Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

appsec: upgrade go-libddwaf/v3 #2670

Merged
merged 30 commits into from May 22, 2024
Merged

appsec: upgrade go-libddwaf/v3 #2670

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
677d77e
appsec: add actions package
Hellzy Apr 22, 2024
c7ea3fc
appsec: config: register default block action
Hellzy Apr 23, 2024
a9f6a2c
appsec: adapt RC action test
Hellzy Apr 23, 2024
243e560
appsec: pass actions definitions to the WAF
Hellzy Apr 23, 2024
970f9f6
appsec: actions: translate all string waf params
Hellzy Apr 25, 2024
6e1515d
appsec: increase WAF test timeouts
Hellzy Apr 25, 2024
b1fc432
appsec: actions: simplify
Hellzy Apr 25, 2024
83e57ed
appsec: actions: add copyright
Hellzy Apr 25, 2024
7bece76
appsec: actions: add comments
Hellzy Apr 25, 2024
545ffb6
appsec: move to libddwaf v3
Hellzy May 6, 2024
fc819bf
appsec: use new WAF v3 API
Hellzy May 6, 2024
c034b77
go.mod: upgrade go-libddwaf to v3.1.0
Hellzy May 14, 2024
df26ca4
go.mod: go-libddwaf v3.2.0
Hellzy May 14, 2024
7133eb4
appsec: actions: refactor
Hellzy May 15, 2024
cac1d7e
sharedesec: normalize comments
Hellzy May 16, 2024
28c7e1e
sharedesec: add action struct descriptions
Hellzy May 16, 2024
163360a
listener/grpc: better naming for actions processing
Hellzy May 16, 2024
ff876e1
appsec: actions: use mapstructure for actions decoding
Hellzy May 16, 2024
0b69e2e
actions: add ID generation for stacktrace
Hellzy May 16, 2024
a06e154
actions: lint
Hellzy May 16, 2024
d665e9a
actions: centralize in sharedsec
Hellzy May 16, 2024
90342a0
go.mod: revert purego upgrade
Hellzy May 16, 2024
fec5046
mapstructure: use tags & weak decoding
Hellzy May 16, 2024
5b724e2
actions: add EmitData to the interface
Hellzy May 16, 2024
21cefdb
actions: use stacktrace.Event and only rely on WAF-provided uuid
Hellzy May 16, 2024
af26c34
waf_tests: set WAF timeout env var at init()
Hellzy May 17, 2024
84643c7
Review: comments, cast check, imports
Hellzy May 21, 2024
0b0aced
stacktrace: use new Options API
Hellzy May 21, 2024
c6e4c9b
linting
Hellzy May 21, 2024
5014170
internal/appsec: go mod tidy
Hellzy May 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/smoke-tests.yml
View file
Open in desktop
Expand Up @@ -8,7 +8,7 @@ on:
required: true
type: string
go-libddwaf-ref:
description: A git ref to update github.com/DataDog/go-libddwaf/v2 to. No-op if empty.
description: A git ref to update github.com/DataDog/go-libddwaf/v3 to. No-op if empty.
required: false
type: string
push:
Expand Down Expand Up @@ -57,7 +57,7 @@ jobs:
- name: Install requested go-libddwaf version
if: github.event_name == 'workflow_call' && inputs.go-libddwaf-ref != ''
run: |-
go get -u -t github.com/DataDog/go-libddwaf/v2@${{ inputs.go-libddwaf-ref }}
go get -u -t github.com/DataDog/go-libddwaf/v3@${{ inputs.go-libddwaf-ref }}
go mod tidy
- name: Compile dd-trace-go
run: go build $PACKAGES
Expand Down
8 changes: 4 additions & 4 deletions contrib/google.golang.org/grpc/appsec.go
View file
Open in desktop
Expand Up @@ -40,8 +40,8 @@ func appsecUnaryHandlerMiddleware(method string, span ddtrace.Span, handler grpc
ClientIP: clientIP,
}
ctx, op := grpcsec.StartHandlerOperation(ctx, args, nil, func(op *types.HandlerOperation) {
