From 1c805a7278254b65ce76dd010dc75043e9a6d430 Mon Sep 17 00:00:00 2001 From: Anil Mahtani <929854+Anilm3@users.noreply.github.com> Date: Thu, 19 Dec 2024 13:59:07 +0000 Subject: [PATCH 1/2] Upgrade libddwaf to v1.22.0 --- appsec/tests/helper/client_test.cpp | 2 +- appsec/tests/helper/waf_test.cpp | 6 ++++-- appsec/third_party/libddwaf | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/appsec/tests/helper/client_test.cpp b/appsec/tests/helper/client_test.cpp index 2a2824beee..2ed3c18827 100644 --- a/appsec/tests/helper/client_test.cpp +++ b/appsec/tests/helper/client_test.cpp @@ -2760,7 +2760,7 @@ TEST(ClientTest, RaspCalls) dynamic_cast(res.get()); EXPECT_EQ(msg_res->metrics.size(), 3); - EXPECT_GT(msg_res->metrics[metrics::waf_duration], 0.0); + EXPECT_GE(msg_res->metrics[metrics::waf_duration], 0.0); EXPECT_EQ(msg_res->metrics[metrics::rasp_rule_eval], 1); EXPECT_GE(msg_res->metrics[metrics::rasp_duration], 0.0); } diff --git a/appsec/tests/helper/waf_test.cpp b/appsec/tests/helper/waf_test.cpp index d9d470dc11..cd71d69f6b 100644 --- a/appsec/tests/helper/waf_test.cpp +++ b/appsec/tests/helper/waf_test.cpp @@ -117,8 +117,10 @@ TEST(WafTest, RunWithTimeout) EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_timeout, 1)); EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_rule_eval, 1.0)); - EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, 0.0)); - EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_duration, 0.0)); + // Since v1.22.0 libddwaf will still attempt to run denylists, which + // will cause the duration to be non-zero + EXPECT_CALL(submitm, submit_span_metric(metrics::waf_duration, _)); + EXPECT_CALL(submitm, submit_span_metric(metrics::rasp_duration, _)); parameter_view pv(p); dds::event e; bool is_rasp = true; diff --git a/appsec/third_party/libddwaf b/appsec/third_party/libddwaf index de06f7afb2..990e73c55f 160000 --- a/appsec/third_party/libddwaf +++ b/appsec/third_party/libddwaf @@ -1 +1 @@ -Subproject commit de06f7afb2112152b9f7e137109358cf4762f90d +Subproject commit 990e73c55fb070225bdb853ab2334efe7c151dc2 From 7c4b3c29aadbd5ffe72ffa18f8f857f1154e9cdc Mon Sep 17 00:00:00 2001 From: Anil Mahtani <929854+Anilm3@users.noreply.github.com> Date: Thu, 19 Dec 2024 14:56:55 +0000 Subject: [PATCH 2/2] Fix integration tests --- .../appsec/php/integration/CommonTests.groovy | 2 +- .../tests/integration/src/test/waf/recommended.json | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy b/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy index d56ce2d1dd..972ba03577 100644 --- a/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy +++ b/appsec/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy @@ -181,7 +181,7 @@ trait CommonTests { @Test void 'test blocking and stack generation'() { - HttpRequest req = container.buildReq('/generate_stack.php?id=user2020').GET().build() + HttpRequest req = container.buildReq('/generate_stack.php?id=stack_user').GET().build() def trace = container.traceFromRequest(req, ofString()) { HttpResponse re -> assert re.statusCode() == 403 assert re.body().contains('blocked') diff --git a/appsec/tests/integration/src/test/waf/recommended.json b/appsec/tests/integration/src/test/waf/recommended.json index 8b8ec5695d..6d60f3236e 100644 --- a/appsec/tests/integration/src/test/waf/recommended.json +++ b/appsec/tests/integration/src/test/waf/recommended.json @@ -44,7 +44,7 @@ "address": "usr.id" } ], - "data": "blocked_users" + "data": "blocked_users_with_stack" }, "operator": "exact_match" } @@ -6894,6 +6894,17 @@ } ] }, + { + "id": "blocked_users_with_stack", + "type": "data_with_expiration", + "data": [ + { + "value": "stack_user", + "expiration": 0 + } + ] + }, + { "id": "redirected_users", "type": "data_with_expiration",