diff --git a/manifests/dotnet.yml b/manifests/dotnet.yml index d5661fd04a..58023b6c8c 100644 --- a/manifests/dotnet.yml +++ b/manifests/dotnet.yml @@ -365,14 +365,20 @@ tests/: Test_UserLoginSuccessEvent: v2.27.0 Test_UserLoginSuccessEvent_Metrics: missing_feature test_event_tracking_v2.py: - Test_UserLoginFailureEventV2_HeaderCollection: v3.15.0 + Test_UserLoginFailureEventV2_HeaderCollection_AppsecDisabled: v3.15.0 + Test_UserLoginFailureEventV2_HeaderCollection_AppsecEnabled: v3.15.0 Test_UserLoginFailureEventV2_Libddwaf: v3.15.0 - Test_UserLoginFailureEventV2_Metrics: v3.15.0 - Test_UserLoginFailureEventV2_Tags: v3.15.0 - Test_UserLoginSuccessEventV2_HeaderCollection: v3.15.0 + Test_UserLoginFailureEventV2_Metrics_AppsecDisabled: v3.15.0 + Test_UserLoginFailureEventV2_Metrics_AppsecEnabled: v3.15.0 + Test_UserLoginFailureEventV2_Tags_AppsecDisabled: v3.15.0 + Test_UserLoginFailureEventV2_Tags_AppsecEnabled: v3.15.0 + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecDisabled: v3.15.0 + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecEnabled: v3.15.0 Test_UserLoginSuccessEventV2_Libddwaf: v3.15.0 - Test_UserLoginSuccessEventV2_Metrics: v3.15.0 - Test_UserLoginSuccessEventV2_Tags: v3.15.0 + Test_UserLoginSuccessEventV2_Metrics_AppsecDisabled: v3.15.0 + Test_UserLoginSuccessEventV2_Metrics_AppsecEnabled: v3.15.0 + Test_UserLoginSuccessEventV2_Tags_AppsecDisabled: v3.15.0 + Test_UserLoginSuccessEventV2_Tags_AppsecEnabled: v3.15.0 test_extended_header_collection.py: Test_ExtendedHeaderCollection: missing_feature test_extended_request_body_collection.py: diff --git a/manifests/golang.yml b/manifests/golang.yml index 21a654bd06..aa0fba78fc 100644 --- a/manifests/golang.yml +++ b/manifests/golang.yml @@ -425,14 +425,20 @@ tests/: Test_UserLoginSuccessEvent: v1.47.0 Test_UserLoginSuccessEvent_Metrics: v2.1.0-dev test_event_tracking_v2.py: - Test_UserLoginFailureEventV2_HeaderCollection: v2.1.0-dev + Test_UserLoginFailureEventV2_HeaderCollection_AppsecDisabled: v2.1.0-dev + Test_UserLoginFailureEventV2_HeaderCollection_AppsecEnabled: v2.1.0-dev Test_UserLoginFailureEventV2_Libddwaf: v2.1.0-dev - Test_UserLoginFailureEventV2_Metrics: v2.1.0-dev - Test_UserLoginFailureEventV2_Tags: v2.1.0-dev - Test_UserLoginSuccessEventV2_HeaderCollection: v2.1.0-dev + Test_UserLoginFailureEventV2_Metrics_AppsecDisabled: v2.1.0-dev + Test_UserLoginFailureEventV2_Metrics_AppsecEnabled: v2.1.0-dev + Test_UserLoginFailureEventV2_Tags_AppsecDisabled: v2.1.0-dev + Test_UserLoginFailureEventV2_Tags_AppsecEnabled: v2.1.0-dev + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecDisabled: v2.1.0-dev + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecEnabled: v2.1.0-dev Test_UserLoginSuccessEventV2_Libddwaf: v2.1.0-dev - Test_UserLoginSuccessEventV2_Metrics: v2.1.0-dev - Test_UserLoginSuccessEventV2_Tags: v2.1.0-dev + Test_UserLoginSuccessEventV2_Metrics_AppsecDisabled: v2.1.0-dev + Test_UserLoginSuccessEventV2_Metrics_AppsecEnabled: v2.1.0-dev + Test_UserLoginSuccessEventV2_Tags_AppsecDisabled: v2.1.0-dev + Test_UserLoginSuccessEventV2_Tags_AppsecEnabled: v2.1.0-dev test_extended_header_collection.py: Test_ExtendedHeaderCollection: