migrate grpc

DataDog · Aug 23, 2024 · f89b805 · f89b805
1 parent 58502d6
commit f89b805
Show file tree

Hide file tree

Showing 97 changed files with 921 additions and 500 deletions.
diff --git a/appsec/appsec.go b/appsec/appsec.go
@@ -18,8 +18,8 @@ import (
  "github.com/DataDog/dd-trace-go/v2/ddtrace/ext"
  "github.com/DataDog/dd-trace-go/v2/ddtrace/tracer"
  "github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/emitter/httpsec"
+ "github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/emitter/sharedsec"
  "github.com/DataDog/dd-trace-go/v2/internal/appsec"
- "github.com/DataDog/dd-trace-go/v2/internal/appsec/emitter/sharedsec"
  "github.com/DataDog/dd-trace-go/v2/internal/log"
 )
 

diff --git a/contrib/google.golang.org/grpc/appsec.go b/contrib/google.golang.org/grpc/appsec.go
@@ -8,17 +8,16 @@ package grpc
 import (
  "context"
 
+ "github.com/DataDog/appsec-internal-go/netip"
  "github.com/DataDog/dd-trace-go/v2/ddtrace/tracer"
- "github.com/DataDog/dd-trace-go/v2/internal/appsec/dyngo"
- "github.com/DataDog/dd-trace-go/v2/internal/appsec/emitter/grpcsec"
- "github.com/DataDog/dd-trace-go/v2/internal/appsec/emitter/grpcsec/types"
- "github.com/DataDog/dd-trace-go/v2/internal/appsec/emitter/sharedsec"
- "github.com/DataDog/dd-trace-go/v2/internal/appsec/trace"
- "github.com/DataDog/dd-trace-go/v2/internal/appsec/trace/grpctrace"
- "github.com/DataDog/dd-trace-go/v2/internal/appsec/trace/httptrace"
- "github.com/DataDog/dd-trace-go/v2/internal/log"
+ "github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/dyngo"
+ "github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/emitter/grpcsec"
+ "github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/emitter/grpcsec/types"
+ "github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/emitter/sharedsec"
+ "github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/trace"
+ "github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/trace/grpctrace"
+ "github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/trace/httptrace"
 
- "github.com/DataDog/appsec-internal-go/netip"
  "google.golang.org/grpc"
  "google.golang.org/grpc/codes"
  "google.golang.org/grpc/metadata"
@@ -147,7 +146,7 @@ func setClientIP(ctx context.Context, span *tracer.Span, md metadata.MD) netip.A
  remoteAddr = p.Addr.String()
  }
  ipTags, clientIP := httptrace.ClientIPTags(md, false, remoteAddr)
- log.Debug("appsec: http client ip detection returned `%s` given the http headers `%v`", clientIP, md)
+ instr.Logger().Debug("appsec: http client ip detection returned `%s` given the http headers `%v`", clientIP, md)
  if len(ipTags) > 0 {
  trace.SetTags(span, ipTags)
  }

diff --git a/contrib/google.golang.org/grpc/appsec_test.go b/contrib/google.golang.org/grpc/appsec_test.go
@@ -13,9 +13,10 @@ import (
  "strings"
  "testing"
 
- pappsec "github.com/DataDog/dd-trace-go/v2/appsec"
+ "github.com/DataDog/dd-trace-go/instrumentation/testutils/grpc/v2/fixturepb"
+ "github.com/DataDog/dd-trace-go/v2/appsec"
  "github.com/DataDog/dd-trace-go/v2/ddtrace/mocktracer"
- "github.com/DataDog/dd-trace-go/v2/internal/appsec"
+ "github.com/DataDog/dd-trace-go/v2/instrumentation/testutils"
 
  "github.com/stretchr/testify/require"
  "google.golang.org/grpc"
@@ -25,13 +26,12 @@ import (
 )
 
 func TestAppSec(t *testing.T) {
- appsec.Start()
- defer appsec.Stop()
- if !appsec.Enabled() {
+ testutils.StartAppSec(t)
+ if !instr.AppSecEnabled() {
  t.Skip("appsec disabled")
  }
 
