From 7273499e4afdf985d486295451d7c64144830579 Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Thu, 3 Oct 2024 17:00:13 +0200 Subject: [PATCH 01/10] Send headers as strings when only one --- .../Coordinator/SecurityCoordinator.Core.cs | 22 +++++++++++++---- .../SecurityCoordinator.Framework.cs | 24 ++++++++++++++----- 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs index 80e7b86621cc..e11dad57754f 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs @@ -14,6 +14,7 @@ using Datadog.Trace.Util.Http; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Routing; +using Microsoft.Extensions.Primitives; namespace Datadog.Trace.AppSec.Coordinator; @@ -28,22 +29,23 @@ internal SecurityCoordinator(Security security, Span span, HttpTransport? transp private static bool CanAccessHeaders => true; - public static Dictionary ExtractHeadersFromRequest(IHeaderDictionary headers) + public static Dictionary ExtractHeadersFromRequest(IHeaderDictionary headers) { - var headersDic = new Dictionary(headers.Keys.Count); + var headersDic = new Dictionary(headers.Keys.Count); foreach (var k in headers.Keys) { var currentKey = k ?? string.Empty; if (!currentKey.Equals("cookie", System.StringComparison.OrdinalIgnoreCase)) { currentKey = currentKey.ToLowerInvariant(); + var value = GetHeaderValueForWaf(headers[currentKey]); #if NETCOREAPP - if (!headersDic.TryAdd(currentKey, headers[currentKey])) + if (!headersDic.TryAdd(currentKey, value)) { #else if (!headersDic.ContainsKey(currentKey)) { - headersDic.Add(currentKey, headers[currentKey]); + headersDic.Add(currentKey, value); } else { @@ -56,6 +58,18 @@ public static Dictionary ExtractHeadersFromRequest(IHeaderDict return headersDic; } + private static object GetHeaderValueForWaf(StringValues value) + { + if (value.Count == 1) + { + return value[0]; + } + else + { + return value; + } + } + internal void BlockAndReport(IResult? result) { if (result is not null) diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs index 288596dbf889..e8454afac86c 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs @@ -377,12 +377,12 @@ public Dictionary GetBasicRequestArgsForWaf() { var request = _httpTransport.Context.Request; var headers = RequestDataHelper.GetHeaders(request); - Dictionary? headersDic = null; + Dictionary? headersDic = null; if (headers is not null) { var headerKeys = headers.Keys; - headersDic = new Dictionary(headerKeys.Count); + headersDic = new Dictionary(headerKeys.Count); foreach (string originalKey in headerKeys) { var keyForDictionary = originalKey?.ToLowerInvariant() ?? string.Empty; @@ -390,7 +390,7 @@ public Dictionary GetBasicRequestArgsForWaf() { if (!headersDic.ContainsKey(keyForDictionary)) { - headersDic.Add(keyForDictionary, headers.GetValues(originalKey)); + headersDic.Add(keyForDictionary, GetHeaderValueForWaf(headers.GetValues(originalKey))); } else { @@ -488,10 +488,22 @@ public Dictionary GetBasicRequestArgsForWaf() return dict; } - public Dictionary GetResponseHeadersForWaf() + private static object GetHeaderValueForWaf(string[] value) + { + if (value.Count() == 1) + { + return value[0]; + } + else + { + return value; + } + } + + public Dictionary GetResponseHeadersForWaf() { var response = _httpTransport.Context.Response; - var headersDic = new Dictionary(response.Headers.Keys.Count); + var headersDic = new Dictionary(response.Headers.Keys.Count); var headerKeys = response.Headers.Keys; foreach (string originalKey in headerKeys) { @@ -501,7 +513,7 @@ public Dictionary GetResponseHeadersForWaf() keyForDictionary = keyForDictionary.ToLowerInvariant(); if (!headersDic.ContainsKey(keyForDictionary)) { - headersDic.Add(keyForDictionary, response.Headers.GetValues(originalKey)); + headersDic.Add(keyForDictionary, GetHeaderValueForWaf(response.Headers.GetValues(originalKey))); } else { From 4aca0301c2fedf68b6d3c1ca57a26837725ce6cc Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Fri, 4 Oct 2024 12:38:08 +0200 Subject: [PATCH 02/10] Update RASP snapshots --- ...=;evilCommand&fromShell=true_exploit=CmdI.verified.txt | 6 +++--- ...ileContent-file=-etc-password_exploit=Lfi.verified.txt | 4 ++-- ...st-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...oit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt | 6 +++--- ...=;evilCommand&fromShell=true_exploit=CmdI.verified.txt | 4 ++-- ...ileContent-file=-etc-password_exploit=Lfi.verified.txt | 4 ++-- ...st-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...oit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt | 4 ++-- ...=;evilCommand&fromShell=true_exploit=CmdI.verified.txt | 6 +++--- ...ileContent-file=-etc-password_exploit=Lfi.verified.txt | 4 ++-- ...st-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...AttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...oit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt | 6 +++--- ...=;evilCommand&fromShell=true_exploit=CmdI.verified.txt | 6 +++--- ...ileContent-file=-etc-password_exploit=Lfi.verified.txt | 4 ++-- ...st-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...AttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...oit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt | 6 +++--- ...=;evilCommand&fromShell=true_exploit=CmdI.verified.txt | 6 +++--- ...ileContent-file=-etc-password_exploit=Lfi.verified.txt | 4 ++-- ...st-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...oit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt | 6 +++--- ...=;evilCommand&fromShell=true_exploit=CmdI.verified.txt | 4 ++-- ...ileContent-file=-etc-password_exploit=Lfi.verified.txt | 4 ++-- ...st-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...oit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt | 4 ++-- ...=;evilCommand&fromShell=true_exploit=CmdI.verified.txt | 6 +++--- ...ileContent-file=-etc-password_exploit=Lfi.verified.txt | 4 ++-- ...st-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...AttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...oit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt | 6 +++--- ...=;evilCommand&fromShell=true_exploit=CmdI.verified.txt | 6 +++--- ...ileContent-file=-etc-password_exploit=Lfi.verified.txt | 4 ++-- ...st-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...AttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt | 4 ++-- ...oit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt | 6 +++--- ...ileContent-file=-etc-password_exploit=Lfi.verified.txt | 8 ++++---- 37 files changed, 88 insertions(+), 88 deletions(-) diff --git a/tracer/test/snapshots/Rasp.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 8ac94bcb2fa1..d02f8497e8fb 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 942cf83b050b..5b403e2d104f 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 3bff09f09fcb..0a94b71134c6 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 6937b383beee..90c7e54a68aa 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 6bd89207d138..5b37d06d8688 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index a803169994c3..7d30188e43fa 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 6924d0edbc76..f3273a6936d8 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 30f4f8b12ab5..0e18ab2951b2 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -48,8 +48,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 8bc4a5cf3697..0323203ef0a8 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -23,8 +23,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index e4ed2f44f65d..148216e9607c 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 620152e387dc..e390ccf54c8a 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt index 11866ed1034f..0172a79b7868 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt @@ -23,8 +23,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index c09ad0f2a065..ef84b09e5c43 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 61ec6f34fc46..02c28ac82b85 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -24,8 +24,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 4801f41892c0..2c0f3a381f3f 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index e8b4fc4aa8c3..4c77c5a55e96 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt index 693f780e0563..a128e0530502 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt @@ -24,8 +24,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index c262ca252ff1..fed70f3ab30a 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -26,8 +26,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/RaspIast.