diff --git a/appsec/tests/helper/client_test.cpp b/appsec/tests/helper/client_test.cpp index f300e668a8..1ebec947ac 100644 --- a/appsec/tests/helper/client_test.cpp +++ b/appsec/tests/helper/client_test.cpp @@ -77,17 +77,9 @@ int count_schemas(const std::map &meta) return schemas; } -network::client_init::request get_default_client_init_msg( - std::string rule_config = "valid") +network::client_init::request get_default_client_init_msg() { - std::string fn; - if (rule_config == "valid") - fn = create_sample_rules_ok(); - else if (rule_config == "fingerprint") - fn = create_sample_rules_ok_with_fingerprint(); - else - fn = create_sample_rules_invalid(); - + auto fn = create_sample_rules_ok(); network::client_init::request msg; msg.pid = 1729; msg.enabled_configuration = true; @@ -101,11 +93,10 @@ network::client_init::request get_default_client_init_msg( return msg; } -void set_extension_configuration_to(mock::broker *broker, client &c, - std::optional status, std::string rule_config = "valid") +void set_extension_configuration_to( + mock::broker *broker, client &c, std::optional status) { - network::client_init::request msg = - get_default_client_init_msg(rule_config); + network::client_init::request msg = get_default_client_init_msg(); msg.enabled_configuration = status; send_client_init(broker, c, std::move(msg)); @@ -1781,8 +1772,11 @@ TEST(ClientTest, RequestInitWithFingerprint) client c(smanager, std::unique_ptr(broker)); - set_extension_configuration_to( - broker, c, EXTENSION_CONFIGURATION_ENABLED, "fingerprint"); + network::client_init::request msg = get_default_client_init_msg(); + msg.engine_settings.rules_file = create_sample_rules_ok_with_fingerprint(); + msg.enabled_configuration = EXTENSION_CONFIGURATION_ENABLED; + + send_client_init(broker, c, std::move(msg)); // Request Init { @@ -1867,9 +1861,11 @@ TEST(ClientTest, RequestExecWithFingerprint) client c(smanager, std::unique_ptr(broker)); - set_extension_configuration_to( - broker, c, EXTENSION_CONFIGURATION_ENABLED, "fingerprint"); + network::client_init::request msg = get_default_client_init_msg(); + msg.engine_settings.rules_file = create_sample_rules_ok_with_fingerprint(); + msg.enabled_configuration = EXTENSION_CONFIGURATION_ENABLED; + send_client_init(broker, c, std::move(msg)); request_init(broker, c); // Request Exec @@ -1953,9 +1949,11 @@ TEST(ClientTest, RequestShutdownWithFingerprint) client c(smanager, std::unique_ptr(broker)); - set_extension_configuration_to( - broker, c, EXTENSION_CONFIGURATION_ENABLED, "fingerprint"); + network::client_init::request msg = get_default_client_init_msg(); + msg.engine_settings.rules_file = create_sample_rules_ok_with_fingerprint(); + msg.enabled_configuration = EXTENSION_CONFIGURATION_ENABLED; + send_client_init(broker, c, std::move(msg)); request_init(broker, c); // Request Shutdown diff --git a/appsec/tests/helper/main.cpp b/appsec/tests/helper/main.cpp index abc4626461..1176d3d489 100644 --- a/appsec/tests/helper/main.cpp +++ b/appsec/tests/helper/main.cpp @@ -12,7 +12,198 @@ std::string create_sample_rules_ok() { const static char data[] = - R"({"version":"2.1","metadata":{"rules_version":"1.2.3"},"rules":[{"id":"blk-001-001","name":"BlockIPAddresses","tags":{"type":"block_ip","category":"security_response"},"conditions":[{"parameters":{"inputs":[{"address":"http.client_ip"}],"list":["192.168.1.1"]},"operator":"ip_match"}],"transformers":[],"on_match":["block"]},{"id":"blk-001-002","name":"BlockIPAddresseswithallactions","tags":{"type":"block_ip","category":"security_response"},"conditions":[{"parameters":{"inputs":[{"address":"http.client_ip"}],"list":["192.168.1.2"]},"operator":"ip_match"}],"transformers":[],"on_match":["block","redirect","stack_trace","extract_schema"]},{"id":"crs-913-110","name":"FoundrequestheaderassociatedwithAcunetixsecurityscanner","tags":{"type":"security_scanner","crs_id":"913110","category":"attack_attempt"},"conditions":[{"parameters":{"inputs":[{"address":"server.request.headers.no_cookies"}],"list":["acunetix-product"]},"operator":"phrase_match"}],"transformers":["lowercase"]},{"id":"req_shutdown_rule","name":"Rulematchonresponsecode","tags":{"type":"req_shutdown_type","crs_id":"none","category":"attack_attempt"},"conditions":[{"parameters":{"inputs":[{"address":"server.request.headers.no_cookies"}],"list":["Arachni"]},"operator":"phrase_match"},{"parameters":{"inputs":[{"address":"server.response