chore(appsec): handle edge cases

Signed-off-by: Alexandre Rulleau <[email protected]>
DataDog · Jan 17, 2025 · fc766b7 · fc766b7
1 parent 39ebaed
commit fc766b7
Show file tree

Hide file tree

Showing 7 changed files with 153 additions and 3 deletions.
diff --git a/appsec/src/extension/tags.c b/appsec/src/extension/tags.c
@@ -1026,6 +1026,8 @@ static PHP_FUNCTION(datadog_appsec_track_user_signup_event_automated)
         // _dd.appsec.usr.id = <user_id>
         _add_new_zstr_to_meta(meta_ht, _dd_appsec_user_id,
             anon_user_id ? anon_user_id : user_id, !anon_user_id, true);
+    } else if (anon_user_id) {
+        zend_string_release(anon_user_id);
     }
 
     // _dd.appsec.events.users.signup.auto.mode =
@@ -1161,9 +1163,6 @@ static PHP_FUNCTION(datadog_appsec_track_user_login_success_event_automated)
             zend_string_release(anon_user_id);
             return;
         }
-
-        user_login = anon_user_login;
-        user_id = anon_user_id;
     }
 
     if (ZSTR_LEN(user_id) > 0) {
@@ -1176,6 +1175,8 @@ static PHP_FUNCTION(datadog_appsec_track_user_login_success_event_automated)
         // _dd.appsec.usr.id = <user_id>
         _add_new_zstr_to_meta(meta_ht, _dd_appsec_user_id,
             anon_user_id ? anon_user_id : user_id, !anon_user_id, true);
+    } else if (anon_user_id) {
+        zend_string_release(anon_user_id);
     }
 
     // _dd.appsec.events.users.login.success.auto.mode =
@@ -1325,6 +1326,8 @@ static PHP_FUNCTION(datadog_appsec_track_user_login_failure_event_automated)
         // _dd.appsec.usr.id = <user_id>
         _add_new_zstr_to_meta(meta_ht, _dd_appsec_user_id,
             anon_user_id ? anon_user_id : user_id, !anon_user_id, true);
+    } else if (anon_user_id) {
+        zend_string_release(anon_user_id);
     }
 
     // _dd.appsec.events.users.login.failure.auto.mode =
@@ -1341,6 +1344,8 @@ static PHP_FUNCTION(datadog_appsec_track_user_login_failure_event_automated)
         _add_new_zstr_to_meta(meta_ht, _dd_appsec_user_login,
             anon_user_login ? anon_user_login : user_login, !anon_user_login,
             true);
+    } else if (anon_user_login) {
+        zend_string_release(anon_user_login);
     }
 
