Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
appsec: SDK function for parsed http body instrumentation (#1178)
- Add appsec root directory to expose AppSec SDK function - Add new SDKBody operation to httpsec - Keep track of ongoing operations in the context - Update gin/echo code due to operation start/finish prototype changes - Add CODEOWNERS entry for appsec/ directory
- Loading branch information
Showing
14 changed files
with
463 additions
and
66 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
// Unless explicitly stated otherwise all files in this repository are licensed | ||
// under the Apache License Version 2.0. | ||
// This product includes software developed at Datadog (https://www.datadoghq.com/). | ||
// Copyright 2022 Datadog, Inc. | ||
|
||
// Package appsec provides application security features in the form of SDK | ||
// functions that can be manually called to monitor specific code paths and data. | ||
// Application Security is currently transparently integrated into the APM tracer | ||
// and cannot be used nor started alone at the moment. | ||
// You can read more on how to enable and start Application Security for Go at | ||
// https://docs.datadoghq.com/security_platform/application_security/getting_started/go | ||
package appsec | ||
|
||
import ( | ||
"golang.org/x/net/context" | ||
|
||
"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec" | ||
"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec" | ||
) | ||
|
||
// MonitorParsedHTTPBody runs the security monitoring rules on the given *parsed* | ||
// HTTP request body. The given context must be the HTTP request context as returned | ||
// by the Context() method of an HTTP request. Calls to this function are ignored if | ||
// AppSec is disabled or the given context is incorrect. | ||
// Note that passing the raw bytes of the HTTP request body is not expected and would | ||
// result in inaccurate attack detection. | ||
func MonitorParsedHTTPBody(ctx context.Context, body interface{}) { | ||
if appsec.Enabled() { | ||
httpsec.MonitorParsedBody(ctx, body) | ||
} | ||
// bonus: use sync.Once to log a debug message once if AppSec is disabled | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
// Unless explicitly stated otherwise all files in this repository are licensed | ||
// under the Apache License Version 2.0. | ||
// This product includes software developed at Datadog (https://www.datadoghq.com/). | ||
// Copyright 2022 Datadog, Inc. | ||
|
||
package appsec_test | ||
|
||
import ( | ||
"encoding/json" | ||
"io" | ||
"net/http" | ||
|
||
"gopkg.in/DataDog/dd-trace-go.v1/appsec" | ||
echotrace "gopkg.in/DataDog/dd-trace-go.v1/contrib/labstack/echo.v4" | ||
httptrace "gopkg.in/DataDog/dd-trace-go.v1/contrib/net/http" | ||
|
||
"github.com/labstack/echo/v4" | ||
) | ||
|
||
type parsedBodyType struct { | ||
Value string `json:"value"` | ||
} | ||
|
||
func customBodyParser(body io.ReadCloser) (*parsedBodyType, error) { | ||
var parsedBody parsedBodyType | ||
err := json.NewDecoder(body).Decode(&parsedBody) | ||
return &parsedBody, err | ||
} | ||
|
||
// Monitor HTTP request parsed body | ||
func ExampleMonitorParsedHTTPBody() { | ||
mux := httptrace.NewServeMux() | ||
mux.HandleFunc("/body", func(w http.ResponseWriter, r *http.Request) { | ||
// Use the SDK to monitor the request's parsed body | ||
body, err := customBodyParser(r.Body) | ||
if err != nil { | ||
http.Error(w, err.Error(), http.StatusInternalServerError) | ||
return | ||
} | ||
appsec.MonitorParsedHTTPBody(r.Context(), body) | ||
w.Write([]byte("Body monitored using AppSec SDK\n")) | ||
}) | ||
http.ListenAndServe(":8080", mux) | ||
} | ||
|
||
// Monitor HTTP request parsed body with a framework customized context type | ||
func ExampleMonitorParsedHTTPBody_CustomContext() { | ||
r := echo.New() | ||
r.Use(echotrace.Middleware()) | ||
r.POST("/body", func(c echo.Context) (e error) { | ||
req := c.Request() | ||
body, err := customBodyParser(req.Body) | ||
if err != nil { | ||
return c.String(http.StatusInternalServerError, err.Error()) | ||
} | ||
// Use the SDK to monitor the request's parsed body | ||
appsec.MonitorParsedHTTPBody(c.Request().Context(), body) | ||
return c.String(http.StatusOK, "Body monitored using AppSec SDK") | ||
}) | ||
|
||
r.Start(":8080") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.