Merge pull request #218 from cerberauth/add-sqa-errors-tracking

Add SQA errors and more metrics

api/curl.go

@@ -3,13 +3,12 @@ package api
 import (
 	"net/http"
 
+	"github.com/cerberauth/vulnapi/internal/analytics"
 	"github.com/cerberauth/vulnapi/internal/request"
 	"github.com/cerberauth/vulnapi/scan"
 	"github.com/cerberauth/vulnapi/scenario"
-	"github.com/cerberauth/x/analyticsx"
 	"github.com/gin-gonic/gin"
-	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
 )
 
 type NewURLScanRequest struct {
@@ -20,17 +19,14 @@ type NewURLScanRequest struct {
 	Opts *ScanOptions `json:"options"`
 }
 
-var serverApiUrlTracer = otel.Tracer("server/api/url")
-
 func (h *Handler) ScanURL(ctx *gin.Context) {
 	var form NewURLScanRequest
 	if err := ctx.ShouldBindJSON(&form); err != nil {
 		ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
-	analyticsx.TrackEvent(ctx, serverApiUrlTracer, "Scan URL", []attribute.KeyValue{
-		attribute.String("method", form.Method),
-	})
+	traceCtx, span := tracer.Start(ctx.Request.Context(), "Scan URL")
+	defer span.End()
 
 	opts := parseScanOptions(form.Opts)
 	opts.Header = ctx.Request.Header
@@ -42,21 +38,18 @@ func (h *Handler) ScanURL(ctx *gin.Context) {
 		ExcludeScans: form.Opts.ExcludeScans,
 	})
 	if err != nil {
-		analyticsx.TrackError(ctx, serverApiUrlTracer, err)
+		span.RecordError(err)
+		span.SetStatus(codes.Error, err.Error())
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
 
-	reporter, _, err := s.Execute(func(operationScan *scan.OperationScan) {})
+	reporter, _, err := s.Execute(traceCtx, nil)
 	if err != nil {
-		analyticsx.TrackError(ctx, serverApiUrlTracer, err)
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
-
-	if reporter.HasIssue() {
-		analyticsx.TrackEvent(ctx, serverApiUrlTracer, "Issue Found", nil)
-	}
+	analytics.TrackScanReport(traceCtx, reporter)
 
 	ctx.JSON(http.StatusOK, HTTPResponseReports{
 		Reports: reporter.GetScanReports(),

api/graphql.go

@@ -3,13 +3,12 @@ package api
 import (
 	"net/http"
 
+	"github.com/cerberauth/vulnapi/internal/analytics"
 	"github.com/cerberauth/vulnapi/internal/request"
 	"github.com/cerberauth/vulnapi/scan"
 	"github.com/cerberauth/vulnapi/scenario"
-	"github.com/cerberauth/x/analyticsx"
 	"github.com/gin-gonic/gin"
-	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
 )
 
 type NewGraphQLScanRequest struct {
@@ -18,16 +17,16 @@ type NewGraphQLScanRequest struct {
 	Opts *ScanOptions `json:"options"`
 }
 
-var serverApiGraphQLTracer = otel.Tracer("server/api/graphql")
-
 func (h *Handler) ScanGraphQL(ctx *gin.Context) {
 	var form NewGraphQLScanRequest
 	if err := ctx.ShouldBindJSON(&form); err != nil {
 		ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
 
-	analyticsx.TrackEvent(ctx, serverApiGraphQLTracer, "Scan GraphQL", []attribute.KeyValue{})
+	traceCtx, span := tracer.Start(ctx, "Scan GraphQL")
+	defer span.End()
+
 	opts := parseScanOptions(form.Opts)
 	opts.Header = ctx.Request.Header
 	opts.Cookies = ctx.Request.Cookies()
@@ -38,21 +37,20 @@ func (h *Handler) ScanGraphQL(ctx *gin.Context) {
 		ExcludeScans: form.Opts.ExcludeScans,
 	})
 	if err != nil {
-		analyticsx.TrackError(ctx, serverApiGraphQLTracer, err)
+		span.RecordError(err)
+		span.SetStatus(codes.Error, err.Error())
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
 
-	reporter, _, err := s.Execute(func(operationScan *scan.OperationScan) {})
+	reporter, _, err := s.Execute(traceCtx, nil)
 	if err != nil {
-		analyticsx.TrackError(ctx, serverApiGraphQLTracer, err)
+		span.RecordError(err)
+		span.SetStatus(codes.Error, err.Error())
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
-
-	if reporter.HasIssue() {
-		analyticsx.TrackEvent(ctx, serverApiGraphQLTracer, "Issue Found", nil)
-	}
+	analytics.TrackScanReport(traceCtx, reporter)
 
 	ctx.JSON(http.StatusOK, HTTPResponseReports{
 		Reports: reporter.GetScanReports(),

api/handler.go

@@ -1,6 +1,11 @@
 package api
 
-import "github.com/gin-gonic/gin"
+import (
+	"github.com/gin-gonic/gin"
+	"go.opentelemetry.io/otel"
+)
+
+var tracer = otel.Tracer("server/api")
 
 type Handler struct{}
 

api/openapi.go

@@ -4,15 +4,14 @@ import (
 	"encoding/json"
 	"net/http"
 
