Documentation ¶
Overview ¶
Package httpsec defines is the HTTP instrumentation API and contract for AppSec. It defines an abstract representation of HTTP handlers, along with helper functions to wrap (aka. instrument) standard net/http handlers. HTTP integrations must use this package to enable AppSec features for HTTP, which listens to this package's operation events.
Index ¶
- func ExecuteSDKBodyOperation(parent dyngo.Operation, args types.SDKBodyOperationArgs) error
- func MakeHandlerOperationArgs(r *http.Request, clientIP netip.Addr, pathParams map[string]string) types.HandlerOperationArgs
- func MakeHandlerOperationRes(w http.ResponseWriter, ...) types.HandlerOperationRes
- func MonitorParsedBody(ctx context.Context, body any) error
- func ProtectRoundTrip(ctx context.Context, url string) error
- func StartOperation(ctx context.Context, args types.HandlerOperationArgs, ...) (context.Context, *types.Operation)
- func WrapHandler(handler http.Handler, span ddtrace.Span, pathParams map[string]string, ...) http.Handler
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExecuteSDKBodyOperation ¶
func ExecuteSDKBodyOperation(parent dyngo.Operation, args types.SDKBodyOperationArgs) error
ExecuteSDKBodyOperation starts and finishes the SDK Body operation by emitting a dyngo start and finish events An error is returned if the body associated to that operation must be blocked
func MakeHandlerOperationArgs ¶
func MakeHandlerOperationArgs(r *http.Request, clientIP netip.Addr, pathParams map[string]string) types.HandlerOperationArgs
MakeHandlerOperationArgs creates the HandlerOperationArgs value.
func MakeHandlerOperationRes ¶
func MakeHandlerOperationRes(w http.ResponseWriter, responseHeadersCopier func(http.ResponseWriter) http.Header) types.HandlerOperationRes
MakeHandlerOperationRes creates the HandlerOperationRes value.
func MonitorParsedBody ¶
MonitorParsedBody starts and finishes the SDK body operation. This function should not be called when AppSec is disabled in order to get preciser error logs.
func ProtectRoundTrip ¶ added in v1.65.0
func StartOperation ¶
func StartOperation(ctx context.Context, args types.HandlerOperationArgs, setup ...func(*types.Operation)) (context.Context, *types.Operation)
StartOperation starts an HTTP handler operation, along with the given context and arguments and emits a start event up in the operation stack. The operation is linked to the global root operation since an HTTP operation is always expected to be first in the operation stack.
func WrapHandler ¶
func WrapHandler(handler http.Handler, span ddtrace.Span, pathParams map[string]string, opts *Config) http.Handler
WrapHandler wraps the given HTTP handler with the abstract HTTP operation defined by HandlerOperationArgs and HandlerOperationRes. The onBlock params are used to cleanup the context when needed. It is a specific patch meant for Gin, for which we must abort the context since it uses a queue of handlers and it's the only way to make sure other queued handlers don't get executed. TODO: this patch must be removed/improved when we rework our actions/operations system
Types ¶
type Config ¶ added in v1.63.0
type Config struct { // OnBlock is a list of callbacks to be invoked when a block decision is made. OnBlock []func() // ResponseHeaderCopier provides a way to access response headers for reading // purposes (the value may be provided by copy). This allows customers to // apply synchronization if they allow http.ResponseWriter objects to be // accessed by multiple goroutines. ResponseHeaderCopier func(http.ResponseWriter) http.Header }