[WP] Implementation of Otel 4947 thread context: dd-trace-go test

Gui774ume · Gui774ume · commit c0a283b473d3 · 2026-04-10T21:41:48.000+02:00
diff --git a/pkg/security/tests/span_test.go b/pkg/security/tests/span_test.go
@@ -14,6 +14,7 @@ import (
 	"os/exec"
 	"runtime"
 	"strconv"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -307,3 +308,82 @@ func TestGoSpan(t *testing.T) {
 		})
 	})
 }
+
+// TestDDTraceGoSpan tests the full dd-trace-go integration: dd-trace-go creates
+// a real span which internally sets pprof labels ("span id", "local root span id"),
+// and the eBPF Go labels reader extracts them from the goroutine's label storage.
+func TestDDTraceGoSpan(t *testing.T) {
+	SkipIfNotAvailable(t)
+
+	ruleDefs := []*rules.RuleDefinition{
+		{
+			ID:         "test_ddtrace_span_rule_open",
+			Expression: `open.file.path == "{{.Root}}/test-ddtrace-span"`,
+		},
+	}
+
+	test, err := newTestModule(t, nil, ruleDefs)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer test.Close()
+
+	goSyscallTester, err := loadSyscallTester(t, test, "syscall_go_tester")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Run("ddtrace_span", func(t *testing.T) {
+		test.RunMultiMode(t, "open", func(t *testing.T, _ wrapperType, cmdFunc func(cmd string, args []string, envs []string) *exec.Cmd) {
+			testFile, _, err := test.Path("test-ddtrace-span")
+			if err != nil {
+				t.Fatal(err)
+			}
+			defer os.Remove(testFile)
+
+			args := []string{
+				"-ddtrace-span-test",
+				"-ddtrace-span-file-path", testFile,
+			}
+			envs := []string{}
+
+			// Capture the tester's stdout to extract the span IDs
+			// that dd-trace-go generated at runtime.
+			var expectedSpanID, expectedLocalRootSpanID uint64
+
+			test.WaitSignalFromRule(t, func() error {
+				cmd := cmdFunc(goSyscallTester, args, envs)
+				out, err := cmd.CombinedOutput()
+
+				if err != nil {
+					return fmt.Errorf("%s: %w", out, err)
+				}
+
+				// Parse the span IDs from the tester's output.
+				for _, line := range strings.Split(string(out), "\n") {
+					if strings.HasPrefix(line, "ddtrace_span_id=") {
+						val := strings.TrimPrefix(line, "ddtrace_span_id=")
+						expectedSpanID, _ = strconv.ParseUint(strings.TrimSpace(val), 10, 64)
+					}
+					if strings.HasPrefix(line, "ddtrace_local_root_span_id=") {
+						val := strings.TrimPrefix(line, "ddtrace_local_root_span_id=")
+						expectedLocalRootSpanID, _ = strconv.ParseUint(strings.TrimSpace(val), 10, 64)
+					}
+				}
+
+				if expectedSpanID == 0 {
+					return fmt.Errorf("failed to parse ddtrace_span_id from output: %s", out)
+				}
+
+				return nil
+			}, func(event *model.Event, rule *rules.Rule) {
+				assertTriggeredRule(t, rule, "test_ddtrace_span_rule_open")
+
+				assert.Equal(t, expectedSpanID, event.SpanContext.SpanID,
+					"span ID should match the dd-trace-go generated value")
+				assert.Equal(t, expectedLocalRootSpanID, event.SpanContext.TraceID.Lo,
+					"trace ID lo should match the dd-trace-go local root span ID")
+			}, "test_ddtrace_span_rule_open")
+		})
+	})
+}
diff --git a/pkg/security/tests/syscall_tester/go/syscall_go_tester.go b/pkg/security/tests/syscall_tester/go/syscall_go_tester.go
@@ -17,12 +17,14 @@ import (
 	"net/http"
 	"os"
 	"os/exec"
+	"runtime"
 	"runtime/pprof"
 	"strconv"
 	"syscall"
 	"time"
 	"unsafe"
 
+	"github.com/DataDog/dd-trace-go/v2/ddtrace/tracer"
 	manager "github.com/DataDog/ebpf-manager"
 	"github.com/syndtr/gocapability/capability"
 	"github.com/vishvananda/netlink"
@@ -55,6 +57,8 @@ var (
 	goSpanSpanID          string
 	goSpanLocalRootSpanID string
 	goSpanFilePath        string
+	ddtraceSpanTest       bool
+	ddtraceSpanFilePath   string
 )
 
 //go:embed ebpf_probe.o
@@ -340,6 +344,89 @@ func RunGoSpanTest(spanID, localRootSpanID, filePath string) error {
 	return nil
 }
 
