test(integration): add integration test for fingerprints

Signed-off-by: Alexandre Rulleau <[email protected]>
DataDog · Nov 18, 2024 · 5e0cb00 · 5e0cb00
1 parent 218d34b
commit 5e0cb00
Show file tree

Hide file tree

Showing 2 changed files with 226 additions and 50 deletions.
diff --git a/...c/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy b/...c/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/CommonTests.groovy
@@ -222,6 +222,7 @@ trait CommonTests {
         assert span.metrics."_dd.appsec.enabled" == 1.0d
         assert span.metrics."_dd.appsec.waf.duration" > 0.0d
         assert span.meta."_dd.appsec.event_rules.version" != ''
+        assert span.meta."_dd.appsec.fp.http.endpoint" != ''
     }
 
     @Test
@@ -236,6 +237,7 @@ trait CommonTests {
         assert span.metrics."_dd.appsec.enabled" == 1.0d
         assert span.metrics."_dd.appsec.waf.duration" > 0.0d
         assert span.meta."_dd.appsec.event_rules.version" != ''
+        assert span.meta."_dd.appsec.fp.http.endpoint" != ''
     }
 
     @Test
@@ -249,6 +251,7 @@ trait CommonTests {
         assert span.metrics."_dd.appsec.enabled" == 1.0d
         assert span.metrics."_dd.appsec.waf.duration" > 0.0d
         assert span.meta."_dd.appsec.event_rules.version" != ''
+        assert span.meta."_dd.appsec.fp.http.endpoint" != ''
     }
 
     @Test
@@ -262,6 +265,7 @@ trait CommonTests {
         assert span.metrics."_dd.appsec.enabled" == 1.0d
         assert span.metrics."_dd.appsec.waf.duration" > 0.0d
         assert span.meta."_dd.appsec.event_rules.version" != ''
+        assert span.meta."_dd.appsec.fp.http.endpoint" != ''
     }
 
     @Test
@@ -278,6 +282,7 @@ trait CommonTests {
         assert span.metrics."_dd.appsec.waf.duration" > 0.0d
         assert span.meta."_dd.appsec.event_rules.version" != ''
         assert span.meta."appsec.blocked" == "true"
+        assert span.meta."_dd.appsec.fp.http.endpoint" != ''
     }
 