dyngo.OnData(op, func(a *sharedsec.Action) {
code, e := a.GRPC()(md)
dyngo.OnData(op, func(a *sharedsec.GRPCAction) {
Hellzy marked this conversation as resolved.
Show resolved Hide resolved
code, e := a.GRPCWrapper(md)
blocked = a.Blocking()
err = status.Error(codes.Code(code), e.Error())
})
Expand Down Expand Up @@ -87,8 +87,8 @@ func appsecStreamHandlerMiddleware(method string, span ddtrace.Span, handler grp
ClientIP: clientIP,
}
ctx, op := grpcsec.StartHandlerOperation(ctx, args, nil, func(op *types.HandlerOperation) {
dyngo.OnData(op, func(a *sharedsec.Action) {
code, e := a.GRPC()(md)
dyngo.OnData(op, func(a *sharedsec.GRPCAction) {
code, e := a.GRPCWrapper(md)
blocked = a.Blocking()
err = status.Error(codes.Code(code), e.Error())
})
Expand Down
6 changes: 3 additions & 3 deletions go.mod
View file
Open in desktop
Expand Up @@ -9,7 +9,7 @@ require (
github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0
github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1
github.com/DataDog/datadog-go/v5 v5.3.0
github.com/DataDog/go-libddwaf/v2 v2.4.2
github.com/DataDog/go-libddwaf/v3 v3.2.0
github.com/DataDog/gostackparse v0.7.0
github.com/DataDog/sketches-go v1.4.5
github.com/IBM/sarama v1.40.0
Expand Down Expand Up @@ -72,6 +72,7 @@ require (
github.com/mattn/go-sqlite3 v1.14.16
github.com/microsoft/go-mssqldb v0.21.0
github.com/miekg/dns v1.1.55
github.com/mitchellh/mapstructure v1.5.0
github.com/opentracing/opentracing-go v1.2.0
github.com/redis/go-redis/v9 v9.1.0
github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052
Expand All @@ -94,7 +95,7 @@ require (
go.uber.org/atomic v1.11.0
golang.org/x/net v0.23.0
golang.org/x/oauth2 v0.9.0
golang.org/x/sys v0.18.0
golang.org/x/sys v0.20.0
golang.org/x/time v0.3.0
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
google.golang.org/api v0.128.0
Expand Down Expand Up @@ -212,7 +213,6 @@ require (
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/montanaflynn/stats v0.6.6 // indirect
Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Open in desktop
Expand Up @@ -633,8 +633,8 @@ github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1/go.mod h1:Vc+snp
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/datadog-go/v5 v5.3.0 h1:2q2qjFOb3RwAZNU+ez27ZVDwErJv5/VpbBPprz7Z+s8=
github.com/DataDog/datadog-go/v5 v5.3.0/go.mod h1:XRDJk1pTc00gm+ZDiBKsjh7oOOtJfYfglVCmFb8C2+Q=
github.com/DataDog/go-libddwaf/v2 v2.4.2 h1:ilquGKUmN9/Ty0sIxiEyznVRxP3hKfmH15Y1SMq5gjA=
github.com/DataDog/go-libddwaf/v2 v2.4.2/go.mod h1:gsCdoijYQfj8ce/T2bEDNPZFIYnmHluAgVDpuQOWMZE=
github.com/DataDog/go-libddwaf/v3 v3.2.0 h1:arvhB3A+TCQXT0eg4J9ksdIhuOO5b1OpHdu0EX8WHuc=
github.com/DataDog/go-libddwaf/v3 v3.2.0/go.mod h1:AP+7Atb8ftSsrha35wht7+K3R+xuzfVSQhabSO4w6CY=
github.com/DataDog/go-tuf v1.0.2-0.5.2 h1:EeZr937eKAWPxJ26IykAdWA4A0jQXJgkhUjqEI/w7+I=
github.com/DataDog/go-tuf v1.0.2-0.5.2/go.mod h1:zBcq6f654iVqmkk8n2Cx81E1JnNTMOAx1UEO/wZR+P0=
github.com/DataDog/gostackparse v0.7.0 h1:i7dLkXHvYzHV308hnkvVGDL3BR4FWl7IsXNPz/IGQh4=
Expand Down Expand Up @@ -2536,8 +2536,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
Expand Down
12 changes: 8 additions & 4 deletions internal/apps/go.mod
View file
Open in desktop
Expand Up @@ -9,15 +9,19 @@ require (

