Add path params to wordpress

Author: estringana

src/Integrations/Integrations/WordPress/WordPressIntegration.php

@@ -70,6 +70,19 @@ public function init()
             return true;
         });
 
+        \DDTrace\hook_method('WP', 'main',  null, function ($This, $scope, $args) {
+            if (\property_exists($This, 'did_permalink') && $This->did_permalink === true) {
+                if (function_exists('\datadog\appsec\push_params') &&
+                    \property_exists($This, 'query_vars') &&
+                    function_exists('is_404') && is_404() === false) {
+                    $parameters = $This->query_vars;
+                    if (count($parameters) > 0) {
+                        \datadog\appsec\push_params($parameters);
+                    }
+                }
+            }
+        });
+
         \DDTrace\hook_function(
             'wp_authenticate',
             null,

tests/Frameworks/WordPress/Version_4_8/wp-config.php

@@ -89,5 +89,8 @@
 if ( !defined('ABSPATH') )
 	define('ABSPATH', dirname(__FILE__) . '/');
 
+//Appsec mock. This wont be needed on customer apps since this functions will be exposed by appsec
+ require __DIR__.'/../../../Appsec/Mock.php';
+
 /** Sets up WordPress vars and included files. */
 require_once(ABSPATH . 'wp-settings.php');

tests/Frameworks/WordPress/Version_4_8/wp-login.php

@@ -11,9 +11,6 @@
 /** Make sure that the WordPress bootstrap has run before continuing. */
 require( dirname(__FILE__) . '/wp-load.php' );
 
-//Appsec mock. This wont be needed on customer apps since this functions will be exposed by appsec
- require __DIR__.'/../../../Appsec/Mock.php';
-
 // Redirect to https login if forced to use SSL
 if ( force_ssl_admin() && ! is_ssl() ) {
 	if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {

tests/Frameworks/WordPress/Version_5_5/wp-config.php

@@ -94,5 +94,8 @@
 	define( 'ABSPATH', __DIR__ . '/' );
 }
 
+//Appsec mock. This wont be needed on customer apps since this functions will be exposed by appsec
+ require __DIR__.'/../../../Appsec/Mock.php';
+
 /** Sets up WordPress vars and included files. */
 require_once ABSPATH . 'wp-settings.php';

tests/Frameworks/WordPress/Version_5_5/wp-login.php

@@ -11,9 +11,6 @@
 /** Make sure that the WordPress bootstrap has run before continuing. */
 require __DIR__ . '/wp-load.php';
 
-//Appsec mock. This wont be needed on customer apps since this functions will be exposed by appsec
- require __DIR__.'/../../../Appsec/Mock.php';
-
 // Redirect to HTTPS login if forced to use SSL.
 if ( force_ssl_admin() && ! is_ssl() ) {
 	if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {

tests/Frameworks/WordPress/Version_5_9/wp-config.php

@@ -0,0 +1,97 @@
+<?php
+
+namespace DDTrace\Tests\Integrations\WordPress\V5_9;
+
+use DDTrace\Tests\Common\WebFrameworkTestCase;
+use DDTrace\Tests\Frameworks\Util\Request\GetSpec;
+use datadog\appsec\AppsecStatus;
+
+class PathParamsTest extends WebFrameworkTestCase
+{
+    protected static function getAppIndexScript()
+    {
+        return __DIR__ . '/../../../Frameworks/WordPress/Version_4_8/index.php';
+    }
+
+    protected function connection()
+    {
+        return new \PDO('mysql:host=mysql_integration;dbname=test', 'test', 'test');
+    }
+
+    protected function ddSetUp()
+    {
+        parent::ddSetUp();
+        $this->connection()->exec(file_get_contents(__DIR__ . '/../../../Frameworks/WordPress/Version_5_5/wp_2020-10-21.sql'));
+        AppsecStatus::getInstance()->setDefaults();
+    }
+
+    public static function ddSetUpBeforeClass()
+    {
+        parent::ddSetUpBeforeClass();
+        AppsecStatus::getInstance()->init();
+    }
+
+    public static function ddTearDownAfterClass()
+    {
+        AppsecStatus::getInstance()->destroy();
+        parent::ddTearDownAfterClass();
+    }
+
+    public function testPost()
+    {
+        $this->call(
+            GetSpec::create(
+                'Post example',
+                '/hello-world'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(1, count($events));
+        $this->assertEquals('hello-world', $events[0]['name']);
+        $this->assertEquals('push_params', $events[0]['eventName']);
+    }
+
+    public function testCategory()
+    {
+        $this->call(
+            GetSpec::create(
+                'Category',
+                '/category/uncategorized'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(1, count($events));
+        $this->assertEquals('uncategorized', $events[0]['category_name']);
+        $this->assertEquals('push_params', $events[0]['eventName']);
+    }
+
+    public function testAuthor()
+    {
+        $this->call(
+            GetSpec::create(
+                'Author',
+                '/author/test'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(1, count($events));
+        $this->assertEquals('test', $events[0]['author_name']);
+        $this->assertEquals('push_params', $events[0]['eventName']);
+    }
+
+    public function testNonExistingPost()
+    {
+       $this->call(
+            GetSpec::create(
+                'Not existing post',
+                '/non-existing-post'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(0, count($events));
+    }
+}

