appsec

package

v1.59.0-alpha.1 Latest Latest Go to latest Published: Nov 22, 2023 License: Apache-2.0, BSD-3-Clause, Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DataDog/dd-trace-go

Documentation ¶

Index ¶

func Enabled() bool
func Start(opts ...StartOption)
func Stop()
type Config
type Limiter
type ObfuscatorConfig
type StartOption
- func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption
type TokenTicker
- func NewTokenTicker(tokens, maxTokens int64) *TokenTicker

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Enabled ¶ added in v1.35.0

func Enabled() bool

Enabled returns true when AppSec is up and running. Meaning that the appsec build tag is enabled, the env var DD_APPSEC_ENABLED is set to true, and the tracer is started.

func Start ¶

func Start(opts ...StartOption)

Start AppSec when enabled is enabled by both using the appsec build tag and setting the environment variable DD_APPSEC_ENABLED to true.

Types ¶

type Limiter ¶

type Limiter interface {
	Allow() bool
}

Limiter is used to abstract the rate limiter implementation to only expose the needed function for rate limiting. This is for example useful for testing, allowing us to use a modified rate limiter tuned for testing through the same interface.

type ObfuscatorConfig ¶ added in v1.38.0

type ObfuscatorConfig struct {
	KeyRegex   string
	ValueRegex string
}

ObfuscatorConfig wraps the key and value regexp to be passed to the WAF to perform obfuscation.

type StartOption ¶ added in v1.44.0

type StartOption func(c *Config)

StartOption is used to customize the AppSec configuration when invoked with appsec.Start()

func WithRCConfig ¶ added in v1.44.0

func WithRCConfig(cfg remoteconfig.ClientConfig) StartOption

WithRCConfig sets the AppSec remote config client configuration to the specified cfg

type TokenTicker ¶

type TokenTicker struct {
	// contains filtered or unexported fields
}

TokenTicker is a thread-safe and lock-free rate limiter based on a token bucket. The idea is to have a goroutine that will update the bucket with fresh tokens at regular intervals using a time.Ticker. The advantage of using a goroutine here is that the implementation becomes easily thread-safe using a few atomic operations with little overhead overall. TokenTicker.Start() *should* be called before the first call to TokenTicker.Allow() and TokenTicker.Stop() *must* be called once done using. Note that calling TokenTicker.Allow() before TokenTicker.Start() is valid, but it means the bucket won't be refilling until the call to TokenTicker.Start() is made

func NewTokenTicker ¶

func NewTokenTicker(tokens, maxTokens int64) *TokenTicker

NewTokenTicker is a utility function that allocates a token ticker, initializes necessary fields and returns it

func (*TokenTicker) Allow ¶

func (t *TokenTicker) Allow() bool

Allow checks and returns whether a token can be retrieved from the bucket and consumed. Thread-safe.

func (*TokenTicker) Start ¶

func (t *TokenTicker) Start()

Start starts the ticker and launches the goroutine responsible for updating the token bucket. The ticker is set to tick at a fixed rate of 500us.

func (*TokenTicker) Stop ¶

func (t *TokenTicker) Stop()

Stop shuts down the rate limiter, taking care stopping the ticker and closing all channels

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
_testlib
dyngo Package dyngo is the Go implementation of Datadog's Instrumentation Gateway which provides an event-based instrumentation API based on a stack representation of instrumented functions along with nested event listeners.	Package dyngo is the Go implementation of Datadog's Instrumentation Gateway which provides an event-based instrumentation API based on a stack representation of instrumented functions along with nested event listeners.
instrumentation Package instrumentation holds code commonly used between all instrumentation declinations (currently httpsec/grpcsec).	Package instrumentation holds code commonly used between all instrumentation declinations (currently httpsec/grpcsec).
instrumentation/grpcsec Package grpcsec is the gRPC instrumentation API and contract for AppSec defining an abstract run-time representation of gRPC handlers.	Package grpcsec is the gRPC instrumentation API and contract for AppSec defining an abstract run-time representation of gRPC handlers.
instrumentation/httpsec Package httpsec defines is the HTTP instrumentation API and contract for AppSec.	Package httpsec defines is the HTTP instrumentation API and contract for AppSec.
instrumentation/sharedsec

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL