Skip to content

Commit 3967cf5

Browse files
watsonwatson
committed
AI fix
1 parent 4ef6074 commit 3967cf5

232 files changed

Lines changed: 1886 additions & 772 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

integration-tests/appsec/graphql.spec.js

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
const assert = require('node:assert/strict')
44
const path = require('path')
5+
const { inspect } = require('node:util')
56
const axios = require('axios')
67

78
const {
@@ -40,12 +41,15 @@ describe('graphql', () => {
4041
it('should not report any attack', async () => {
4142
const agentPromise = agent.assertMessageReceived(({ headers, payload }) => {
4243
assert.strictEqual(headers.host, `127.0.0.1:${agent.port}`)
43-
assert.ok(Array.isArray(payload))
44+
assert.ok(Array.isArray(payload), `Expected array, got ${inspect(payload)}`)
4445
assert.strictEqual(payload.length, 2)
4546
// Apollo server 5 is using Node.js http server instead of express
4647
assert.strictEqual(payload[1][0].name, 'web.request')
4748
assert.strictEqual(payload[1][0].metrics['_dd.appsec.enabled'], 1)
48-
assert.ok(Object.hasOwn(payload[1][0].metrics, '_dd.appsec.waf.duration'))
49+
assert.ok(
50+
Object.hasOwn(payload[1][0].metrics, '_dd.appsec.waf.duration'),
51+
`Available keys: ${inspect(Object.keys(payload[1][0].metrics))}`
52+
)
4953
assert.ok(!('_dd.appsec.event' in payload[1][0].meta))
5054
assert.ok(!('_dd.appsec.json' in payload[1][0].meta))
5155
})
@@ -102,14 +106,20 @@ describe('graphql', () => {
102106

103107
const agentPromise = agent.assertMessageReceived(({ headers, payload }) => {
104108
assert.strictEqual(headers.host, `127.0.0.1:${agent.port}`)
105-
assert.ok(Array.isArray(payload))
109+
assert.ok(Array.isArray(payload), `Expected array, got ${inspect(payload)}`)
106110
assert.strictEqual(payload.length, 2)
107111
// Apollo server 5 is using Node.js http server instead of express
108112
assert.strictEqual(payload[1][0].name, 'web.request')
109113
assert.strictEqual(payload[1][0].metrics['_dd.appsec.enabled'], 1)
110-
assert.ok(Object.hasOwn(payload[1][0].metrics, '_dd.appsec.waf.duration'))
114+
assert.ok(
115+
Object.hasOwn(payload[1][0].metrics, '_dd.appsec.waf.duration'),
116+
`Available keys: ${inspect(Object.keys(payload[1][0].metrics))}`
117+
)
111118
assert.strictEqual(payload[1][0].meta['appsec.event'], 'true')
112-
assert.ok(Object.hasOwn(payload[1][0].meta, '_dd.appsec.json'))
119+
assert.ok(
120+
Object.hasOwn(payload[1][0].meta, '_dd.appsec.json'),
121+
`Available keys: ${inspect(Object.keys(payload[1][0].meta))}`
122+
)
113123
assert.deepStrictEqual(JSON.parse(payload[1][0].meta['_dd.appsec.json']), result)
114124
})
115125

integration-tests/appsec/headers-collection.spec.js

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
const assert = require('node:assert/strict')
44
const path = require('path')
5+
const { inspect } = require('node:util')
56
const Axios = require('axios')
67

78
const {
@@ -56,7 +57,10 @@ describe('AppSec headers collection - Express', () => {
5657
requestHeaders.length
5758
)
5859
requestHeaders.forEach((headerName) => {
59-
assert.ok(Object.hasOwn(payload[0][0].meta, `http.request.headers.${headerName}`))
60+
assert.ok(
61+
Object.hasOwn(payload[0][0].meta, `http.request.headers.${headerName}`),
62+
`Available keys: ${inspect(Object.keys(payload[0][0].meta))}`
63+
)
6064
})
6165

6266
// Response headers
@@ -65,7 +69,10 @@ describe('AppSec headers collection - Express', () => {
6569
responseHeaders.length
6670
)
6771
responseHeaders.forEach((headerName) => {
68-
assert.ok(Object.hasOwn(payload[0][0].meta, `http.response.headers.${headerName}`))
72+
assert.ok(
73+
Object.hasOwn(payload[0][0].meta, `http.response.headers.${headerName}`),
74+
`Available keys: ${inspect(Object.keys(payload[0][0].meta))}`
75+
)
6976
})
7077
})
7178
}

integration-tests/appsec/iast-esbuild.spec.js

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ const { setTimeout } = require('timers/promises')
66
const childProcess = require('child_process')
77
const fs = require('fs')
88
const path = require('path')
9-
const { promisify } = require('util')
9+
const { promisify, inspect } = require('util')
1010
const Axios = require('axios')
1111
const msgpack = require('@msgpack/msgpack')
1212

