From 1900fea4081038fa22a2d920ab6b28704de89359 Mon Sep 17 00:00:00 2001 From: Andrew Lock Date: Wed, 9 Oct 2024 17:34:25 +0100 Subject: [PATCH 1/8] Fix subtle WCF bug (#6131) ## Summary of changes Fix the precedence bug ## Reason for change The order of precedence is wrong with the use of `?? false`, so the second condition is never checked ![image](https://github.com/user-attachments/assets/87f60037-972f-47b9-a2b8-936691178089) ## Implementation details Make the null check explicit ## Test coverage Meh, this seems like a tricky case to check so YOLO? --- .../ClrProfiler/AutoInstrumentation/Wcf/WcfCommon.cs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Wcf/WcfCommon.cs b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Wcf/WcfCommon.cs index 882e38749ce4..90d643ec7ede 100644 --- a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Wcf/WcfCommon.cs +++ b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Wcf/WcfCommon.cs @@ -63,8 +63,10 @@ internal class WcfCommon WebHeadersCollection? headers = null; IDictionary? requestProperties = requestMessage.Properties; - if (requestProperties?.TryGetValue("httpRequest", out var httpRequestProperty) ?? false - && httpRequestProperty.GetType().FullName.Equals(HttpRequestMessagePropertyTypeName, StringComparison.OrdinalIgnoreCase)) + if (requestProperties is not null + && requestProperties.TryGetValue("httpRequest", out var httpRequestProperty) + && httpRequestProperty?.GetType().FullName != null + && httpRequestProperty.GetType().FullName!.Equals(HttpRequestMessagePropertyTypeName, StringComparison.OrdinalIgnoreCase)) { var httpRequestPropertyProxy = httpRequestProperty.DuckCast(); var webHeaderCollection = httpRequestPropertyProxy.Headers; From 0653d237b3aed802ce1d0500b2ff5837a96df8f3 Mon Sep 17 00:00:00 2001 From: Anna Date: Wed, 9 Oct 2024 18:35:53 +0200 Subject: [PATCH 2/8] [ASM] Fix one flakiness in rcm asm data integration tests and simplify some asm rcm code (#6119) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary of changes Problem was: we send asm features.asm.enabled=true at the same time as we sent some asm_data. But, we need to rememeber that when asm is off, there is NO asm_data, asm products rc subscriptions. So we're not expecting these products hence a common warning in the logs like: > Received config RemoteConfigurationPath { Path = datadog/2/ASM_DATA/AspNetCore5AsmDataSecurityEnabledBlockingRequestIpOneClick8f9d4f72-ea07-478c-ae2f-4cf25117a1e7/config It was flaky and still working because as soon as asm_features.asm.enabled = true is applied, we apply other configurations that continue to be sent right after (as the mock agent is setup with these files and will give the same response if unchanged). So most of the time, the 2 rc sets would be applied quickly and the request sent right after would show a security event. But, we weren't waiting for the right state, as we were waiting for only one rc response (with asm_features _and_ asm_data together) and we know they can't be applied at the same time (as the asm_data subscription is removed). It's applied right after. That's why, most of the time, it worked. But it shouldn't really work as we should have been waiting for another round of rc polling. So now, we separate both requests. So conclusion: beware of what subtle flake can turning on/off