test(asm): add priority test (#11005)

Add priority test in the threat tests to ensure we don't mark as manual keep all traces. ## Checklist - [x] PR author has checked that all the criteria below are met - The PR description includes an overview of the change - The PR description articulates the motivation for the change - The change includes tests OR the PR description describes a testing strategy - The PR description notes risks associated with the change, if any - Newly-added code is easy to change - The change follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) - The change includes or references documentation updates if necessary - Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) ## Reviewer Checklist - [x] Reviewer has checked that all the criteria below are met - Title is accurate - All changes are related to the pull request's stated goal - Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - Testing strategy adequately addresses listed risks - Newly-added code is easy to change - Release note makes sense to a user of the library - If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
DataDog · Oct 11, 2024 · 217f0c3 · 217f0c3
1 parent 79cd78d
commit 217f0c3
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/tests/appsec/contrib_appsec/utils.py b/tests/appsec/contrib_appsec/utils.py
@@ -128,6 +128,20 @@ def test_simple_attack(self, interface: Interface, root_span, get_tag):
  query = dict(root_span()._get_ctx_item("http.request.query"))
  assert query == {"q": "1"} or query == {"q": ["1"]}
 
+ @pytest.mark.parametrize("asm_enabled", [True, False])
+ @pytest.mark.parametrize(
+ ("user_agent", "priority"),
+ [("Mozilla/5.0", False), ("Arachni/v1.5.1", True), ("dd-test-scanner-log-block", True)],
+ )
+ def test_priority(self, interface: Interface, root_span, get_tag, asm_enabled, user_agent, priority):
+ """Check that we only set manual keep for traces with appsec events."""
+ with override_global_config(dict(_asm_enabled=asm_enabled)):
+ self.update_tracer(interface)
+ response = interface.client.get("/", headers={"User-Agent": user_agent})
+ assert response.status_code == (403 if user_agent == "dd-test-scanner-log-block" and asm_enabled else 200)
+ span_priority = root_span()._span.context.sampling_priority
+ assert (span_priority == 2) if asm_enabled and priority else (span_priority < 2)
+
  def test_querystrings(self, interface: Interface, root_span):
  with override_global_config(dict(_asm_enabled=True)):
  self.update_tracer(interface)