Act on request exec response

estringana · estringana · commit ae18b39bb464 · 2024-02-16T16:30:05.000+01:00
diff --git a/appsec/src/extension/ddappsec.c b/appsec/src/extension/ddappsec.c
@@ -498,9 +498,14 @@ static PHP_FUNCTION(datadog_appsec_push_params)
         return;
     }
 
-    dd_request_exec(conn, &parameters_zv);
-
+    dd_result result = dd_request_exec(conn, &parameters_zv);
     zval_ptr_dtor(&parameters_zv);
+
+    if (result == dd_should_block) {
+        dd_request_abort_static_page();
+    } else if (result == dd_should_redirect) {
+        dd_request_abort_redirect();
+    }
 }
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(
diff --git a/appsec/tests/extension/push_params_block.phpt b/appsec/tests/extension/push_params_block.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Push params gets blocked
+--INI--
+extension=ddtrace.so
+datadog.appsec.enabled=1
+--FILE--
+<?php
+use function datadog\appsec\testing\{rinit,rshutdown};
+use function datadog\appsec\push_params;
+
+include __DIR__ . '/inc/mock_helper.php';
+
+$helper = Helper::createInitedRun([
+    response_list(response_request_init(['ok', []])),
+    response_list(response_request_exec(['block', ['status_code' => '404', 'type' => 'json'], ['{"found":"attack"}','{"another":"attack"}']])),
+]);
+
+rinit();
+push_params(["some" => "params", "more" => "parameters"]);
+
+var_dump("THIS SHOULD NOT GET IN THE OUTPUT");
+
+?>
+--EXPECTHEADERS--
+Status: 404 Not Found
+Content-type: application/json
+--EXPECTF--
+{"errors": [{"title": "You've been blocked", "detail": "Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."}]}
+Warning: datadog\appsec\push_params(): Datadog blocked the request and presented a static error page in %s on line %d
diff --git a/appsec/tests/extension/push_params_ok.phpt b/appsec/tests/extension/push_params_ok.phpt
@@ -1,15 +1,8 @@
 --TEST--
-Push params ara sent on request_exec
+Push params are sent on request_exec
 --INI--
 extension=ddtrace.so
-datadog.appsec.waf_timeout=42
 datadog.appsec.enabled=1
---ENV--
-DD_TRACE_GENERATE_ROOT_SPAN=0
-REQUEST_URI=/static01/dynamic01/static02/dynamic02
-URL_SCHEME=http
-HTTP_CONTENT_TYPE=text/plain
-HTTP_CONTENT_LENGTH=0
 --FILE--
 <?php
 use function datadog\appsec\testing\{rinit,rshutdown};
@@ -49,4 +42,4 @@ array(2) {
       }
     }
   }
-}
+}
diff --git a/appsec/tests/extension/push_params_redirect.phpt b/appsec/tests/extension/push_params_redirect.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Push params gets blocked
+--INI--
+extension=ddtrace.so
+datadog.appsec.enabled=1
+--FILE--
+<?php
+use function datadog\appsec\testing\{rinit,rshutdown};
+use function datadog\appsec\push_params;
+
+include __DIR__ . '/inc/mock_helper.php';
+
+$helper = Helper::createInitedRun([
+    response_list(response_request_init(['ok', []])),
+    response_list(response_request_exec(['redirect', ['status_code' => '303', 'location' => 'https://datadoghq.com'], []])),
+]);
+
+rinit();
+push_params(["some" => "params", "more" => "parameters"]);
+
+var_dump("THIS SHOULD NOT GET IN THE OUTPUT");
+
+?>
+--EXPECTHEADERS--
+Status: 303 See Other
+Content-type: text/html; charset=UTF-8
+--EXPECTF--
+Warning: datadog\appsec\push_params(): Datadog blocked the request and attempted a redirection to https://datadoghq.com in %s on line %d
