headers = normalize_headers(data.dig(:response, :headers))
+            # @type var ephemeral_data: ::Datadog::AppSec::Context::input_data
             ephemeral_data = {
               'server.io.net.response.status' => data.dig(:response, :status).to_s,
               'server.io.net.response.headers' => headers
diff --git a/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb b/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb
@@ -21,6 +21,7 @@ def call(env)
             mark_body_sampling!(env, context: context)
 
             headers = normalize_headers(env.request_headers)
+            # @type var ephemeral_data: ::Datadog::AppSec::Context::input_data
             ephemeral_data = {
               'server.io.net.url' => env.url.to_s,
               'server.io.net.request.method' => env.method.to_s.upcase,
@@ -42,6 +43,7 @@ def call(env)
 
           def on_complete(env, context:)
             headers = normalize_headers(env.response_headers)
+            # @type var ephemeral_data: ::Datadog::AppSec::Context::input_data
             ephemeral_data = {
               'server.io.net.response.status' => env.status.to_s,
               'server.io.net.response.headers' => headers
diff --git a/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb b/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb
@@ -17,6 +17,7 @@ def execute(&block)
             return super unless context && AppSec.rasp_enabled?
 
             headers = normalize_request_headers
+            # @type var ephemeral_data: ::Datadog::AppSec::Context::input_data
             ephemeral_data = {
               'server.io.net.url' => url,
               'server.io.net.request.method' => method.to_s.upcase,
@@ -35,6 +36,7 @@ def execute(&block)
             response = super
 
             headers = normalize_response_headers(response)
+            # @type var ephemeral_data: ::Datadog::AppSec::Context::input_data
             ephemeral_data = {
               'server.io.net.response.status' => response.code.to_s,
               'server.io.net.response.headers' => headers
diff --git a/sig/datadog/appsec/contrib/excon/ssrf_detection_middleware.rbs b/sig/datadog/appsec/contrib/excon/ssrf_detection_middleware.rbs
@@ -13,7 +13,7 @@ module Datadog
 
           def mark_body_sampling!: (::Excon::Middleware::Base::datum data, context: Context) -> void
 
-          def parse_body: (Utils::HTTP::Body::body body, content_type: ::String?) -> untyped
+          def parse_body: (Utils::HTTP::Body::body body, content_type: ::String?) -> ::Helpers::json?
 
           def request_url: (::Excon::Middleware::Base::datum data) -> ::String
 
diff --git a/sig/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rbs b/sig/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rbs
@@ -13,7 +13,7 @@ module Datadog
 
           def mark_body_sampling!: (::Faraday::Env env, context: Context) -> void
 
-          def parse_body: (Utils::HTTP::Body::body body, content_type: ::String?) -> untyped
+          def parse_body: (Utils::HTTP::Body::body body, content_type: ::String?) -> ::Helpers::json?
 
           def normalize_headers: (::Faraday::Utils::Headers? headers) -> ::Hash[::String, ::String]
 
diff --git a/sig/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rbs b/sig/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rbs
@@ -11,7 +11,7 @@ module Datadog
 
           def mark_body_sampling!: (Context context) -> bool
 
-          def parse_body: (::String body, content_type: ::String?) -> untyped
+          def parse_body: (::String body, content_type: ::String?) -> ::Helpers::json?
 
           def normalize_request_headers: () -> headers
 
diff --git a/sig/datadog/appsec/security_engine/runner.rbs b/sig/datadog/appsec/security_engine/runner.rbs
@@ -2,7 +2,7 @@ module Datadog
   module AppSec
     module SecurityEngine
       class Runner
-        type input_data = ::Hash[::String, untyped]
+        type input_data = ::Hash[::String, any]
 
         @mutex: ::Mutex
 
diff --git a/sig/datadog/appsec/utils/http/body.rbs b/sig/datadog/appsec/utils/http/body.rbs
@@ -5,7 +5,7 @@ module Datadog
         module Body
           type body = ::String | ::StringIO | ::IO | nil
 
-          def self.parse: (body, media_type: MediaType) -> any?
+          def self.parse: (body, media_type: MediaType) -> ::Helpers::json?
         end
       end
     end
diff --git a/spec/datadog/appsec/utils/http/body_spec.rb b/spec/datadog/appsec/utils/http/body_spec.rb
@@ -10,21 +10,27 @@
 RSpec.describe Datadog::AppSec::Utils::HTTP::Body do
   describe '.parse' do
     context 'when body is nil' do
-      let(:media_type) { Datadog::AppSec::Utils::HTTP::MediaType.new('application/json') }
+      let(:media_type) do
+        Datadog::AppSec::Utils::HTTP::MediaType.new(type: 'application', subtype: 'json')
+      end
       let(:result) { described_class.parse(nil, media_type: media_type) }
 
       it { expect(result).to be_nil }
     end
 
     context 'when body is empty' do
-      let(:media_type) { Datadog::AppSec::Utils::HTTP::MediaType.new('application/x-www-form-urlencoded') }
+      let(:media_type) do
+        Datadog::AppSec::Utils::HTTP::MediaType.new(type: 'application', subtype: 'x-www-form-urlencoded')
+      end
       let(:result) { described_class.parse('', media_type: media_type) }
 
       it { expect(result).to be_nil }
     end
 
     context 'when media type is application/json' do
-      let(:media_type) { Datadog::AppSec::Utils::HTTP::MediaType.new('application/json') }
+      let(:media_type) do
+        Datadog::AppSec::Utils::HTTP::MediaType.new(type: 'application', subtype: 'json')
+      end
 
       context 'when body is a String' do
         let(:result) { described_class.parse('{"key":"value"}', media_type: media_type) }
@@ -66,14 +72,18 @@
     end
 
     context 'when media type is application/vnd.api+json' do
-      let(:media_type) { Datadog::AppSec::Utils::HTTP::MediaType.new('application/vnd.api+json') }
+      let(:media_type) do
+        Datadog::AppSec::Utils::HTTP::MediaType.new(type: 'application', subtype: 'vnd.api+json')
+      end
       let(:result) { described_class.parse('{"data":"value"}', media_type: media_type) }
 
       it { expect(result).to eq({'data' => 'value'}) }
     end
 
     context 'when media type is application/x-www-form-urlencoded' do
-      let(:media_type) { Datadog::AppSec::Utils::HTTP::MediaType.new('application/x-www-form-urlencoded') }
+      let(:media_type) do
+        Datadog::AppSec::Utils::HTTP::MediaType.new(type: 'application', subtype: 'x-www-form-urlencoded')
+      end
 
       context 'when body is a String' do
         let(:result) { described_class.parse('key=value&foo=bar', media_type: media_type) }
@@ -89,7 +99,9 @@
     end
 
     context 'when media type is unsupported' do
-      let(:media_type) { Datadog::AppSec::Utils::HTTP::MediaType.new('text/plain') }
+      let(:media_type) do
+        Datadog::AppSec::Utils::HTTP::MediaType.new(type: 'text', subtype: 'plain')
+      end
       let(:result) { described_class.parse('some text', media_type: media_type) }
 
       it { expect(result).to be_nil }
