Alejandro González García
Alejandro González García
# What Does This Do - Add SSRF exploit prevention check to HttpClientDecorator # Motivation improve Exploit prevention for SSRF coverage # Additional Notes # Contributor Checklist - [ ]...
# What Does This Do # Motivation # Additional Notes # Contributor Checklist - [ ] Format the title [according the contribution guidelines](https://github.com/DataDog/dd-trace-java/blob/master/CONTRIBUTING.md#title-format) - [ ] Assign the `type:` and...
## Motivation ## Changes ## Workflow 1. ⚠️ Create your PR as draft ⚠️ 2. Work on you PR until the CI passes (if something not related to your task...
## Motivation ## Changes ## Workflow 1. ⚠️ Create your PR as draft ⚠️ 2. Work on you PR until the CI passes (if something not related to your task...
# What Does This Do Adds response body extraction for Jersey JSON endpoints to enable automatic API schema discovery and protection by the Web Application Firewall (WAF). # Motivation #...
# What Does This Do Adds smoke test to probe that response body extraction for RestEasy JSON endpoints to enable automatic API schema discovery and protection by the Web Application...
# What Does This Do Implements the new algorithm for detecting IAST vulnerabilities, where vulnerabilities that were already explored in previous runs for a given endpoint are skipped, ensuring that...
# What Does This Do Add truncation to path, class and method if it's necessary for LocationSuppliers to report XSS vulnerabilities # Motivation [incident-39654](https://dd.enterprise.slack.com/archives/C091R2WTDC5) In this incident, it was reported...
# What Does This Do A fallback is added in case the `http.route` tag is missing. This is necessary because there are several frameworks where the tag is either not...
# What Does This Do This PR adds support for extracting and emitting a unique security_response_id (UUIDv4 format) in AppSec blocking responses, generated by libddwaf `v17.3.0` Implementation flow: 1. **Extraction**...