chore(asm): waf update to 1.20.0 (#11016)

Update libddwaf to [last version 1.20.0](https://github.com/DataDog/libddwaf/releases/tag/1.20.0) ## Checklist - [x] PR author has checked that all the criteria below are met - The PR description includes an overview of the change - The PR description articulates the motivation for the change - The change includes tests OR the PR description describes a testing strategy - The PR description notes risks associated with the change, if any - Newly-added code is easy to change - The change follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) - The change includes or references documentation updates if necessary - Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) ## Reviewer Checklist - [ ] Reviewer has checked that all the criteria below are met - Title is accurate - All changes are related to the pull request's stated goal - Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - Testing strategy adequately addresses listed risks - Newly-added code is easy to change - Release note makes sense to a user of the library - If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
DataDog · Oct 14, 2024 · bca862d · bca862d
1 parent e3300c9
commit bca862d
Show file tree

Hide file tree

Showing 28 changed files with 30 additions and 26 deletions.
diff --git a/setup.py b/setup.py
@@ -55,7 +55,7 @@
 
 CURRENT_OS = platform.system()
 
-LIBDDWAF_VERSION = "1.19.1"
+LIBDDWAF_VERSION = "1.20.0"
 
 RUST_MINIMUM_VERSION = "1.71" # Safe guess: 1.71 is about a year old as of 2024-07-03
 

diff --git a/tests/appsec/appsec/test_processor.py b/tests/appsec/appsec/test_processor.py
@@ -152,6 +152,7 @@ def test_headers_collection(tracer):
  "meta." + FINGERPRINTING.NETWORK,
  "meta." + FINGERPRINTING.HEADER,
  "meta." + FINGERPRINTING.ENDPOINT,
+ "meta." + FINGERPRINTING.SESSION,
  ],
 )
 def test_appsec_cookies_no_collection_snapshot(tracer):
@@ -179,6 +180,7 @@ def test_appsec_cookies_no_collection_snapshot(tracer):
  "meta." + FINGERPRINTING.NETWORK,
  "meta." + FINGERPRINTING.HEADER,
  "meta." + FINGERPRINTING.ENDPOINT,
+ "meta." + FINGERPRINTING.SESSION,
  ],
 )
 def test_appsec_body_no_collection_snapshot(tracer):
@@ -277,6 +279,7 @@ def test_ip_update_rules_expired_no_block(tracer):
  "meta." + FINGERPRINTING.NETWORK,
  "meta." + FINGERPRINTING.HEADER,
  "meta." + FINGERPRINTING.ENDPOINT,
+ "meta." + FINGERPRINTING.SESSION,
  ],
 )
 def test_appsec_span_tags_snapshot(tracer):

diff --git a/tests/contrib/django/test_django_appsec_snapshots.py b/tests/contrib/django/test_django_appsec_snapshots.py
@@ -100,6 +100,7 @@ def test_appsec_enabled():
  "meta." + FINGERPRINTING.NETWORK,
  "meta." + FINGERPRINTING.HEADER,
  "meta." + FINGERPRINTING.ENDPOINT,
+ "meta." + FINGERPRINTING.SESSION,
  ]
 )
 def test_appsec_enabled_attack():

diff --git a/...snapshots/tests.appsec.appsec.test_processor.test_appsec_body_no_collection_snapshot.json b/...snapshots/tests.appsec.appsec.test_processor.test_appsec_body_no_collection_snapshot.json
@@ -10,7 +10,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"nfd-000-006\",\n \"name\": \"Detect failed attempt to fetch sensitive files\",\n \"tags\": {\n \"capec\": \"1000/118/169\",\n \"category\": \"attack_attempt\",\n \"confidence\": \"1\",\n \"cwe\": \"200\",\n \"type\": \"security_scanner\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"^404$\",\n \"parameters\": [\n {\n \"address\": \"server.response.status\",\n \"highlight\": [\n \"404\"\n ],\n \"key_path\": [],\n \"value\": \"404\"\n }\n ]\n },\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"\\\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)\",\n \"parameters\": [\n {\n \"address\": \"server.request.uri.raw\",\n \"highlight\": [\n \".git\"\n ],\n \"key_path\": [],\n \"value\": \"/.git\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",
  "_dd.p.dm": "-5",