+	"github.com/cerberauth/vulnapi/internal/analytics"
 	"github.com/cerberauth/vulnapi/internal/auth"
 	"github.com/cerberauth/vulnapi/internal/request"
 	"github.com/cerberauth/vulnapi/openapi"
 	"github.com/cerberauth/vulnapi/scan"
 	"github.com/cerberauth/vulnapi/scenario"
-	"github.com/cerberauth/x/analyticsx"
 	"github.com/gin-gonic/gin"
-	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
 )
 
 type NewOpenAPIScanRequest struct {
@@ -24,29 +23,31 @@ type NewOpenAPIScanRequest struct {
 	Opts *ScanOptions `json:"options"`
 }
 
-var serverApiOpenAPITracer = otel.Tracer("server/api/openapi")
-
 func (h *Handler) ScanOpenAPI(ctx *gin.Context) {
 	var form NewOpenAPIScanRequest
 	if err := ctx.ShouldBindJSON(&form); err != nil {
 		ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
 
-	openapi, err := openapi.LoadFromData(ctx, []byte(form.Schema))
+	traceCtx, span := tracer.Start(ctx, "Scan OpenAPI")
+	defer span.End()
+
+	openapi, err := openapi.LoadFromData(traceCtx, []byte(form.Schema))
 	if err != nil {
-		analyticsx.TrackError(ctx, serverApiOpenAPITracer, err)
+		span.RecordError(err)
+		span.SetStatus(codes.Error, err.Error())
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
 
 	if err := openapi.Validate(ctx); err != nil {
-		analyticsx.TrackError(ctx, serverApiOpenAPITracer, err)
+		span.RecordError(err)
+		span.SetStatus(codes.Error, err.Error())
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
 
-	analyticsx.TrackEvent(ctx, serverApiOpenAPITracer, "Scan OpenAPI", []attribute.KeyValue{})
 	opts := parseScanOptions(form.Opts)
 	opts.Header = ctx.Request.Header
 	opts.Cookies = ctx.Request.Cookies()
@@ -64,28 +65,28 @@ func (h *Handler) ScanOpenAPI(ctx *gin.Context) {
 		ExcludeScans: form.Opts.ExcludeScans,
 	})
 	if err != nil {
-		analyticsx.TrackError(ctx, serverApiOpenAPITracer, err)
+		span.RecordError(err)
+		span.SetStatus(codes.Error, err.Error())
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
 
-	reporter, _, err := s.Execute(func(operationScan *scan.OperationScan) {})
+	reporter, _, err := s.Execute(traceCtx, nil)
 	if err != nil {
-		analyticsx.TrackError(ctx, serverApiOpenAPITracer, err)
+		span.RecordError(err)
+		span.SetStatus(codes.Error, err.Error())
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
-
-	if reporter.HasIssue() {
-		analyticsx.TrackEvent(ctx, serverApiOpenAPITracer, "Issue Found", nil)
-	}
+	analytics.TrackScanReport(traceCtx, reporter)
 
 	response := HTTPResponseReports{
 		Reports: reporter.GetScanReports(),
 	}
 	_, err = json.Marshal(response)
 	if err != nil {
-		analyticsx.TrackError(ctx, serverApiOpenAPITracer, err)
+		span.RecordError(err)
+		span.SetStatus(codes.Error, err.Error())
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}

cmd/discover/api.go

@@ -4,15 +4,14 @@ import (
 	"log"
 	"net/http"
 
+	"github.com/cerberauth/vulnapi/internal/analytics"
 	internalCmd "github.com/cerberauth/vulnapi/internal/cmd"
 	"github.com/cerberauth/vulnapi/internal/cmd/printtable"
 	"github.com/cerberauth/vulnapi/scan"
 	"github.com/cerberauth/vulnapi/scenario"
-	"github.com/cerberauth/x/analyticsx"
 	"github.com/schollz/progressbar/v3"
 	"github.com/spf13/cobra"
-	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
 )
 
 func NewAPICmd() (apiCmd *cobra.Command) {
@@ -21,14 +20,15 @@ func NewAPICmd() (apiCmd *cobra.Command) {
 		Short: "Discover api endpoints and server information",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			ctx := cmd.Context()
-			tracer := otel.Tracer("discover")
 			baseUrl := args[0]
 
-			analyticsx.TrackEvent(ctx, tracer, "Discover API", []attribute.KeyValue{})
+			ctx, span := tracer.Start(cmd.Context(), "Discover API")
+			defer span.End()
+
 			client, err := internalCmd.NewHTTPClientFromArgs(internalCmd.GetRateLimit(), internalCmd.GetProxy(), internalCmd.GetHeaders(), internalCmd.GetCookies())
 			if err != nil {
-				analyticsx.TrackError(ctx, tracer, err)
+				span.RecordError(err)
+				span.SetStatus(codes.Error, err.Error())
 				log.Fatal(err)
 			}
 
@@ -37,7 +37,8 @@ func NewAPICmd() (apiCmd *cobra.Command) {
 				ExcludeScans: internalCmd.GetExcludeScans(),
 			})
 			if err != nil {
-				analyticsx.TrackError(ctx, tracer, err)
+				span.RecordError(err)
+				span.SetStatus(codes.Error, err.Error())
 				log.Fatal(err)
 			}
 
@@ -47,18 +48,19 @@ func NewAPICmd() (apiCmd *cobra.Command) {
 				// nolint:errcheck
 				defer bar.Finish()
 			}
-			reporter, _, err := s.Execute(func(operationScan *scan.OperationScan) {
+			reporter, _, err := s.Execute(ctx, func(operationScan *scan.OperationScan) {
 				if bar != nil {
 					// nolint:errcheck
 					bar.Add(1)
 				}
 			})
 			if err != nil {
-				analyticsx.TrackError(ctx, tracer, err)
+				span.RecordError(err)
+				span.SetStatus(codes.Error, err.Error())
 				log.Fatal(err)
 			}
 
-			internalCmd.TrackScanReport(ctx, tracer, reporter)
+			analytics.TrackScanReport(ctx, reporter)
 			printtable.WellKnownPathsScanReport(reporter)
 			printtable.FingerprintScanReport(reporter)
 		},

cmd/discover/domain.go

@@ -4,15 +4,14 @@ import (
 	"fmt"
 	"log"
 
+	"github.com/cerberauth/vulnapi/internal/analytics"
 	internalCmd "github.com/cerberauth/vulnapi/internal/cmd"
 	"github.com/cerberauth/vulnapi/internal/cmd/printtable"
 	"github.com/cerberauth/vulnapi/scan"
 	"github.com/cerberauth/vulnapi/scenario"
-	"github.com/cerberauth/x/analyticsx"
 	"github.com/schollz/progressbar/v3"
 	"github.com/spf13/cobra"
-	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
 )
 
 func NewDomainCmd() (domainCmd *cobra.Command) {
@@ -21,14 +20,15 @@ func NewDomainCmd() (domainCmd *cobra.Command) {
 		Short: "Discover subdomains with API endpoints",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			ctx := cmd.Context()
-			tracer := otel.Tracer("discover")
 			domain := args[0]
 
-			analyticsx.TrackEvent(ctx, tracer, "Discover Domain", []attribute.KeyValue{})
+			ctx, span := tracer.Start(cmd.Context(), "Discover Domain")
+			defer span.End()
+
 			client, err := internalCmd.NewHTTPClientFromArgs(internalCmd.GetRateLimit(), internalCmd.GetProxy(), internalCmd.GetHeaders(), internalCmd.GetCookies())
 			if err != nil {
-				analyticsx.TrackError(ctx, tracer, err)
+				span.RecordError(err)
+				span.SetStatus(codes.Error, err.Error())
 				log.Fatal(err)
 			}
 
@@ -38,7 +38,8 @@ func NewDomainCmd() (domainCmd *cobra.Command) {
 				ExcludeScans: internalCmd.GetExcludeScans(),
 			})
 			if err != nil {
-				analyticsx.TrackError(ctx, tracer, err)
+				span.RecordError(err)
+				span.SetStatus(codes.Error, err.Error())
 				log.Fatal(err)
 			}
 			fmt.Printf("Found %d Domains\n", len(scans))
@@ -53,18 +54,19 @@ func NewDomainCmd() (domainCmd *cobra.Command) {
 					// nolint:errcheck
 					defer bar.Finish()
 				}
-				reporter, _, err := s.Execute(func(operationScan *scan.OperationScan) {
+				reporter, _, err := s.Execute(ctx, func(operationScan *scan.OperationScan) {
 					if bar != nil {
 						// nolint:errcheck
 						bar.Add(1)
 					}
 				})
 				if err != nil {
-					analyticsx.TrackError(ctx, tracer, err)
+					span.RecordError(err)
+					span.SetStatus(codes.Error, err.Error())
 					log.Fatal(err)
 				}
 
-				internalCmd.TrackScanReport(ctx, tracer, reporter)
+				analytics.TrackScanReport(ctx, reporter)
 				printtable.WellKnownPathsScanReport(reporter)
 				printtable.FingerprintScanReport(reporter)
 			}

cmd/discover/root.go

@@ -2,8 +2,11 @@ package discover
 
 import (
 	"github.com/spf13/cobra"
+	"go.opentelemetry.io/otel"
 )
 
+var tracer = otel.Tracer("cmd/discover")
+
 func NewDiscoverCmd() (discoverCmd *cobra.Command) {
 	discoverCmd = &cobra.Command{
 		Use:   "discover [type]",