appsec start stop fixes

DataDog · Oct 18, 2024 · bb20637 · bb20637
1 parent 8d30243
commit bb20637
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 33 deletions.
diff --git a/appsec/appsec_test.go b/appsec/appsec_test.go
@@ -13,11 +13,14 @@ import (
 	"github.com/DataDog/dd-trace-go/v2/appsec"
 	"github.com/DataDog/dd-trace-go/v2/ddtrace/mocktracer"
 	"github.com/DataDog/dd-trace-go/v2/ddtrace/tracer"
-	privateAppsec "github.com/DataDog/dd-trace-go/v2/internal/appsec"
+	"github.com/DataDog/dd-trace-go/v2/instrumentation"
+	privatetestutils "github.com/DataDog/dd-trace-go/v2/instrumentation/testutils"
 
 	"github.com/stretchr/testify/require"
 )
 
+var instr *instrumentation.Instrumentation
+
 func TestTrackUserLoginSuccessEvent(t *testing.T) {
 	t.Run("nominal-with-metadata", func(t *testing.T) {
 		mt := mocktracer.Start()
@@ -147,9 +150,8 @@ func TestSetUser(t *testing.T) {
 		require.NoError(t, err)
 	})
 
-	privateAppsec.Start()
-	defer privateAppsec.Stop()
-	if !privateAppsec.Enabled() {
+	privatetestutils.StartAppSec(t)
+	if !instr.AppSecEnabled() {
 		t.Skip("AppSec needs to be enabled for this test")
 	}
 

diff --git a/contrib/99designs/gqlgen/appsec_test.go b/contrib/99designs/gqlgen/appsec_test.go
@@ -18,7 +18,7 @@ import (
 	"github.com/99designs/gqlgen/graphql/handler"
 	"github.com/99designs/gqlgen/graphql/handler/transport"
 	"github.com/DataDog/dd-trace-go/v2/ddtrace/mocktracer"
-	"github.com/DataDog/dd-trace-go/v2/internal/appsec"
+	"github.com/DataDog/dd-trace-go/v2/instrumentation/testutils"
 	"github.com/stretchr/testify/require"
 	"github.com/vektah/gqlparser/v2"
 	"github.com/vektah/gqlparser/v2/ast"
@@ -232,12 +232,11 @@ func enableAppSec(t *testing.T) func() {
 	require.NoError(t, err)
 	t.Setenv("DD_APPSEC_ENABLED", "1")
 	t.Setenv("DD_APPSEC_RULES", rulesFile)
-	appsec.Start()
+	testutils.StartAppSec(t)
 	cleanup := func() {
-		appsec.Stop()
 		_ = os.RemoveAll(tmpDir)
 	}
-	if !appsec.Enabled() {
+	if !instr.AppSecEnabled() {
 		cleanup()
 		t.Skip("could not enable appsec: this platform is likely not supported")
 	}

diff --git a/contrib/google.golang.org/grpc/appsec_test.go b/contrib/google.golang.org/grpc/appsec_test.go
@@ -30,8 +30,8 @@ import (
 func TestAppSec(t *testing.T) {
 	testutils.StartAppSec(t)
 	t.Setenv("DD_APPSEC_WAF_TIMEOUT", "1h") // Functionally unlimited
-	appsec.Start()
-	defer appsec.Stop()
+	testutils.StartAppSec(t)
+
 	if !instr.AppSecEnabled() {
 		t.Skip("appsec disabled")
 	}

diff --git a/contrib/graph-gophers/graphql-go/appsec_test.go b/contrib/graph-gophers/graphql-go/appsec_test.go
@@ -14,7 +14,7 @@ import (
 	"testing"
 
 	"github.com/DataDog/dd-trace-go/v2/ddtrace/mocktracer"
-	"github.com/DataDog/dd-trace-go/v2/internal/appsec"
+	"github.com/DataDog/dd-trace-go/v2/instrumentation/testutils"
 	"github.com/graph-gophers/graphql-go"
 	"github.com/stretchr/testify/require"
 )
@@ -218,14 +218,13 @@ func enableAppSec(t *testing.T) func() {
 	require.NoError(t, err)
 	restoreDdAppsecEnabled := setEnv("DD_APPSEC_ENABLED", "1")
 	restoreDdAppsecRules := setEnv("DD_APPSEC_RULES", rulesFile)
-	appsec.Start()
+	testutils.StartAppSec(t)
 	restore := func() {
-		appsec.Stop()
 		restoreDdAppsecEnabled()
 		restoreDdAppsecRules()
 		_ = os.RemoveAll(tmpDir)
 	}
-	if !appsec.Enabled() {
+	if !instr.AppSecEnabled() {
 		restore()
 		t.Skip("could not enable appsec: this platform is likely not supported")
 	}

diff --git a/internal/appsec/appsec_test.go b/internal/appsec/appsec_test.go
@@ -11,6 +11,7 @@ import (
 	"testing"
 
 	"github.com/DataDog/dd-trace-go/v2/ddtrace/tracer"
+	"github.com/DataDog/dd-trace-go/v2/instrumentation/testutils"
 	"github.com/DataDog/dd-trace-go/v2/internal/appsec"
 	"github.com/DataDog/dd-trace-go/v2/internal/appsec/config"
 