+// RunDDTraceSpanTest uses dd-trace-go to create a real span, which sets pprof
+// labels automatically via the profiler code hotspots integration. This tests
+// the full dd-trace-go → pprof labels → eBPF Go labels reader pipeline.
+func RunDDTraceSpanTest(filePath string) error {
+	// Create and seal a tracer-info memfd with tracer_language="go".
+	type TracerMeta struct {
+		SchemaVersion  uint8  `msgpack:"schema_version"`
+		TracerLanguage string `msgpack:"tracer_language"`
+		TracerVersion  string `msgpack:"tracer_version"`
+		Hostname       string `msgpack:"hostname"`
+		ServiceName    string `msgpack:"service_name"`
+	}
+	meta := TracerMeta{
+		SchemaVersion:  2,
+		TracerLanguage: "go",
+		TracerVersion:  "0.0.1-test",
+		Hostname:       "test",
+		ServiceName:    "ddtrace-test",
+	}
+	data, err := msgpack.Marshal(&meta)
+	if err != nil {
+		return fmt.Errorf("msgpack marshal: %w", err)
+	}
+
+	fd, err := unix.MemfdCreate("datadog-tracer-info-ddtrace0", unix.MFD_ALLOW_SEALING)
+	if err != nil {
+		return fmt.Errorf("memfd_create: %w", err)
+	}
+	defer unix.Close(fd)
+
+	if _, err := unix.Write(fd, data); err != nil {
+		return fmt.Errorf("memfd write: %w", err)
+	}
+	const fAddSeals = 1033
+	const fSealWrite = 0x0008
+	const fSealShrink = 0x0002
+	const fSealGrow = 0x0004
+	if _, _, errno := syscall.Syscall(syscall.SYS_FCNTL, uintptr(fd), fAddSeals, fSealWrite|fSealShrink|fSealGrow); errno != 0 {
+		return fmt.Errorf("memfd seal: %w", errno)
+	}
+
+	// Wait for the agent to process the memfd seal event and populate the BPF map.
+	time.Sleep(500 * time.Millisecond)
+
+	// Start dd-trace-go with:
+	// - WithTestDefaults: uses a dummy transport (no real agent needed)
+	// - WithProfilerCodeHotspots: enables "span id" and "local root span id" pprof labels
+	// - WithService: set a service name
+	tracer.Start(
+		tracer.WithTestDefaults(nil),
+		tracer.WithProfilerCodeHotspots(true),
+		tracer.WithService("ddtrace-test"),
+		tracer.WithLogStartup(false),
+	)
+	defer tracer.Stop()
+
+	// Create a span. dd-trace-go will automatically set pprof labels
+	// "span id" and "local root span id" on the current goroutine.
+	span, ctx := tracer.StartSpanFromContext(context.Background(), "test.operation")
+
+	// Print the span ID and local root span ID so the test can parse and verify them.
+	spanID := span.Context().SpanID()
+	localRootSpanID := span.Root().Context().SpanID()
+	fmt.Printf("ddtrace_span_id=%d\n", spanID)
+	fmt.Printf("ddtrace_local_root_span_id=%d\n", localRootSpanID)
+
+	_ = ctx
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+
+	// Trigger the file open that the CWS rule is watching.
+	f, err := os.Create(filePath)
+	if err != nil {
+		span.Finish()
+		return fmt.Errorf("create file: %w", err)
+	}
+	f.Close()
+	os.Remove(filePath)
+
+	span.Finish()
+	return nil
+}
+
 func main() {
 	flag.BoolVar(&bpfLoad, "load-bpf", false, "load the eBPF programs")
 	flag.BoolVar(&bpfClone, "clone-bpf", false, "clone maps")
@@ -360,6 +447,8 @@ func main() {
 	flag.StringVar(&goSpanSpanID, "go-span-span-id", "", "span ID for the Go span test (decimal string)")
 	flag.StringVar(&goSpanLocalRootSpanID, "go-span-local-root-span-id", "", "local root span ID for the Go span test (decimal string)")
 	flag.StringVar(&goSpanFilePath, "go-span-file-path", "", "file path to open for the Go span test")
+	flag.BoolVar(&ddtraceSpanTest, "ddtrace-span-test", false, "when set, runs the dd-trace-go span test")
+	flag.StringVar(&ddtraceSpanFilePath, "ddtrace-span-file-path", "", "file path to open for the dd-trace-go span test")
 
 	flag.Parse()
 
@@ -426,4 +515,10 @@ func main() {
 			panic(err)
 		}
 	}
+
+	if ddtraceSpanTest {
+		if err := RunDDTraceSpanTest(ddtraceSpanFilePath); err != nil {
+			panic(err)
+		}
+	}
 }