diff --git a/...pshots/tests.appsec.appsec.test_processor.test_appsec_cookies_no_collection_snapshot.json b/...pshots/tests.appsec.appsec.test_processor.test_appsec_cookies_no_collection_snapshot.json
@@ -10,7 +10,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"nfd-000-006\",\n \"name\": \"Detect failed attempt to fetch sensitive files\",\n \"tags\": {\n \"capec\": \"1000/118/169\",\n \"category\": \"attack_attempt\",\n \"confidence\": \"1\",\n \"cwe\": \"200\",\n \"type\": \"security_scanner\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"^404$\",\n \"parameters\": [\n {\n \"address\": \"server.response.status\",\n \"highlight\": [\n \"404\"\n ],\n \"key_path\": [],\n \"value\": \"404\"\n }\n ]\n },\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"\\\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)\",\n \"parameters\": [\n {\n \"address\": \"server.request.uri.raw\",\n \"highlight\": [\n \".git\"\n ],\n \"key_path\": [],\n \"value\": \"/.git\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",
  "_dd.p.dm": "-5",

diff --git a/tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot.json b/tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot.json
@@ -10,7 +10,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"nfd-000-006\",\n \"name\": \"Detect failed attempt to fetch sensitive files\",\n \"tags\": {\n \"capec\": \"1000/118/169\",\n \"category\": \"attack_attempt\",\n \"confidence\": \"1\",\n \"cwe\": \"200\",\n \"type\": \"security_scanner\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"^404$\",\n \"parameters\": [\n {\n \"address\": \"server.response.status\",\n \"highlight\": [\n \"404\"\n ],\n \"key_path\": [],\n \"value\": \"404\"\n }\n ]\n },\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"\\\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)\",\n \"parameters\": [\n {\n \"address\": \"server.request.uri.raw\",\n \"highlight\": [\n \".git\"\n ],\n \"key_path\": [],\n \"value\": \"/.git\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

diff --git a/...pshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot_with_errors.json b/...pshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot_with_errors.json
@@ -10,7 +10,7 @@
  "meta": {
  "_dd.appsec.event_rules.errors": "{\"missing key 'conditions'\": [\"crs-913-110\"], \"missing key 'tags'\": [\"crs-942-100\"]}",
  "_dd.appsec.event_rules.version": "5.5.5",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.runtime_family": "python",

diff --git a/tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled.json b/tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled.json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...apshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled_attack.json b/...apshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled_attack.json
@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "1.13.1",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"nfd-000-006\",\n \"name\": \"Detect failed attempt to fetch sensitive files\",\n \"tags\": {\n \"capec\": \"1000/118/169\",\n \"category\": \"attack_attempt\",\n \"confidence\": \"1\",\n \"cwe\": \"200\",\n \"type\": \"security_scanner\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"^404$\",\n \"parameters\": [\n {\n \"address\": \"server.response.status\",\n \"highlight\": [\n \"404\"\n ],\n \"key_path\": [],\n \"value\": \"404\"\n }\n ]\n },\n {\n \"operator\": \"match_regex\",\n \"operator_value\": \"\\\\.(cgi|bat|dll|exe|key|cert|crt|pem|der|pkcs|pkcs|pkcs[0-9]*|nsf|jsa|war|java|class|vb|vba|so|git|svn|hg|cvs)([^a-zA-Z0-9_]|$)\",\n \"parameters\": [\n {\n \"address\": \"server.request.uri.raw\",\n \"highlight\": [\n \".git\"\n ],\n \"key_path\": [],\n \"value\": \"/.git\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

