grpcsec

package
v1.70.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2024 License: Apache-2.0, BSD-3-Clause, Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package grpcsec is the gRPC instrumentation API and contract for AppSec defining an abstract run-time representation of gRPC handlers. gRPC integrations must use this package to enable AppSec features for gRPC, which listens to this package's operation events.

Abstract gRPC server handler operation definitions. It is based on two operations allowing to describe every type of RPC: the HandlerOperation type which represents the RPC handler, and the ReceiveOperation type which represents the messages the RPC handler receives during its lifetime. This means that the ReceiveOperation(s) will happen within the HandlerOperation. Every type of RPC, unary, client streaming, server streaming, and bidirectional streaming RPCs, can be all represented with a HandlerOperation having one or several ReceiveOperation. The send operation is not required for now and therefore not defined, which means that server and bidirectional streaming RPCs currently have the same run-time representation as unary and client streaming RPCs.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MonitorRequestMessage added in v1.69.0

func MonitorRequestMessage(ctx context.Context, msg any) error

MonitorRequestMessage monitors the gRPC request message body as the WAF address `grpc.server.request.message`.

func MonitorResponseMessage added in v1.69.0

func MonitorResponseMessage(ctx context.Context, msg any) error

MonitorResponseMessage monitors the gRPC response message body as the WAF address `grpc.server.response.message`.

Types

type HandlerOperation

type HandlerOperation struct {
	dyngo.Operation
	*waf.ContextOperation
}

HandlerOperation represents a gRPC server handler operation. It must be created with StartHandlerOperation() and finished with its Finish() method. Security events observed during the operation lifetime should be added to the operation using its AddSecurityEvent() method.

func StartHandlerOperation

StartHandlerOperation starts an gRPC server handler operation, along with the given arguments and parent operation, and emits a start event up in the operation stack. When parent is nil, the operation is linked to the global root operation.

func (*HandlerOperation) Finish

func (op *HandlerOperation) Finish(span trace.TagSetter, res HandlerOperationRes)

Finish the gRPC handler operation, along with the given results, and emit a finish event up in the operation stack.

type HandlerOperationArgs

type HandlerOperationArgs struct {
	// Method is the gRPC method name.
	// Corresponds to the address `grpc.server.method`.
	Method string

	// RPC metadata received by the gRPC handler.
	// Corresponds to the address `grpc.server.request.metadata`.
	Metadata map[string][]string

	// RemoteAddr is the IP address of the client that initiated the gRPC request.
	// May be used as the address `http.client_ip`.
	RemoteAddr string
}

HandlerOperationArgs is the grpc handler arguments.

func (HandlerOperationArgs) IsArgOf added in v1.69.0

type HandlerOperationRes

type HandlerOperationRes struct {
	// Raw gRPC status code.
	// Corresponds to the address `grpc.server.response.status`.
	StatusCode int
}

HandlerOperationRes is the grpc handler results. Empty as of today.

func (HandlerOperationRes) IsResultOf added in v1.69.0

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL