From fb1fd8751cb98de9ad98020c6c4227a2f75fc915 Mon Sep 17 00:00:00 2001
From: Eliott Bouhana <eliott.bouhana@datadoghq.com>
Date: Mon, 25 Mar 2024 11:41:40 +0100
Subject: [PATCH] remove spanID and nested event span_id

Signed-off-by: Eliott Bouhana <eliott.bouhana@datadoghq.com>
---
 contrib/net/http/roundtripper.go              | 14 +++-----------
 .../appsec/emitter/httpsec/roundtripper.go    |  3 +--
 .../appsec/emitter/httpsec/types/types.go     |  3 +--
 internal/appsec/listener/sharedsec/shared.go  | 19 +++++++++----------
 4 files changed, 14 insertions(+), 25 deletions(-)

diff --git a/contrib/net/http/roundtripper.go b/contrib/net/http/roundtripper.go
index 521cc32404..7212983dd1 100644
--- a/contrib/net/http/roundtripper.go
+++ b/contrib/net/http/roundtripper.go
@@ -10,7 +10,6 @@ import (
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/emitter/httpsec"
 	"math"
-	"math/rand"
 	"net/http"
 	"os"
 	"strconv"
@@ -43,11 +42,6 @@ func (rt *roundTripper) RoundTrip(req *http.Request) (res *http.Response, err er
 		tracer.Tag(ext.SpanKind, ext.SpanKindClient),
 		tracer.Tag(ext.NetworkDestinationName, url.Hostname()),
 	}
-	var appsecSpanID uint64
-	if appsec.Enabled() {
-		appsecSpanID = rand.Uint64()
-		opts = append(opts, tracer.WithSpanID(appsecSpanID))
-	}
 	if !math.IsNaN(rt.cfg.analyticsRate) {
 		opts = append(opts, tracer.Tag(ext.EventSampleRate, rt.cfg.analyticsRate))
 	}
@@ -85,11 +79,9 @@ func (rt *roundTripper) RoundTrip(req *http.Request) (res *http.Response, err er
 	}
 	if appsec.Enabled() {
 		res, err = httpsec.RoundTrip(httpsec.RoundTripArgs{
-			SpanID: appsecSpanID,
-			Span:   span,
-			Ctx:    ctx,
-			Req:    r2,
-			Rt:     rt.base,
+			Ctx: ctx,
+			Req: r2,
+			Rt:  rt.base,
 		})
 	} else {
 		res, err = rt.base.RoundTrip(r2)
diff --git a/internal/appsec/emitter/httpsec/roundtripper.go b/internal/appsec/emitter/httpsec/roundtripper.go
index ce6676e3ab..90f941f1f9 100644
--- a/internal/appsec/emitter/httpsec/roundtripper.go
+++ b/internal/appsec/emitter/httpsec/roundtripper.go
@@ -22,8 +22,7 @@ type RoundTripArgs struct {
 func RoundTrip(args RoundTripArgs) (*http.Response, error) {
 	url := args.Req.URL.String()
 	opArgs := types.RoundTripOperationArgs{
-		URL:    url,
-		SpanID: args.SpanID,
+		URL: url,
 	}
 
 	parent := fromContext(args.Ctx)
diff --git a/internal/appsec/emitter/httpsec/types/types.go b/internal/appsec/emitter/httpsec/types/types.go
index b75e4b5538..a704855366 100644
--- a/internal/appsec/emitter/httpsec/types/types.go
+++ b/internal/appsec/emitter/httpsec/types/types.go
@@ -77,8 +77,7 @@ type (
 	SDKBodyOperationRes struct{}
 
 	RoundTripOperationArgs struct {
-		URL    string
-		SpanID uint64
+		URL string
 	}
 
 	RoundTripOperationRes struct{}
diff --git a/internal/appsec/listener/sharedsec/shared.go b/internal/appsec/listener/sharedsec/shared.go
index feed8e004b..a3f02ef74d 100644
--- a/internal/appsec/listener/sharedsec/shared.go
+++ b/internal/appsec/listener/sharedsec/shared.go
@@ -7,8 +7,10 @@ package sharedsec
 
 import (
 	"encoding/json"
+
 	"github.com/DataDog/appsec-internal-go/limiter"
 	waf "github.com/DataDog/go-libddwaf/v3"
+	"github.com/DataDog/go-libddwaf/v3/errors"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/emitter/httpsec/types"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/emitter/sharedsec"
@@ -29,8 +31,8 @@ const (
 
 func RunWAF(wafCtx *waf.Context, values waf.RunAddressData) waf.Result {
 	result, err := wafCtx.Run(values)
-	if err == waf.ErrTimeout {
-		log.Debug("appsec: waf timeout value of reached: %v", err)
+	if err == errors.ErrTimeout {
+		log.Debug("appsec: waf timeout value reached: %v", err)
 	} else if err != nil {
 		log.Error("appsec: unexpected waf error: %v", err)
 	}
@@ -132,14 +134,11 @@ func RegisterRoundTripper(op operationWithEvents, wafCtx *waf.Context, limiter l
 		wafResult := RunWAF(wafCtx, waf.RunAddressData{Persistent: map[string]any{ServerIoNetURLAddr: args.URL}})
 
 		// TODO: stacktrace
-		if wafResult.HasEvents() {
-			// TODO: put this in dyngo
-			for _, event := range wafResult.Events {
-				event.(map[string]any)["span_id"] = args.SpanID
-			}
-
-			AddSecurityEvents(op, limiter, wafResult.Events)
-			log.Debug("appsec: WAF detected a suspicious outgoing request URL: %s", args.URL)
+		if !wafResult.HasEvents() {
+			return
 		}
+
+		AddSecurityEvents(op, limiter, wafResult.Events)
+		log.Debug("appsec: WAF detected a suspicious outgoing request URL: %s", args.URL)
 	})
 }