subscriptions cause. We still want to keep behaving the same though, we dont want to have useless products subscriptions if appsec is disabled, even if that means a creation then later an update of the waf.. ## Reason for change Simplify some code as well, no need for the fallback to embedded rule set flag, just test if "rules" is in the dictionary, if not add it from the embedded set. ## Implementation details ## Test coverage ## Other details --- tracer/missing-nullability-files.csv | 1 - .../Datadog.Trace/AppSec/Rcm/AsmDdProduct.cs | 11 +--- .../AppSec/Rcm/ConfigurationStatus.cs | 58 +++++++++-------- .../AppSec/Rcm/Models/AsmDd/RuleSet.cs | 37 ++++++++--- tracer/src/Datadog.Trace/AppSec/Security.cs | 11 +--- tracer/src/Datadog.Trace/AppSec/Waf/IWaf.cs | 6 +- .../Waf/Initialization/WafConfigurator.cs | 7 +++ .../Waf/ReturnTypes.Managed/InitResult.cs | 6 +- tracer/src/Datadog.Trace/AppSec/Waf/Waf.cs | 39 ++++++------ .../Rcm/AspNetCore5AsmData.cs | 62 ++++++++++--------- 10 files changed, 124 insertions(+), 114 deletions(-) diff --git a/tracer/missing-nullability-files.csv b/tracer/missing-nullability-files.csv index ad2464eeee8e..f65cc13d46b1 100644 --- a/tracer/missing-nullability-files.csv +++ b/tracer/missing-nullability-files.csv @@ -270,7 +270,6 @@ src/Datadog.Trace/Agent/Transports/MimeTypes.cs src/Datadog.Trace/Agent/Transports/SocketHandlerRequestFactory.cs src/Datadog.Trace/AppSec/Concurrency/ReaderWriterLock.Core.cs src/Datadog.Trace/AppSec/Concurrency/ReaderWriterLock.Framework.cs -src/Datadog.Trace/AppSec/Waf/IWaf.cs src/Datadog.Trace/AppSec/Waf/WafConstants.cs src/Datadog.Trace/AppSec/Waf/WafReturnCode.cs src/Datadog.Trace/Ci/Agent/ApmAgentWriter.cs diff --git a/tracer/src/Datadog.Trace/AppSec/Rcm/AsmDdProduct.cs b/tracer/src/Datadog.Trace/AppSec/Rcm/AsmDdProduct.cs index 2f89e8f7154a..08e2bc4f826f 100644 --- a/tracer/src/Datadog.Trace/AppSec/Rcm/AsmDdProduct.cs +++ b/tracer/src/Datadog.Trace/AppSec/Rcm/AsmDdProduct.cs @@ -40,18 +40,9 @@ public void ProcessUpdates(ConfigurationStatus configurationStatus, List removedConfigsForThisProduct) { - var oneRemoved = false; foreach (var removedConfig in removedConfigsForThisProduct) { - oneRemoved |= configurationStatus.RulesByFile.Remove(removedConfig.Path); - } - - if (configurationStatus.RulesByFile.Count == 0) - { - configurationStatus.IncomingUpdateState.FallbackToEmbeddedRuleset(); - } - else if (oneRemoved) - { + configurationStatus.RulesByFile.Remove(removedConfig.Path); configurationStatus.IncomingUpdateState.WafKeysToApply.Add(ConfigurationStatus.WafRulesKey); } } diff --git a/tracer/src/Datadog.Trace/AppSec/Rcm/ConfigurationStatus.cs b/tracer/src/Datadog.Trace/AppSec/Rcm/ConfigurationStatus.cs index 2e4ce01d72f2..0ef41a46f94a 100644 --- a/tracer/src/Datadog.Trace/AppSec/Rcm/ConfigurationStatus.cs +++ b/tracer/src/Datadog.Trace/AppSec/Rcm/ConfigurationStatus.cs @@ -13,7 +13,6 @@ using Datadog.Trace.AppSec.Rcm.Models.AsmDd; using Datadog.Trace.AppSec.Rcm.Models.AsmFeatures; using Datadog.Trace.AppSec.Waf.Initialization; -using Datadog.Trace.ExtensionMethods; using Datadog.Trace.Logging; using Datadog.Trace.RemoteConfigurationManagement; using Datadog.Trace.Vendors.Newtonsoft.Json.Linq; @@ -48,8 +47,6 @@ internal record ConfigurationStatus public ConfigurationStatus(string? embeddedRulesPath) => _embeddedRulesPath = embeddedRulesPath; - internal RuleSet? FallbackEmbeddedRuleSet { get; set; } - internal bool? EnableAsm { get; set; } = null; internal string? AutoUserInstrumMode { get; set; } = null; @@ -104,67 +101,73 @@ internal static List MergeRuleData(IEnumerable res) return finalRuleData; } - internal Dictionary BuildDictionaryForWafAccordingToIncomingUpdate() + internal object? BuildDictionaryForWafAccordingToIncomingUpdate(string? embeddedRulesetPath) { - var dictionary = new Dictionary(); + var configuration = new Dictionary(); if (IncomingUpdateState.WafKeysToApply.Contains(WafExclusionsKey)) { var exclusions = ExclusionsByFile.SelectMany(x => x.Value).ToList(); - dictionary.Add(WafExclusionsKey, new JArray(exclusions)); + configuration.Add(WafExclusionsKey, new JArray(exclusions)); } if (IncomingUpdateState.WafKeysToApply.Contains(WafRulesOverridesKey)) { var overrides = RulesOverridesByFile.SelectMany(x => x.Value).ToList(); - dictionary.Add(WafRulesOverridesKey, overrides.Select(r => r.ToKeyValuePair()).ToArray()); + configuration.Add(WafRulesOverridesKey, overrides.Select(r => r.ToKeyValuePair()).ToArray()); } if (IncomingUpdateState.WafKeysToApply.Contains(WafRulesDataKey)) { var rulesData = MergeRuleData(RulesDataByFile.SelectMany(x => x.Value)); - dictionary.Add(WafRulesDataKey, rulesData.Select(r => r.ToKeyValuePair()).ToArray()); + configuration.Add(WafRulesDataKey, rulesData.Select(r => r.ToKeyValuePair()).ToArray()); } if (IncomingUpdateState.WafKeysToApply.Contains(WafExclusionsDataKey)) { var rulesData = MergeRuleData(ExclusionsDataByFile.SelectMany(x => x.Value)); - dictionary.Add(WafExclusionsDataKey, rulesData.Select(r => r.ToKeyValuePair()).ToArray()); + configuration.Add(WafExclusionsDataKey, rulesData.Select(r => r.ToKeyValuePair()).ToArray()); } if (IncomingUpdateState.WafKeysToApply.Contains(WafActionsKey)) { var actions = ActionsByFile.SelectMany(x => x.Value).ToList(); - dictionary.Add(WafActionsKey, actions.Select(r => r.ToKeyValuePair()).ToArray()); + configuration.Add(WafActionsKey, actions.Select(r => r.ToKeyValuePair()).ToArray()); } if (IncomingUpdateState.WafKeysToApply.Contains(WafCustomRulesKey)) { var customRules = CustomRulesByFile.SelectMany(x => x.Value).ToList(); var mergedCustomRules = new JArray(customRules); - dictionary.Add(WafCustomRulesKey, mergedCustomRules); + configuration.Add(WafCustomRulesKey, mergedCustomRules); } - if (IncomingUpdateState.FallbackToEmbeddedRulesetAtNextUpdate) + // if there's incoming rules or empty rules, or if asm is to be activated, we also want the rules key in waf arguments + if (IncomingUpdateState.WafKeysToApply.Contains(WafRulesKey) || (IncomingUpdateState.SecurityStateChange && (EnableAsm ?? false))) { - if (FallbackEmbeddedRuleSet == null) + var rulesetFromRcm = RulesByFile.Values.FirstOrDefault(); + // should deserialize from LocalRuleFile + if (rulesetFromRcm is null) { - var result = WafConfigurator.DeserializeEmbeddedOrStaticRules(_embeddedRulesPath); - if (result != null) + var deserializedFromLocalRules = WafConfigurator.DeserializeEmbeddedOrStaticRules(embeddedRulesetPath); + if (deserializedFromLocalRules is not null) { - FallbackEmbeddedRuleSet = RuleSet.From(result); + if (configuration.Count == 0) + { + return deserializedFromLocalRules; + } + + var ruleSet = RuleSet.From(deserializedFromLocalRules); + ruleSet.AddToDictionaryAtRoot(configuration); } } - - FallbackEmbeddedRuleSet?.AddToDictionaryAtRoot(dictionary); - } - else if (IncomingUpdateState.WafKeysToApply.Contains(WafRulesKey)) - { - var rulesetFromRcm = RulesByFile.Values.FirstOrDefault(); - rulesetFromRcm?.AddToDictionaryAtRoot(dictionary); + else + { + rulesetFromRcm?.AddToDictionaryAtRoot(configuration); + } } - return dictionary; + return configuration.Count > 0 ? configuration : null; } /// @@ -247,7 +250,7 @@ public bool StoreLastConfigState(Dictionary> c } } - // only treat asm_features as it will decide if asm gets toggled on and if we deserialize all the others + // only deserialize and apply asm_features as it will decide if asm gets toggled on and if we deserialize all the others // (the enable of auto user instrumentation as added to asm_features) _asmFeatureProduct.ProcessUpdates(this, asmFeaturesToUpdate); _asmFeatureProduct.ProcessRemovals(this, asmFeaturesToRemove); @@ -282,19 +285,14 @@ internal record IncomingUpdateStatus { internal HashSet WafKeysToApply { get; } = new(); - internal bool FallbackToEmbeddedRulesetAtNextUpdate { get; private set; } - internal bool SecurityStateChange { get; set; } public void Reset() { - FallbackToEmbeddedRulesetAtNextUpdate = false; WafKeysToApply.Clear(); SecurityStateChange = false; } - public void FallbackToEmbeddedRuleset() => FallbackToEmbeddedRulesetAtNextUpdate = true; - public void SignalSecurityStateChange() => SecurityStateChange = true; } } diff --git a/tracer/src/Datadog.Trace/AppSec/Rcm/Models/AsmDd/RuleSet.cs b/tracer/src/Datadog.Trace/AppSec/Rcm/Models/AsmDd/RuleSet.cs index 8c9480e8bd55..890ceacbb31c 100644 --- a/tracer/src/Datadog.Trace/AppSec/Rcm/Models/AsmDd/RuleSet.cs +++ b/tracer/src/Datadog.Trace/AppSec/Rcm/Models/AsmDd/RuleSet.cs @@ -1,4 +1,4 @@ -// +// // Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License. // This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc. // @@ -22,13 +22,22 @@ internal class RuleSet [JsonProperty("processors")] internal JToken? Processors { get; set; } + [JsonProperty("actions")] + internal JToken? Actions { get; set; } + [JsonProperty("scanners")] internal JToken? Scanners { get; set; } - public JToken? All { get; set; } + [JsonProperty("exclusions")] + internal JToken? Exclusions { get; set; } + + [JsonProperty("custom_rules")] + internal JToken? CustomRules { get; set; } public static RuleSet From(JToken result) { + // can rules from rc contains exclusions and custom rules? + var ruleset = new RuleSet { Version = result["version"]?.ToString(), @@ -36,7 +45,9 @@ public static RuleSet From(JToken result) Rules = result["rules"], Processors = result["processors"], Scanners = result["scanners"], - All = result + Actions = result["actions"], + Exclusions = result["exclusions"], + CustomRules = result["custom_rules"] }; return ruleset; } @@ -49,27 +60,37 @@ public void AddToDictionaryAtRoot(Dictionary dictionary) { if (Rules != null) { - dictionary.Add("rules", Rules); + dictionary["rules"] = Rules; } if (Metadata != null) { - dictionary.Add("metadata", Metadata); + dictionary["metadata"] = Metadata; } if (Version != null) { - dictionary.Add("version", Version); + dictionary["version"] = Version; } if (Processors != null) { - dictionary.Add("processors", Processors); + dictionary["processors"] = Processors; } if (Scanners != null) { - dictionary.Add("scanners", Scanners); + dictionary["scanners"] = Scanners; + } + + if (Exclusions is not null) + { + dictionary["exclusions"] = Exclusions; + } + + if (CustomRules is not null) + { + dictionary["custom_rules"] = CustomRules; } } } diff --git a/tracer/src/Datadog.Trace/AppSec/Security.cs b/tracer/src/Datadog.Trace/AppSec/Security.cs index cb9f0420e0a1..b96b7585e1ed 100644 --- a/tracer/src/Datadog.Trace/AppSec/Security.cs +++ b/tracer/src/Datadog.Trace/AppSec/Security.cs @@ -208,7 +208,6 @@ private ApplyDetails[] UpdateFromRcm(Dictionary 0) { var newSubscription = new Subscription(UpdateFromRcm, newKeys); diff --git a/tracer/src/Datadog.Trace/AppSec/Waf/IWaf.cs b/tracer/src/Datadog.Trace/AppSec/Waf/IWaf.cs index 6e88a9479ba4..c5cf36ee2e82 100644 --- a/tracer/src/Datadog.Trace/AppSec/Waf/IWaf.cs +++ b/tracer/src/Datadog.Trace/AppSec/Waf/IWaf.cs @@ -2,7 +2,7 @@ // Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License. // This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc. // - +#nullable enable using System; using Datadog.Trace.AppSec.Rcm; using Datadog.Trace.AppSec.Waf.NativeBindings; @@ -14,11 +14,11 @@ internal interface IWaf : IDisposable { public string Version { get; } - public IContext CreateContext(); + public IContext? CreateContext(); internal unsafe WafReturnCode Run(IntPtr contextHandle, DdwafObjectStruct* rawPersistentData, DdwafObjectStruct* rawEphemeralData, ref DdwafResultStruct retNative, ulong timeoutMicroSeconds); - UpdateResult UpdateWafFromConfigurationStatus(ConfigurationStatus configurationStatus); + UpdateResult UpdateWafFromConfigurationStatus(ConfigurationStatus configurationStatus, string? staticRulesFilePath = null); public string[] GetKnownAddresses(); diff --git a/tracer/src/Datadog.Trace/AppSec/Waf/Initialization/WafConfigurator.cs b/tracer/src/Datadog.Trace/AppSec/Waf/Initialization/WafConfigurator.cs index 72a393024aee..d277e8b43ead 100644 --- a/tracer/src/Datadog.Trace/AppSec/Waf/Initialization/WafConfigurator.cs +++ b/tracer/src/Datadog.Trace/AppSec/Waf/Initialization/WafConfigurator.cs @@ -82,6 +82,13 @@ private static void LogRuleDetailsIfDebugEnabled(JToken root) return File.OpenRead(rulesFile); } + /// + /// Deserialize rules for the waf as Jtoken + /// If null is passed, will deserialize embedded rule file in the app + /// If a path is given but file isn't found, it won't fallback on the embedded rule file + /// + /// if null, will fallback on embedded rules file + /// the rules, might be null if file not found internal static JToken? DeserializeEmbeddedOrStaticRules(string? rulesFilePath) { JToken root; diff --git a/tracer/src/Datadog.Trace/AppSec/Waf/ReturnTypes.Managed/InitResult.cs b/tracer/src/Datadog.Trace/AppSec/Waf/ReturnTypes.Managed/InitResult.cs index e74bcb239e66..7cdb4e25026b 100644 --- a/tracer/src/Datadog.Trace/AppSec/Waf/ReturnTypes.Managed/InitResult.cs +++ b/tracer/src/Datadog.Trace/AppSec/Waf/ReturnTypes.Managed/InitResult.cs @@ -10,7 +10,6 @@ using Datadog.Trace.AppSec.WafEncoding; using Datadog.Trace.Logging; using Datadog.Trace.Vendors.Newtonsoft.Json; -using Datadog.Trace.Vendors.Newtonsoft.Json.Linq; namespace Datadog.Trace.AppSec.Waf.ReturnTypes.Managed { @@ -18,11 +17,10 @@ internal class InitResult { private static