internal: appsec: switch appsec event tag from json to messagepack us…

…ing meta_struct

Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>

contrib/99designs/gqlgen/appsec_test.go

@@ -121,27 +121,18 @@ func TestAppSec(t *testing.T) {
 				require.Equal(t, 1, spans[len(spans)-1].Tag("_dd.appsec.enabled"))
 
 				events := make(map[string]string)
-				type ddAppsecJSON struct {
-					Triggers []struct {
-						Rule struct {
-							ID string `json:"id"`
-						} `json:"rule"`
-					} `json:"triggers"`
-				}
 
 				// Search for AppSec events in the set of spans
 				for _, span := range spans {
-					jsonText, ok := span.Tag("_dd.appsec.json").(string)
-					if !ok || jsonText == "" {
+					if span.Tag("_dd.appsec.json") == nil {
 						continue
 					}
-					var parsed ddAppsecJSON
-					err := json.Unmarshal([]byte(jsonText), &parsed)
-					require.NoError(t, err)
 
-					require.Len(t, parsed.Triggers, 1, "expected exactly 1 trigger on %s span", span.OperationName())
-					ruleID := parsed.Triggers[0].Rule.ID
-					_, duplicate := events[ruleID]
+					tag := span.Tag("_dd.appsec.json").(map[string][]any)
+
+					require.Len(t, tag["triggers"], 1, "expected exactly 1 trigger on %s span", span.OperationName())
+					ruleID := tag["triggers"][0].(map[string]any)["rule"].(map[string]any)["id"].(string)
+					_, duplicate := tag[ruleID]
 					require.False(t, duplicate, "found duplicated hit for rule %s", ruleID)
 					var origin string
 					switch name := span.OperationName(); name {

contrib/graph-gophers/graphql-go/appsec_test.go

@@ -105,24 +105,17 @@ func TestAppSec(t *testing.T) {
 				// The last finished span (which is GraphQL entry) should have the "_dd.appsec.enabled" tag.
 				require.Equal(t, 1, spans[len(spans)-1].Tag("_dd.appsec.enabled"))
 				events := make(map[string]string)
-				type ddAppsecJSON struct {
-					Triggers []struct {
-						Rule struct {
-							ID string `json:"id"`
-						} `json:"rule"`
-					} `json:"triggers"`
-				}
+
 				// Search for AppSec events in the set of spans
 				for _, span := range spans {
-					jsonText, ok := span.Tag("_dd.appsec.json").(string)
-					if !ok || jsonText == "" {
+					if span.Tag("_dd.appsec.json") == nil {
 						continue
 					}
-					var parsed ddAppsecJSON
-					err := json.Unmarshal([]byte(jsonText), &parsed)
-					require.NoError(t, err)
-					require.Len(t, parsed.Triggers, 1, "expected exactly 1 trigger on %s span", span.OperationName())
-					ruleID := parsed.Triggers[0].Rule.ID
+
+					tag := span.Tag("_dd.appsec.json").(map[string][]any)
+
+					require.Len(t, tag["triggers"], 1, "expected exactly 1 trigger on %s span", span.OperationName())
+					ruleID := tag["triggers"][0].(map[string]any)["rule"].(map[string]any)["id"].(string)
 					_, duplicate := events[ruleID]
 					require.False(t, duplicate, "found duplicated hit for rule %s", ruleID)
 					var origin string

internal/appsec/trace/trace.go

@@ -8,9 +8,6 @@
 package trace
 
 import (
-	"encoding/json"
-	"fmt"
-
 	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
 )
@@ -45,11 +42,7 @@ func SetEventSpanTags(span TagSetter, events []any) error {
 	}
 
 	// Set the appsec event span tag
-	val, err := makeEventTagValue(events)
-	if err != nil {
-		return err
-	}
-	span.SetTag("_dd.appsec.json", string(val))
+	span.SetTag("_dd.appsec.json", map[string][]any{"triggers": events})
 	// Keep this span due to the security event
 	//
 	// This is a workaround to tell the tracer that the trace was kept by AppSec.
@@ -69,17 +62,3 @@ func SetTags[V any](span TagSetter, tags map[string]V) {
 		span.SetTag(k, v)
 	}
 }
-
-// Create the value of the security event tag.
-func makeEventTagValue(events []any) (json.RawMessage, error) {
-	type eventTagValue struct {
-		Triggers []any `json:"triggers"`
-	}
-
-	tag, err := json.Marshal(eventTagValue{events})
-	if err != nil {
-		return nil, fmt.Errorf("unexpected error while serializing the appsec event span tag: %v", err)
-	}
-
-	return tag, nil
-}