appsec: fix IsSecurityError (#2746)

Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>

appsec/events/block.go

@@ -11,8 +11,6 @@ import "errors"
 
 var _ error = (*BlockingSecurityEvent)(nil)
 
-var securityError = &BlockingSecurityEvent{}
-
 // BlockingSecurityEvent is the error type returned by function calls blocked by appsec.
 // Even though appsec takes care of responding automatically to the blocked requests, it
 // is your duty to abort the request handlers that are calling functions blocked by appsec.
@@ -29,5 +27,6 @@ func (*BlockingSecurityEvent) Error() string {
 
 // IsSecurityError returns true if the error is a security event.
 func IsSecurityError(err error) bool {
-	return errors.Is(err, securityError)
+	var secErr *BlockingSecurityEvent
+	return errors.As(err, &secErr)
 }

contrib/net/http/roundtripper_test.go

@@ -662,7 +662,7 @@ func TestAppsec(t *testing.T) {
 				resp, err := client.RoundTrip(req.WithContext(r.Context()))
 
 				if enabled {
-					require.ErrorIs(t, err, &events.BlockingSecurityEvent{})
+					require.True(t, events.IsSecurityError(err))
 				} else {
 					require.NoError(t, err)
 				}
@@ -690,6 +690,7 @@ func TestAppsec(t *testing.T) {
 			require.Contains(t, appsecJSON, httpsec.ServerIoNetURLAddr)
 
 			require.Contains(t, serviceSpan.Tags(), "_dd.stack")
+			require.NotContains(t, serviceSpan.Tags(), "error.message")
 
 			// This is a nested event so it should contain the child span id in the service entry span
 			// TODO(eliott.bouhana): uncomment this once we have the child span id in the service entry span