missing_feature test_extended_request_body_collection.py: diff --git a/manifests/java.yml b/manifests/java.yml index 42b8f03ada..ff49b44439 100644 --- a/manifests/java.yml +++ b/manifests/java.yml @@ -1490,28 +1490,46 @@ tests/: '*': v1.48.0 spring-boot-3-native: irrelevant (GraalVM. Tracing support only) test_event_tracking_v2.py: - Test_UserLoginFailureEventV2_HeaderCollection: + Test_UserLoginFailureEventV2_HeaderCollection_AppsecDisabled: + '*': v1.48.0 + spring-boot-3-native: irrelevant (GraalVM. Tracing support only) + Test_UserLoginFailureEventV2_HeaderCollection_AppsecEnabled: '*': v1.48.0 spring-boot-3-native: irrelevant (GraalVM. Tracing support only) Test_UserLoginFailureEventV2_Libddwaf: '*': v1.48.0 spring-boot-3-native: irrelevant (GraalVM. Tracing support only) - Test_UserLoginFailureEventV2_Metrics: + Test_UserLoginFailureEventV2_Metrics_AppsecDisabled: + '*': v1.48.0 + spring-boot-3-native: irrelevant (GraalVM. Tracing support only) + Test_UserLoginFailureEventV2_Metrics_AppsecEnabled: + '*': v1.48.0 + spring-boot-3-native: irrelevant (GraalVM. Tracing support only) + Test_UserLoginFailureEventV2_Tags_AppsecDisabled: '*': v1.48.0 spring-boot-3-native: irrelevant (GraalVM. Tracing support only) - Test_UserLoginFailureEventV2_Tags: + Test_UserLoginFailureEventV2_Tags_AppsecEnabled: '*': v1.48.0 spring-boot-3-native: irrelevant (GraalVM. Tracing support only) - Test_UserLoginSuccessEventV2_HeaderCollection: + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecDisabled: + '*': v1.48.0 + spring-boot-3-native: irrelevant (GraalVM. Tracing support only) + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecEnabled: '*': v1.48.0 spring-boot-3-native: irrelevant (GraalVM. Tracing support only) Test_UserLoginSuccessEventV2_Libddwaf: '*': v1.48.0 spring-boot-3-native: irrelevant (GraalVM. Tracing support only) - Test_UserLoginSuccessEventV2_Metrics: + Test_UserLoginSuccessEventV2_Metrics_AppsecDisabled: + '*': v1.48.0 + spring-boot-3-native: irrelevant (GraalVM. Tracing support only) + Test_UserLoginSuccessEventV2_Metrics_AppsecEnabled: + '*': v1.48.0 + spring-boot-3-native: irrelevant (GraalVM. Tracing support only) + Test_UserLoginSuccessEventV2_Tags_AppsecDisabled: '*': v1.48.0 spring-boot-3-native: irrelevant (GraalVM. Tracing support only) - Test_UserLoginSuccessEventV2_Tags: + Test_UserLoginSuccessEventV2_Tags_AppsecEnabled: '*': v1.48.0 spring-boot-3-native: irrelevant (GraalVM. Tracing support only) test_extended_header_collection.py: diff --git a/manifests/nodejs.yml b/manifests/nodejs.yml index 15d1881287..f0dd0779db 100644 --- a/manifests/nodejs.yml +++ b/manifests/nodejs.yml @@ -919,28 +919,46 @@ tests/: '*': *ref_5_45_0 nextjs: missing_feature test_event_tracking_v2.py: - Test_UserLoginFailureEventV2_HeaderCollection: + Test_UserLoginFailureEventV2_HeaderCollection_AppsecDisabled: + '*': *ref_5_48_0 + nextjs: missing_feature + Test_UserLoginFailureEventV2_HeaderCollection_AppsecEnabled: '*': *ref_5_48_0 nextjs: missing_feature Test_UserLoginFailureEventV2_Libddwaf: '*': *ref_5_48_0 nextjs: missing_feature - Test_UserLoginFailureEventV2_Metrics: + Test_UserLoginFailureEventV2_Metrics_AppsecDisabled: + '*': missing_feature + nextjs: missing_feature + Test_UserLoginFailureEventV2_Metrics_AppsecEnabled: + '*': *ref_5_48_0 + nextjs: missing_feature + Test_UserLoginFailureEventV2_Tags_AppsecDisabled: '*': *ref_5_48_0 nextjs: missing_feature - Test_UserLoginFailureEventV2_Tags: + Test_UserLoginFailureEventV2_Tags_AppsecEnabled: '*': *ref_5_48_0 nextjs: missing_feature - Test_UserLoginSuccessEventV2_HeaderCollection: + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecDisabled: + '*': *ref_5_48_0 + nextjs: missing_feature + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecEnabled: '*': *ref_5_48_0 nextjs: missing_feature Test_UserLoginSuccessEventV2_Libddwaf: '*': *ref_5_48_0 nextjs: missing_feature - Test_UserLoginSuccessEventV2_Metrics: + Test_UserLoginSuccessEventV2_Metrics_AppsecDisabled: + '*': missing_feature + nextjs: missing_feature + Test_UserLoginSuccessEventV2_Metrics_AppsecEnabled: + '*': *ref_5_48_0 + nextjs: missing_feature + Test_UserLoginSuccessEventV2_Tags_AppsecDisabled: '*': *ref_5_48_0 nextjs: missing_feature - Test_UserLoginSuccessEventV2_Tags: + Test_UserLoginSuccessEventV2_Tags_AppsecEnabled: '*': *ref_5_48_0 nextjs: missing_feature test_extended_header_collection.py: diff --git a/manifests/php.yml b/manifests/php.yml index 1ff911b1a3..294b0f13f9 100644 --- a/manifests/php.yml +++ b/manifests/php.yml @@ -357,14 +357,20 @@ tests/: Test_UserLoginFailureEvent_Metrics: missing_feature Test_UserLoginSuccessEvent_Metrics: missing_feature test_event_tracking_v2.py: - Test_UserLoginFailureEventV2_HeaderCollection: missing_feature + Test_UserLoginFailureEventV2_HeaderCollection_AppsecDisabled: missing_feature + Test_UserLoginFailureEventV2_HeaderCollection_AppsecEnabled: missing_feature Test_UserLoginFailureEventV2_Libddwaf: missing_feature - Test_UserLoginFailureEventV2_Metrics: missing_feature - Test_UserLoginFailureEventV2_Tags: missing_feature - Test_UserLoginSuccessEventV2_HeaderCollection: missing_feature + Test_UserLoginFailureEventV2_Metrics_AppsecDisabled: missing_feature + Test_UserLoginFailureEventV2_Metrics_AppsecEnabled: missing_feature + Test_UserLoginFailureEventV2_Tags_AppsecDisabled: missing_feature + Test_UserLoginFailureEventV2_Tags_AppsecEnabled: missing_feature + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecDisabled: missing_feature + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecEnabled: missing_feature Test_UserLoginSuccessEventV2_Libddwaf: missing_feature - Test_UserLoginSuccessEventV2_Metrics: missing_feature - Test_UserLoginSuccessEventV2_Tags: missing_feature + Test_UserLoginSuccessEventV2_Metrics_AppsecDisabled: missing_feature + Test_UserLoginSuccessEventV2_Metrics_AppsecEnabled: missing_feature + Test_UserLoginSuccessEventV2_Tags_AppsecDisabled: missing_feature + Test_UserLoginSuccessEventV2_Tags_AppsecEnabled: missing_feature test_extended_header_collection.py: Test_ExtendedHeaderCollection: missing_feature test_extended_request_body_collection.py: diff --git a/manifests/python.yml b/manifests/python.yml index 2a27181301..14581269b1 100644 --- a/manifests/python.yml +++ b/manifests/python.yml @@ -675,21 +675,33 @@ tests/: 'python3.12': v3.7.0.dev (is v2.10.0 but