readonly IDatadogLogger Log = DatadogLogging.GetLoggerFor(typeof(InitResult)); - private InitResult(ushort failedToLoadRules, ushort loadedRules, string ruleFileVersion, IReadOnlyDictionary errors, JToken? embeddedRules = null, bool unusableRuleFile = false, IntPtr? wafHandle = null, WafLibraryInvoker? wafLibraryInvoker = null, IEncoder? encoder = null, bool shouldEnableWaf = true, bool incompatibleWaf = false) + private InitResult(ushort failedToLoadRules, ushort loadedRules, string ruleFileVersion, IReadOnlyDictionary errors, bool unusableRuleFile = false, IntPtr? wafHandle = null, WafLibraryInvoker? wafLibraryInvoker = null, IEncoder? encoder = null, bool shouldEnableWaf = true, bool incompatibleWaf = false) { HasErrors = errors.Count > 0; Errors = errors; - EmbeddedRules = embeddedRules; FailedToLoadRules = failedToLoadRules; LoadedRules = loadedRules; RuleFileVersion = ruleFileVersion; @@ -55,8 +53,6 @@ private InitResult(ushort failedToLoadRules, ushort loadedRules, string ruleFile internal IReadOnlyDictionary Errors { get; } - public JToken? EmbeddedRules { get; set; } - internal string ErrorMessage { get; } internal bool HasErrors { get; } diff --git a/tracer/src/Datadog.Trace/AppSec/Waf/Waf.cs b/tracer/src/Datadog.Trace/AppSec/Waf/Waf.cs index 1f0be2ffb0f6..0bb02c80e839 100644 --- a/tracer/src/Datadog.Trace/AppSec/Waf/Waf.cs +++ b/tracer/src/Datadog.Trace/AppSec/Waf/Waf.cs @@ -6,11 +6,14 @@ #nullable enable using System; +using System.Collections; using System.Collections.Generic; using System.Linq; +using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using Datadog.Trace.AppSec.Rcm; using Datadog.Trace.AppSec.Rcm.Models.AsmData; +using Datadog.Trace.AppSec.Rcm.Models.AsmDd; using Datadog.Trace.AppSec.Waf.Initialization; using Datadog.Trace.AppSec.Waf.NativeBindings; using Datadog.Trace.AppSec.Waf.ReturnTypes.Managed; @@ -20,6 +23,7 @@ using Datadog.Trace.Telemetry; using Datadog.Trace.Vendors.Newtonsoft.Json; using Datadog.Trace.Vendors.Serilog.Events; +using static Datadog.Trace.AppSec.Rcm.ConfigurationStatus; namespace Datadog.Trace.AppSec.Waf { @@ -54,7 +58,7 @@ internal Waf(IntPtr wafHandle, WafLibraryInvoker wafLibraryInvoker, IEncoder enc /// the regex that will be used to obfuscate possible sensitive data in values that are highlighted WAF as potentially malicious, /// empty string means use default embedded in the WAF /// can be null, means use rules embedded in the manifest - /// can be null. RemoteConfig rules json. Takes precedence over rulesFile + /// can be null. RemoteConfig rules json. Takes precedence over rulesFile /// use legacy encoder /// if debug level logs should be enabled for the WAF /// the waf wrapper around waf native @@ -63,7 +67,7 @@ internal static InitResult Create( string obfuscationParameterKeyRegex, string obfuscationParameterValueRegex, string? embeddedRulesetPath = null, - ConfigurationStatus? configurationStatus = null, + ConfigurationStatus? remoteConfigStatus = null, bool useUnsafeEncoder = false, bool wafDebugEnabled = false) { @@ -71,18 +75,16 @@ internal static InitResult Create( // set the log level and setup the logger wafLibraryInvoker.SetupLogging(wafDebugEnabled); - object? configurationToEncode = null; - if (configurationStatus is not null) + if (remoteConfigStatus is not null) { - var configFromRcm = configurationStatus.BuildDictionaryForWafAccordingToIncomingUpdate(); - if (configFromRcm.Count > 0) - { - configurationToEncode = configFromRcm; - } + configurationToEncode = remoteConfigStatus.BuildDictionaryForWafAccordingToIncomingUpdate(embeddedRulesetPath); + } + else + { + var deserializedFromLocalRules = WafConfigurator.DeserializeEmbeddedOrStaticRules(embeddedRulesetPath); + configurationToEncode = deserializedFromLocalRules; } - - configurationToEncode ??