Node/VM/EC2

Install and attach K2's Go Language Agent with your Go application hosted on Node/VM/EC2 for Runtime Self Application Protection.

Prerequisites

For Go web applications, make sure you have the supported Go versions: 1.15 and above

Steps

Step 1: The K2-Go agent can be attached to your application by running the following commands:

Use the standard golang method to get the K2 package

go get github.com/k2io/go-secure

Step 2: Import the K2 package into the main module of the application.

import _ "github.com/k2io/go-secure"

Note: Import the K2 package before other packages. This ensures it is initialized before any GRPC service registration from any package initialization code.

Step 3: Based on additional packages imported by the user application, add suitable imports.

Package used

K2 Instrumentation package (additionally import)

google.golang.org/grpc

import _ "http://github.com/k2io/go-secure/k2secure/k2secure_grpc"

github.com/antchfx/xpath

import _ "http://github.com/k2io/go-secure/k2secure/k2secure_xpath"

github.com/antchfx/xmlquery

import _ "http://github.com/k2io/go-secure/k2secure/k2secure_xmlquery"

github.com/antchfx/jsonquery

import _ "http://github.com/k2io/go-secure/k2secure/k2secure_jsonquery"

github.com/antchfx/htmlquery

import _ "http://github.com/k2io/go-secure/k2secure/k2secure_htmlquery

go.mongodb.org/mongo-driver/mongo

import _ "http://github.com/k2io/go-secure/k2secure/k2secure_mongo"

github.com/robertkrimen/otto

import _ "http://github.com/k2io/go-secure/k2secure/k2secure_otto"

github.com/augustoroman/v8

import _ "http://github.com/k2io/go-secure/k2secure/k2secure_v8"

github.com/go-ldap/ldap/v3

import _ "http://github.com/k2io/go-secure/k2secure/k2secure_ldap"

Step 4: Special Instructions when the application is running in IAST mode with gRPC

Note: If the running application is in IAST mode with gRPC, follow the special instructions given below otherwise skip to Step 5.

Create the file k2GrpcConf.json in the directory where the application binary is running from in the following format.

{
 "importPaths": [
  "<directory_of_protofile>",
  "<directory_of_protofile>"
 ],
 "importedFiles": [
  "<ProtoFile1>.proto",
  "<ProtoFile2>.proto",
  "<ProtoFil3>.proto"
 ]
}

ImportPaths: All the paths where proto files used by the application are placed (can be multiple entries) importedFiles: All the proto files used by the application (can be multiple entries) Note: If the k2GrpcConf.json is not created, K2 Golang agent would create k2GrpcConf.json in the directory where the application binary is running from.

Step 5: Build and Run the Application using the following build process

go build -gcflags "-l" main.go 2./main

Note: Inlining is disabled to allow K2 to intercept key methods.

To verify if the given application is protected by K2 Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.

Example :

package main

import (
    _ "http://github.com/k2io/go-secure"  // import K2 package
    "fmt"
    "net/http"
)

func main() {
    http.HandleFunc("/", HelloServer)
    http.ListenAndServe(":8080", nil)
}

func HelloServer(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "Hello, %s!", r.URL.Path[1:])
}

PreviousGoNextPython

Last updated

Was this helpful?