Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion tests/appsec/iast/sink/test_command_injection.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import context, coverage, missing_feature
from utils import context, coverage, missing_feature, features
from .._test_iast_fixtures import BaseSinkTest


@features.iast_sink_command_injection
@coverage.basic
class TestCommandInjection(BaseSinkTest):
"""Test command injection detection."""
Expand Down
4 changes: 2 additions & 2 deletions tests/appsec/iast/sink/test_hardcoded_secrets.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import flaky, context, coverage, missing_feature
from utils.tools import logging
from utils import coverage, missing_feature, features
from .._test_iast_fixtures import BaseSinkTest, DetectionStage


@features.iast_sink_hardcoded_secrets
@coverage.basic
class Test_HardcodedSecrets(BaseSinkTest):
"""Test Hardcoded secrets detection."""
Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/sink/test_ldap_injection.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import context, coverage, missing_feature
from utils import context, coverage, missing_feature, features
from .._test_iast_fixtures import BaseSinkTest


@features.iast_sink_ldap_injection
@coverage.basic
class TestLDAPInjection(BaseSinkTest):
"""Test LDAP injection detection."""
Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/sink/test_path_traversal.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import context, coverage, missing_feature
from utils import context, coverage, missing_feature, features
from .._test_iast_fixtures import BaseSinkTest


@coverage.basic
@features.iast_sink_path_traversal
class TestPathTraversal(BaseSinkTest):
"""Test path traversal detection."""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/sink/test_sql_injection.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import context, coverage, missing_feature
from utils import context, coverage, missing_feature, features
from .._test_iast_fixtures import BaseSinkTest


@coverage.basic
@features.iast_sink_sql_injection
class TestSqlInjection(BaseSinkTest):
"""Verify SQL injection detection."""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/sink/test_weak_cipher.py
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
# Unless explicitly stated otherwise all files in this repository are licensed under the the Apache License Version 2.0.
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.
from utils import context, missing_feature, coverage, flaky
from utils import context, missing_feature, coverage, flaky, features
from .._test_iast_fixtures import BaseSinkTest


@coverage.basic
@features.weak_cipher_detection
class TestWeakCipher(BaseSinkTest):
"""Verify weak cipher detection."""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/sink/test_weak_hash.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import weblog, context, bug, missing_feature, coverage
from utils import weblog, context, bug, missing_feature, coverage, features
from .._test_iast_fixtures import BaseSinkTest, assert_iast_vulnerability


Expand Down Expand Up @@ -32,6 +32,7 @@ def _expected_evidence():


@coverage.basic
@features.weak_hash_vulnerability_detection
class TestWeakHash(BaseSinkTest):
"""Verify weak hash detection."""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/source/test_body.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import coverage, missing_feature, bug
from utils import coverage, missing_feature, bug, features
from .._test_iast_fixtures import BaseSourceTest


@features.iast_source_body
@coverage.basic
class TestRequestBody(BaseSourceTest):
"""Verify that request json body is tainted"""
Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/source/test_cookie_name.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import coverage, bug, missing_feature
from utils import coverage, bug, missing_feature, features
from .._test_iast_fixtures import BaseSourceTest


@coverage.basic
@features.iast_source_cookie_name
class TestCookieName(BaseSourceTest):
"""Verify that request cookies are tainted"""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/source/test_cookie_value.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import context, coverage, bug, missing_feature
from utils import context, coverage, bug, missing_feature, features
from .._test_iast_fixtures import BaseSourceTest


@coverage.basic
@features.iast_source_cookie_value
class TestCookieValue(BaseSourceTest):
"""Verify that request cookies are tainted"""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/source/test_header_name.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import context, coverage, bug
from utils import context, coverage, bug, features
from .._test_iast_fixtures import BaseSourceTest


@coverage.basic
@features.iast_source_header_name
class TestHeaderName(BaseSourceTest):
"""Verify that request headers name are tainted"""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/source/test_header_value.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import context, coverage, bug, missing_feature
from utils import context, coverage, bug, missing_feature, features
from .._test_iast_fixtures import BaseSourceTest


@coverage.basic
@features.iast_source_header_value
class TestHeaderValue(BaseSourceTest):
"""Verify that request headers are tainted"""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/source/test_parameter_name.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import coverage, missing_feature, bug
from utils import coverage, missing_feature, bug, features
from .._test_iast_fixtures import BaseSourceTest


@features.iast_source_request_parameter_name
@coverage.basic
class TestParameterName(BaseSourceTest):
"""Verify that request parameters are tainted"""
Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/iast/source/test_parameter_value.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import context, coverage, missing_feature, bug
from utils import context, coverage, missing_feature, bug, features
from .._test_iast_fixtures import BaseSourceTest


@coverage.basic
@features.iast_source_request_parameter_value
class TestParameterValue(BaseSourceTest):
"""Verify that request parameters are tainted"""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/test_alpha.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import context, weblog, interfaces, missing_feature, bug, coverage
from utils import context, weblog, interfaces, missing_feature, bug, coverage, features


@missing_feature(context.library == "ruby" and context.libddwaf_version is None)
@coverage.basic
@features.threats_alpha_preview
class Test_Basic:
""" Detect attacks on raw URI and headers with default rules """

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/test_automated_login_events.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2022 Datadog, Inc.

from utils import weblog, interfaces, context, missing_feature, scenarios, coverage, rfc, bug
from utils import weblog, interfaces, context, missing_feature, scenarios, coverage, rfc, bug, features


