Merge branch 'main' into gnufede/iast-improve-regression-test

setup.py

@@ -55,7 +55,7 @@
 
 CURRENT_OS = platform.system()
 
-LIBDDWAF_VERSION = "1.19.1"
+LIBDDWAF_VERSION = "1.20.0"
 
 RUST_MINIMUM_VERSION = "1.71" # Safe guess: 1.71 is about a year old as of 2024-07-03
 

tests/appsec/appsec/test_processor.py

@@ -152,6 +152,7 @@ def test_headers_collection(tracer):
  "meta." + FINGERPRINTING.NETWORK,
  "meta." + FINGERPRINTING.HEADER,
  "meta." + FINGERPRINTING.ENDPOINT,
+ "meta." + FINGERPRINTING.SESSION,
  ],
 )
 def test_appsec_cookies_no_collection_snapshot(tracer):
@@ -179,6 +180,7 @@ def test_appsec_cookies_no_collection_snapshot(tracer):
  "meta." + FINGERPRINTING.NETWORK,
  "meta." + FINGERPRINTING.HEADER,
  "meta." + FINGERPRINTING.ENDPOINT,
+ "meta." + FINGERPRINTING.SESSION,
  ],
 )
 def test_appsec_body_no_collection_snapshot(tracer):
@@ -277,6 +279,7 @@ def test_ip_update_rules_expired_no_block(tracer):
  "meta." + FINGERPRINTING.NETWORK,
  "meta." + FINGERPRINTING.HEADER,
  "meta." + FINGERPRINTING.ENDPOINT,
+ "meta." + FINGERPRINTING.SESSION,
  ],
 )
 def test_appsec_span_tags_snapshot(tracer):

tests/contrib/django/test_django_appsec_snapshots.py

@@ -100,6 +100,7 @@ def test_appsec_enabled():
  "meta." + FINGERPRINTING.NETWORK,
  "meta." + FINGERPRINTING.HEADER,
  "meta." + FINGERPRINTING.ENDPOINT,
+ "meta." + FINGERPRINTING.SESSION,
  ]
 )
 def test_appsec_enabled_attack():

tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_body_no_collection_snapshot.json

@@ -10,7 +10,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"nfd-000-006\",\n \"name\": \"Detect failed attempt to fetch sensitive files\",\n \"tags\": {\n \"capec\": \"1000/118/169\",\n \"category\": \"attack_attempt\",\n \"confidence\": \"1\",\n \"cwe\": \"200\",\n \"type\": \"security_scanner\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"^404$\",\n \"parameters\": [\n {\n \"address\": \"server.response.status\",\n \"highlight\": [\n \"404\"\n ],\n \"key_path\": [],\n \"value\": \"404\"\n }\n ]\n },\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"\\\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)\",\n \"parameters\": [\n {\n \"address\": \"server.request.uri.raw\",\n \"highlight\": [\n \".git\"\n ],\n \"key_path\": [],\n \"value\": \"/.git\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",
  "_dd.p.dm": "-5",

tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_cookies_no_collection_snapshot.json

@@ -10,7 +10,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"nfd-000-006\",\n \"name\": \"Detect failed attempt to fetch sensitive files\",\n \"tags\": {\n \"capec\": \"1000/118/169\",\n \"category\": \"attack_attempt\",\n \"confidence\": \"1\",\n \"cwe\": \"200\",\n \"type\": \"security_scanner\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"^404$\",\n \"parameters\": [\n {\n \"address\": \"server.response.status\",\n \"highlight\": [\n \"404\"\n ],\n \"key_path\": [],\n \"value\": \"404\"\n }\n ]\n },\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"\\\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)\",\n \"parameters\": [\n {\n \"address\": \"server.request.uri.raw\",\n \"highlight\": [\n \".git\"\n ],\n \"key_path\": [],\n \"value\": \"/.git\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",
  "_dd.p.dm": "-5",

tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot.json

@@ -10,7 +10,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"nfd-000-006\",\n \"name\": \"Detect failed attempt to fetch sensitive files\",\n \"tags\": {\n \"capec\": \"1000/118/169\",\n \"category\": \"attack_attempt\",\n \"confidence\": \"1\",\n \"cwe\": \"200\",\n \"type\": \"security_scanner\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"^404$\",\n \"parameters\": [\n {\n \"address\": \"server.response.status\",\n \"highlight\": [\n \"404\"\n ],\n \"key_path\": [],\n \"value\": \"404\"\n }\n ]\n },\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"\\\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)\",\n \"parameters\": [\n {\n \"address\": \"server.request.uri.raw\",\n \"highlight\": [\n \".git\"\n ],\n \"key_path\": [],\n \"value\": \"/.git\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot_with_errors.json

@@ -10,7 +10,7 @@
  "meta": {
  "_dd.appsec.event_rules.errors": "{\"missing key 'conditions'\": [\"crs-913-110\"], \"missing key 'tags'\": [\"crs-942-100\"]}",
  "_dd.appsec.event_rules.version": "5.5.5",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.runtime_family": "python",

tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled.json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled_attack.json

