From aca50fc692705d669641f756756112886ea22989 Mon Sep 17 00:00:00 2001 From: Eliott Bouhana Date: Mon, 17 Jun 2024 16:13:40 +0200 Subject: [PATCH] appsec: fix IsSecurityError Signed-off-by: Eliott Bouhana --- appsec/events/block.go | 5 ++--- contrib/net/http/roundtripper_test.go | 3 ++- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/appsec/events/block.go b/appsec/events/block.go index 8db51b8268..b405bdd97d 100644 --- a/appsec/events/block.go +++ b/appsec/events/block.go @@ -11,8 +11,6 @@ import "errors" var _ error = (*BlockingSecurityEvent)(nil) -var securityError = &BlockingSecurityEvent{} - // BlockingSecurityEvent is the error type returned by function calls blocked by appsec. // Even though appsec takes care of responding automatically to the blocked requests, it // is your duty to abort the request handlers that are calling functions blocked by appsec. @@ -29,5 +27,6 @@ func (*BlockingSecurityEvent) Error() string { // IsSecurityError returns true if the error is a security event. func IsSecurityError(err error) bool { - return errors.Is(err, securityError) + var secErr *BlockingSecurityEvent + return errors.As(err, &secErr) } diff --git a/contrib/net/http/roundtripper_test.go b/contrib/net/http/roundtripper_test.go index dd7c9301be..bc9f590fb3 100644 --- a/contrib/net/http/roundtripper_test.go +++ b/contrib/net/http/roundtripper_test.go @@ -662,7 +662,7 @@ func TestAppsec(t *testing.T) { resp, err := client.RoundTrip(req.WithContext(r.Context())) if enabled { - require.ErrorIs(t, err, &events.BlockingSecurityEvent{}) + require.True(t, events.IsSecurityError(err)) } else { require.NoError(t, err) } @@ -690,6 +690,7 @@ func TestAppsec(t *testing.T) { require.Contains(t, appsecJSON, httpsec.ServerIoNetURLAddr) require.Contains(t, serviceSpan.Tags(), "_dd.stack") + require.NotContains(t, serviceSpan.Tags(), "error.message") // This is a nested event so it should contain the child span id in the service entry span // TODO(eliott.bouhana): uncomment this once we have the child span id in the service entry span