@@ -46,7 +46,7 @@ describe('esbuild support for IAST', () => {
4646
return agent.assertMessageReceived(({ payload }) => {
4747
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
4848
spans.forEach(span => {
49-
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
49+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'), `Available keys: ${inspect(Object.keys(span.meta))}`)
5050
const spanIastData = JSON.parse(span.meta['_dd.iast.json'])
5151
assert.strictEqual(spanIastData.vulnerabilities[0].type, 'COMMAND_INJECTION')
5252
assert.strictEqual(spanIastData.vulnerabilities[0].location.path, expectedPath)
@@ -55,7 +55,10 @@ describe('esbuild support for IAST', () => {
5555
}
5656

5757
const ddStack = msgpack.decode(span.meta_struct['_dd.stack'])
58-
assert.ok(Object.hasOwn(ddStack.vulnerability[0], 'frames'))
58+
assert.ok(
59+
Object.hasOwn(ddStack.vulnerability[0], 'frames'),
60+
`Available keys: ${inspect(Object.keys(ddStack.vulnerability[0]))}`
61+
)
5962
assert.ok(ddStack.vulnerability[0].frames.length > 0, `Expected ${ddStack.vulnerability[0].frames.length} > 0`)
6063
})
6164
}, null, 1, true)

integration-tests/appsec/iast-stack-traces-with-sourcemaps.spec.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ const assert = require('node:assert/strict')
44

55
const childProcess = require('child_process')
66
const path = require('path')
7+
const { inspect } = require('node:util')
78
const Axios = require('axios')
89
const { sandboxCwd, useSandbox, spawnProc, FakeAgent, stopProc } = require('../helpers')
910
describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
@@ -64,7 +65,7 @@ describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
6465
await agent.assertMessageReceived(({ payload }) => {
6566
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
6667
spans.forEach(span => {
67-
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
68+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'), `Available keys: ${inspect(Object.keys(span.meta))}`)
6869
const iastJsonObject = JSON.parse(span.meta['_dd.iast.json'])
6970

7071
assert.strictEqual(iastJsonObject.vulnerabilities.some(vulnerability => {
@@ -96,7 +97,7 @@ describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
9697
await agent.assertMessageReceived(({ payload }) => {
9798
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
9899
spans.forEach(span => {
99-
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
100+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'), `Available keys: ${inspect(Object.keys(span.meta))}`)
100101
const iastJsonObject = JSON.parse(span.meta['_dd.iast.json'])
101102

102103
assert.strictEqual(iastJsonObject.vulnerabilities.some(vulnerability => {

integration-tests/appsec/iast.esm-security-controls.spec.js

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
const assert = require('node:assert/strict')
44

55
const path = require('path')
6+
const { inspect } = require('node:util')
67
const Axios = require('axios')
78
const { sandboxCwd, useSandbox, spawnProc, FakeAgent, stopProc } = require('../helpers')
89
describe('ESM Security controls', () => {
@@ -51,7 +52,7 @@ describe('ESM Security controls', () => {
5152
await agent.assertMessageReceived(({ payload }) => {
5253
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
5354
spans.forEach(span => {
54-
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
55+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'), `Available keys: ${inspect(Object.keys(span.meta))}`)
5556
assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
5657
})
5758
}, null, 1, true)
@@ -64,7 +65,10 @@ describe('ESM Security controls', () => {
6465
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
6566
spans.forEach(span => {
6667
assert.ok(!('_dd.iast.json' in span.meta))
67-
assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
68+
assert.ok(
69+
Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'),
70+
`Available keys: ${inspect(Object.keys(span.metrics))}`
71+
)
6872
})
6973
}, null, 1, true)
7074
})
@@ -76,7 +80,10 @@ describe('ESM Security controls', () => {
7680
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
7781
spans.forEach(span => {
7882
assert.ok(!('_dd.iast.json' in span.meta))
79-
assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
83+
assert.ok(
84+
Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'),
85+
`Available keys: ${inspect(Object.keys(span.metrics))}`
86+
)
8087
})
8188
}, null, 1, true)
8289
})
@@ -87,7 +94,7 @@ describe('ESM Security controls', () => {
8794
await agent.assertMessageReceived(({ payload }) => {
8895
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
8996
spans.forEach(span => {
90-
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
97+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'), `Available keys: ${inspect(Object.keys(span.meta))}`)
9198
assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
9299
})
93100
}, null, 1, true)
@@ -100,7 +107,10 @@ describe('ESM Security controls', () => {
100107
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
101108
spans.forEach(span => {
102109
assert.ok(!('_dd.iast.json' in span.meta))
103-
assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
110+
assert.ok(
111+
Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'),
112+
`Available keys: ${inspect(Object.keys(span.metrics))}`
113+
)
104114
})
105115
}, null, 1, true)
106116
})
@@ -112,7 +122,10 @@ describe('ESM Security controls', () => {
112122
const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
113123
spans.forEach(span => {
114124
assert.ok(!('_dd.iast.json' in span.meta))
115-
assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
125+
assert.ok(
126+
Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'),
127+
`Available keys: ${inspect(Object.keys(span.metrics))}`
128+
)
116129
})
117130
}, null, 1, true)
118131
})

integration-tests/appsec/iast.esm.spec.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
const assert = require('node:assert/strict')
44

