Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/v1' into knusbaum/bump-sketches-go
- Loading branch information
Showing
157 changed files
with
9,276 additions
and
2,631 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# Note: Later matches take precedence | ||
|
||
# default owner | ||
* @DataDog/apm-go | ||
|
||
# tracing | ||
/contrib @DataDog/tracing-go | ||
/ddtrace @DataDog/tracing-go | ||
/internal @DataDog/tracing-go | ||
|
||
# profiling | ||
/profiler @DataDog/profiling-go | ||
/internal/traceprof @DataDog/profiling-go | ||
|
||
# appsec | ||
/appsec @DataDog/appsec-go | ||
/internal/appsec @DataDog/appsec-go | ||
/contrib/**/appsec.go @DataDog/appsec-go |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
// Unless explicitly stated otherwise all files in this repository are licensed | ||
// under the Apache License Version 2.0. | ||
// This product includes software developed at Datadog (https://www.datadoghq.com/). | ||
// Copyright 2022 Datadog, Inc. | ||
|
||
// Package appsec provides application security features in the form of SDK | ||
// functions that can be manually called to monitor specific code paths and data. | ||
// Application Security is currently transparently integrated into the APM tracer | ||
// and cannot be used nor started alone at the moment. | ||
// You can read more on how to enable and start Application Security for Go at | ||
// https://docs.datadoghq.com/security_platform/application_security/getting_started/go | ||
package appsec | ||
|
||
import ( | ||
"golang.org/x/net/context" | ||
|
||
"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec" | ||
"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec" | ||
) | ||
|
||
// MonitorParsedHTTPBody runs the security monitoring rules on the given *parsed* | ||
// HTTP request body. The given context must be the HTTP request context as returned | ||
// by the Context() method of an HTTP request. Calls to this function are ignored if | ||
// AppSec is disabled or the given context is incorrect. | ||
// Note that passing the raw bytes of the HTTP request body is not expected and would | ||
// result in inaccurate attack detection. | ||
func MonitorParsedHTTPBody(ctx context.Context, body interface{}) { | ||
if appsec.Enabled() { | ||
httpsec.MonitorParsedBody(ctx, body) | ||
} | ||
// bonus: use sync.Once to log a debug message once if AppSec is disabled | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
// Unless explicitly stated otherwise all files in this repository are licensed | ||
// under the Apache License Version 2.0. | ||
// This product includes software developed at Datadog (https://www.datadoghq.com/). | ||
// Copyright 2022 Datadog, Inc. | ||
|
||
package appsec_test | ||
|
||
import ( | ||
"encoding/json" | ||
"io" | ||
"net/http" | ||
|
||
"gopkg.in/DataDog/dd-trace-go.v1/appsec" | ||
echotrace "gopkg.in/DataDog/dd-trace-go.v1/contrib/labstack/echo.v4" | ||
httptrace "gopkg.in/DataDog/dd-trace-go.v1/contrib/net/http" | ||
|
||
"github.com/labstack/echo/v4" | ||
) | ||
|
||
type parsedBodyType struct { | ||
Value string `json:"value"` | ||
} | ||
|
||
func customBodyParser(body io.ReadCloser) (*parsedBodyType, error) { | ||
var parsedBody parsedBodyType | ||
err := json.NewDecoder(body).Decode(&parsedBody) | ||
return &parsedBody, err | ||
} | ||
|
||
// Monitor HTTP request parsed body | ||
func ExampleMonitorParsedHTTPBody() { | ||
mux := httptrace.NewServeMux() | ||
mux.HandleFunc("/body", func(w http.ResponseWriter, r *http.Request) { | ||
// Use the SDK to monitor the request's parsed body | ||
body, err := customBodyParser(r.Body) | ||
if err != nil { | ||
http.Error(w, err.Error(), http.StatusInternalServerError) | ||
return | ||
} | ||
appsec.MonitorParsedHTTPBody(r.Context(), body) | ||
w.Write([]byte("Body monitored using AppSec SDK\n")) | ||
}) | ||
http.ListenAndServe(":8080", mux) | ||
} | ||
|
||
// Monitor HTTP request parsed body with a framework customized context type | ||
func ExampleMonitorParsedHTTPBody_CustomContext() { | ||
r := echo.New() | ||
r.Use(echotrace.Middleware()) | ||
r.POST("/body", func(c echo.Context) (e error) { | ||
req := c.Request() | ||
body, err := customBodyParser(req.Body) | ||
if err != nil { | ||
return c.String(http.StatusInternalServerError, err.Error()) | ||
} | ||
// Use the SDK to monitor the request's parsed body | ||
appsec.MonitorParsedHTTPBody(c.Request().Context(), body) | ||
return c.String(http.StatusOK, "Body monitored using AppSec SDK") | ||
}) | ||
|
||
r.Start(":8080") | ||
} |
Oops, something went wrong.