appsec: fix IsSecurityError

appsec/events/block.go

@@ -11,8 +11,6 @@ import "errors"
 
 var _ error = (*BlockingSecurityEvent)(nil)
 
-var securityError = &BlockingSecurityEvent{}
-
 // BlockingSecurityEvent is the error type returned by function calls blocked by appsec.
 // Even though appsec takes care of responding automatically to the blocked requests, it
 // is your duty to abort the request handlers that are calling functions blocked by appsec.
@@ -29,5 +27,6 @@ func (*BlockingSecurityEvent) Error() string {
 
 // IsSecurityError returns true if the error is a security event.
 func IsSecurityError(err error) bool {
- return errors.Is(err, securityError)
+ var secErr *BlockingSecurityEvent
+ return errors.As(err, &secErr)
 }

contrib/net/http/roundtripper_test.go

@@ -662,7 +662,7 @@ func TestAppsec(t *testing.T) {
  resp, err := client.RoundTrip(req.WithContext(r.Context()))
 
  if enabled {
- require.ErrorIs(t, err, &events.BlockingSecurityEvent{})
+ require.True(t, events.IsSecurityError(err))
  } else {
  require.NoError(t, err)
  }
@@ -690,6 +690,7 @@ func TestAppsec(t *testing.T) {
  require.Contains(t, appsecJSON, httpsec.ServerIoNetURLAddr)
 
  require.Contains(t, serviceSpan.Tags(), "_dd.stack")
+ require.NotContains(t, serviceSpan.Tags(), "error.message")
 
  // This is a nested event so it should contain the child span id in the service entry span
  // TODO(eliott.bouhana): uncomment this once we have the child span id in the service entry span