@rfc("https://docs.google.com/document/d/1-trUpphvyZY7k5ldjhW-MgqWl0xOm7AMEQDJEAZ63_Q/edit#heading=h.8d3o7vtyu1y1")
@coverage.good
@features.user_monitoring
class Test_Login_Events:
"Test login success/failure use cases"
# User entries in the internal DB:
Expand Down
9 changes: 8 additions & 1 deletion tests/appsec/test_conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,21 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import weblog, context, coverage, interfaces, missing_feature, irrelevant, rfc, scenarios
from utils import weblog, context, coverage, interfaces, missing_feature, irrelevant, rfc, scenarios, features
from utils.tools import nested_lookup
from tests.constants import PYTHON_RELEASE_GA_1_1
from .waf.utils import rules


@coverage.not_testable
@features.appsec_onboarding
@features.threats_configuration
class Test_OneVariableInstallation:
"""Installation with 1 env variable"""


@coverage.basic
@features.threats_configuration
class Test_StaticRuleSet:
"""Appsec loads rules from a static rules file"""

Expand All @@ -28,6 +31,7 @@ def test_basic_hardcoded_ruleset(self):


@coverage.basic
@features.threats_configuration
class Test_RuleSet_1_2_4:
""" AppSec uses rule set 1.2.4 or higher """

Expand All @@ -36,6 +40,7 @@ def test_main(self):


@coverage.basic
@features.threats_configuration
class Test_RuleSet_1_2_5:
""" AppSec uses rule set 1.2.5 or higher """

Expand All @@ -44,6 +49,7 @@ def test_main(self):


@coverage.good
@features.threats_configuration
class Test_RuleSet_1_3_1:
""" AppSec uses rule set 1.3.1 or higher """

Expand All @@ -70,6 +76,7 @@ def test_nosqli_keys_with_brackets(self):

@rfc("https://datadoghq.atlassian.net/wiki/spaces/APS/pages/2355333252/Environment+Variables")
@coverage.basic
@features.threats_configuration
class Test_ConfigurationVariables:
""" Configuration environment variables """

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/test_docs.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import coverage
from utils import coverage, features


@coverage.not_testable
Expand All @@ -11,6 +11,7 @@ class Test_InstallationInstructions:


@coverage.not_testable
@features.procedure_to_debug_install
class Test_InstallationDebugProcedure:
"""Procedure to debug install"""

Expand Down
5 changes: 4 additions & 1 deletion tests/appsec/test_event_tracking.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
# Unless explicitly stated otherwise all files in this repository are licensed under the the Apache License Version 2.0.
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.
from utils import weblog, coverage, interfaces
from utils import weblog, coverage, interfaces, features


@coverage.basic
@features.user_monitoring
class Test_UserLoginSuccessEvent:
"""Success test for User Login Event SDK for AppSec"""

Expand Down Expand Up @@ -39,6 +40,7 @@ def validate_user_login_success_tags(span):


@coverage.basic
@features.user_monitoring
class Test_UserLoginFailureEvent:
"""Failure test for User Login Event SDK for AppSec"""

Expand Down Expand Up @@ -74,6 +76,7 @@ def validate_user_login_failure_tags(span):


@coverage.basic
@features.custom_business_logic_events
class Test_CustomEvent:
"""Test for Custom Event SDK for AppSec"""

Expand Down
3 changes: 2 additions & 1 deletion tests/appsec/test_identify.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2021 Datadog, Inc.

from utils import weblog, coverage, interfaces
from utils import weblog, coverage, interfaces, features


@coverage.basic
@features.user_monitoring
class Test_Basic:
"""Basic tests for Identify SDK for AppSec"""

Expand Down
9 changes: 8 additions & 1 deletion tests/appsec/test_reports.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,12 @@
import socket


from utils import weblog, context, coverage, interfaces, bug, missing_feature, rfc
from utils import weblog, context, coverage, interfaces, bug, missing_feature, rfc, features


@bug(context.library == "python@1.1.0", reason="a PR was not included in the release")
@coverage.basic
@features.security_events_metadata
class Test_StatusCode:
"""Appsec reports good status code"""

Expand Down Expand Up @@ -44,6 +45,7 @@ def check_http_code(span, appsec_data):
@missing_feature(
True, reason="Bug on system test: with the runner on the host, we do not have the real IP from weblog POV"
)
@features.security_events_metadata
class Test_HttpClientIP:
"""AppSec reports good http client IP"""

Expand Down Expand Up @@ -77,6 +79,7 @@ def validator(span, appsec_data):

@bug(context.library == "python@1.1.0", reason="a PR was not included in the release")
@coverage.good
@features.security_events_metadata
class Test_Info:
"""Environment (production, staging) from DD_ENV variable"""

Expand Down Expand Up @@ -109,6 +112,7 @@ def _check_service(span, appsec_data):
@missing_feature(context.library == "ruby" and context.libddwaf_version is None)
@bug(context.library == "python@1.1.0", reason="a PR was not included in the release")
@coverage.good
@features.security_events_metadata
class Test_RequestHeaders:
"""Request Headers for IP resolution"""

Expand Down Expand Up @@ -145,6 +149,7 @@ def test_http_request_headers(self):


@coverage.basic
@features.security_events_metadata
class Test_TagsFromRule:
"""Tags (Category & event type) from the rule"""

Expand All @@ -164,6 +169,7 @@ def test_basic(self):


@coverage.basic
@features.security_events_metadata
class Test_ExtraTagsFromRule:
"""Extra tags may be added to the rule match since libddwaf 1.10.0"""

Expand All @@ -179,6 +185,7 @@ def test_basic(self):


@coverage.basic
@features.security_events_metadata
class Test_AttackTimestamp:
"""Attack timestamp"""

Expand Down
Loading