- setup := func() (FixtureClient, mocktracer.Tracer, func()) {
+ setup := func() (fixturepb.FixtureClient, mocktracer.Tracer, func()) {
  rig, err := newRig(false)
  require.NoError(t, err)
 
@@ -49,7 +49,7 @@ func TestAppSec(t *testing.T) {
 
  // Send a XSS attack in the payload along with the canary value in the RPC metadata
  ctx := metadata.NewOutgoingContext(context.Background(), metadata.Pairs("dd-canary", "dd-test-scanner-log"))
- res, err := client.Ping(ctx, &FixtureRequest{Name: "<script>window.location;</script>"})
+ res, err := client.Ping(ctx, &fixturepb.FixtureRequest{Name: "<script>window.location;</script>"})
  // Check that the handler was properly called
  require.NoError(t, err)
  require.Equal(t, "passed", res.Message)
@@ -74,7 +74,7 @@ func TestAppSec(t *testing.T) {
  require.NoError(t, err)
 
  // Send a XSS attack
- err = stream.Send(&FixtureRequest{Name: "<script>window.location;</script>"})
+ err = stream.Send(&fixturepb.FixtureRequest{Name: "<script>window.location;</script>"})
  require.NoError(t, err)
 
  // Check that the handler was properly called
@@ -84,7 +84,7 @@ func TestAppSec(t *testing.T) {
 
  for i := 0; i < 5; i++ { // Fire multiple times, each time should result in a detected event
  // Send a SQLi attack
- err = stream.Send(&FixtureRequest{Name: fmt.Sprintf("-%[1]d' and %[1]d=%[1]d union select * from users--", i)})
+ err = stream.Send(&fixturepb.FixtureRequest{Name: fmt.Sprintf("-%[1]d' and %[1]d=%[1]d union select * from users--", i)})
  require.NoError(t, err)
 
  // Check that the handler was properly called
@@ -133,13 +133,12 @@ func TestAppSec(t *testing.T) {
 // Test that http blocking works by using custom rules/rules data
 func TestBlocking(t *testing.T) {
  t.Setenv("DD_APPSEC_RULES", "../../../internal/appsec/testdata/blocking.json")
- appsec.Start()
- defer appsec.Stop()
- if !appsec.Enabled() {
+ testutils.StartAppSec(t)
+ if !instr.AppSecEnabled() {
  t.Skip("appsec disabled")
  }
 
- setup := func() (FixtureClient, mocktracer.Tracer, func()) {
+ setup := func() (fixturepb.FixtureClient, mocktracer.Tracer, func()) {
  rig, err := newRig(false)
  require.NoError(t, err)
 
@@ -157,7 +156,7 @@ func TestBlocking(t *testing.T) {
 
  // Send a XSS attack in the payload along with the canary value in the RPC metadata
  ctx := metadata.NewOutgoingContext(context.Background(), metadata.Pairs("dd-canary", "dd-test-scanner-log", "x-client-ip", "1.2.3.4"))
- reply, err := client.Ping(ctx, &FixtureRequest{Name: "<script>alert('xss');</script>"})
+ reply, err := client.Ping(ctx, &fixturepb.FixtureRequest{Name: "<script>alert('xss');</script>"})
 
  require.Nil(t, reply)
  require.Equal(t, codes.Aborted, status.Code(err))
@@ -176,7 +175,7 @@ func TestBlocking(t *testing.T) {
 
  // Send a XSS attack in the payload along with the canary value in the RPC metadata
  ctx := metadata.NewOutgoingContext(context.Background(), metadata.Pairs("dd-canary", "dd-test-scanner-log", "x-client-ip", "1.2.3.5"))
- reply, err := client.Ping(ctx, &FixtureRequest{Name: "<script>alert('xss');</script>"})
+ reply, err := client.Ping(ctx, &fixturepb.FixtureRequest{Name: "<script>alert('xss');</script>"})
 
  require.Equal(t, "passed", reply.Message)
  require.Equal(t, codes.OK, status.Code(err))
@@ -211,7 +210,7 @@ func TestBlocking(t *testing.T) {
  require.NoError(t, err)
 