     // appsec.events.users.login.failure.track = true

diff --git a/appsec/tests/extension/track_user_login_failure_event_automated_anon_mode_no_login.phpt b/appsec/tests/extension/track_user_login_failure_event_automated_anon_mode_no_login.phpt
@@ -0,0 +1,39 @@
+--TEST--
+Track automated user login failure with anonymization mode and verify the tags in the root span
+--INI--
+extension=ddtrace.so
+--ENV--
+DD_APPSEC_ENABLED=1
+DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=anon
+--FILE--
+<?php
+use function datadog\appsec\testing\root_span_get_meta;
+use function datadog\appsec\track_user_login_failure_event_automated;
+include __DIR__ . '/inc/ddtrace_version.php';
+
+ddtrace_version_at_least('0.79.0');
+
+track_user_login_failure_event_automated("", "automatedID",
+    true,
+    [
+        "value" => "something",
+        "metadata" => "some other metadata",
+        "email" => "[email protected]"
+    ]
+);
+
+echo "root_span_get_meta():\n";
+print_r(root_span_get_meta());
+?>
+--EXPECTF--
+root_span_get_meta():
+Array
+(
+    [runtime-id] => %s
+    [appsec.events.users.login.failure.usr.id] => anon_b3ddafd7029d645b44fb990eea55b003
+    [_dd.appsec.usr.id] => anon_b3ddafd7029d645b44fb990eea55b003
+    [_dd.appsec.events.users.login.failure.auto.mode] => anonymization
+    [appsec.events.users.login.failure.track] => true
+    [appsec.events.users.login.failure.usr.exists] => true
+    [server.business_logic.users.login.failure] => null
+)
diff --git a/appsec/tests/extension/track_user_login_failure_event_automated_anon_mode_no_user.phpt b/appsec/tests/extension/track_user_login_failure_event_automated_anon_mode_no_user.phpt
@@ -0,0 +1,39 @@
+--TEST--
+Track automated user login failure with anonymization mode and verify the tags in the root span
+--INI--
+extension=ddtrace.so
+--ENV--
+DD_APPSEC_ENABLED=1
+DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=anon
+--FILE--
+<?php
+use function datadog\appsec\testing\root_span_get_meta;
+use function datadog\appsec\track_user_login_failure_event_automated;
+include __DIR__ . '/inc/ddtrace_version.php';
+
+ddtrace_version_at_least('0.79.0');
+
+track_user_login_failure_event_automated("login", "",
+    true,
+    [
+        "value" => "something",
+        "metadata" => "some other metadata",
+        "email" => "[email protected]"
+    ]
+);
+
+echo "root_span_get_meta():\n";
+print_r(root_span_get_meta());
+?>
+--EXPECTF--
+root_span_get_meta():
+Array
+(
+    [runtime-id] => %s
+    [_dd.appsec.events.users.login.failure.auto.mode] => anonymization
+    [appsec.events.users.login.failure.usr.login] => anon_428821350e9691491f616b754cd8315f
+    [_dd.appsec.usr.login] => anon_428821350e9691491f616b754cd8315f
+    [appsec.events.users.login.failure.track] => true
+    [appsec.events.users.login.failure.usr.exists] => true
+    [server.business_logic.users.login.failure] => null
+)
diff --git a/appsec/tests/extension/track_user_login_success_event_automated_anon_mode_no_user.phpt b/appsec/tests/extension/track_user_login_success_event_automated_anon_mode_no_user.phpt
@@ -0,0 +1,31 @@
+--TEST--
+Track automated user login success event with anonymization mode and verify the tags in the root span
+--INI--
+extension=ddtrace.so
+--ENV--
+DD_APPSEC_ENABLED=1
+DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=anon
+--FILE--
+<?php
+use function datadog\appsec\testing\root_span_get_meta;
+use function datadog\appsec\track_user_login_success_event_automated;
+include __DIR__ . '/inc/ddtrace_version.php';
+
+ddtrace_version_at_least('0.79.0');
+
+track_user_login_success_event_automated("login", "", ['something' => 'discarded']);
+
+echo "root_span_get_meta():\n";
+print_r(root_span_get_meta());
+?>
+--EXPECTF--
+root_span_get_meta():
+Array
+(
+    [runtime-id] => %s
+    [_dd.appsec.events.users.login.success.auto.mode] => anonymization
+    [appsec.events.users.login.success.usr.login] => anon_428821350e9691491f616b754cd8315f
+    [_dd.appsec.usr.login] => anon_428821350e9691491f616b754cd8315f
+    [appsec.events.users.login.success.track] => true
+    [server.business_logic.users.login.success] => null
+)
diff --git a/..._user_login_success_event_empty_user.phpt → ...ack_user_login_success_event_no_user.phpt b/..._user_login_success_event_empty_user.phpt → ...ack_user_login_success_event_no_user.phpt
diff --git a/appsec/tests/extension/track_user_signup_event_automated_anon_mode_no_user.phpt b/appsec/tests/extension/track_user_signup_event_automated_anon_mode_no_user.phpt
@@ -0,0 +1,36 @@
+--TEST--
+Track automated user sign up event with anonymization mode and verify the tags in the root span
+--INI--
+extension=ddtrace.so
+--ENV--
+DD_APPSEC_ENABLED=1
+DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=anon
+--FILE--
+<?php
+use function datadog\appsec\testing\root_span_get_meta;
+use function datadog\appsec\track_user_signup_event_automated;
+include __DIR__ . '/inc/ddtrace_version.php';
+
+ddtrace_version_at_least('0.79.0');
+
+track_user_signup_event_automated("login", "",
+[
+    "value" => "something",
+    "metadata" => "some other metadata",
+    "email" => "[email protected]"
+]);
+
+echo "root_span_get_meta():\n";
+print_r(root_span_get_meta());
+?>
+--EXPECTF--
+root_span_get_meta():
+Array
+(
+    [runtime-id] => %s
+    [_dd.appsec.events.users.signup.auto.mode] => anonymization
+    [appsec.events.users.signup.usr.login] => anon_428821350e9691491f616b754cd8315f
+    [_dd.appsec.usr.login] => anon_428821350e9691491f616b754cd8315f
+    [appsec.events.users.signup.track] => true
+    [server.business_logic.users.signup] => null
+)
diff --git a/...n/track_user_signup_event_empty_user.phpt → ...sion/track_user_signup_event_no_user.phpt b/...n/track_user_signup_event_empty_user.phpt → ...sion/track_user_signup_event_no_user.phpt