weblog use new SDK now) Test_UserLoginSuccessEvent_Metrics: v3.10.0.dev test_event_tracking_v2.py: - Test_UserLoginFailureEventV2_HeaderCollection: + Test_UserLoginFailureEventV2_HeaderCollection_AppsecDisabled: + '*': v3.7.0.dev + Test_UserLoginFailureEventV2_HeaderCollection_AppsecEnabled: '*': v3.7.0.dev Test_UserLoginFailureEventV2_Libddwaf: '*': v3.7.0.dev - Test_UserLoginFailureEventV2_Metrics: + Test_UserLoginFailureEventV2_Metrics_AppsecDisabled: + '*': v3.7.0.dev + Test_UserLoginFailureEventV2_Metrics_AppsecEnabled: + '*': v3.7.0.dev + Test_UserLoginFailureEventV2_Tags_AppsecDisabled: '*': v3.7.0.dev - Test_UserLoginFailureEventV2_Tags: + Test_UserLoginFailureEventV2_Tags_AppsecEnabled: '*': v3.7.0.dev - Test_UserLoginSuccessEventV2_HeaderCollection: + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecDisabled: + '*': v3.7.0.dev + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecEnabled: '*': v3.7.0.dev Test_UserLoginSuccessEventV2_Libddwaf: '*': v3.7.0.dev - Test_UserLoginSuccessEventV2_Metrics: + Test_UserLoginSuccessEventV2_Metrics_AppsecDisabled: + '*': v3.7.0.dev + Test_UserLoginSuccessEventV2_Metrics_AppsecEnabled: + '*': v3.7.0.dev + Test_UserLoginSuccessEventV2_Tags_AppsecDisabled: '*': v3.7.0.dev - Test_UserLoginSuccessEventV2_Tags: + Test_UserLoginSuccessEventV2_Tags_AppsecEnabled: '*': v3.7.0.dev test_extended_header_collection.py: Test_ExtendedHeaderCollection: missing_feature diff --git a/manifests/ruby.yml b/manifests/ruby.yml index 00680aa149..eb4c5dd415 100644 --- a/manifests/ruby.yml +++ b/manifests/ruby.yml @@ -501,14 +501,20 @@ tests/: Test_UserLoginSuccessEvent: v1.9.0 Test_UserLoginSuccessEvent_Metrics: missing_feature test_event_tracking_v2.py: - Test_UserLoginFailureEventV2_HeaderCollection: missing_feature + Test_UserLoginFailureEventV2_HeaderCollection_AppsecDisabled: missing_feature + Test_UserLoginFailureEventV2_HeaderCollection_AppsecEnabled: missing_feature Test_UserLoginFailureEventV2_Libddwaf: missing_feature - Test_UserLoginFailureEventV2_Metrics: missing_feature - Test_UserLoginFailureEventV2_Tags: missing_feature - Test_UserLoginSuccessEventV2_HeaderCollection: missing_feature + Test_UserLoginFailureEventV2_Metrics_AppsecDisabled: missing_feature + Test_UserLoginFailureEventV2_Metrics_AppsecEnabled: missing_feature + Test_UserLoginFailureEventV2_Tags_AppsecDisabled: missing_feature + Test_UserLoginFailureEventV2_Tags_AppsecEnabled: missing_feature + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecDisabled: missing_feature + Test_UserLoginSuccessEventV2_HeaderCollection_AppsecEnabled: missing_feature Test_UserLoginSuccessEventV2_Libddwaf: missing_feature - Test_UserLoginSuccessEventV2_Metrics: missing_feature - Test_UserLoginSuccessEventV2_Tags: missing_feature + Test_UserLoginSuccessEventV2_Metrics_AppsecDisabled: missing_feature + Test_UserLoginSuccessEventV2_Metrics_AppsecEnabled: missing_feature + Test_UserLoginSuccessEventV2_Tags_AppsecDisabled: missing_feature + Test_UserLoginSuccessEventV2_Tags_AppsecEnabled: missing_feature test_extended_header_collection.py: Test_ExtendedHeaderCollection: missing_feature test_extended_request_body_collection.py: diff --git