tests/Frameworks/WordPress/Version_5_9/wp-login.php

@@ -0,0 +1,97 @@
+<?php
+
+namespace DDTrace\Tests\Integrations\WordPress\V5_9;
+
+use DDTrace\Tests\Common\WebFrameworkTestCase;
+use DDTrace\Tests\Frameworks\Util\Request\GetSpec;
+use datadog\appsec\AppsecStatus;
+
+class PathParamsTest extends WebFrameworkTestCase
+{
+    protected static function getAppIndexScript()
+    {
+        return __DIR__ . '/../../../Frameworks/WordPress/Version_5_5/index.php';
+    }
+
+    protected function connection()
+    {
+        return new \PDO('mysql:host=mysql_integration;dbname=test', 'test', 'test');
+    }
+
+    protected function ddSetUp()
+    {
+        parent::ddSetUp();
+        $this->connection()->exec(file_get_contents(__DIR__ . '/../../../Frameworks/WordPress/Version_5_5/wp_2020-10-21.sql'));
+        AppsecStatus::getInstance()->setDefaults();
+    }
+
+    public static function ddSetUpBeforeClass()
+    {
+        parent::ddSetUpBeforeClass();
+        AppsecStatus::getInstance()->init();
+    }
+
+    public static function ddTearDownAfterClass()
+    {
+        AppsecStatus::getInstance()->destroy();
+        parent::ddTearDownAfterClass();
+    }
+
+    public function testPost()
+    {
+        $this->call(
+            GetSpec::create(
+                'Post example',
+                '/hello-world'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(1, count($events));
+        $this->assertEquals('hello-world', $events[0]['name']);
+        $this->assertEquals('push_params', $events[0]['eventName']);
+    }
+
+    public function testCategory()
+    {
+        $this->call(
+            GetSpec::create(
+                'Category',
+                '/category/uncategorized'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(1, count($events));
+        $this->assertEquals('uncategorized', $events[0]['category_name']);
+        $this->assertEquals('push_params', $events[0]['eventName']);
+    }
+
+    public function testAuthor()
+    {
+        $this->call(
+            GetSpec::create(
+                'Author',
+                '/author/test'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(1, count($events));
+        $this->assertEquals('test', $events[0]['author_name']);
+        $this->assertEquals('push_params', $events[0]['eventName']);
+    }
+
+    public function testNonExistingPost()
+    {
+       $this->call(
+            GetSpec::create(
+                'Not existing post',
+                '/non-existing-post'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(0, count($events));
+    }
+}

tests/Integrations/WordPress/V4_8/PathParamsTest.php

@@ -4,6 +4,7 @@
 
 use DDTrace\Tests\Common\WebFrameworkTestCase;
 use DDTrace\Tests\Frameworks\Util\Request\PostSpec;
+use DDTrace\Tests\Frameworks\Util\Request\GetSpec;
 use datadog\appsec\AppsecStatus;
 
 class AutomatedLoginEventsTest extends WebFrameworkTestCase
@@ -137,4 +138,14 @@ public function testUserSignUp()
        $this->assertEquals($users[0]['user_login'], $signUpEvent['metadata']['username']);
        $this->assertEquals($users[0]['user_email'], $signUpEvent['metadata']['email']);
     }
+
+     public function testAlex()
+    {
+            var_dump($this->call(
+                GetSpec::create(
+                    'A simple GET request with a view',
+                    '/hello-world'
+                )
+            ));
+    }
 }

tests/Integrations/WordPress/V5_5/PathParamsTest.php

@@ -0,0 +1,97 @@
+<?php
+
+namespace DDTrace\Tests\Integrations\WordPress\V5_9;
+
+use DDTrace\Tests\Common\WebFrameworkTestCase;
+use DDTrace\Tests\Frameworks\Util\Request\GetSpec;
+use datadog\appsec\AppsecStatus;
+
+class PathParamsTest extends WebFrameworkTestCase
+{
+    protected static function getAppIndexScript()
+    {
+        return __DIR__ . '/../../../Frameworks/WordPress/Version_5_9/index.php';
+    }
+
+    protected function connection()
+    {
+        return new \PDO('mysql:host=mysql_integration;dbname=test', 'test', 'test');
+    }
+
+    protected function ddSetUp()
+    {
+        parent::ddSetUp();
+        $this->connection()->exec(file_get_contents(__DIR__ . '/../../../Frameworks/WordPress/Version_5_5/wp_2020-10-21.sql'));
+        AppsecStatus::getInstance()->setDefaults();
+    }
+
+    public static function ddSetUpBeforeClass()
+    {
+        parent::ddSetUpBeforeClass();
+        AppsecStatus::getInstance()->init();
+    }
+
+    public static function ddTearDownAfterClass()
+    {
+        AppsecStatus::getInstance()->destroy();
+        parent::ddTearDownAfterClass();
+    }
+
+    public function testPost()
+    {
+        $this->call(
+            GetSpec::create(
+                'Post example',
+                '/hello-world'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(1, count($events));
+        $this->assertEquals('hello-world', $events[0]['name']);
+        $this->assertEquals('push_params', $events[0]['eventName']);
+    }
+
+    public function testCategory()
+    {
+        $this->call(
+            GetSpec::create(
+                'Category',
+                '/category/uncategorized'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(1, count($events));
+        $this->assertEquals('uncategorized', $events[0]['category_name']);
+        $this->assertEquals('push_params', $events[0]['eventName']);
+    }
+
+    public function testAuthor()
+    {
+        $this->call(
+            GetSpec::create(
+                'Author',
+                '/author/test'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(1, count($events));
+        $this->assertEquals('test', $events[0]['author_name']);
+        $this->assertEquals('push_params', $events[0]['eventName']);
+    }
+
+    public function testNonExistingPost()
+    {
+       $this->call(
+            GetSpec::create(
+                'Not existing post',
+                '/non-existing-post'
+            )
+        );
+
+        $events = AppsecStatus::getInstance()->getEvents();
+        $this->assertEquals(0, count($events));
+    }
+}