Add block tag to rasp.rule.match#3870
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7179094d84
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| ]] | ||
| ] | ||
| ]) | ||
| assert overrideSup.get() != null |
There was a problem hiding this comment.
Ensure the override RC version is distinct
When this phase runs in the same epoch second as the earlier applyRemoteConfig, both responses get the same version because AppSecContainer.applyRemoteConfig uses Instant.now().epochSecond; overrideSup.get() then only waits for that version and can be satisfied by the previous RC poll before the helper has consumed rasp_lfi_block_override. In that case the following request still uses the non-blocking rules and the 403/block:success assertions become flaky, so this test should force a new version or wait for evidence that the override path was actually applied.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Although unlikely, I couldn't rule it out, so changed to use milliseconds instead.
|
✨ Fix all issues with BitsAI or with Cursor
|
Description
Adds the missing
blocktoappsec.rasp.rule.matchmetric.Reviewer checklist