rename appsec/events.SecurityBlockingEvent -> BlockingSecurityEvent

Signed-off-by: Eliott Bouhana <[email protected]>
DataDog · May 31, 2024 · e8e01e1 · e8e01e1
1 parent c091b03
commit e8e01e1
Show file tree

Hide file tree

Showing 9 changed files with 13 additions and 13 deletions.
diff --git a/appsec/events/block.go b/appsec/events/block.go
@@ -8,15 +8,15 @@
 // Handling these events differently than other errors is crucial to not leak information to an attacker.
 package events
 
-var _ error = (*SecurityBlockingEvent)(nil)
+var _ error = (*BlockingSecurityEvent)(nil)
 
-// SecurityBlockingEvent is an event that signals that a request was blocked by the WAF.
+// BlockingSecurityEvent is an event that signals that a request was blocked by the WAF.
 // It should be handled differently than other errors to avoid leaking information to an attacker.
 // If this error was returned by native types wrapped by dd-trace-go, it means that a 403 response will be written
 // by appsec middleware (or any other status code defined in DataDog's UI). Therefore, the user should not write a
 // response in the handler.
-type SecurityBlockingEvent struct{}
+type BlockingSecurityEvent struct{}
 
-func (*SecurityBlockingEvent) Error() string {
+func (*BlockingSecurityEvent) Error() string {
 	return "request blocked by WAF"
 }
diff --git a/contrib/labstack/echo.v4/appsec.go b/contrib/labstack/echo.v4/appsec.go
@@ -26,7 +26,7 @@ func withAppSec(next echo.HandlerFunc, span tracer.Span) echo.HandlerFunc {
 			err = next(c)
 			// If the error is a monitoring one, it means appsec actions will take care of writing the response
 			// and handling the error. Don't call the echo error handler in this case
-			if _, ok := err.(*events.SecurityBlockingEvent); !ok && err != nil {
+			if _, ok := err.(*events.BlockingSecurityEvent); !ok && err != nil {
 				c.Error(err)
 			}
 		})

diff --git a/contrib/net/http/roundtripper.go b/contrib/net/http/roundtripper.go
@@ -61,7 +61,7 @@ func (rt *roundTripper) RoundTrip(req *http.Request) (res *http.Response, err er
 		if rt.cfg.after != nil {
 			rt.cfg.after(res, span)
 		}
-		if !errors.Is(err, &events.SecurityBlockingEvent{}) && (rt.cfg.errCheck == nil || rt.cfg.errCheck(err)) {
+		if !errors.Is(err, &events.BlockingSecurityEvent{}) && (rt.cfg.errCheck == nil || rt.cfg.errCheck(err)) {
 			span.Finish(tracer.WithError(err))
 		} else {
 			span.Finish()

diff --git a/contrib/net/http/roundtripper_test.go b/contrib/net/http/roundtripper_test.go
@@ -654,7 +654,7 @@ func TestAppsec(t *testing.T) {
 			require.NoError(t, err)
 
 			resp, err := client.RoundTrip(req.WithContext(r.Context()))
-			require.ErrorIs(t, err, &events.SecurityBlockingEvent{})
+			require.ErrorIs(t, err, &events.BlockingSecurityEvent{})
 			if resp != nil {
 				defer resp.Body.Close()
 			}

diff --git a/internal/appsec/emitter/httpsec/http.go b/internal/appsec/emitter/httpsec/http.go
@@ -50,7 +50,7 @@ func MonitorParsedBody(ctx context.Context, body any) error {
 func ExecuteSDKBodyOperation(parent dyngo.Operation, args types.SDKBodyOperationArgs) error {
 	var err error
 	op := &types.SDKBodyOperation{Operation: dyngo.NewOperation(parent)}
-	dyngo.OnData(op, func(e *events.SecurityBlockingEvent) {
+	dyngo.OnData(op, func(e *events.BlockingSecurityEvent) {
 		err = e
 	})
 	dyngo.StartOperation(op, args)

diff --git a/internal/appsec/emitter/httpsec/roundtripper.go b/internal/appsec/emitter/httpsec/roundtripper.go
@@ -37,8 +37,8 @@ func ProtectRoundTrip(ctx context.Context, url string) error {
 		Operation: dyngo.NewOperation(parent),
 	}
 
-	var err *events.SecurityBlockingEvent
-	dyngo.OnData(op, func(e *events.SecurityBlockingEvent) {
+	var err *events.BlockingSecurityEvent
+	dyngo.OnData(op, func(e *events.BlockingSecurityEvent) {
 		err = e
 	})
 

diff --git a/internal/appsec/emitter/sharedsec/actions.go b/internal/appsec/emitter/sharedsec/actions.go
@@ -197,7 +197,7 @@ func newBlockRequestHandler(status int, ct string, payload []byte) http.Handler
 
 func newGRPCBlockHandler(status int) GRPCWrapper {
 	return func(_ map[string][]string) (uint32, error) {
-		return uint32(status), &events.SecurityBlockingEvent{}
+		return uint32(status), &events.BlockingSecurityEvent{}
 	}
 }
 

diff --git a/internal/appsec/emitter/sharedsec/shared.go b/internal/appsec/emitter/sharedsec/shared.go
@@ -40,7 +40,7 @@ var userIDOperationArgsType = reflect.TypeOf((*UserIDOperationArgs)(nil)).Elem()
 func ExecuteUserIDOperation(parent dyngo.Operation, args UserIDOperationArgs) error {
 	var err error
 	op := &UserIDOperation{Operation: dyngo.NewOperation(parent)}
-	dyngo.OnData(op, func(e *events.SecurityBlockingEvent) { err = e })
+	dyngo.OnData(op, func(e *events.BlockingSecurityEvent) { err = e })
 	dyngo.StartOperation(op, args)
 	dyngo.FinishOperation(op, UserIDOperationRes{})
 	return err

diff --git a/internal/appsec/listener/sharedsec/shared.go b/internal/appsec/listener/sharedsec/shared.go
@@ -94,7 +94,7 @@ func ProcessActions(op dyngo.Operation, actions map[string]any) (interrupt bool)
 	// If any of the actions are supposed to interrupt the request, emit a blocking event for the SDK operations
 	// to return an error.
 	if interrupt {
-		dyngo.EmitData(op, &events.SecurityBlockingEvent{})
+		dyngo.EmitData(op, &events.BlockingSecurityEvent{})
 	}
 
 	return interrupt