diff --git a/...ots/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_match_403.json b/...ots/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_match_403.json
@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[{\"rule\":{\"id\":\"blk-001-001\",\"name\":\"Block IP addresses\",\"on_match\":[\"block\"],\"tags\":{\"category\":\"blocking\",\"type\":\"ip_addresses\"}},\"rule_matches\":[{\"operator\":\"ip_match\",\"operator_value\":\"\",\"parameters\":[{\"address\":\"http.client_ip\",\"key_path\":[],\"value\":\"8.8.4.4\",\"highlight\":[\"8.8.4.4\"]}]}],\"span_id\":10192376353237234254}]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

diff --git a/...ests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_match_403_json.json b/...ests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_match_403_json.json
@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[{\"rule\":{\"id\":\"blk-001-001\",\"name\":\"Block IP addresses\",\"on_match\":[\"block\"],\"tags\":{\"category\":\"blocking\",\"type\":\"ip_addresses\"}},\"rule_matches\":[{\"operator\":\"ip_match\",\"operator_value\":\"\",\"parameters\":[{\"address\":\"http.client_ip\",\"key_path\":[],\"value\":\"8.8.4.4\",\"highlight\":[\"8.8.4.4\"]}]}],\"span_id\":865087550764298227}]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

diff --git a/...s/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_nomatch_200.json b/...s/tests.contrib.django.test_django_appsec_snapshots.test_request_ipblock_nomatch_200.json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...test_appsec_flask_snapshot.test_flask_ipblock_match_403[flask_appsec_good_rules_env].json b/...test_appsec_flask_snapshot.test_flask_ipblock_match_403[flask_appsec_good_rules_env].json
@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-001\",\n \"name\": \"Block IP addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"blocking\",\n \"type\": \"ip_addresses\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"ip_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"http.client_ip\",\n \"highlight\": [\n \"8.8.4.4\"\n ],\n \"key_path\": [],\n \"value\": \"8.8.4.4\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

diff --git a/..._appsec_flask_snapshot.test_flask_ipblock_match_403[flask_appsec_good_rules_env]_220.json b/..._appsec_flask_snapshot.test_flask_ipblock_match_403[flask_appsec_good_rules_env]_220.json
@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-001\",\n \"name\": \"Block IP addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"blocking\",\n \"type\": \"ip_addresses\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"ip_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"http.client_ip\",\n \"highlight\": [\n \"8.8.4.4\"\n ],\n \"key_path\": [],\n \"value\": \"8.8.4.4\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

diff --git a/...appsec_flask_snapshot.test_flask_ipblock_match_403_json[flask_appsec_good_rules_env].json b/...appsec_flask_snapshot.test_flask_ipblock_match_403_json[flask_appsec_good_rules_env].json
@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-001\",\n \"name\": \"Block IP addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"blocking\",\n \"type\": \"ip_addresses\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"ip_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"http.client_ip\",\n \"highlight\": [\n \"8.8.4.4\"\n ],\n \"key_path\": [],\n \"value\": \"8.8.4.4\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

diff --git a/...ec_flask_snapshot.test_flask_ipblock_match_403_json[flask_appsec_good_rules_env]_220.json b/...ec_flask_snapshot.test_flask_ipblock_match_403_json[flask_appsec_good_rules_env]_220.json
@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-001\",\n \"name\": \"Block IP addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"blocking\",\n \"type\": \"ip_addresses\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"ip_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"http.client_ip\",\n \"highlight\": [\n \"8.8.4.4\"\n ],\n \"key_path\": [],\n \"value\": \"8.8.4.4\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

