test(helper): add request shutdown fingerprint test

Signed-off-by: Alexandre Rulleau <[email protected]>
DataDog · Nov 15, 2024 · b51ecd6 · b51ecd6
1 parent d29533e
commit b51ecd6
Show file tree

Hide file tree

Showing 2 changed files with 123 additions and 9 deletions.
diff --git a/appsec/tests/helper/client_test.cpp b/appsec/tests/helper/client_test.cpp
@@ -7,6 +7,7 @@
 #include <base64.h>
 #include <client.hpp>
 #include <compression.hpp>
+#include <gtest/gtest.h>
 #include <json_helper.hpp>
 #include <network/broker.hpp>
 #include <rapidjson/document.h>
@@ -1763,6 +1764,69 @@ TEST(ClientTest, RequestExecWithAttack)
     }
 }
 
+TEST(ClientTest, RequestShutdownWithAttackAndFingerprint)
+{
+    auto smanager = std::make_shared<service_manager>();
+    auto broker = new mock::broker();
+
+    client c(smanager, std::unique_ptr<mock::broker>(broker));
+
+    set_extension_configuration_to(broker, c, EXTENSION_CONFIGURATION_ENABLED);
+
+    // Request Init
+    {
+        network::request_init::request msg;
+
+        auto query = parameter::map();
+        query.add("query", parameter::string("asdfds"sv));
+
+        msg.data = parameter::map();
+        msg.data.add("server.request.uri.raw", parameter::string("asdfds"sv));
+        msg.data.add("server.request.method", parameter::string("GET"sv));
+        msg.data.add("server.request.query", std::move(query));
+
+        network::request req(std::move(msg));
+
+        std::shared_ptr<network::base_response> res;
+        EXPECT_CALL(*broker, recv(_)).WillOnce(Return(req));
+        EXPECT_CALL(*broker,
+            send(
+                testing::An<const std::shared_ptr<network::base_response> &>()))
+            .WillOnce(DoAll(testing::SaveArg<0>(&res), Return(true)));
+
+        EXPECT_TRUE(c.run_request());
+        auto msg_res =
+            dynamic_cast<network::request_init::response *>(res.get());
+        EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "ok");
+        EXPECT_EQ(msg_res->triggers.size(), 0);
+    }
+
+    // Request Execution
+    {
+        network::request_shutdown::request msg;
+        msg.data = parameter::map();
+        msg.data.add("http.client_ip", parameter::string("192.168.1.1"sv));
+
+        network::request req(std::move(msg));
+
+        std::shared_ptr<network::base_response> res;
+        EXPECT_CALL(*broker, recv(_)).WillOnce(Return(req));
+        EXPECT_CALL(*broker,
+            send(
+                testing::An<const std::shared_ptr<network::base_response> &>()))
+            .WillOnce(DoAll(testing::SaveArg<0>(&res), Return(true)));
+
+        EXPECT_TRUE(c.run_request());
+        auto msg_res =
+            dynamic_cast<network::request_shutdown::response *>(res.get());
+        EXPECT_STREQ(msg_res->actions[0].verdict.c_str(), "block");
+        EXPECT_FALSE(std::regex_match(
+            msg_res->meta["_dd.appsec.fp.http.endpoint"].c_str(),
+            std::regex(
+                "http-get-[A-Za-z0-9]{8}-[A-Za-z0-9]{8}-([A-Za-z0-9]{8})?")));
+    }
+}
+
 TEST(ClientTest, RequestExecWithoutClientInit)
 {
     auto smanager = std::make_shared<service_manager>();

diff --git a/appsec/tests/helper/main.cpp b/appsec/tests/helper/main.cpp
@@ -122,9 +122,9 @@ std::string create_sample_rules_ok()
                 "address": "server.response.code"
               }
             ],
-            "regex":1991,
+            "regex": 1991,
             "options": {
-                "case_sensitive": "false"
+              "case_sensitive": "false"
             }
           },
           "operator": "match_regex"
@@ -164,13 +164,12 @@ std::string create_sample_rules_ok()
             "output": "_dd.appsec.s.req.headers.no_cookies"
           },
           {
-           "inputs": [
-             {
-               "address": "server.request.body"
-             }
-           ],
-           "output": "_dd.appsec.s.req.body"
-         }
+            "inputs": [ {
+                "address": "server.request.body"
+              }
+            ],
+            "output": "_dd.appsec.s.req.body"
+          }
         ],
         "scanners": [
           {
@@ -182,6 +181,57 @@ std::string create_sample_rules_ok()
       },
       "evaluate": false,
       "output": true
+    },
+    {
+      "id": "http-endpoint-fingerprint",
+      "generator": "http_endpoint_fingerprint",
+      "conditions": [
+        {
+          "operator": "exists",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "waf.context.event"
+              },
+              {
+                "address": "server.business_logic.users.login.failure"
+              },
+              {
+                "address": "server.business_logic.users.login.success"
+              }
+            ]
+          }
+        }
+      ],
+      "parameters": {
+        "mappings": [
+          {
+            "method": [
+              {
+                "address": "server.request.method"
+              }
+            ],
+            "uri_raw": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "body": [
+              {
+                "address": "server.request.body"
+              }
+            ],
+            "query": [
+              {
+                "address": "server.request.query"
+              }
+            ],
+            "output": "_dd.appsec.fp.http.endpoint"
+          }
+        ]
+      },
+      "evaluate": false,
+      "output": true
     }
   ],
   "scanners": [],