.code"}],"regex":1991,"options":{"case_sensitive":"false"}},"operator":"match_regex"}]}],"processors":[{"id":"processor-001","generator":"extract_schema","conditions":[{"operator":"equals","parameters":{"inputs":[{"address":"waf.context.processor","key_path":["extract-schema"]}],"type":"boolean","value":true}}],"parameters":{"mappings":[{"inputs":[{"address":"server.request.headers.no_cookies"}],"output":"_dd.appsec.s.req.headers.no_cookies"},{"inputs":[{"address":"server.request.body"}],"output":"_dd.appsec.s.req.body"}],"scanners":[{"tags":{"category":"pii"}}]},"evaluate":false,"output":true}],"scanners":[],"actions":[{"id":"redirect","type":"redirect_request","parameters":{"location":"https://localhost"}}]})"; + R"({ + "version": "2.1", + "metadata": { + "rules_version": "1.2.3" + }, + "rules": [ + { + "id": "blk-001-001", + "name": "BlockIPAddresses", + "tags": { + "type": "block_ip", + "category": "security_response" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "http.client_ip" + } + ], + "list": [ + "192.168.1.1" + ] + }, + "operator": "ip_match" + } + ], + "transformers": [], + "on_match": [ + "block" + ] + }, + { + "id": "blk-001-002", + "name": "BlockIPAddresseswithallactions", + "tags": { + "type": "block_ip", + "category": "security_response" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "http.client_ip" + } + ], + "list": [ + "192.168.1.2" + ] + }, + "operator": "ip_match" + } + ], + "transformers": [], + "on_match": [ + "block", + "redirect", + "stack_trace", + "extract_schema" + ] + }, + { + "id": "crs-913-110", + "name": "FoundrequestheaderassociatedwithAcunetixsecurityscanner", + "tags": { + "type": "security_scanner", + "crs_id": "913110", + "category": "attack_attempt" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "list": [ + "acunetix-product" + ] + }, + "operator": "phrase_match" + } + ], + "transformers": [ + "lowercase" + ] + }, + { + "id": "req_shutdown_rule", + "name": "Rulematchonresponsecode", + "tags": { + "type": "req_shutdown_type", + "crs_id": "none", + "category": "attack_attempt" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "list": [ + "Arachni" + ] + }, + "operator": "phrase_match" + }, + { + "parameters": { + "inputs": [ + { + "address": "server.response.code" + } + ], + "regex": 1991, + "options": { + "case_sensitive": "false" + } + }, + "operator": "match_regex" + } + ] + } + ], + "processors": [ + { + "id": "processor-001", + "generator": "extract_schema", + "conditions": [ + { + "operator": "equals", + "parameters": { + "inputs": [ + { + "address": "waf.context.processor", + "key_path": [ + "extract-schema" + ] + } + ], + "type": "boolean", + "value": true + } + } + ], + "parameters": { + "mappings": [ + { + "inputs": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "output": "_dd.appsec.s.req.headers.no_cookies" + }, + { + "inputs": [ + { + "address": "server.request.body" + } + ], + "output": "_dd.appsec.s.req.body" + } + ], + "scanners": [ + { + "tags": { + "category": "pii" + } + } + ] + }, + "evaluate": false, + "output": true + } + ], + "scanners": [], + "actions": [ + { + "id": "redirect", + "type": "redirect_request", + "parameters": { + "location": "https://localhost" + } + } + ] +})"; char tmpl[] = "/tmp/test_ddappsec_XXXXXX"; int fd = mkstemp(tmpl); @@ -26,7 +217,367 @@ std::string create_sample_rules_ok() std::string create_sample_rules_ok_with_fingerprint() { const static char data[] = - R"({"version":"2.1","metadata":{"rules_version":"1.2.3"},"rules":[{"id":"blk-001-001","name":"BlockIPAddresses","tags":{"type":"block_ip","category":"security_response"},"conditions":[{"parameters":{"inputs":[{"address":"http.client_ip"}],"list":["192.168.1.1"]},"operator":"ip_match"}],"transformers":[],"on_match":["block"]},{"id":"blk-001-002","name":"BlockIPAddresseswithallactions","tags":{"type":"block_ip","category":"security_response"},"conditions":[{"parameters":{"inputs":[{"address":"http.client_ip"}],"list":["192.168.1.2"]},"operator":"ip_match"}],"transformers":[],"on_match":["block","redirect","stack_trace","extract_schema"]},{"id":"crs-913-110","name":"FoundrequestheaderassociatedwithAcunetixsecurityscanner","tags":{"type":"security_scanner","crs_id":"913110","category":"attack_attempt"},"conditions":[{"parameters":{"inputs":[{"address":"server.request.headers.no_cookies"}],"list":["acunetix-product"]},"operator":"phrase_match"}],"transformers":["lowercase"]},{"id":