This modules provides integration with the DataDome Bot Mitigation Service (https://datadome.co/).
It currently supports automated creation of the DataDome JavaScript tag https://docs.datadome.co/docs/javascript-tag and logging of access events by bots and other undesirable clients.
No other modules provide this functionality.
Roadmap
- Integrate with core Ban IP to ban IP when DataDome disallows request (DATA_DOME_STATUS = 403)
- Assign role based on DataDome classification (Human, Good bot, Commercial bot, Bad Bot)
Project link
https://www.drupal.org/project/datadome
Git instructions
git clone --branch 7.x-1.x https://git.drupal.org/project/datadome.git
Comments
Comment #2
apadernoComment #3
dietric@gmail.commille grazie @kiamlaluno
Comment #4
apadernoComment #5
prethiee CreditAttribution: prethiee commentedHi dietric,
Please fix the pareview errors reported.
https://pareview.sh/pareview/https-git.drupal.org-project-datadome-7.x-1.x
Comment #6
apadernoComment #7
apaderno(I forgot to change priority.)
Comment #8
dietric@gmail.comPlease review changes to resolve pareview errors.
https://protect-eu.mimecast.com/s/PjjICoVggIPAPDMizBvQ_?domain=pareview.sh
Comment #9
apadernoThe only error PAReview reports is about the datadome.info file ending with two newline characters instead of one. I will manually review the code today. (I am not sure when, exactly.)
Comment #10
apadernoValues obtained from the user or from HTTP header should be sanitized when used with
watchdog()
. Keep in mind that the list of the messages passed towatchdog()
are shown inside HTML markup, and that is the reason for sanitizing those values.See how Drupal core uses that function in the correct way.
Instead of showing the error to every user visiting the site, it would be better to use
watchdog()
for logging the error, or check the permission the currently logged in user has.The code is missing the setting form page which should be used to add the required key value. The setting page should be accessible only from users that have the right permission, and that permission should be required for the users to see the error message (if it isn't logged with
watchdog()
).Plain text rendered inside HTML markup (the Drupal help page) needs to be passed to
check_plain()
, if the Markdown filter doesn't exist.Remove the wrong branches: 7.x-1.beta1 is neither a branch name nor a tag name. It would be a tag name if it were 7.x-1.0-beta1. @branch is neither a branch name nor a tag name.
Also, just commit the code in the 7.x-1.x branch for all the application duration. There isn't any need to create new branches, if not for BC issues (which should not exist, if the project is not used from any site).
Comment #11
dietric@gmail.comThank you for the feedback, we have made the suggested changes and removed the 7.x-1.beta1 branch.
Comment #12
apadernoRemember to change status when the code has been fixed.
Comment #13
apadernoWhy are there commits done by Sorna Kumar?
Comment #14
apadernoComment #15
dietric@gmail.comSornakumar is a developer on my team.
Comment #16
apadernoThese applications are done to give users a role, not to opt projects into security coverage. As such, we are valuating the capacity of the user who applies to write secure code, following the Drupal coding standards, and correctly using the Drupal APIs.
If there other users who write the code, we cannot understand how much the user who applied understands.
Comment #17
apadernoSince most of the commits are done from the other user, I could accept this application from that user. Alternatively, you need to use a different project for applying.
Comment #18
dietric@gmail.comI am directly supervising the user making the commits and reviewing the code.
Comment #19
apadernoIf you are still interested on being able to opt into security coverage for projects you create, please open a new application using a project for which the only commits (for the time required to set the application's status to Fixed) are from you.
Please don't open a new application if you aren't sure to have time to dedicate to the application, or it will be closed again as won't fix.
I am closing this application due to lack of activity.