Go Integration

This page contains details on how to properly integrate with the Go agent. Feel free to contact us if you don't find the details you need in this page.


RASP Protection

Aborting the request

RASP protection do not panic but rather make benefit from the Go error-handling principle and pattern in order to bubble up errors and stop handling the request. Therefore, returned errors should never be ignored and requests should not be further handled when an error is returned.

Note that the HTTP response is automatically written by Sqreen's middleware function according to your dashboard setting.

Go request context

The Go context of a request is used in order to properly abort every sub-operation and goroutine. Every handler sub-operation, such as SQL queries, should use the request context to be properly aborted when Sqreen cancels the context because of a detected attack.

The request context is also used by the middleware function in order to store everything required by Sqreen protections to run. They will be disabled when not available.

The following example can be properly protected because the request context is used while the deprecated Query() method wouldn't be.

func handler(w http.ResponseWrite, r *http.Request) {
  unsafe := r.FormValue("id")
  rows, err := db.QueryContext(r.Context(), "select id, name from users where id=" + unsafe)
  if err != nil {
    log.Error(err)
    return
  }
  defer rows.Close()
  // ...
}