@@ -36,6 +37,6 @@ func TestStartStop(t *testing.T) {
 	// Use t.Setenv() to automatically restore the initial env var value, if set
 	t.Setenv(config.EnvEnabled, "")
 	os.Unsetenv(config.EnvEnabled)
-	appsec.Start()
+	testutils.StartAppSec(t)
 	appsec.Stop()
 }
diff --git a/internal/appsec/waf_test.go b/internal/appsec/waf_test.go
@@ -28,6 +28,7 @@ import (
 	"github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/dyngo"
 	"github.com/DataDog/dd-trace-go/v2/instrumentation/appsec/emitter/ossec"
 	httptrace "github.com/DataDog/dd-trace-go/v2/instrumentation/httptracemock"
+	"github.com/DataDog/dd-trace-go/v2/instrumentation/testutils"
 	"github.com/DataDog/dd-trace-go/v2/internal/appsec"
 	"github.com/DataDog/dd-trace-go/v2/internal/appsec/config"
 	"github.com/DataDog/dd-trace-go/v2/internal/appsec/emitter/waf/addresses"
@@ -37,8 +38,7 @@ import (
 
 func TestCustomRules(t *testing.T) {
 	t.Setenv("DD_APPSEC_RULES", "testdata/custom_rules.json")
-	appsec.Start()
-	defer appsec.Stop()
+	testutils.StartAppSec(t)
 
 	if !appsec.Enabled() {
 		t.Skip("appsec disabled")
@@ -94,8 +94,7 @@ func TestCustomRules(t *testing.T) {
 
 func TestUserRules(t *testing.T) {
 	t.Setenv("DD_APPSEC_RULES", "testdata/user_rules.json")
-	appsec.Start()
-	defer appsec.Stop()
+	testutils.StartAppSec(t)
 
 	if !appsec.Enabled() {
 		t.Skip("appsec disabled")
@@ -160,8 +159,7 @@ func TestUserRules(t *testing.T) {
 // the WAF is properly detecting an LFI attempt and that the corresponding security event is being sent to the agent.
 // Additionally, verifies that rule matching through SDK body instrumentation works as expected
 func TestWAF(t *testing.T) {
-	appsec.Start()
-	defer appsec.Stop()
+	testutils.StartAppSec(t)
 
 	if !appsec.Enabled() {
 		t.Skip("appsec disabled")
@@ -311,8 +309,8 @@ func TestWAF(t *testing.T) {
 // Test that request blocking works by using custom rules/rules data
 func TestBlocking(t *testing.T) {
 	t.Setenv("DD_APPSEC_RULES", "testdata/blocking.json")
-	appsec.Start()
-	defer appsec.Stop()
+	testutils.StartAppSec(t)
+
 	if !appsec.Enabled() {
 		t.Skip("AppSec needs to be enabled for this test")
 	}
@@ -461,9 +459,9 @@ func TestAPISecurity(t *testing.T) {
 	t.Run("enabled", func(t *testing.T) {
 		t.Setenv(internal.EnvAPISecEnabled, "true")
 		t.Setenv(internal.EnvAPISecSampleRate, "1.0")
-		appsec.Start()
+		testutils.StartAppSec(t)
 		require.True(t, appsec.Enabled())
-		defer appsec.Stop()
+
 		mt := mocktracer.Start()
 		defer mt.Stop()
 
@@ -482,9 +480,9 @@ func TestAPISecurity(t *testing.T) {
 
 	t.Run("disabled", func(t *testing.T) {
 		t.Setenv(internal.EnvAPISecEnabled, "false")
-		appsec.Start()
+		testutils.StartAppSec(t)
 		require.True(t, appsec.Enabled())
-		defer appsec.Stop()
+
 		mt := mocktracer.Start()
 		defer mt.Stop()
 
@@ -508,8 +506,7 @@ func TestRASPSQLi(t *testing.T) {
 
 func TestRASPLFI(t *testing.T) {
 	t.Setenv("DD_APPSEC_RULES", "testdata/rasp.json")
-	appsec.Start()
-	defer appsec.Stop()
+	testutils.StartAppSec(t)
 
 	if !appsec.RASPEnabled() {
 		t.Skip("RASP needs to be enabled for this test")
@@ -601,8 +598,8 @@ func TestRASPLFI(t *testing.T) {
 
 func TestSuspiciousAttackerBlocking(t *testing.T) {
 	t.Setenv("DD_APPSEC_RULES", "testdata/sab.json")
-	appsec.Start()
-	defer appsec.Stop()
+	testutils.StartAppSec(t)
+
 	if !appsec.Enabled() {
 		t.Skip("AppSec needs to be enabled for this test")
 	}
@@ -792,8 +789,8 @@ func BenchmarkSampleWAFContext(b *testing.B) {
 
 func TestAttackerFingerprinting(t *testing.T) {
 	t.Setenv("DD_APPSEC_RULES", "testdata/fp.json")
-	appsec.Start()
-	defer appsec.Stop()
+	testutils.StartAppSec(t)
+
 	if !appsec.Enabled() {
 		t.Skip("AppSec needs to be enabled for this test")
 	}