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 220a3d6cef91..948f996cd9cc 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 5297d8274601..834e295bfbc0 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 944088a39938..92f8338da1d6 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index eafe8f0972c9..913672ee3875 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 9e84d7b1016f..211aafdaef88 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 35e35a8d8ae2..5364c9c8683b 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 3c30a7304110..4143fd5c2e6b 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 228b26478a66..afa83f61ddd1 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -48,8 +48,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 99c6bdbe4539..de0f78772a05 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -23,8 +23,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 585aaa4c41e9..94c7b825632e 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 4464f5e1101a..fed999106865 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt index a8ee7b202791..ef80f0331c25 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt @@ -23,8 +23,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 64a8ae3bf5b4..57b757c73e2b 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 1920bf8ea56c..45e45ccd7b13 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -24,8 +24,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index dc49fcdd51c1..96b1e5033d66 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 11d9a7bb72f6..3960befcb0eb 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt index ab86c0ca7537..2b625ddc423b 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt @@ -24,8 +24,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 8c8c3767f3f1..2b8d794d027d 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -26,8 +26,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspRCM.RuleEnableDisableEnable.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspRCM.RuleEnableDisableEnable.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 345161699fde..8b16226b278d 100644 --- a/tracer/test/snapshots/RaspRCM.RuleEnableDisableEnable.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspRCM.RuleEnableDisableEnable.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -48,8 +48,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -171,8 +171,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet From b69681053d78b02bee1a663640cf9f4c2248daea Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Fri, 4 Oct 2024 13:21:10 +0200 Subject: [PATCH 03/10] Update security snapshots --- .../Coordinator/SecurityCoordinator.Core.cs | 9 +----- .../SecurityCoordinator.Framework.cs | 9 +----- ....SecurityEnabled.MetaStruct._.verified.txt | 6 ++-- ...oContent_containsAttack=False.verified.txt | 2 +- ...Forbidden_containsAttack=True.verified.txt | 6 ++-- ...sCode=OK_containsAttack=False.verified.txt | 6 ++-- ...tusCode=403_url=_health-q=fun.verified.txt | 6 ++-- ...e=403_url=_Home_Privacy-q=fun.verified.txt | 6 ++-- ...Enabled.__test=blocking_url=_.verified.txt | 32 +++++++++---------- ...rty=test&property2=dummy_rule.verified.txt | 22 ++++++------- ...y_rule-, -property2---test2-}.verified.txt | 22 ++++++------- ...y=dummy_rule&property2=value2.verified.txt | 22 ++++++------- ...tusCode=403_url=_health-q=fun.verified.txt | 12 +++---- ...Code=403_url=_Home_LangHeader.verified.txt | 22 ++++++------- ...tatusCode=403_url=_status_418.verified.txt | 12 +++---- ...Code=403_url=_Home_LangHeader.verified.txt | 22 ++++++------- ...action_actionName=customblock.verified.txt | 10 +++--- ...t=dummy_rule_actionName=block.verified.txt | 10 +++--- ...action_actionName=customblock.verified.txt | 10 +++--- ...t=dummy_rule_actionName=block.verified.txt | 10 +++--- ...y.AspNetCore5AsmCustomRules._.verified.txt | 6 ++-- ...y.AspNetCore5AsmRemoteRules._.verified.txt | 8 ++--- ...ty.AspNetCore5ExternalRules._.verified.txt | 20 ++++++------ ...=200_url=_good-param=[$slice].verified.txt | 22 ++++++------- ...=200_url=_void-param=[$slice].verified.txt | 22 ++++++------- ...e=500_url=_bad-param=[$slice].verified.txt | 22 ++++++------- ...e.__scenario=scan-empty-model.verified.txt | 4 +-- ...e.__scenario=scan-with-attack.verified.txt | 4 +-- ..._scenario=scan-without-attack.verified.txt | 4 +-- ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...Property-- {-a---[$slice]-} }.verified.txt | 20 ++++++------ ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...fingerprint-&q=help_body=null.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...ealth_-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...l=_Health_wp-config_body=null.verified.txt | 20 ++++++------ ...Property-- {-a---[$slice]-} }.verified.txt | 20 ++++++------ ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...fingerprint-&q=help_body=null.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...ealth_-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...rl=_Home_LangHeader_body=null.verified.txt | 30 ++++++++--------- ...e.__scenario=scan-empty-model.verified.txt | 4 +-- ...e.__scenario=scan-with-attack.verified.txt | 4 +-- ..._scenario=scan-without-attack.verified.txt | 4 +-- ...=block_request_statusCode=200.verified.txt | 10 +++--- ...direct_request_statusCode=302.verified.txt | 8 ++--- ...=block_request_statusCode=200.verified.txt | 8 ++--- ...direct_request_statusCode=302.verified.txt | 8 ++--- ...Classic.enableSecurity=True._.verified.txt | 6 ++-- ...egrated.enableSecurity=True._.verified.txt | 6 ++-- ...y=True.__scenario=null-action.verified.txt | 10 +++--- ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...oute_2-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...Member-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...ealth_-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...y=True.__scenario=null-action.verified.txt | 10 +++--- ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...oute_2-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...Member-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...ealth_-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...Health-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...tent%24testBox=%5B%24slice%5D.verified.txt | 20 ++++++------ ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...Health-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...tent%24testBox=%5B%24slice%5D.verified.txt | 20 ++++++------ .../TestGlobalRulesToggling._.verified.txt | 8 ++--- 77 files changed, 615 insertions(+), 629 deletions(-) diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs index e11dad57754f..8bb22b08be8d 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs @@ -60,14 +60,7 @@ public static Dictionary ExtractHeadersFromRequest(IHeaderDictio private static object GetHeaderValueForWaf(StringValues value) { - if (value.Count == 1) - { - return value[0]; - } - else - { - return value; - } + return (value.Count == 1 ? value[0] : value); } internal void BlockAndReport(IResult? result) diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs index e8454afac86c..0245c5604e84 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs @@ -490,14 +490,7 @@ public Dictionary GetBasicRequestArgsForWaf() private static object GetHeaderValueForWaf(string[] value) { - if (value.Count() == 1) - { - return value[0]; - } - else - { - return value; - } + return (value.Count() == 1 ? value[0] : value); } public Dictionary GetResponseHeadersForWaf() diff --git a/tracer/test/snapshots/AspNetCore5.SecurityEnabled.MetaStruct._.verified.txt b/tracer/test/snapshots/AspNetCore5.SecurityEnabled.MetaStruct._.verified.txt index e27bf6994746..d5d99163fbc3 100644 --- a/tracer/test/snapshots/AspNetCore5.SecurityEnabled.MetaStruct._.verified.txt +++ b/tracer/test/snapshots/AspNetCore5.SecurityEnabled.MetaStruct._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.appsec.json.metastruct.test: true, _dd.origin: appsec, diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt index f3970a894543..bafd42dc7ef9 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt @@ -41,7 +41,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8]}], _dd.appsec.s.res.headers: [{}], _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt index eec4d567fdd1..9265c26721e2 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -52,9 +52,9 @@ span.kind: server, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-932-160","name":"Remote Command Execution: Unix Shell Code Found","tags":{"category":"attack_attempt","type":"command_injection"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dev/zero"],"key_path":["Property"],"value":"dev/zero"}]}]}]}, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8]}], - _dd.appsec.s.res.headers: [{"content-type":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"content-type":[8]}], _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt index 9130fc79f2ec..4f7d76cceaac 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -41,10 +41,10 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8]}], _dd.appsec.s.res.body: [{"PropertyResponse":[8],"PropertyResponse2":[4],"PropertyResponse3":[16],"PropertyResponse4":[4]}], - _dd.appsec.s.res.headers: [{"content-type":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"content-type":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesHtml.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesHtml.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt index 4e76abece4ec..264784a48343 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesHtml.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesHtml.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -26,8 +26,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000010--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000010-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesJson.__test=server.request.uri.raw_expectedStatusCode=403_url=_Home_Privacy-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesJson.__test=server.request.uri.raw_expectedStatusCode=403_url=_Home_Privacy-q=fun.verified.txt index d563d5c8c765..05f47128ce3c 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesJson.__test=server.request.uri.raw_expectedStatusCode=403_url=_Home_Privacy-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesJson.__test=server.request.uri.raw_expectedStatusCode=403_url=_Home_Privacy-q=fun.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/Home/Privacy?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=blocking_url=_.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=blocking_url=_.verified.txt index b60bce9d17f3..5aa0aceded2a 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=blocking_url=_.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=blocking_url=_.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,9 +25,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -67,9 +67,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -151,9 +151,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -193,9 +193,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt index 88d0de893390..e8a0d5b1932f 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -31,8 +31,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -79,8 +79,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,8 +127,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -223,8 +223,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt index 4f42eea19fbc..6556e23a92ba 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -31,8 +31,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -79,8 +79,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,8 +127,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -223,8 +223,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt index 08c60b55e8cb..8458c5841dbc 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -31,8 +31,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -79,8 +79,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,8 +127,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -223,8 +223,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt index a47129dc3e23..10654ed5d193 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -26,7 +26,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,7 +68,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,7 +110,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,7 +152,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +194,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 020025c223ea..8ffdfd4ab6e2 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -30,8 +30,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -76,8 +76,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -168,8 +168,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -214,8 +214,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt index 080ae01f8ffb..49b9bfbd2117 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -30,7 +30,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,7 +76,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,7 +122,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -168,7 +168,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -214,7 +214,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 4080d37e8754..6854529f0bcc 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -30,8 +30,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -76,8 +76,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -168,8 +168,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -214,8 +214,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_custom_action_actionName=customblock.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_custom_action_actionName=customblock.verified.txt index 7cf7813945d7..0b2e61a91c20 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_custom_action_actionName=customblock.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_custom_action_actionName=customblock.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule-custom-block","name":"Dummy rule to test blocking with a custom action","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_custom_action"],"key_path":["arg","0"],"value":"dummy_custom_action"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule-custom-block","name":"Dummy rule to test blocking with a custom action","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_custom_action"],"key_path":["arg","0"],"value":"dummy_custom_action"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_rule_actionName=block.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_rule_actionName=block.verified.txt index 64ab7dedf465..4c3254286bf4 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_rule_actionName=block.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_rule_actionName=block.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_custom_action_actionName=customblock.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_custom_action_actionName=customblock.verified.txt index 10432385569a..43b2f187c559 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_custom_action_actionName=customblock.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_custom_action_actionName=customblock.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule-custom-block","name":"Dummy rule to test blocking with a custom action","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_custom_action"],"key_path":["arg","0"],"value":"dummy_custom_action"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule-custom-block","name":"Dummy rule to test blocking with a custom action","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_custom_action"],"key_path":["arg","0"],"value":"dummy_custom_action"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_rule_actionName=block.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_rule_actionName=block.verified.txt index 0f6b1c6cd09b..40c83d1a4dbe 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_rule_actionName=block.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_rule_actionName=block.