@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"nfd-000-006\",\n \"name\": \"Detect failed attempt to fetch sensitive files\",\n \"tags\": {\n \"capec\": \"1000/118/169\",\n \"category\": \"attack_attempt\",\n \"confidence\": \"1\",\n \"cwe\": \"200\",\n \"type\": \"security_scanner\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"^404$\",\n \"parameters\": [\n {\n \"address\": \"server.response.status\",\n \"highlight\": [\n \"404\"\n ],\n \"key_path\": [],\n \"value\": \"404\"\n }\n ]\n },\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"\\\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)\",\n \"parameters\": [\n {\n \"address\": \"server.request.uri.raw\",\n \"highlight\": [\n \".git\"\n ],\n \"key_path\": [],\n \"value\": \"/.git\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_match_403.json

@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[{\"rule\":{\"id\":\"blk-001-001\",\"name\":\"Block IP addresses\",\"on_match\":[\"block\"],\"tags\":{\"category\":\"blocking\",\"type\":\"ip_addresses\"}},\"rule_matches\":[{\"operator\":\"ip_match\",\"operator_value\":\"\",\"parameters\":[{\"address\":\"http.client_ip\",\"key_path\":[],\"value\":\"8.8.4.4\",\"highlight\":[\"8.8.4.4\"]}]}],\"span_id\":10192376353237234254}]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_match_403_json.json

@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[{\"rule\":{\"id\":\"blk-001-001\",\"name\":\"Block IP addresses\",\"on_match\":[\"block\"],\"tags\":{\"category\":\"blocking\",\"type\":\"ip_addresses\"}},\"rule_matches\":[{\"operator\":\"ip_match\",\"operator_value\":\"\",\"parameters\":[{\"address\":\"http.client_ip\",\"key_path\":[],\"value\":\"8.8.4.4\",\"highlight\":[\"8.8.4.4\"]}]}],\"span_id\":865087550764298227}]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_nomatch_200.json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_ipblock_match_403[flask_appsec_good_rules_env].json

@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-001\",\n \"name\": \"Block IP addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"blocking\",\n \"type\": \"ip_addresses\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"ip_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"http.client_ip\",\n \"highlight\": [\n \"8.8.4.4\"\n ],\n \"key_path\": [],\n \"value\": \"8.8.4.4\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_ipblock_match_403[flask_appsec_good_rules_env]_220.json

@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-001\",\n \"name\": \"Block IP addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"blocking\",\n \"type\": \"ip_addresses\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"ip_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"http.client_ip\",\n \"highlight\": [\n \"8.8.4.4\"\n ],\n \"key_path\": [],\n \"value\": \"8.8.4.4\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_ipblock_match_403_json[flask_appsec_good_rules_env].json

@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-001\",\n \"name\": \"Block IP addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"blocking\",\n \"type\": \"ip_addresses\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"ip_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"http.client_ip\",\n \"highlight\": [\n \"8.8.4.4\"\n ],\n \"key_path\": [],\n \"value\": \"8.8.4.4\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_ipblock_match_403_json[flask_appsec_good_rules_env]_220.json

@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-001\",\n \"name\": \"Block IP addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"blocking\",\n \"type\": \"ip_addresses\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"ip_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"http.client_ip\",\n \"highlight\": [\n \"8.8.4.4\"\n ],\n \"key_path\": [],\n \"value\": \"8.8.4.4\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_osspawn[flask_appsec_good_rules_env].json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_osspawn[flask_appsec_good_rules_env]_220.json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_ossystem[flask_appsec_good_rules_env].json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_ossystem[flask_appsec_good_rules_env]_220.json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_subprocesscommunicatenoshell[flask_appsec_good_rules_env].json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_subprocesscommunicatenoshell[flask_appsec_good_rules_env]_220.json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_subprocesscommunicateshell[flask_appsec_good_rules_env].json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_processexec_subprocesscommunicateshell[flask_appsec_good_rules_env]_220.json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_userblock_match_200_json[flask_appsec_good_rules_env].json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_userblock_match_200_json[flask_appsec_good_rules_env]_220.json

@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_userblock_match_403_json[flask_appsec_good_rules_env].json

@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-002\",\n \"name\": \"Block User Addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"security_response\",\n \"type\": \"block_user\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"exact_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"usr.id\",\n \"highlight\": [\n \"123456\"\n ],\n \"key_path\": [],\n \"value\": \"123456\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

tests/snapshots/tests.contrib.flask.test_appsec_flask_snapshot.test_flask_userblock_match_403_json[flask_appsec_good_rules_env]_220.json

@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-002\",\n \"name\": \"Block User Addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"security_response\",\n \"type\": \"block_user\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"exact_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"usr.id\",\n \"highlight\": [\n \"123456\"\n ],\n \"key_path\": [],\n \"value\": \"123456\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",