diff --git a/appsec/events/block.go b/appsec/events/block.go index 0d5b518945..8db51b8268 100644 --- a/appsec/events/block.go +++ b/appsec/events/block.go @@ -7,8 +7,12 @@ // It allows finer-grained integrations of appsec into your Go errors' management logic. package events +import "errors" + var _ error = (*BlockingSecurityEvent)(nil) +var securityError = &BlockingSecurityEvent{} + // BlockingSecurityEvent is the error type returned by function calls blocked by appsec. // Even though appsec takes care of responding automatically to the blocked requests, it // is your duty to abort the request handlers that are calling functions blocked by appsec. @@ -22,3 +26,8 @@ type BlockingSecurityEvent struct{} func (*BlockingSecurityEvent) Error() string { return "request blocked by WAF" } + +// IsSecurityError returns true if the error is a security event. +func IsSecurityError(err error) bool { + return errors.Is(err, securityError) +} diff --git a/contrib/google.golang.org/grpc/appsec.go b/contrib/google.golang.org/grpc/appsec.go index b966358877..108d900838 100644 --- a/contrib/google.golang.org/grpc/appsec.go +++ b/contrib/google.golang.org/grpc/appsec.go @@ -7,6 +7,7 @@ package grpc import ( "context" + "gopkg.in/DataDog/dd-trace-go.v1/ddtrace" "gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo" "gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/emitter/grpcsec" diff --git a/contrib/labstack/echo.v4/appsec.go b/contrib/labstack/echo.v4/appsec.go index 2dee4bcd30..9cd849cc20 100644 --- a/contrib/labstack/echo.v4/appsec.go +++ b/contrib/labstack/echo.v4/appsec.go @@ -6,12 +6,13 @@ package echo import ( - "gopkg.in/DataDog/dd-trace-go.v1/appsec/events" "net/http" - "github.com/labstack/echo/v4" + "gopkg.in/DataDog/dd-trace-go.v1/appsec/events" "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer" "gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/emitter/httpsec" + + "github.com/labstack/echo/v4" ) func withAppSec(next echo.HandlerFunc, span tracer.Span) echo.HandlerFunc { diff --git a/contrib/net/http/roundtripper.go b/contrib/net/http/roundtripper.go index 7c4e64edde..bd71daa801 100644 --- a/contrib/net/http/roundtripper.go +++ b/contrib/net/http/roundtripper.go @@ -6,14 +6,13 @@ package http import ( - "errors" "fmt" + "gopkg.in/DataDog/dd-trace-go.v1/appsec/events" "math" "net/http" "os" "strconv" - "gopkg.in/DataDog/dd-trace-go.v1/appsec/events" "gopkg.in/DataDog/dd-trace-go.v1/ddtrace" "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext" "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer" @@ -26,8 +25,6 @@ type roundTripper struct { cfg *roundTripperConfig } -var securityError = &events.BlockingSecurityEvent{} - func (rt *roundTripper) RoundTrip(req *http.Request) (res *http.Response, err error) { if rt.cfg.ignoreRequest(req) { return rt.base.RoundTrip(req) @@ -63,7 +60,7 @@ func (rt *roundTripper) RoundTrip(req *http.Request) (res *http.Response, err er if rt.cfg.after != nil { rt.cfg.after(res, span) } - if !errors.Is(err, securityError) && (rt.cfg.errCheck == nil || rt.cfg.errCheck(err)) { + if !events.IsSecurityError(err) && (rt.cfg.errCheck == nil || rt.cfg.errCheck(err)) { span.Finish(tracer.WithError(err)) } else { span.Finish() diff --git a/internal/appsec/emitter/httpsec/roundtripper.go b/internal/appsec/emitter/httpsec/roundtripper.go index c8616440c5..99e248fe6c 100644 --- a/internal/appsec/emitter/httpsec/roundtripper.go +++ b/internal/appsec/emitter/httpsec/roundtripper.go @@ -38,7 +38,7 @@ func ProtectRoundTrip(ctx context.Context, url string) error { } var err *events.BlockingSecurityEvent - // TODO: move the data listener as a setup function of httpsec.StartRoundTripperOperation(ars, ) + // TODO: move the data listener as a setup function of httpsec.StartRoundTripperOperation(ars, ) dyngo.OnData(op, func(e *events.BlockingSecurityEvent) { err = e }) diff --git a/internal/appsec/listener/sharedsec/shared.go b/internal/appsec/listener/sharedsec/shared.go index b7811464db..39f4353d41 100644 --- a/internal/appsec/listener/sharedsec/shared.go +++ b/internal/appsec/listener/sharedsec/shared.go @@ -8,14 +8,16 @@ package sharedsec import ( "encoding/json" "errors" - "github.com/DataDog/appsec-internal-go/limiter" - waf "github.com/DataDog/go-libddwaf/v3" - wafErrors "github.com/DataDog/go-libddwaf/v3/errors" + "gopkg.in/DataDog/dd-trace-go.v1/appsec/events" "gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo" "gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/emitter/sharedsec" "gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/trace" "gopkg.in/DataDog/dd-trace-go.v1/internal/log" + + "github.com/DataDog/appsec-internal-go/limiter" + waf "github.com/DataDog/go-libddwaf/v3" + wafErrors "github.com/DataDog/go-libddwaf/v3/errors" ) const ( diff --git a/internal/stacktrace/event_test.go b/internal/stacktrace/event_test.go index 3ebdb554c3..a95db53633 100644 --- a/internal/stacktrace/event_test.go +++ b/internal/stacktrace/event_test.go @@ -6,7 +6,6 @@ package stacktrace import ( - "github.com/tinylib/msgp/msgp" "testing" "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/mocktracer" @@ -14,6 +13,7 @@ import ( "gopkg.in/DataDog/dd-trace-go.v1/internal" "github.com/stretchr/testify/require" + "github.com/tinylib/msgp/msgp" ) func TestNewEvent(t *testing.T) {