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt index c5a06bc0a30c..c8f0b68abd2a 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -62,8 +62,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test_custom_rule","name":"Test custom rule","tags":{"category":"attack_attempt","type":"custom_rule"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["customrule"],"key_path":["arg","0"],"value":"customrule_trigger"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt index 436a2beea22f..cbdfee9f1fe5 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -169,7 +169,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"new-test-non-blocking","name":"Datadog test scanner - NON blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent","0"],"value":"dd-test-scanner-log-block"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"new-test-non-blocking","name":"Datadog test scanner - NON blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent"],"value":"dd-test-scanner-log-block"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -212,7 +212,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-56x","name":"Datadog test scanner - blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent","0"],"value":"dd-test-scanner-log-block"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-56x","name":"Datadog test scanner - blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent"],"value":"dd-test-scanner-log-block"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -255,7 +255,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-56x","name":"Datadog test scanner - blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent","0"],"value":"dd-test-scanner-log-block"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-56x","name":"Datadog test scanner - blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent"],"value":"dd-test-scanner-log-block"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt index 151a86f939e9..d6f1cde96106 100644 --- a/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt @@ -29,8 +29,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -78,8 +78,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,8 +127,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -176,8 +176,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -225,8 +225,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_good-param=[$slice].verified.txt b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_good-param=[$slice].verified.txt index 290fff109e4e..857daaf1576c 100644 --- a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_good-param=[$slice].verified.txt +++ b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_good-param=[$slice].verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -28,8 +28,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,8 +76,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -172,8 +172,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -220,8 +220,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_void-param=[$slice].verified.txt b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_void-param=[$slice].verified.txt index c00a1345b65b..6154b39e94ba 100644 --- a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_void-param=[$slice].verified.txt +++ b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_void-param=[$slice].verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -28,8 +28,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,8 +76,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -172,8 +172,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -220,8 +220,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=500_url=_bad-param=[$slice].verified.txt b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=500_url=_bad-param=[$slice].verified.txt index 8ecdf10a1bcf..090142eaa9f8 100644 --- a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=500_url=_bad-param=[$slice].verified.txt +++ b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=500_url=_bad-param=[$slice].verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -34,8 +34,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -88,8 +88,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -142,8 +142,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -196,8 +196,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -250,8 +250,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt index 325b8bef16f9..d45bfabcef68 100644 --- a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt +++ b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt @@ -41,10 +41,10 @@ span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"MS_SubRoutes":[[[{}]],{"len":1}]}], _dd.appsec.s.req.query: [{}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expires":[[[8]],{"len":1}],"pragma":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-length":[8],"content-type":[8],"expires":[8],"pragma":[8],"server":[8],"x-aspnet-version":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt index 830087ed7d35..bff3f4aea3df 100644 --- a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt @@ -52,10 +52,10 @@ _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-932-160","name":"Remote Command Execution: Unix Shell Code Found","tags":{"category":"attack_attempt","type":"command_injection"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dev/zero"],"key_path":["model","Dog2"],"value":"dev/zero"}]}]}]}, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"MS_SubRoutes":[[[{}]],{"len":1}]}], _dd.appsec.s.req.query: [{}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expires":[[[8]],{"len":1}],"pragma":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-length":[8],"content-type":[8],"expires":[8],"pragma":[8],"server":[8],"x-aspnet-version":[8]}], _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt index b3f5e60e05b6..23f61bee8d5f 100644 --- a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt @@ -41,11 +41,11 @@ span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"MS_SubRoutes":[[[{}]],{"len":1}]}], _dd.appsec.s.req.query: [{}], _dd.appsec.s.res.body: [{"Id":[4],"Message":[8]}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expires":[[[8]],{"len":1}],"pragma":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-length":[8],"content-type":[8],"expires":[8],"pragma":[8],"server":[8],"x-aspnet-version":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt index da0c0f516374..b0be44b2ad9b 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt @@ -23,9 +23,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -66,9 +66,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -152,9 +152,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -195,9 +195,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt index cf676a688ca9..6da030b29599 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt @@ -51,8 +51,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -193,8 +193,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -264,8 +264,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -335,8 +335,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt index 2303334e48bc..c6b4c65a0845 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt @@ -51,8 +51,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0100000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -193,8 +193,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -264,8 +264,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -335,8 +335,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 63ac5185d848..6dace1ca5e1b 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -51,8 +51,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -193,8 +193,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -264,8 +264,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -335,8 +335,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt index 5f7a9c5e4a74..52f15033556f 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt @@ -48,8 +48,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt index 10a8057457e8..1f4cc2803a71 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt @@ -48,8 +48,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt index f8a1c1609b85..2a0d7ed5fe11 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt @@ -48,8 +48,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt index c2b215da8c3a..e0229d974fb4 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt @@ -24,9 +24,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -68,9 +68,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -112,9 +112,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -156,9 +156,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -200,9 +200,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt index 03ff2c84d297..a50698e74a4c 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt @@ -49,8 +49,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -187,8 +187,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -256,8 +256,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -325,8 +325,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt index 9bc90ad90864..0d67de705121 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt @@ -52,8 +52,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -196,8 +196,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -268,8 +268,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -340,8 +340,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt index 81872303bd67..02fcbd1d6b14 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt @@ -52,8 +52,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -196,8 +196,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -268,8 +268,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -340,8 +340,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index d494771670c8..82d94900697c 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -52,8 +52,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0100000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -196,8 +196,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -268,8 +268,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -340,8 +340,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt index bbf97839bf64..d0088462fffc 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt @@ -49,8 +49,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -187,8 +187,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -256,8 +256,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -325,8 +325,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt index ab653ef4fc59..590b8e35b912 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt @@ -49,8 +49,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -187,8 +187,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -256,8 +256,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -325,8 +325,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt index 3708e726a825..61c6bd3456d2 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt @@ -49,8 +49,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -187,8 +187,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -256,8 +256,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -325,8 +325,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt index ccb2ad183281..56482f067395 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt @@ -50,9 +50,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -120,9 +120,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -190,9 +190,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -260,9 +260,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -330,9 +330,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt index 536e3057b55d..2c0a907044b3 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt @@ -45,10 +45,10 @@ span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8]}], _dd.appsec.s.req.query: [{}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnetmvc-version":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-type":[8],"server":[8],"x-aspnetmvc-version":[8],"x-aspnet-version":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt index 6c9a00b26d9a..28ae31830bce 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt @@ -55,10 +55,10 @@ _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-932-160","name":"Remote Command Execution: Unix Shell Code Found","tags":{"category":"attack_attempt","type":"command_injection"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dev/zero"],"key_path":["model","Dog2"],"value":"dev/zero"}]}]}]}, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8],"id":[8]}], _dd.appsec.s.req.query: [{}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-type":[8],"x-aspnet-version":[8]}], _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt index 52da13ca28a9..0d2f0c1d83b9 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt @@ -45,11 +45,11 @@ span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8],"id":[8]}], _dd.appsec.s.req.query: [{}], _dd.appsec.s.res.body: [{"Id":[4],"Message":[8],"PathParamId":[4]}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnetmvc-version":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-type":[8],"server":[8],"x-aspnetmvc-version":[8],"x-aspnet-version":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt index f72ee4ce5dc4..b0b11f828e5c 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt @@ -1,4 +1,4 @@ -[ +al[ { TraceId: Id_1, SpanId: Id_2, @@ -23,8 +23,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -66,8 +66,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt index 5b7615fb4042..3dbd9ec650d6 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt @@ -23,8 +23,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -66,8 +66,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt index 583d189d53e4..9bc3daeb0b2c 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt @@ -24,8 +24,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,8 +68,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt index 219fa87deb6e..9109a121b84a 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt @@ -24,8 +24,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,8 +68,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt index 3cd162285bcb..8356bafb2770 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt @@ -48,7 +48,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -89,7 +89,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -155,7 +155,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt index 2d14e0e813f5..07f15f5ade00 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt @@ -49,7 +49,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -91,7 +91,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -158,7 +158,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__scenario=null-action.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__scenario=null-action.verified.txt index 2eab761ea65f..cb0da9edec2c 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__scenario=null-action.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__scenario=null-action.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -44,8 +44,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["pathparam2"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -108,8 +108,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["pathparam2"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt index 35d755890d96..0163856aa2d5 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt @@ -23,9 +23,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -66,9 +66,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -152,9 +152,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -195,9 +195,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 3e04a9d7140f..b97006b034d8 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -48,8 +48,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt index 966c92410981..93e05bfc143b 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -240,8 +240,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -305,8 +305,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt index 300b60660106..12eb9c3a826e 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -240,8 +240,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -305,8 +305,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt index 0d4f8145f974..8cc3b5e1bbd5 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -240,8 +240,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -305,8 +305,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt index 3645b216f573..b7ae498b361a 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -240,8 +240,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -305,8 +305,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__scenario=null-action.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__scenario=null-action.verified.txt index 0c2b6ff7f015..7b111c66a5a3 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__scenario=null-action.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__scenario=null-action.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["pathparam2"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["pathparam2"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt index 8a194ad0645d..7d2de38e32de 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt @@ -24,9 +24,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -68,9 +68,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -112,9 +112,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -156,9 +156,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -200,9 +200,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 01b8b2ed1ddb..e8865529d57c 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -48,8 +48,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt index e740c4a40980..5cc3a3119d4b 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt @@ -46,8 +46,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -112,8 +112,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -178,8 +178,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -244,8 +244,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -310,8 +310,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt index 45244b542998..3330e046418b 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt @@ -46,8 +46,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -112,8 +112,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -178,8 +178,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -244,8 +244,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -310,8 +310,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt index 426c5d92b5c6..966d621fa4b2 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt @@ -46,8 +46,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -112,8 +112,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -178,8 +178,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -244,8 +244,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -310,8 +310,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt index b44120c6af4e..03fa0917349b 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt @@ -46,8 +46,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -112,8 +112,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -178,8 +178,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -244,8 +244,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -310,8 +310,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt index da0c0f516374..b0be44b2ad9b 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt @@ -23,9 +23,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -66,9 +66,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -152,9 +152,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -195,9 +195,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt index af7ae69eb0ab..99688ac33a08 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt @@ -22,8 +22,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -64,8 +64,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -106,8 +106,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -148,8 +148,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -190,8 +190,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt index c1b6d1a94e7a..005696060e3c 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt @@ -22,8 +22,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -64,8 +64,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -106,8 +106,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -148,8 +148,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -190,8 +190,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt index ef3b69712e15..c08e68df9207 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt @@ -25,8 +25,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -115,8 +115,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -160,8 +160,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -205,8 +205,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt index c2b215da8c3a..e0229d974fb4 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt @@ -24,9 +24,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -68,9 +68,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -112,9 +112,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -156,9 +156,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -200,9 +200,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt index 489d1efd7899..a6e7a09ee519 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt @@ -23,8 +23,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -66,8 +66,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -109,8 +109,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,8 +152,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -195,8 +195,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt index 77757855c884..90d2a5e1742a 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt @@ -23,8 +23,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -66,8 +66,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -109,8 +109,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,8 +152,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -195,8 +195,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt index c881d3cac341..599778044e16 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt @@ -26,8 +26,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0100000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -72,8 +72,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -164,8 +164,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -210,8 +210,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/TestGlobalRulesToggling._.verified.txt b/tracer/test/snapshots/TestGlobalRulesToggling._.verified.txt index bf87f94b4486..7109954e83dd 100644 --- a/tracer/test/snapshots/TestGlobalRulesToggling._.verified.txt +++ b/tracer/test/snapshots/TestGlobalRulesToggling._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -29,7 +29,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent","0"],"value":"mistake not... acunetix-product"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent"],"value":"mistake not... acunetix-product"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -76,7 +76,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent","0"],"value":"mistake not... acunetix-product"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent"],"value":"mistake not... acunetix-product"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -123,7 +123,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent","0"],"value":"mistake not... acunetix-product"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent"],"value":"mistake not... acunetix-product"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, From 67c693f69474b416dfefd12f3bf7a4846a8643bb Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Fri, 4 Oct 2024 14:13:46 +0200 Subject: [PATCH 04/10] Fix snapshot --- ...curity=True.__type=block_request_statusCode=200.verified.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt index b0b11f828e5c..4d9cd87bf01d 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt @@ -1,4 +1,4 @@ -al[ +[ { TraceId: Id_1, SpanId: Id_2, From d36191df9cb15432e1afd86b50942a28ba445a24 Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Mon, 7 Oct 2024 11:14:11 +0200 Subject: [PATCH 05/10] update more snapshots --- ...oContent_containsAttack=False.verified.txt | 4 +-- ...Forbidden_containsAttack=True.verified.txt | 4 +-- ...sCode=OK_containsAttack=False.verified.txt | 4 +-- ...Enabled.__test=blocking_url=_.verified.txt | 30 +++++++++---------- ...rty=test&property2=dummy_rule.verified.txt | 20 ++++++------- ...y_rule-, -property2---test2-}.verified.txt | 20 ++++++------- ...y=dummy_rule&property2=value2.verified.txt | 20 ++++++------- ...tusCode=403_url=_health-q=fun.verified.txt | 10 +++---- ...Code=403_url=_Home_LangHeader.verified.txt | 20 ++++++------- ...tatusCode=403_url=_status_418.verified.txt | 10 +++---- 10 files changed, 71 insertions(+), 71 deletions(-) diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt index 83f09d0fdde5..f023085aa101 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt @@ -40,8 +40,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"connection":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], - _dd.appsec.s.res.headers: [{}], + _dd.appsec.s.req.headers: [{"connection":[8],"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], + _dd.appsec.s.res.headers: [{"content-length":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt index b78cce3e39df..eca8fffd4519 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt @@ -51,8 +51,8 @@ span.kind: server, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-932-160","name":"Remote Command Execution: Unix Shell Code Found","tags":{"category":"attack_attempt","type":"command_injection"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dev/zero"],"key_path":["Property"],"value":"dev/zero"}]}]}]}, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"connection":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], - _dd.appsec.s.res.headers: [{"content-type":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"connection":[8],"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], + _dd.appsec.s.res.headers: [{"content-type":[8]}], _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt index 98916f2960d9..53cfdc612d20 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt @@ -40,9 +40,9 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"connection":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"connection":[8],"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], _dd.appsec.s.res.body: [{"PropertyResponse":[8],"PropertyResponse2":[4],"PropertyResponse3":[16],"PropertyResponse4":[4]}], - _dd.appsec.s.res.headers: [{"content-type":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"content-type":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=blocking_url=_.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=blocking_url=_.verified.txt index a91a170155ba..0a0aedd2819e 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=blocking_url=_.