"req_shutdown_rule","name":"Rulematchonresponsecode","tags":{"type":"req_shutdown_type","crs_id":"none","category":"attack_attempt"},"conditions":[{"parameters":{"inputs":[{"address":"server.request.headers.no_cookies"}],"list":["Arachni"]},"operator":"phrase_match"},{"parameters":{"inputs":[{"address":"server.response.code"}],"regex":1991,"options":{"case_sensitive":"false"}},"operator":"match_regex"}]}],"processors":[{"id":"processor-001","generator":"extract_schema","conditions":[{"operator":"equals","parameters":{"inputs":[{"address":"waf.context.processor","key_path":["extract-schema"]}],"type":"boolean","value":true}}],"parameters":{"mappings":[{"inputs":[{"address":"server.request.headers.no_cookies"}],"output":"_dd.appsec.s.req.headers.no_cookies"},{"inputs":[{"address":"server.request.body"}],"output":"_dd.appsec.s.req.body"}],"scanners":[{"tags":{"category":"pii"}}]},"evaluate":false,"output":true},{"id":"http-endpoint-fingerprint","generator":"http_endpoint_fingerprint","conditions":[{"operator":"exists","parameters":{"inputs":[{"address":"waf.context.event"},{"address":"server.business_logic.users.login.failure"},{"address":"server.business_logic.users.login.success"}]}}],"parameters":{"mappings":[{"method":[{"address":"server.request.method"}],"uri_raw":[{"address":"server.request.uri.raw"}],"body":[{"address":"server.request.body"}],"query":[{"address":"server.request.query"}],"output":"_dd.appsec.fp.http.endpoint"}]},"evaluate":false,"output":true},{"id":"http-header-fingerprint","generator":"http_header_fingerprint","conditions":[{"operator":"exists","parameters":{"inputs":[{"address":"waf.context.event"},{"address":"server.business_logic.users.login.failure"},{"address":"server.business_logic.users.login.success"}]}}],"parameters":{"mappings":[{"headers":[{"address":"server.request.headers.no_cookies"}],"output":"_dd.appsec.fp.http.header"}]},"evaluate":false,"output":true},{"id":"http-network-fingerprint","generator":"http_network_fingerprint","conditions":[{"operator":"exists","parameters":{"inputs":[{"address":"waf.context.event"},{"address":"server.business_logic.users.login.failure"},{"address":"server.business_logic.users.login.success"}]}}],"parameters":{"mappings":[{"headers":[{"address":"server.request.headers.no_cookies"}],"output":"_dd.appsec.fp.http.network"}]},"evaluate":false,"output":true},{"id":"session-fingerprint","generator":"session_fingerprint","conditions":[{"operator":"exists","parameters":{"inputs":[{"address":"waf.context.event"},{"address":"server.business_logic.users.login.failure"},{"address":"server.business_logic.users.login.success"}]}}],"parameters":{"mappings":[{"cookies":[{"address":"server.request.cookies"}],"session_id":[{"address":"usr.session_id"}],"user_id":[{"address":"usr.id"}],"output":"_dd.appsec.fp.session"}]},"evaluate":false,"output":true}],"scanners":[],"actions":[{"id":"redirect","type":"redirect_request","parameters":{"location":"https://localhost"}}]})"; + R"({ + "version": "2.1", + "metadata": { + "rules_version": "1.2.3" + }, + "rules": [ + { + "id": "blk-001-001", + "name": "BlockIPAddresses", + "tags": { + "type": "block_ip", + "category": "security_response" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "http.client_ip" + } + ], + "list": [ + "192.168.1.1" + ] + }, + "operator": "ip_match" + } + ], + "transformers": [], + "on_match": [ + "block" + ] + }, + { + "id": "blk-001-002", + "name": "BlockIPAddresseswithallactions", + "tags": { + "type": "block_ip", + "category": "security_response" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "http.client_ip" + } + ], + "list": [ + "192.168.1.2" + ] + }, + "operator": "ip_match" + } + ], + "transformers": [], + "on_match": [ + "block", + "redirect", + "stack_trace", + "extract_schema" + ] + }, + { + "id": "crs-913-110", + "name": "FoundrequestheaderassociatedwithAcunetixsecurityscanner", + "tags": { + "type": "security_scanner", + "crs_id": "913110", + "category": "attack_attempt" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "list": [ + "acunetix-product" + ] + }, + "operator": "phrase_match" + } + ], + "transformers": [ + "lowercase" + ] + }, + { + "id": "req_shutdown_rule", + "name": "Rulematchonresponsecode", + "tags": { + "type": "req_shutdown_type", + "crs_id": "none", + "category": "attack_attempt" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "list": [ + "Arachni" + ] + }, + "operator": "phrase_match" + }, + { + "parameters": { + "inputs": [ + { + "address": "server.response.code" + } + ], + "regex": 1991, + "options": { + "case_sensitive": "false" + } + }, + "operator": "match_regex" + } + ] + } + ], + "processors": [ + { + "id": "processor-001", + "generator": "extract_schema", + "conditions": [ + { + "operator": "equals", + "parameters": { + "inputs": [ + { + "address": "waf.context.processor", + "key_path": [ + "extract-schema" + ] + } + ], + "type": "boolean", + "value": true + } + } + ], + "parameters": { + "mappings": [ + { + "inputs": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "output": "_dd.appsec.s.req.headers.no_cookies" + }, + { + "inputs": [ + { + "address": "server.request.body" + } + ], + "output": "_dd.appsec.s.req.body" + } + ], + "scanners": [ + { + "tags": { + "category": "pii" + } + } + ] + }, + "evaluate": false, + "output": true + }, + { + "id": "http-endpoint-fingerprint", + "generator": "http_endpoint_fingerprint", + "conditions": [ + { + "operator": "exists", + "parameters": { + "inputs": [ + { + "address": "waf.context.event" + }, + { + "address": "server.business_logic.users.login.failure" + }, + { + "address": "server.business_logic.users.login.success" + } + ] + } + } + ], + "parameters": { + "mappings": [ + { + "method": [ + { + "address": "server.request.method" + } + ], + "uri_raw": [ + { + "address": "server.request.uri.raw" + } + ], + "body": [ + { + "address": "server.request.body" + } + ], + "query": [ + { + "address": "server.request.query" + } + ], + "output": "_dd.appsec.fp.http.endpoint" + } + ] + }, + "evaluate": false, + "output": true + }, + { + "id": "http-header-fingerprint", + "generator": "http_header_fingerprint", + "conditions": [ + { + "operator": "exists", + "parameters": { + "inputs": [ + { + "address": "waf.context.event" + }, + { + "address": "server.business_logic.users.login.failure" + }, + { + "address": "server.business_logic.users.login.success" + } + ] + } + } + ], + "parameters": { + "mappings": [ + { + "headers": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "output": "_dd.appsec.fp.http.header" + } + ] + }, + "evaluate": false, + "output": true + }, + { + "id": "http-network-fingerprint", + "generator": "http_network_fingerprint", + "conditions": [ + { + "operator": "exists", + "parameters": { + "inputs": [ + { + "address": "waf.context.event" + }, + { + "address": "server.business_logic.users.login.failure" + }, + { + "address": "server.business_logic.users.login.success" + } + ] + } + } + ], + "parameters": { + "mappings": [ + { + "headers": [ + { + "address": "server.request.headers.no_cookies" + } + ], + "output": "_dd.appsec.fp.http.network" + } + ] + }, + "evaluate": false, + "output": true + }, + { + "id": "session-fingerprint", + "generator": "session_fingerprint", + "conditions": [ + { + "operator": "exists", + "parameters": { + "inputs": [ + { + "address": "waf.context.event" + }, + { + "address": "server.business_logic.users.login.failure" + }, + { + "address": "server.business_logic.users.login.success" + } + ] + } + } + ], + "parameters": { + "mappings": [ + { + "cookies": [ + { + "address": "server.request.cookies" + } + ], + "session_id": [ + { + "address": "usr.session_id" + } + ], + "user_id": [ + { + "address": "usr.id" + } + ], + "output": "_dd.appsec.fp.session" + } + ] + }, + "evaluate": false, + "output": true + } + ], + "scanners": [], + "actions": [ + { + "id": "redirect", + "type": "redirect_request", + "parameters": { + "location": "https://localhost" + } + } + ] +})"; char tmpl[] = "/tmp/test_ddappsec_XXXXXX"; int fd = mkstemp(tmpl); diff --git a/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy b/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy index 6026f82de2..a7562bc190 100644 --- a/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy +++ b/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy @@ -246,10 +246,6 @@ trait CommonTests { } Span span = trace.first() - assert span.meta."appsec.blocked" == "true" - assert span.metrics."_dd.appsec.enabled" == 1.0d - assert span.metrics."_dd.appsec.waf.duration" > 0.0d - assert span.meta."_dd.appsec.event_rules.version" != '' assert span.meta."_dd.appsec.fp.http.endpoint" ==~ /^"http-get(-[a-zA-Z0-9]*){3}"$/ assert span.meta."_dd.appsec.fp.http.header" ==~ /^"hdr(-[0-9]*-[a-zA-Z0-9]*){2}"$/ assert span.meta."_dd.appsec.fp.http.network" ==~ /^"net-[0-9]*-[a-zA-Z0-9]*"$/