a/tests/appsec/test_event_tracking_v2.py b/tests/appsec/test_event_tracking_v2.py index 7ade8521ca..3db7ab517e 100644 --- a/tests/appsec/test_event_tracking_v2.py +++ b/tests/appsec/test_event_tracking_v2.py @@ -4,15 +4,9 @@ from utils import weblog, interfaces, features, scenarios, irrelevant, bug from tests.appsec.utils import find_series +from abc import ABC, abstractmethod -HEADERS = { - "Accept": "text/html", - "Accept-Encoding": "br;q=1.0, gzip;q=0.8, *;q=0.1", - "Accept-Language": "en-GB, *;q=0.5", - "Content-Language": "en-GB", - "Content-Type": "application/json; charset=utf-8", - "Host": "127.0.0.1:1234", - "User-Agent": "Benign User Agent 1.0", +IP_HEADERS = { "X-Forwarded-For": "42.42.42.42, 43.43.43.43", "X-Client-IP": "42.42.42.42, 43.43.43.43", "X-Real-IP": "42.42.42.42, 43.43.43.43", @@ -24,6 +18,17 @@ "True-Client-IP": "42.42.42.42, 43.43.43.43", } +HEADERS = { + "Accept": "text/html", + "Accept-Encoding": "br;q=1.0, gzip;q=0.8, *;q=0.1", + "Accept-Language": "en-GB, *;q=0.5", + "Content-Language": "en-GB", + "Content-Type": "application/json; charset=utf-8", + "Host": "127.0.0.1:1234", + "User-Agent": "Benign User Agent 1.0", + **IP_HEADERS, +} + USER_ID_SAFE = "user_id_safe" USER_ID_IN_RULE = "user_id_unsafe" LOGIN_SAFE = "login_safe" @@ -57,10 +62,8 @@ def validate_tags_and_metadata(span, prefix, expected_tags, metadata, unexpected return True -@features.event_tracking_sdk_v2 -@scenarios.appsec_ato_sdk -class Test_UserLoginSuccessEventV2_Tags: - """Test tags created in AppSec User Login Success Event SDK v2""" +class BaseUserLoginSuccessEventV2Tags: + """Test tags created in User Login Success Event SDK v2""" def get_user_login_success_tags_validator(self, login, user_id, metadata=None, unexpected_metadata=None): def validate(span): @@ -180,7 +183,17 @@ def test_user_login_success_event_deep_metadata(self): @features.event_tracking_sdk_v2 @scenarios.appsec_ato_sdk -class Test_UserLoginSuccessEventV2_HeaderCollection: +class Test_UserLoginSuccessEventV2_Tags_AppsecEnabled(BaseUserLoginSuccessEventV2Tags): + """Test tags created in AppSec User Login Success Event SDK v2 when appsec is enabled""" + + +@features.event_tracking_sdk_v2 +@scenarios.everything_disabled +class Test_UserLoginSuccessEventV2_Tags_AppsecDisabled(BaseUserLoginSuccessEventV2Tags): + """Test tags created in AppSec User Login Success Event SDK v2 when appsec is disabled""" + + +class BaseUserLoginSuccessEventV2HeaderCollection(ABC): """Test headers are collected in AppSec User Login Success Event SDK v2""" def setup_user_login_success_header_collection(self): @@ -189,6 +202,16 @@ def setup_user_login_success_header_collection(self): self.r = weblog.post("/user_login_success_event_v2", json=data, headers=HEADERS) @bug(library="golang", reason="LANGPLAT-583") + @abstractmethod + def test_user_login_success_header_collection(self): + raise AssertionError("Not implemented") + + +@features.event_tracking_sdk_v2 +@scenarios.appsec_ato_sdk +class Test_UserLoginSuccessEventV2_HeaderCollection_AppsecEnabled(BaseUserLoginSuccessEventV2HeaderCollection): + """Test headers are collected in AppSec User Login Success Event SDK v2 when appsec is enabled""" + def