     @Test

diff --git a/appsec/tests/integration/src/test/waf/recommended.json b/appsec/tests/integration/src/test/waf/recommended.json
@@ -6754,15 +6754,15 @@
           "parameters": {
             "inputs": [
               {
-                  "address": "server.request.body",
-                  "key_path": [
-                      "message"
-                  ]
+                "address": "server.request.body",
+                "key_path": [
+                  "message"
+                ]
               },
               {
                 "address": "server.response.body",
                 "key_path": [
-                    "message"
+                  "message"
                 ]
               }
             ],
@@ -6777,60 +6777,60 @@
       "id": "poison-in-json-block",
       "name": "poison-in-json-block",
       "tags": {
-          "type": "security_scanner",
-          "category": "attack_attempt"
+        "type": "security_scanner",
+        "category": "attack_attempt"
       },
       "conditions": [
-          {
-              "parameters": {
-                  "inputs": [
-                      {
-                          "address": "server.response.body",
-                          "key_path": [
-                              "message"
-                          ]
-                      }
-                  ],
-                  "regex": "(?i)block_this"
-              },
-              "operator": "match_regex"
-          }
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.response.body",
+                "key_path": [
+                  "message"
+                ]
+              }
+            ],
+            "regex": "(?i)block_this"
+          },
+          "operator": "match_regex"
+        }
       ],
       "transformers": [],
       "on_match": [
         "block"
       ]
     },
     {
-        "id": "poison-in-xml",
-        "name": "poison-in-xml",
-        "tags": {
-            "type": "security_scanner",
-            "category": "attack_attempt"
-        },
-        "conditions": [
-            {
-                "parameters": {
-                    "inputs": [
-                        {
-                            "address": "server.request.body",
-                            "key_path": [
-                                "note"
-                            ]
-                        },
-                        {
-                            "address": "server.response.body",
-                            "key_path": [
-                                "note"
-                            ]
-                        }
-                    ],
-                    "regex": "(?i).*poison.*"
-                },
-                "operator": "match_regex"
-            }
-        ],
-        "transformers": []
+      "id": "poison-in-xml",
+      "name": "poison-in-xml",
+      "tags": {
+        "type": "security_scanner",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.body",
+                "key_path": [
+                  "note"
+                ]
+              },
+              {
+                "address": "server.response.body",
+                "key_path": [
+                  "note"
+                ]
+              }
+            ],
+            "regex": "(?i).*poison.*"
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
     }
   ],
   "rules_data": [
@@ -6884,5 +6884,176 @@
         "location": "https://datadoghq.com"
       }
     }
+  ],
+  "processors": [
+    {
+      "id": "http-endpoint-fingerprint",
+      "generator": "http_endpoint_fingerprint",
+      "conditions": [
+        {
+          "operator": "exists",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "waf.context.event"
+              },
+              {
+                "address": "server.business_logic.users.login.failure"
+              },
+              {
+                "address": "server.business_logic.users.login.success"
+              }
+            ]
+          }
+        }
+      ],
+      "parameters": {
+        "mappings": [
+          {
+            "method": [
+              {
+                "address": "server.request.method"
+              }
+            ],
+            "uri_raw": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "body": [
+              {
+                "address": "server.request.body"
+              }
+            ],
+            "query": [
+              {
+                "address": "server.request.query"
+              }
+            ],
+            "output": "_dd.appsec.fp.http.endpoint"
+          }
+        ]
+      },
+      "evaluate": false,
+      "output": true
+    },
+    {
+      "id": "http-header-fingerprint",
+      "generator": "http_header_fingerprint",
+      "conditions": [
+        {
+          "operator": "exists",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "waf.context.event"
+              },
+              {
+                "address": "server.business_logic.users.login.failure"
+              },
+              {
+                "address": "server.business_logic.users.login.success"
+              }
+            ]
+          }
+        }
+      ],
+      "parameters": {
+        "mappings": [
+          {
+            "headers": [
+              {
+                "address": "server.request.headers.no_cookies"
+              }
+            ],
+            "output": "_dd.appsec.fp.http.header"
+          }
+        ]
+      },
+      "evaluate": false,
+      "output": true
+    },
+    {
+      "id": "http-network-fingerprint",
+      "generator": "http_network_fingerprint",
+      "conditions": [
+        {
+          "operator": "exists",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "waf.context.event"
+              },
+              {
+                "address": "server.business_logic.users.login.failure"
+              },
+              {
+                "address": "server.business_logic.users.login.success"
+              }
+            ]
+          }
+        }
+      ],
+      "parameters": {
+        "mappings": [
+          {
+            "headers": [
+              {
+                "address": "server.request.headers.no_cookies"
+              }
+            ],
+            "output": "_dd.appsec.fp.http.network"
+          }
+        ]
+      },
+      "evaluate": false,
+      "output": true
+    },
+    {
+      "id": "session-fingerprint",
+      "generator": "session_fingerprint",
+      "conditions": [
+        {
+          "operator": "exists",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "waf.context.event"
+              },
+              {
+                "address": "server.business_logic.users.login.failure"
+              },
+              {
+                "address": "server.business_logic.users.login.success"
+              }
+            ]
+          }
+        }
+      ],
+      "parameters": {
+        "mappings": [
+          {
+            "cookies": [
+              {
+                "address": "server.request.cookies"
+              }
+            ],
+            "session_id": [
+              {
+                "address": "usr.session_id"
+              }
+            ],
+            "user_id": [
+              {
+                "address": "usr.id"
+              }
+            ],
+            "output": "_dd.appsec.fp.session"
+          }
+        ]
+      },
+      "evaluate": false,
+      "output": true
+    }
   ]
 }