New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
appsec: SDK function for parsed http body instrumentation #1178
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hellzy
force-pushed
the
francois.mazeau/http-body
branch
2 times, most recently
from
February 21, 2022 17:47
8bdbc34
to
4f2a673
Compare
@Julio-Guerra I'd love your input, especially for:
|
Hellzy
force-pushed
the
francois.mazeau/http-body
branch
5 times, most recently
from
February 23, 2022 10:10
fec8167
to
5823540
Compare
Julio-Guerra
requested changes
Feb 24, 2022
Hellzy
force-pushed
the
francois.mazeau/http-body
branch
2 times, most recently
from
February 24, 2022 15:56
927399e
to
d88d13e
Compare
Hellzy
force-pushed
the
francois.mazeau/http-body
branch
from
February 24, 2022 16:37
15e7489
to
6f4e08a
Compare
- Add appsec root directory to expose AppSec SDK function - Add new SDKBody operation to httpsec - Add map var in httpsec to keep track of ongoing operations - Update gin/echo code due to operation start/finish prototype changes
Hellzy
force-pushed
the
francois.mazeau/http-body
branch
from
February 25, 2022 08:22
6f4e08a
to
7b84781
Compare
Julio-Guerra
previously approved these changes
Feb 25, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving with two more details suggested
Co-authored-by: Julio Guerra <julio@datadog.com>
Julio-Guerra
previously approved these changes
Feb 25, 2022
gbbr
reviewed
Feb 28, 2022
Julio-Guerra
previously approved these changes
Feb 28, 2022
knusbaum
requested changes
Mar 1, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor nit and a question
knusbaum
approved these changes
Mar 2, 2022
Julio-Guerra
approved these changes
Mar 2, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
HTTP Parsed body monitoring using SDK function
Summary
This change allows users to monitor the
server.request.body
address by using an exported AppSec function.The function,
MonitorParsedHTTPBody
, propagates to dyngo, starts a new operation and emits a start/finish event for this new operation type.Changes
AppSec
appsec/appsec.go: public appsec package used to export functions to users.
MonitorParsedHTTPBody
is there.appsec/example_test.go: examples showing how to use the new SDK for documentation purpose
internal/appsec/dyngo/instrumentation/httpsec/http.go: add new
SDKBody
operation and core implementation for operation start/finishinternal/appsec/waf.go: add SDKBody operation handling when event is caught. Fill
server.request.body
before calling the WAFinternal/appsec/waf_test.go: add test case for rule using
server.request.body
Contribs
StartOperation
API change and work around gin custom contextStartOperation
API change and work around echo custom contextNote
AppSec now updates the http request's context by inserting a key/val that allows keeping track of appsec operations