55
const path = require('path')
6+
const { inspect } = require('node:util')
67
const Axios = require('axios')
78
const { sandboxCwd, useSandbox, spawnProc, FakeAgent, stopProc } = require('../helpers')
89
describe('ESM', () => {
@@ -65,7 +66,7 @@ describe('ESM', () => {
6566

6667
await agent.assertMessageReceived(({ payload }) => {
6768
verifySpan(payload, span => {
68-
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
69+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'), `Available keys: ${inspect(Object.keys(span.meta))}`)
6970
assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
7071
})
7172
}, null, 1, true)
@@ -76,7 +77,7 @@ describe('ESM', () => {
7677

7778
await agent.assertMessageReceived(({ payload }) => {
7879
verifySpan(payload, span => {
79-
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
80+
assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'), `Available keys: ${inspect(Object.keys(span.meta))}`)
8081
assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
8182
})
8283
}, null, 1, true)

integration-tests/appsec/index.spec.js

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
const assert = require('node:assert/strict')
44

55
const path = require('path')
6+
const { inspect } = require('node:util')
67
const Axios = require('axios')
78
const msgpack = require('@msgpack/msgpack')
89
const { sandboxCwd, useSandbox, FakeAgent, spawnProc, stopProc } = require('../helpers')
@@ -51,18 +52,27 @@ describe('RASP', () => {
5152

5253
async function assertExploitDetected () {
5354
await agent.assertMessageReceived(({ headers, payload }) => {
54-
assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.appsec.json'))
55+
assert.ok(
56+
Object.hasOwn(payload[0][0].meta, '_dd.appsec.json'),
57+
`Available keys: ${inspect(Object.keys(payload[0][0].meta))}`
58+
)
5559
assert.match(payload[0][0].meta['_dd.appsec.json'], /"test-rule-id-2"/)
5660
})
5761
}
5862

5963
async function assertBodyReported (expectedBody, truncated) {
6064
await agent.assertMessageReceived(({ headers, payload }) => {
61-
assert.ok(Object.hasOwn(payload[0][0].meta_struct, 'http.request.body'))
65+
assert.ok(
66+
Object.hasOwn(payload[0][0].meta_struct, 'http.request.body'),
67+
`Available keys: ${inspect(Object.keys(payload[0][0].meta_struct))}`
68+
)
6269
assert.deepStrictEqual(msgpack.decode(payload[0][0].meta_struct['http.request.body']), expectedBody)
6370

6471
if (truncated) {
65-
assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.appsec.rasp.request_body_size.exceeded'))
72+
assert.ok(
73+
Object.hasOwn(payload[0][0].meta, '_dd.appsec.rasp.request_body_size.exceeded'),
74+
`Available keys: ${inspect(Object.keys(payload[0][0].meta))}`
75+
)
6676
}
6777
})
6878
}

integration-tests/appsec/multer.spec.js

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
const assert = require('node:assert/strict')
44

55
const path = require('node:path')
6+
const { inspect } = require('node:util')
67
const axios = require('axios')
78
const { describe, it, beforeEach, afterEach, before } = require('mocha')
89

@@ -96,13 +97,13 @@ describe('multer', () => {
9697

9798
describe('IAST', () => {
9899
function assertCmdInjection ({ payload }) {
99-
assert.ok(Array.isArray(payload))
100+
assert.ok(Array.isArray(payload), `Expected array, got ${inspect(payload)}`)
100101
assert.strictEqual(payload.length, 1)
101-
assert.ok(Array.isArray(payload[0]))
102+
assert.ok(Array.isArray(payload[0]), `Expected array, got ${inspect(payload[0])}`)
102103

103104
const { meta } = payload[0][0]
104105

105-
assert.ok(Object.hasOwn(meta, '_dd.iast.json'))
106+
assert.ok(Object.hasOwn(meta, '_dd.iast.json'), `Available keys: ${inspect(Object.keys(meta))}`)
106107

107108
const iastJson = JSON.parse(meta['_dd.iast.json'])
108109

0 commit comments

Comments
 (0)