  // Send a XSS attack
- err = stream.Send(&FixtureRequest{Name: "<script>alert('xss');</script>"})
+ err = stream.Send(&fixturepb.FixtureRequest{Name: "<script>alert('xss');</script>"})
  require.NoError(t, err)
  reply, err := stream.Recv()
  require.Equal(t, codes.OK, status.Code(err))
@@ -226,13 +225,12 @@ func TestBlocking(t *testing.T) {
 // Test that user blocking works by using custom rules/rules data
 func TestUserBlocking(t *testing.T) {
  t.Setenv("DD_APPSEC_RULES", "../../../internal/appsec/testdata/blocking.json")
- appsec.Start()
- defer appsec.Stop()
- if !appsec.Enabled() {
+ testutils.StartAppSec(t)
+ if !instr.AppSecEnabled() {
  t.Skip("appsec disabled")
  }
 
- setup := func() (FixtureClient, mocktracer.Tracer, func()) {
+ setup := func() (fixturepb.FixtureClient, mocktracer.Tracer, func()) {
  rig, err := newAppsecRig(false)
  require.NoError(t, err)
 
@@ -250,7 +248,7 @@ func TestUserBlocking(t *testing.T) {
 
  // Send a XSS attack in the payload along with the canary value in the RPC metadata
  ctx := metadata.NewOutgoingContext(context.Background(), metadata.Pairs("user-id", "blocked-user-1"))
- reply, err := client.Ping(ctx, &FixtureRequest{Name: "<script>alert('xss');</script>"})
+ reply, err := client.Ping(ctx, &fixturepb.FixtureRequest{Name: "<script>alert('xss');</script>"})
 
  require.Nil(t, reply)
  require.Equal(t, codes.Aborted, status.Code(err))
@@ -269,7 +267,7 @@ func TestUserBlocking(t *testing.T) {
  defer cleanup()
 
  ctx := metadata.NewOutgoingContext(context.Background(), metadata.Pairs("user-id", "legit user"))
- reply, err := client.Ping(ctx, &FixtureRequest{Name: "<script>alert('xss');</script>"})
+ reply, err := client.Ping(ctx, &fixturepb.FixtureRequest{Name: "<script>alert('xss');</script>"})
 
  require.Equal(t, "passed", reply.Message)
  require.Equal(t, codes.OK, status.Code(err))
@@ -282,7 +280,7 @@ func TestUserBlocking(t *testing.T) {
  defer cleanup()
 
  ctx := metadata.NewOutgoingContext(context.Background(), metadata.Pairs("user-id", "blocked-user-1", "x-forwarded-for", "1.2.3.4"))
- reply, err := client.Ping(ctx, &FixtureRequest{})
+ reply, err := client.Ping(ctx, &fixturepb.FixtureRequest{})
 
  require.Nil(t, reply)
  require.Equal(t, codes.Aborted, status.Code(err))
@@ -323,7 +321,7 @@ func TestUserBlocking(t *testing.T) {
  require.NoError(t, err)
 
  // Send a XSS attack
- err = stream.Send(&FixtureRequest{Name: "<script>alert('xss');</script>"})
+ err = stream.Send(&fixturepb.FixtureRequest{Name: "<script>alert('xss');</script>"})
  require.NoError(t, err)
  reply, err := stream.Recv()
  require.Equal(t, codes.OK, status.Code(err))
@@ -360,13 +358,12 @@ func TestPasslist(t *testing.T) {
  // but only one of them is passlisted (custom-1 is passlisted, custom-2 is not and must trigger).
  t.Setenv("DD_APPSEC_RULES", "../../../internal/appsec/testdata/passlist.json")
 
- appsec.Start()
- defer appsec.Stop()
- if !appsec.Enabled() {
+ testutils.StartAppSec(t)
+ if !instr.AppSecEnabled() {
  t.Skip("appsec disabled")
  }
 