require (
github.com/DataDog/appsec-internal-go v1.5.0 // indirect
github.com/DataDog/go-libddwaf/v2 v2.4.2 // indirect
github.com/DataDog/go-libddwaf/v3 v3.2.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/eapache/queue/v2 v2.0.0-20230407133247-75960ed334e4 // indirect
github.com/ebitengine/purego v0.6.0-alpha.5 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
github.com/kr/pretty v0.3.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/outcaste-io/ristretto v0.2.3 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/rogpeppe/go-internal v1.8.1 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
go.uber.org/atomic v1.11.0 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
Expand All @@ -43,7 +47,7 @@ require (
github.com/spaolacci/murmur3 v1.1.0 // indirect
github.com/stretchr/testify v1.8.4
github.com/tinylib/msgp v1.1.8 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/sys v0.20.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/protobuf v1.32.0 // indirect
Expand Down
37 changes: 29 additions & 8 deletions internal/apps/go.sum
View file
Open in desktop
Expand Up @@ -6,8 +6,8 @@ github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 h1:5nE6N3JSs2IG3
github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1/go.mod h1:Vc+snp0Bey4MrrJyiV2tVxxJb6BmLomPvN1RgAvjGaQ=
github.com/DataDog/datadog-go/v5 v5.3.0 h1:2q2qjFOb3RwAZNU+ez27ZVDwErJv5/VpbBPprz7Z+s8=
github.com/DataDog/datadog-go/v5 v5.3.0/go.mod h1:XRDJk1pTc00gm+ZDiBKsjh7oOOtJfYfglVCmFb8C2+Q=
github.com/DataDog/go-libddwaf/v2 v2.4.2 h1:ilquGKUmN9/Ty0sIxiEyznVRxP3hKfmH15Y1SMq5gjA=
github.com/DataDog/go-libddwaf/v2 v2.4.2/go.mod h1:gsCdoijYQfj8ce/T2bEDNPZFIYnmHluAgVDpuQOWMZE=
github.com/DataDog/go-libddwaf/v3 v3.2.0 h1:arvhB3A+TCQXT0eg4J9ksdIhuOO5b1OpHdu0EX8WHuc=
github.com/DataDog/go-libddwaf/v3 v3.2.0/go.mod h1:AP+7Atb8ftSsrha35wht7+K3R+xuzfVSQhabSO4w6CY=
github.com/DataDog/go-tuf v1.0.2-0.5.2 h1:EeZr937eKAWPxJ26IykAdWA4A0jQXJgkhUjqEI/w7+I=
github.com/DataDog/go-tuf v1.0.2-0.5.2/go.mod h1:zBcq6f654iVqmkk8n2Cx81E1JnNTMOAx1UEO/wZR+P0=
github.com/DataDog/gostackparse v0.7.0 h1:i7dLkXHvYzHV308hnkvVGDL3BR4FWl7IsXNPz/IGQh4=
Expand All @@ -17,6 +17,8 @@ github.com/DataDog/sketches-go v1.4.5/go.mod h1:7Y8GN8Jf66DLyDhc94zuWA3uHEt/7ttt
github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
Expand All @@ -30,8 +32,11 @@ github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUn
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
github.com/eapache/queue/v2 v2.0.0-20230407133247-75960ed334e4 h1:8EXxF+tCLqaVk8AOC29zl2mnhQjwyLxxOTuhUazWRsg=
github.com/eapache/queue/v2 v2.0.0-20230407133247-75960ed334e4/go.mod h1:I5sHm0Y0T1u5YjlyqC5GVArM7aNZRUYtTjmJ8mPJFds=
github.com/ebitengine/purego v0.6.0-alpha.5 h1:EYID3JOAdmQ4SNZYJHu9V6IqOeRQDBYxqKAg9PyoHFY=
github.com/ebitengine/purego v0.6.0-alpha.5/go.mod h1:ah1In8AOtksoNK6yk5z1HTJeUkC1Ez4Wk2idgGslMwQ=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
Expand All @@ -44,17 +49,28 @@ github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b/go.mod h1:czg5+yv1E0Z
github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs=
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
github.com/outcaste-io/ristretto v0.2.3 h1:AK4zt/fJ76kjlYObOeNwh4T3asEuaCmp26pOvUOL9w0=
github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac=
Expand All @@ -66,11 +82,15 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 h1:Qp27Idfgi6ACvFQat5+VJvlYToylpM/hcyLBI3WaKPA=
github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052/go.mod h1:uvX/8buq8uVeiZiFht+0lqSLBHF+uGV8BrTv8W/SIwk=
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg=
github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
Expand Down Expand Up @@ -118,6 +138,7 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
Expand All @@ -130,8 +151,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
Expand Down
2 changes: 1 addition & 1 deletion internal/apps/setup-smoke-test/Dockerfile
View file
Open in desktop
Expand Up @@ -49,7 +49,7 @@ RUN if [ "${go_libddwaf_ref}" != "" ]; then \
alpine) apk update && apk add git;; \
*) apt update && apt install -y git ;; \
esac; \
go get -u github.com/DataDog/go-libddwaf/v2@${go_libddwaf_ref}; \
go get -u github.com/DataDog/go-libddwaf/v3@${go_libddwaf_ref}; \
fi

