Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

appsec: SDK function for parsed http body instrumentation #1178

Merged
merged 8 commits into from Mar 3, 2022
Merged

appsec: SDK function for parsed http body instrumentation #1178

merged 8 commits into from Mar 3, 2022

Conversation

Hellzy
Copy link
Contributor

@Hellzy Hellzy commented Feb 21, 2022
edited

HTTP Parsed body monitoring using SDK function

Summary

This change allows users to monitor the server.request.body address by using an exported AppSec function.
The function, MonitorParsedHTTPBody, propagates to dyngo, starts a new operation and emits a start/finish event for this new operation type.

Changes

AppSec

  • appsec/appsec.go: public appsec package used to export functions to users. MonitorParsedHTTPBody is there.

  • appsec/example_test.go: examples showing how to use the new SDK for documentation purpose

  • internal/appsec/dyngo/instrumentation/httpsec/http.go: add new SDKBody operation and core implementation for operation start/finish

  • internal/appsec/waf.go: add SDKBody operation handling when event is caught. Fill server.request.body before calling the WAF

  • internal/appsec/waf_test.go: add test case for rule using server.request.body

Contribs

  • contrib/gin-gonic/gin/appsec.go: update code to reflect StartOperation API change and work around gin custom context
  • contrib/labstack/echo.v4/appsec.go: update code to reflect StartOperation API change and work around echo custom context

Note

AppSec now updates the http request's context by inserting a key/val that allows keeping track of appsec operations

@Hellzy Hellzy added the appsec label Feb 21, 2022
@Hellzy Hellzy added this to the 1.37.0 milestone Feb 21, 2022
@Hellzy Hellzy self-assigned this Feb 21, 2022
@Hellzy Hellzy force-pushed the francois.mazeau/http-body branch 2 times, most recently from 8bdbc34 to 4f2a673 Compare February 21, 2022 17:47
@Hellzy
Copy link
Contributor Author

Hellzy commented Feb 22, 2022

@Julio-Guerra I'd love your input, especially for:

  • Naming of the top level appsec pkg
  • Use of a map in http dyngo to track operations

@Hellzy Hellzy force-pushed the francois.mazeau/http-body branch 5 times, most recently from fec8167 to 5823540 Compare February 23, 2022 10:10
@Hellzy Hellzy marked this pull request as ready for review February 24, 2022 08:31
@Hellzy Hellzy requested review from a team as code owners February 24, 2022 08:31
Julio-Guerra
Julio-Guerra requested changes Feb 24, 2022
View reviewed changes
appsec/appsec.go Outdated Show resolved Hide resolved
appsec/appsec.go Outdated Show resolved Hide resolved
appsec/example_test.go Outdated Show resolved Hide resolved
appsec/example_test.go Outdated Show resolved Hide resolved
appsec/example_test.go Outdated Show resolved Hide resolved
internal/appsec/dyngo/instrumentation/httpsec/http.go Outdated Show resolved Hide resolved
internal/appsec/dyngo/instrumentation/httpsec/http.go Outdated Show resolved Hide resolved
internal/appsec/dyngo/instrumentation/httpsec/http.go Outdated Show resolved Hide resolved
internal/appsec/waf.go Outdated Show resolved Hide resolved
internal/appsec/waf_test.go Show resolved Hide resolved
@Hellzy Hellzy force-pushed the francois.mazeau/http-body branch 2 times, most recently from 927399e to d88d13e Compare February 24, 2022 15:56
@Hellzy Hellzy requested a review from a team February 24, 2022 16:33
@Hellzy
appsec: SDK function for http parsed body instrumentation
f770414 
- Add appsec root directory to expose AppSec SDK function
- Add new SDKBody operation to httpsec
- Add map var in httpsec to keep track of ongoing operations
- Update gin/echo code due to operation start/finish prototype changes
@Hellzy
CODEOWNERS: add /appsec entry
7b84781
Julio-Guerra
Julio-Guerra previously approved these changes Feb 25, 2022
View reviewed changes
Copy link
Contributor

@Julio-Guerra Julio-Guerra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving with two more details suggested

appsec/example_test.go Outdated Show resolved Hide resolved
appsec/example_test.go Outdated Show resolved Hide resolved
@Hellzy @Julio-Guerra
Apply suggestions from code review
57f8147 
Co-authored-by: Julio Guerra <julio@datadog.com>
Julio-Guerra
Julio-Guerra previously approved these changes Feb 25, 2022
View reviewed changes
gbbr
gbbr reviewed Feb 28, 2022
View reviewed changes
appsec/appsec.go Show resolved Hide resolved
Julio-Guerra
Julio-Guerra previously approved these changes Feb 28, 2022
View reviewed changes
@Hellzy Hellzy requested review from knusbaum and removed request for gbbr March 1, 2022 16:25
knusbaum
knusbaum requested changes Mar 1, 2022
View reviewed changes
Copy link
Contributor

@knusbaum knusbaum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nit and a question

contrib/gin-gonic/gin/gintrace_test.go Outdated Show resolved Hide resolved
contrib/gin-gonic/gin/gintrace_test.go Outdated Show resolved Hide resolved
@Hellzy Hellzy merged commit 85593c8 into v1 Mar 3, 2022
@Hellzy Hellzy deleted the francois.mazeau/http-body branch March 3, 2022 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gbbr gbbr gbbr left review comments

@Julio-Guerra Julio-Guerra Julio-Guerra approved these changes

@knusbaum knusbaum knusbaum approved these changes

Assignees

@Hellzy Hellzy

Labels
appsec
Projects
None yet
Milestone
1.37.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Hellzy @Julio-Guerra @knusbaum @gbbr