- setup := func() (FixtureClient, mocktracer.Tracer, func()) {
+ setup := func() (fixturepb.FixtureClient, mocktracer.Tracer, func()) {
  rig, err := newRig(false)
  require.NoError(t, err)
 
@@ -384,7 +381,7 @@ func TestPasslist(t *testing.T) {
 
  // Send the payload triggering the sec event thanks to the "zouzou" value in the RPC metadata
  ctx := metadata.NewOutgoingContext(context.Background(), metadata.Pairs("dd-canary", "zouzou"))
- res, err := client.Ping(ctx, &FixtureRequest{Name: "hello"})
+ res, err := client.Ping(ctx, &fixturepb.FixtureRequest{Name: "hello"})
 
  // Check that the handler was properly called
  require.NoError(t, err)
@@ -411,7 +408,7 @@ func TestPasslist(t *testing.T) {
 
  // Send some messages
  for i := 0; i < 5; i++ {
- err = stream.Send(&FixtureRequest{Name: "hello"})
+ err = stream.Send(&fixturepb.FixtureRequest{Name: "hello"})
  require.NoError(t, err)
 
  // Check that the handler was properly called
@@ -444,8 +441,8 @@ func newAppsecRig(traceClient bool, interceptorOpts ...Option) (*appsecRig, erro
  grpc.StreamInterceptor(StreamServerInterceptor(interceptorOpts...)),
  )
 
- fixtureServer := new(appsecFixtureServer)
- RegisterFixtureServer(server, fixtureServer)
+ fixtureServer := &appsecFixtureServer{s: fixturepb.NewFixtureServer()}
+ fixturepb.RegisterFixtureServer(server, fixtureServer)
 
  li, err := net.Listen("tcp", "127.0.0.1:0")
  if err != nil {
@@ -472,7 +469,7 @@ func newAppsecRig(traceClient bool, interceptorOpts ...Option) (*appsecRig, erro
  port: port,
  server: server,
  conn: conn,
- client: NewFixtureClient(conn),
+ client: fixturepb.NewFixtureClient(conn),
  }, err
 }
 
@@ -484,7 +481,7 @@ type appsecRig struct {
  port string
  listener net.Listener
  conn *grpc.ClientConn
- client FixtureClient
+ client fixturepb.FixtureClient
 }
 
 func (r *appsecRig) Close() {
@@ -493,23 +490,23 @@ func (r *appsecRig) Close() {
 }
 
 type appsecFixtureServer struct {
- UnimplementedFixtureServer
- s fixtureServer
+ fixturepb.UnimplementedFixtureServer
+ s *fixturepb.FixtureSrv
 }
 
-func (s *appsecFixtureServer) StreamPing(stream Fixture_StreamPingServer) (err error) {
+func (s *appsecFixtureServer) StreamPing(stream fixturepb.Fixture_StreamPingServer) (err error) {
  ctx := stream.Context()
  md, _ := metadata.FromIncomingContext(ctx)
  ids := md.Get("user-id")
- if err := pappsec.SetUser(ctx, ids[0]); err != nil {
+ if err := appsec.SetUser(ctx, ids[0]); err != nil {
  return err
  }
  return s.s.StreamPing(stream)
 }
-func (s *appsecFixtureServer) Ping(ctx context.Context, in *FixtureRequest) (*FixtureReply, error) {
+func (s *appsecFixtureServer) Ping(ctx context.Context, in *fixturepb.FixtureRequest) (*fixturepb.FixtureReply, error) {
  md, _ := metadata.FromIncomingContext(ctx)
  ids := md.Get("user-id")
- if err := pappsec.SetUser(ctx, ids[0]); err != nil {
+ if err := appsec.SetUser(ctx, ids[0]); err != nil {
  return nil, err
  }
 

diff --git a/contrib/google.golang.org/grpc/client.go b/contrib/google.golang.org/grpc/client.go
@@ -12,7 +12,6 @@ import (
  "github.com/DataDog/dd-trace-go/contrib/google.golang.org/grpc/v2/internal/grpcutil"
  "github.com/DataDog/dd-trace-go/v2/ddtrace/ext"
  "github.com/DataDog/dd-trace-go/v2/ddtrace/tracer"
- "github.com/DataDog/dd-trace-go/v2/internal/log"
 