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=blocking_url=_.verified.txt @@ -25,9 +25,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -67,9 +67,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -151,9 +151,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -193,9 +193,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt index d11569c0745f..1190f94c5d6f 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt @@ -30,8 +30,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -77,8 +77,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -171,8 +171,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -218,8 +218,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt index 9af6dba4863f..2cf8e0543516 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt @@ -30,8 +30,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -77,8 +77,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -171,8 +171,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -218,8 +218,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt index 0060bd47abcb..a489121499ac 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt @@ -30,8 +30,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -77,8 +77,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -171,8 +171,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -218,8 +218,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt index 6ccd04eb5b48..2f235edc7802 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt @@ -26,7 +26,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,7 +68,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,7 +110,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,7 +152,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +194,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 9df454b9e0c4..56fabdb9fef3 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -29,8 +29,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -74,8 +74,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -119,8 +119,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -164,8 +164,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -209,8 +209,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt index 29daaa98aae0..3b7b42ceb60a 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt @@ -29,7 +29,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -74,7 +74,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +119,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -164,7 +164,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -209,7 +209,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet From bd732ae188662ad95aefdfc9de513205e153041a Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Mon, 7 Oct 2024 11:27:42 +0200 Subject: [PATCH 06/10] UPdate scrubber --- .../ApiSecurity/AspNetCoreApiSecurity.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracer/test/Datadog.Trace.Security.IntegrationTests/ApiSecurity/AspNetCoreApiSecurity.cs b/tracer/test/Datadog.Trace.Security.IntegrationTests/ApiSecurity/AspNetCoreApiSecurity.cs index c15d5901b6d9..ff5c41d8778a 100644 --- a/tracer/test/Datadog.Trace.Security.IntegrationTests/ApiSecurity/AspNetCoreApiSecurity.cs +++ b/tracer/test/Datadog.Trace.Security.IntegrationTests/ApiSecurity/AspNetCoreApiSecurity.cs @@ -66,7 +66,7 @@ public async Task TestApiSecurityScan(string url, string body, HttpStatusCode ex // Simple scrubber for the response content type in .NET 8 // .NET 8 doesn't add the content-length header, whereas previous versions do settings.AddSimpleScrubber( - """_dd.appsec.s.res.headers: [{"content-length":[[[8]],{"len":1}]}],""", + """_dd.appsec.s.res.headers: [{"content-length":[8]}],""", """_dd.appsec.s.res.headers: [{}],"""); #endif await VerifySpans(spans, settings); From 4684468e2184f0b01e413438c3fca4624b51c6be Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Mon, 7 Oct 2024 11:34:46 +0200 Subject: [PATCH 07/10] update snapshot --- ...pectedStatusCode=NoContent_containsAttack=False.verified.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt index f023085aa101..1217484c78e7 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt @@ -41,7 +41,7 @@ span.kind: server, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], _dd.appsec.s.req.headers: [{"connection":[8],"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], - _dd.appsec.s.res.headers: [{"content-length":[8]}], + _dd.appsec.s.res.headers: [{}], _dd.runtime_family: dotnet }, Metrics: { From 4791706d75b1b8adb2eecf12404558616259f4b2 Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Mon, 7 Oct 2024 12:45:38 +0200 Subject: [PATCH 08/10] add scruber to tests --- .../AspNetBase.cs | 4 ++++ ...pectedStatusCode=403_url=_health-q=fun.verified.txt | 10 +++++----- ...tedStatusCode=403_url=_Home_LangHeader.verified.txt | 10 +++++----- ...expectedStatusCode=403_url=_status_418.verified.txt | 10 +++++----- ...pectedStatusCode=403_url=_health-q=fun.verified.txt | 10 +++++----- ...tedStatusCode=403_url=_Home_LangHeader.verified.txt | 10 +++++----- ...expectedStatusCode=403_url=_status_418.verified.txt | 10 +++++----- ...tedStatusCode=403_url=_Home_LangHeader.verified.txt | 10 +++++----- 8 files changed, 39 insertions(+), 35 deletions(-) diff --git a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs index 5d2112756a28..669c897c9c1d 100644 --- a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs +++ b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs @@ -49,6 +49,7 @@ public class AspNetBase : TestHelper private static readonly Regex AppSecRaspWafDuration = new(@"_dd.appsec.rasp.duration: \d+\.0", RegexOptions.IgnoreCase | RegexOptions.Compiled); private static readonly Regex AppSecRaspWafDurationWithBindings = new(@"_dd.appsec.rasp.duration_ext: \d+\.0", RegexOptions.IgnoreCase | RegexOptions.Compiled); private static readonly Regex AppSecFingerPrintHeaders = new(@"_dd.appsec.fp.http.header: hdr-\d+-\S*-\d+-\S*", RegexOptions.IgnoreCase | RegexOptions.Compiled); + private static readonly Regex AppSecFingerPrintNetwork = new(@"_dd.appsec.fp.http.network: net-\d+-\d+", RegexOptions.IgnoreCase | RegexOptions.Compiled); private static readonly Regex AppSecSpanIdRegex = (new Regex("\"span_id\":\\d+")); private static readonly Type MetaStructHelperType = Type.GetType("Datadog.Trace.AppSec.Rasp.MetaStructHelper, Datadog.Trace"); private static readonly MethodInfo MetaStructByteArrayToObject = MetaStructHelperType.GetMethod("ByteArrayToObject", BindingFlags.Public | BindingFlags.Static); @@ -59,12 +60,14 @@ public class AspNetBase : TestHelper private readonly JsonSerializerSettings _jsonSerializerSettingsOrderProperty; private readonly bool _clearMetaStruct; private int _httpPort; + private bool _autoApproveChanges = false; #pragma warning restore SA1202 // Elements should be ordered by access #pragma warning restore SA1401 // Fields should be private public AspNetBase(string sampleName, ITestOutputHelper outputHelper, string shutdownPath, string samplesDir = null, string testName = null, bool clearMetaStruct = false) : base(Prefix + sampleName, samplesDir ?? "test/test-applications/security", outputHelper) { + OverwriteVerifiedSpans(); _testName = Prefix + (testName ?? sampleName); _cookieContainer = new CookieContainer(); var handler = new HttpClientHandler(); @@ -123,6 +126,7 @@ public async Task TestAppSecRequestWithVerifyAsync(MockTracerAgent agent, string public void ScrubFingerprintHeaders(VerifySettings settings) { settings.AddRegexScrubber(AppSecFingerPrintHeaders, "_dd.appsec.fp.http.header: "); + settings.AddRegexScrubber(AppSecFingerPrintNetwork, "_dd.appsec.fp.http.network: "); } public async Task VerifySpans(IImmutableList spans, VerifySettings settings, bool testInit = false, string methodNameOverride = null, string testName = null, bool forceMetaStruct = false, string fileNameOverride = null) diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt index 2f235edc7802..e4adfb339e7c 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt @@ -26,7 +26,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,7 +68,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,7 +110,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,7 +152,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +194,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 56fabdb9fef3..c4d8c0f3d7c2 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -29,7 +29,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -74,7 +74,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +119,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -164,7 +164,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -209,7 +209,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-2-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt index 3b7b42ceb60a..f7fb29150387 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt @@ -29,7 +29,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -74,7 +74,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +119,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -164,7 +164,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -209,7 +209,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt index 10654ed5d193..d50da05768c3 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt @@ -26,7 +26,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,7 +68,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,7 +110,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,7 +152,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +194,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 8ffdfd4ab6e2..8106987ad0f4 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -30,7 +30,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,7 +76,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,7 +122,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -168,7 +168,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -214,7 +214,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt index 49b9bfbd2117..75ec3080c70d 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt @@ -30,7 +30,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,7 +76,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,7 +122,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -168,7 +168,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -214,7 +214,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 6854529f0bcc..eb7235521c81 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -30,7 +30,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,7 +76,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,7 +122,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -168,7 +168,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -214,7 +214,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet From 5d31bf3539743519dd8652b831cad5e1f180d538 Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Mon, 7 Oct 2024 14:06:39 +0200 Subject: [PATCH 09/10] fix --- .../AspNetBase.cs | 57 +++++++++++++++---- 1 file changed, 46 insertions(+), 11 deletions(-) diff --git a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs index 669c897c9c1d..7c4f55164d5e 100644 --- a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs +++ b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs @@ -67,7 +67,6 @@ public class AspNetBase : TestHelper public AspNetBase(string sampleName, ITestOutputHelper outputHelper, string shutdownPath, string samplesDir = null, string testName = null, bool clearMetaStruct = false) : base(Prefix + sampleName, samplesDir ?? "test/test-applications/security", outputHelper) { - OverwriteVerifiedSpans(); _testName = Prefix + (testName ?? sampleName); _cookieContainer = new CookieContainer(); var handler = new HttpClientHandler(); @@ -222,20 +221,56 @@ public async Task VerifySpans(IImmutableList spans, VerifySettings set || s.Metrics["_dd.appsec.rasp.duration"] < s.Metrics["_dd.appsec.rasp.duration_ext"]); } - if (string.IsNullOrEmpty(fileNameOverride)) + try { - // Overriding the type name here as we have multiple test classes in the file - // Ensures that we get nice file nesting in Solution Explorer - await Verifier.Verify(spans, settings) - .UseMethodName(methodNameOverride ?? "_") - .UseTypeName(testName ?? GetTestName()); + if (string.IsNullOrEmpty(fileNameOverride)) + { + // Overriding the type name here as we have multiple test classes in the file + // Ensures that we get nice file nesting in Solution Explorer + await Verifier.Verify(spans, settings) + .UseMethodName(methodNameOverride ?? "_") + .UseTypeName(testName ?? GetTestName()); + } + else + { + await VerifyHelper.VerifySpans(spans, settings) + .UseFileName(fileNameOverride) + .DisableRequireUniquePrefix(); + } } - else + catch (Exception ex) { - await VerifyHelper.VerifySpans(spans, settings) - .UseFileName(fileNameOverride) - .DisableRequireUniquePrefix(); + if (_autoApproveChanges) + { + var receivedPos = ex.Message.IndexOf("Received: ") + "Received: ".Length; + var verifiedPosInit = ex.Message.IndexOf("Verified: "); + var verifiedPosEnd = verifiedPosInit + "Verified: ".Length; + var contentPos = ex.Message.IndexOf("Received Content:"); + var receivedFile = ex.Message.Substring(receivedPos, verifiedPosInit - receivedPos - 1).Trim(); + var verifiedFile = ex.Message.Substring(verifiedPosEnd, contentPos - verifiedPosEnd - 1).Trim(); + var path = Path.Combine("C:\\CommonFolder\\shared\\repos\\dd-trace-6\\tracer\\test\\tetetet", "..", "snapshots"); + + if (!string.IsNullOrEmpty(receivedFile) && !string.IsNullOrEmpty(verifiedFile)) + { + File.Copy(Path.Combine(path, receivedFile), Path.Combine(path, verifiedFile), true); + } + } + + throw; } + + CheckThatOverwriteVerifiedSnapshotsIsNotEnabled(); + } + + public void OverwriteVerifiedSpans() + { + _autoApproveChanges = true; + } + + public void CheckThatOverwriteVerifiedSnapshotsIsNotEnabled() + { + Console.Write(_autoApproveChanges); + // _autoVerify.Should().NotBe(true, "Please, disable _autoVerify"); } public void StacksMetaStructScrubbing(MockSpan target) From 39557e543ffb9d14af4524867c19f7b44cd28612 Mon Sep 17 00:00:00 2001 From: NachoEchevarria Date: Tue, 8 Oct 2024 10:10:34 +0200 Subject: [PATCH 10/10] undo not required change --- .../AspNetBase.cs | 57 ++++--------------- 1 file changed, 10 insertions(+), 47 deletions(-) diff --git a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs index 7c4f55164d5e..4419a6441762 100644 --- a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs +++ b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs @@ -60,7 +60,6 @@ public class AspNetBase : TestHelper private readonly JsonSerializerSettings _jsonSerializerSettingsOrderProperty; private readonly bool _clearMetaStruct; private int _httpPort; - private bool _autoApproveChanges = false; #pragma warning restore SA1202 // Elements should be ordered by access #pragma warning restore SA1401 // Fields should be private @@ -221,56 +220,20 @@ public async Task VerifySpans(IImmutableList spans, VerifySettings set || s.Metrics["_dd.appsec.rasp.duration"] < s.Metrics["_dd.appsec.rasp.duration_ext"]); } - try + if (string.IsNullOrEmpty(fileNameOverride)) { - if (string.IsNullOrEmpty(fileNameOverride)) - { - // Overriding the type name here as we have multiple test classes in the file - // Ensures that we get nice file nesting in Solution Explorer - await Verifier.Verify(spans, settings) - .UseMethodName(methodNameOverride ?? "_") - .UseTypeName(testName ?? GetTestName()); - } - else - { - await VerifyHelper.VerifySpans(spans, settings) - .UseFileName(fileNameOverride) - .DisableRequireUniquePrefix(); - } + // Overriding the type name here as we have multiple test classes in the file + // Ensures that we get nice file nesting in Solution Explorer + await Verifier.Verify(spans, settings) + .UseMethodName(methodNameOverride ?? "_") + .UseTypeName(testName ?? GetTestName()); } - catch (Exception ex) + else { - if (_autoApproveChanges) - { - var receivedPos = ex.Message.IndexOf("Received: ") + "Received: ".Length; - var verifiedPosInit = ex.Message.IndexOf("Verified: "); - var verifiedPosEnd = verifiedPosInit + "Verified: ".Length; - var contentPos = ex.Message.IndexOf("Received Content:"); - var receivedFile = ex.Message.Substring(receivedPos, verifiedPosInit - receivedPos - 1).Trim(); - var verifiedFile = ex.Message.Substring(verifiedPosEnd, contentPos - verifiedPosEnd - 1).Trim(); - var path = Path.Combine("C:\\CommonFolder\\shared\\repos\\dd-trace-6\\tracer\\test\\tetetet", "..", "snapshots"); - - if (!string.IsNullOrEmpty(receivedFile) && !string.IsNullOrEmpty(verifiedFile)) - { - File.Copy(Path.Combine(path, receivedFile), Path.Combine(path, verifiedFile), true); - } - } - - throw; + await VerifyHelper.VerifySpans(spans, settings) + .UseFileName(fileNameOverride) + .DisableRequireUniquePrefix(); } - - CheckThatOverwriteVerifiedSnapshotsIsNotEnabled(); - } - - public void OverwriteVerifiedSpans() - { - _autoApproveChanges = true; - } - - public void CheckThatOverwriteVerifiedSnapshotsIsNotEnabled() - { - Console.Write(_autoApproveChanges); - // _autoVerify.Should().NotBe(true, "Please, disable _autoVerify"); } public void StacksMetaStructScrubbing(MockSpan target)