Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

contrib/echo: wrap appsec error in echo.HTTPError #1744

Merged
merged 3 commits into from
Feb 20, 2023
Merged

contrib/echo: wrap appsec error in echo.HTTPError #1744

merged 3 commits into from
Feb 20, 2023
+76 −24

Conversation

Hellzy
Copy link
Contributor

@Hellzy Hellzy commented Feb 17, 2023
edited
Loading

What does this PR do?

This change ensures that the error returned by the appsec echo middleware is always an echo.HTTPError (or nil).
This is needed so that the top level APM code doesn't override the response status span tag with 500, which
happens if it encounters any other error type than echo.HTTPError

Motivation

This fixes a bug spotted while enabling user blocking system-tests.

Reviewer's Checklist

  • If known, an appropriate milestone has been selected; otherwise the Triage milestone is set.
  • Changed code has unit tests for its functionality.
  • If this interacts with the agent in a new way, a system test has been added.

Sorry, something went wrong.

@Hellzy
contrib/echo: wrap appsec error in echo.HTTPError

Verified

This commit was signed with the committer’s verified signature.
rarguelloF Rodrigo Argüello
SSH Key Fingerprint: Uw4yLxbLKJ+iRBd5hSL83+nkoJVYR8G4F6/Cl7CouHA
Verified
Learn about vigilant mode
0005ab0
@Hellzy Hellzy added the appsec label Feb 17, 2023
@Hellzy Hellzy added this to the v1.48.0 milestone Feb 17, 2023
@Hellzy Hellzy requested a review from a team as a code owner February 17, 2023 16:20
eliottness
eliottness previously approved these changes Feb 17, 2023
View reviewed changes
@eliottness
Copy link
Contributor

Can we have a link to the test/job failing because of this maybe ?

Julio-Guerra
Julio-Guerra requested changes Feb 17, 2023
View reviewed changes
Copy link
Contributor

@Julio-Guerra Julio-Guerra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Glad you caught this before release 👏
It still needs a test to reproduce and confirm the fix please, if you could add it 🙏
Also, I think this simple handler isn't handled properly by you post-handler error management:

func myHandler(ctx echo.Context) error {
    return errors.New("my error without any response")
}

where you might end up with the expected behaviour by chance but our monitored HTTP status code will be 0, while it will actually be 500 if I understood correctly echo's behaviour.

@pr-commenter
Copy link

pr-commenter bot commented Feb 20, 2023
edited
Loading

Benchmarks

Comparing candidate commit b20d07f in PR branch francois.mazeau/user-blocking-error with baseline commit eae71da in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 6 cases.

@Hellzy Hellzy force-pushed the francois.mazeau/user-blocking-error branch from 3959404 to db5ddfb Compare February 20, 2023 15:23
@Hellzy
contrib/echo: appsec: use echo error handlers

Verified

This commit was signed with the committer’s verified signature.
rarguelloF Rodrigo Argüello
SSH Key Fingerprint: Uw4yLxbLKJ+iRBd5hSL83+nkoJVYR8G4F6/Cl7CouHA
Verified
Learn about vigilant mode
66280f4
@Hellzy Hellzy force-pushed the francois.mazeau/user-blocking-error branch from db5ddfb to 66280f4 Compare February 20, 2023 15:24
@Hellzy Hellzy requested a review from Julio-Guerra February 20, 2023 15:24
@Hellzy
Copy link
Contributor Author

Hellzy commented Feb 20, 2023
edited
Loading

Glad you caught this before release clap It still needs a test to reproduce and confirm the fix please, if you could add it pray Also, I think this simple handler isn't handled properly by you post-handler error management:

func myHandler(ctx echo.Context) error {
    return errors.New("my error without any response")
}

where you might end up with the expected behaviour by chance but our monitored HTTP status code will be 0, while it will actually be 500 if I understood correctly echo's behaviour.

What changed:

We now call the echo error handlers (echo.Context.Error()) when the middleware returns an error. This provides several benefits:

  • The response status gets committed
  • We can simplify our wrapper around the response writer to simply expose Status(). We don't short-circuit it anymore, we simply make sure that we can read the status code that gets committed.
  • We are guaranteed to follow APM's behaviour when it comes to status code handling
  • We don't get in the way of users that want echo to generate the response/status code for them and simply return custom errors (i.e we let echo handle this directly and just read the result).

@Hellzy
Merge branch 'main' into francois.mazeau/user-blocking-error

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
b20d07f
@Hellzy Hellzy merged commit 7a82685 into main Feb 20, 2023
@Hellzy Hellzy deleted the francois.mazeau/user-blocking-error branch February 20, 2023 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Julio-Guerra Julio-Guerra

@eliottness eliottness

Assignees
No one assigned
Labels
appsec
Projects
None yet
Milestone
v1.48.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Hellzy @eliottness @Julio-Guerra