  "google.golang.org/grpc"
  "google.golang.org/grpc/grpclog"
@@ -37,7 +36,7 @@ func (cs *clientStream) RecvMsg(m interface{}) (err error) {
  cs.Context(),
  cs.method,
  "grpc.message",
- cs.cfg.serviceName,
+ cs.cfg.serviceName.String(),
  cs.cfg.startSpanOptions()...,
  )
  span.SetTag(ext.Component, componentName)
@@ -56,7 +55,7 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) {
  cs.Context(),
  cs.method,
  "grpc.message",
- cs.cfg.serviceName,
+ cs.cfg.serviceName.String(),
  cs.cfg.startSpanOptions()...,
  )
  span.SetTag(ext.Component, componentName)
@@ -77,7 +76,7 @@ func StreamClientInterceptor(opts ...Option) grpc.StreamClientInterceptor {
  for _, fn := range opts {
  fn.apply(cfg)
  }
- log.Debug("contrib/google.golang.org/grpc: Configuring StreamClientInterceptor: %#v", cfg)
+ instr.Logger().Debug("contrib/google.golang.org/grpc: Configuring StreamClientInterceptor: %#v", cfg)
  return func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
  var methodKind string
  if desc != nil {
@@ -148,7 +147,7 @@ func UnaryClientInterceptor(opts ...Option) grpc.UnaryClientInterceptor {
  for _, fn := range opts {
  fn.apply(cfg)
  }
- log.Debug("contrib/google.golang.org/grpc: Configuring UnaryClientInterceptor: %#v", cfg)
+ instr.Logger().Debug("contrib/google.golang.org/grpc: Configuring UnaryClientInterceptor: %#v", cfg)
  return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
  if _, ok := cfg.untracedMethods[method]; ok {
  return invoker(ctx, method, req, reply, cc, opts...)
@@ -173,7 +172,7 @@ func doClientRequest(
  ctx,
  method,
  cfg.spanName,
- cfg.serviceName,
+ cfg.serviceName.String(),
  cfg.startSpanOptions(
  tracer.Tag(ext.Component, componentName),
  tracer.Tag(ext.SpanKind, ext.SpanKindClient))...,

diff --git a/contrib/google.golang.org/grpc/go.mod b/contrib/google.golang.org/grpc/go.mod
@@ -4,12 +4,13 @@ go 1.21
 
 require (
  github.com/DataDog/appsec-internal-go v1.5.0
+ github.com/DataDog/dd-trace-go/instrumentation/testutils/grpc/v2 v2.0.0-00010101000000-000000000000
  github.com/DataDog/dd-trace-go/v2 v2.0.0-20240516153256-8d6fa2bea61d
  github.com/golang/protobuf v1.5.4
  github.com/stretchr/testify v1.8.4
  github.com/tinylib/msgp v1.1.9
- google.golang.org/grpc v1.64.0
- google.golang.org/protobuf v1.34.1
+ google.golang.org/grpc v1.65.0
+ google.golang.org/protobuf v1.34.2
 )
 
 require (
@@ -39,8 +40,10 @@ require (
  golang.org/x/text v0.15.0 // indirect
  golang.org/x/time v0.5.0 // indirect
  golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect
  gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
+replace github.com/DataDog/dd-trace-go/instrumentation/testutils/grpc/v2 => ../../../instrumentation/testutils/grpc
+
 replace github.com/DataDog/dd-trace-go/v2 => ../../..
diff --git a/contrib/google.golang.org/grpc/go.sum b/contrib/google.golang.org/grpc/go.sum
@@ -129,12 +129,12 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
-google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
-google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
+google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
+google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=