system-tests icon indicating copy to clipboard operation
system-tests copied to clipboard

Published 20 hours ago verified publisher icon DataDog

Tests for security events in metastruct

Open e-n-0 opened this issue 1 year ago • 5 comments
trafficstars

Motivation

Performance upgrades. RFC Linked

Changes

  • Tests that checks if tracers have moved their security events (appsec and IAST) from their respective tags _dd.appsec.json and _dd.iast.json to meta struct.
  • Tests that checks for fallback compatibility (still using old json tag when the agent doesn't support it) (new scenario)
  • Tests that checks the usage of the new telemetry tag for iast data truncation

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes (if something not related to your task is failing, you can ignore it)
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner. We're working on refining the codeowners file quickly.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

:rocket: Once your PR is reviewed, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • [ ] If PR title starts with [<language>], double-check that only <language> is impacted by the change
  • [ ] No system-tests internal is modified. Otherwise, I have the approval from R&P team
  • [ ] CI is green, or failing jobs are not related to this change (and you are 100% sure about this statement)
  • [ ] A docker base image is modified?
    • [ ] the relevant build-XXX-image label is present
  • [ ] A scenario is added (or removed)?

e-n-0 avatar Jul 16 '24 14:07 e-n-0

You can use ./format.sh to lint almost everything

cbeauchesne avatar Jul 25 '24 15:07 cbeauchesne

Oh thank you I didn't know about that script

e-n-0 avatar Jul 26 '24 09:07 e-n-0

There is some issues with IAST, because I want to trigger a vuln, and all next same vulns in other tests will be deduplicated and thus making these tests failed. Is there a way to trigger a vuln without deduplication, without explicitly set deduplication to false on weblogs, or setting these specific tests in a special scenario?

e-n-0 avatar Jul 26 '24 13:07 e-n-0

There is some issues with IAST, because I want to trigger a vuln, and all next same vulns in other tests will be deduplicated and thus making these tests failed. Is there a way to trigger a vuln without deduplication, without explicitly set deduplication to false on weblogs, or setting these specific tests in a special scenario?

What is the criteria to says that a vulns a the same of a previously reported vulns? if there is something in the HTTP request that is part of this criteria, we could make it different on each call to be sure it's reported? Otherwise, I'm afraid we'll need to set deduplication to false on weblogs :(

cbeauchesne avatar Aug 05 '24 15:08 cbeauchesne

Will be based on #2934

cbeauchesne avatar Aug 27 '24 17:08 cbeauchesne

This have been updated after a pause. Now it can be merged 😄

e-n-0 avatar Nov 28 '24 16:11 e-n-0