diff --git a/...st_appsec_flask_snapshot.test_flask_processexec_osspawn[flask_appsec_good_rules_env].json b/...st_appsec_flask_snapshot.test_flask_processexec_osspawn[flask_appsec_good_rules_env].json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...ppsec_flask_snapshot.test_flask_processexec_osspawn[flask_appsec_good_rules_env]_220.json b/...ppsec_flask_snapshot.test_flask_processexec_osspawn[flask_appsec_good_rules_env]_220.json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...t_appsec_flask_snapshot.test_flask_processexec_ossystem[flask_appsec_good_rules_env].json b/...t_appsec_flask_snapshot.test_flask_processexec_ossystem[flask_appsec_good_rules_env].json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...psec_flask_snapshot.test_flask_processexec_ossystem[flask_appsec_good_rules_env]_220.json b/...psec_flask_snapshot.test_flask_processexec_ossystem[flask_appsec_good_rules_env]_220.json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...hot.test_flask_processexec_subprocesscommunicatenoshell[flask_appsec_good_rules_env].json b/...hot.test_flask_processexec_subprocesscommunicatenoshell[flask_appsec_good_rules_env].json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...test_flask_processexec_subprocesscommunicatenoshell[flask_appsec_good_rules_env]_220.json b/...test_flask_processexec_subprocesscommunicatenoshell[flask_appsec_good_rules_env]_220.json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...pshot.test_flask_processexec_subprocesscommunicateshell[flask_appsec_good_rules_env].json b/...pshot.test_flask_processexec_subprocesscommunicateshell[flask_appsec_good_rules_env].json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...t.test_flask_processexec_subprocesscommunicateshell[flask_appsec_good_rules_env]_220.json b/...t.test_flask_processexec_subprocesscommunicateshell[flask_appsec_good_rules_env]_220.json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...psec_flask_snapshot.test_flask_userblock_match_200_json[flask_appsec_good_rules_env].json b/...psec_flask_snapshot.test_flask_userblock_match_200_json[flask_appsec_good_rules_env].json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/..._flask_snapshot.test_flask_userblock_match_200_json[flask_appsec_good_rules_env]_220.json b/..._flask_snapshot.test_flask_userblock_match_200_json[flask_appsec_good_rules_env]_220.json
@@ -10,7 +10,7 @@
  "error": 0,
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.p.dm": "-0",
  "_dd.p.tid": "654a694400000000",

diff --git a/...psec_flask_snapshot.test_flask_userblock_match_403_json[flask_appsec_good_rules_env].json b/...psec_flask_snapshot.test_flask_userblock_match_403_json[flask_appsec_good_rules_env].json
@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-002\",\n \"name\": \"Block User Addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"security_response\",\n \"type\": \"block_user\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"exact_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"usr.id\",\n \"highlight\": [\n \"123456\"\n ],\n \"key_path\": [],\n \"value\": \"123456\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",

diff --git a/..._flask_snapshot.test_flask_userblock_match_403_json[flask_appsec_good_rules_env]_220.json b/..._flask_snapshot.test_flask_userblock_match_403_json[flask_appsec_good_rules_env]_220.json
@@ -11,7 +11,7 @@
  "meta": {
  "_dd.appsec.event_rules.version": "rules_good",
  "_dd.appsec.json": "{\"triggers\":[\n {\n \"rule\": {\n \"id\": \"blk-001-002\",\n \"name\": \"Block User Addresses\",\n \"on_match\": [\n \"block\"\n ],\n \"tags\": {\n \"category\": \"security_response\",\n \"type\": \"block_user\"\n }\n },\n \"rule_matches\": [\n {\n \"operator\": \"exact_match\",\n \"operator_value\": \"\",\n \"parameters\": [\n {\n \"address\": \"usr.id\",\n \"highlight\": [\n \"123456\"\n ],\n \"key_path\": [],\n \"value\": \"123456\"\n }\n ]\n }\n ]\n }\n]}",
- "_dd.appsec.waf.version": "1.19.1",
+ "_dd.appsec.waf.version": "1.20.0",
  "_dd.base_service": "",
  "_dd.origin": "appsec",
  "_dd.p.appsec": "1",