RUN go mod tidy
Expand Down
4 changes: 2 additions & 2 deletions internal/appsec/appsec.go
View file
Open in desktop
Expand Up @@ -11,7 +11,7 @@ import (

"github.com/DataDog/appsec-internal-go/limiter"
appsecLog "github.com/DataDog/appsec-internal-go/log"
waf "github.com/DataDog/go-libddwaf/v2"
waf "github.com/DataDog/go-libddwaf/v3"

"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/config"
"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo"
Expand Down Expand Up @@ -129,7 +129,7 @@ func setActiveAppSec(a *appsec) {
type appsec struct {
cfg *config.Config
limiter *limiter.TokenTicker
wafHandle *wafHandle
wafHandle *waf.Handle
started bool
}

Expand Down
2 changes: 1 addition & 1 deletion internal/appsec/appsec_test.go
View file
Open in desktop
Expand Up @@ -14,7 +14,7 @@ import (
"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec"
"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/config"

waf "github.com/DataDog/go-libddwaf/v2"
waf "github.com/DataDog/go-libddwaf/v3"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
Expand Down
2 changes: 1 addition & 1 deletion internal/appsec/config/rule_test.go
View file
Open in desktop
Expand Up @@ -10,7 +10,7 @@ import (
"testing"

rules "github.com/DataDog/appsec-internal-go/appsec"
waf "github.com/DataDog/go-libddwaf/v2"
waf "github.com/DataDog/go-libddwaf/v3"
"github.com/stretchr/testify/require"
)

Expand Down
28 changes: 8 additions & 20 deletions internal/appsec/config/rules_manager.go
View file
Open in desktop
Expand Up @@ -29,15 +29,15 @@ type (
// RulesFragment can represent a full ruleset or a fragment of it.
RulesFragment struct {
Version string `json:"version,omitempty"`
Metadata interface{} `json:"metadata,omitempty"`
Rules []interface{} `json:"rules,omitempty"`
Overrides []interface{} `json:"rules_override,omitempty"`
Exclusions []interface{} `json:"exclusions,omitempty"`
Metadata any `json:"metadata,omitempty"`
Rules []any `json:"rules,omitempty"`
Overrides []any `json:"rules_override,omitempty"`
Exclusions []any `json:"exclusions,omitempty"`
RulesData []RuleDataEntry `json:"rules_data,omitempty"`
Actions []ActionEntry `json:"actions,omitempty"`
CustomRules []interface{} `json:"custom_rules,omitempty"`
Processors []interface{} `json:"processors,omitempty"`
Scanners []interface{} `json:"scanners,omitempty"`
Actions []any `json:"actions,omitempty"`
CustomRules []any `json:"custom_rules,omitempty"`
Processors []any `json:"processors,omitempty"`
Scanners []any `json:"scanners,omitempty"`
}

// RuleDataEntry represents an entry in the "rules_data" top level field of a rules file
Expand All @@ -46,18 +46,6 @@ type (
RulesData struct {
RulesData []RuleDataEntry `json:"rules_data"`
}

// ActionEntry represents an entry in the "actions" top level field of a rules file
ActionEntry struct {
Hellzy marked this conversation as resolved.
Show resolved Hide resolved
ID string `json:"id"`
Type string `json:"type"`
Parameters struct {
StatusCode int `json:"status_code"`
GRPCStatusCode *int `json:"grpc_status_code,omitempty"`
Type string `json:"type,omitempty"`
Location string `json:"location,omitempty"`
} `json:"parameters,omitempty"`
}
)

// DefaultRulesFragment returns a RulesFragment created using the default static recommended rules
Expand Down
10 changes: 7 additions & 3 deletions internal/appsec/emitter/httpsec/http.go
View file
Open in desktop
Expand Up @@ -12,6 +12,7 @@ package httpsec

import (
"context"

Hellzy marked this conversation as resolved.
Show resolved Hide resolved
// Blank import needed to use embed for the default blocked response payloads
_ "embed"
"net/http"
Expand Down Expand Up @@ -79,9 +80,12 @@ func WrapHandler(handler http.Handler, span ddtrace.Span, pathParams map[string]
var blocking bool
args := MakeHandlerOperationArgs(r, clientIP, pathParams)
ctx, op := StartOperation(r.Context(), args, func(op *types.Operation) {
dyngo.OnData(op, func(a *sharedsec.Action) {
bypassHandler = a.HTTP()
blocking = a.Blocking()
dyngo.OnData(op, func(a *sharedsec.HTTPAction) {
blocking = true
bypassHandler = a.Handler
})
dyngo.OnData(op, func(a *sharedsec.StackTraceAction) {
// TODO: do something with the stacktrace
Hellzy marked this conversation as resolved.
Show resolved Hide resolved
})
})
r = r.WithContext(ctx)
Expand Down