test_user_login_success_header_collection(self): # Validate that all relevant headers are included on login success SDK @@ -207,8 +230,28 @@ def validate_user_login_success_header_collection(span): @features.event_tracking_sdk_v2 -@scenarios.appsec_ato_sdk -class Test_UserLoginSuccessEventV2_Metrics: +@scenarios.everything_disabled +class Test_UserLoginSuccessEventV2_HeaderCollection_AppsecDisabled(BaseUserLoginSuccessEventV2HeaderCollection): + """Test headers are not collected in User Login Success Event SDK v2 when appsec is disabled""" + + def test_user_login_success_header_collection(self): + assert self.r.status_code == 200 + + def validate_user_login_success_header_collection(span): + if span.get("parent_id") not in (0, None): + return None + + for header in IP_HEADERS: + assert ( + f"http.request.headers.{header.lower()}" not in span["meta"] + ), f"Header {header} is found in span's meta. It should not be collected when appsec is disabled." + + return True + + interfaces.library.validate_spans(self.r, validator=validate_user_login_success_header_collection) + + +class BaseUserLoginSuccessEventV2Metrics: """Test metrics in AppSec User Login Success Event SDK v2""" def setup_user_login_success_event(self): @@ -229,6 +272,18 @@ def test_user_login_success_event(self): ] +@features.event_tracking_sdk_v2 +@scenarios.appsec_ato_sdk +class Test_UserLoginSuccessEventV2_Metrics_AppsecEnabled(BaseUserLoginSuccessEventV2Metrics): + """Test metrics in AppSec User Login Success Event SDK v2 when appsec is enabled""" + + +@features.event_tracking_sdk_v2 +@scenarios.everything_disabled +class Test_UserLoginSuccessEventV2_Metrics_AppsecDisabled(BaseUserLoginSuccessEventV2Metrics): + """Test metrics in AppSec User Login Success Event SDK v2 when appsec is disabled""" + + @features.event_tracking_sdk_v2 @scenarios.appsec_ato_sdk class Test_UserLoginSuccessEventV2_Libddwaf: @@ -273,9 +328,7 @@ def test_user_login_success_unsafe_user_id_event(self): interfaces.library.assert_waf_attack(self.r, rule="003_trigger_on_login_success") -@features.event_tracking_sdk_v2 -@scenarios.appsec_ato_sdk -class Test_UserLoginFailureEventV2_Tags: +class BaseUserLoginFailureEventV2Tags: """Test created tags in AppSec User Login Failure Event SDK v2""" def get_user_login_failure_tags_validator(self, login, exists, metadata=None, unexpected_metadata=None): @@ -391,7 +444,17 @@ def test_user_login_failure_event_deep_metadata(self): @features.event_tracking_sdk_v2 @scenarios.appsec_ato_sdk -class Test_UserLoginFailureEventV2_HeaderCollection: +class Test_UserLoginFailureEventV2_Tags_AppsecEnabled(BaseUserLoginFailureEventV2Tags): + """Test tags created in AppSec User Login Failure Event SDK v2 when appsec is enabled""" + + +@features.event_tracking_sdk_v2 +@scenarios.everything_disabled +class Test_UserLoginFailureEventV2_Tags_AppsecDisabled(BaseUserLoginFailureEventV2Tags): + """Test tags created in AppSec User Login Failure Event SDK v2 when appsec is disabled""" + + +class BaseUserLoginFailureEventV2HeaderCollection(ABC): """Test collected headers in AppSec User Login Failure Event SDK v2""" def setup_user_login_failure_header_collection(self): @@ -400,9 +463,17 @@ def setup_user_login_failure_header_collection(self): self.r = weblog.post("/user_login_failure_event_v2", json=data, headers=HEADERS) @bug(library="golang", reason="LANGPLAT-583") + @abstractmethod def test_user_login_failure_header_collection(self): - # Validate that all relevant headers are included on user login failure + raise AssertionError("Not implemented") + +@features.event_tracking_sdk_v2 +@scenarios.appsec_ato_sdk +class Test_UserLoginFailureEventV2_HeaderCollection_AppsecEnabled(BaseUserLoginFailureEventV2HeaderCollection): + """Test headers are collected in AppSec User Login Failure Event SDK v2 when appsec is enabled""" + + def test_user_login_failure_header_collection(self): assert self.r.status_code == 200 def validate_user_login_failure_header_collection(span): @@ -418,8 +489,28 @@ def validate_user_login_failure_header_collection(span): @features.event_tracking_sdk_v2 -@scenarios.appsec_ato_sdk -class Test_UserLoginFailureEventV2_Metrics: +@scenarios.everything_disabled +class Test_UserLoginFailureEventV2_HeaderCollection_AppsecDisabled(BaseUserLoginFailureEventV2HeaderCollection): + """Test headers are not collected in User Login Failure Event SDK v2 when AppSec is disabled""" + + def test_user_login_failure_header_collection(self): + assert self.r.status_code == 200 + + def validate_user_login_failure_header_collection(span): + if span.get("parent_id") not in (0, None): + return None + + for header in IP_HEADERS: + assert ( + f"http.request.headers.{header.lower()}" not in span["meta"] + ), f"Header {header} is found in span's meta. It should not be collected when appsec is disabled." + + return True + + interfaces.library.validate_spans(self.r, validator=validate_user_login_failure_header_collection) + + +class BaseUserLoginFailureEventV2Metrics: """Test metrics in AppSec User Login Failure Event SDK v2""" def setup_user_login_failure_event(self): @@ -440,6 +531,18 @@ def test_user_login_failure_event(self): ] +@features.event_tracking_sdk_v2 +@scenarios.appsec_ato_sdk +class Test_UserLoginFailureEventV2_Metrics_AppsecEnabled(BaseUserLoginFailureEventV2Metrics): + """Test metrics in AppSec User Login Failure Event SDK v2 when AppSec is enabled""" + + +@features.event_tracking_sdk_v2 +@scenarios.everything_disabled +class Test_UserLoginFailureEventV2_Metrics_AppsecDisabled(BaseUserLoginFailureEventV2Metrics): + """Test metrics in AppSec User Login Failure Event SDK v2 when AppSec is disabled""" + + @features.event_tracking_sdk_v2 @scenarios.appsec_ato_sdk class Test_UserLoginFailureEventV2_Libddwaf: diff --git a/utils/_context/_scenarios/__init__.py b/utils/_context/_scenarios/__init__.py index cb4d370683..3a5cc5afc2 100644 --- a/utils/_context/_scenarios/__init__.py +++ b/utils/_context/_scenarios/__init__.py @@ -214,7 +214,7 @@ class _Scenarios: appsec_enabled=False, include_postgres_db=True, doc="Disable appsec and test DBM setting integration outcome when disabled", - scenario_groups=[scenario_groups.appsec], + scenario_groups=[scenario_groups.appsec, scenario_groups.end_to_end, scenario_groups.tracer_release], ) appsec_low_waf_timeout = AppsecLowWafTimeout("APPSEC_LOW_WAF_TIMEOUT")