= WafConfigurator.DeserializeEmbeddedOrStaticRules(embeddedRulesetPath)!; if (configurationToEncode is null) { @@ -102,8 +104,7 @@ internal static InitResult Create( try { - var initResult = wafConfigurator.Configure(ref rulesObj, encoder, configWafStruct, ref diagnostics, configurationStatus == null ? embeddedRulesetPath : "RemoteConfig"); - initResult.EmbeddedRules = initResult.EmbeddedRules; + var initResult = wafConfigurator.Configure(ref rulesObj, encoder, configWafStruct, ref diagnostics, remoteConfigStatus == null ? embeddedRulesetPath : "RemoteConfig"); return initResult; } finally @@ -169,16 +170,16 @@ private unsafe UpdateResult UpdateWafAndDispose(IEncodeResult updateData) return res; } - public UpdateResult UpdateWafFromConfigurationStatus(ConfigurationStatus configurationStatus) + public UpdateResult UpdateWafFromConfigurationStatus(ConfigurationStatus configurationStatus, string? rulesPath = null) { - var dic = configurationStatus.BuildDictionaryForWafAccordingToIncomingUpdate(); - if (dic.IsEmpty()) + var dic = configurationStatus.BuildDictionaryForWafAccordingToIncomingUpdate(rulesPath); + if (dic is null) { Log.Warning("A waf update came from remote configuration but final merged dictionary for waf is empty, no update will be performed."); return UpdateResult.FromNothingToUpdate(); } - return Update(dic); + return Update(dic!); } /// @@ -215,7 +216,7 @@ public UpdateResult UpdateWafFromConfigurationStatus(ConfigurationStatus configu return Context.GetContext(contextHandle, this, _wafLibraryInvoker, _encoder); } - private UpdateResult Update(IDictionary arguments) + private UpdateResult Update(object arguments) { UpdateResult updated; try @@ -229,7 +230,7 @@ private UpdateResult Update(IDictionary arguments) updated = UpdateWafAndDispose(encodedArgs); // only if rules are provided will the waf give metrics - if (arguments.ContainsKey("rules")) + if (arguments is Dictionary dic && dic.ContainsKey("rules")) { TelemetryFactory.Metrics.RecordCountWafUpdates(); } diff --git a/tracer/test/Datadog.Trace.Security.IntegrationTests/Rcm/AspNetCore5AsmData.cs b/tracer/test/Datadog.Trace.Security.IntegrationTests/Rcm/AspNetCore5AsmData.cs index 27885d7f2193..cb1c78ead0d8 100644 --- a/tracer/test/Datadog.Trace.Security.IntegrationTests/Rcm/AspNetCore5AsmData.cs +++ b/tracer/test/Datadog.Trace.Security.IntegrationTests/Rcm/AspNetCore5AsmData.cs @@ -12,8 +12,6 @@ using System.Collections.Immutable; using System.Linq; using System.Threading.Tasks; -using Datadog.Trace.AppSec; -using Datadog.Trace.AppSec.Rcm; using Datadog.Trace.AppSec.Rcm.Models.AsmData; using Datadog.Trace.AppSec.Rcm.Models.AsmFeatures; using Datadog.Trace.Configuration; @@ -75,18 +73,17 @@ public async Task RunTest(string test, string url) var sanitisedUrl = VerifyHelper.SanitisePathsForVerify(url); // we want to see the ip here var scrubbers = VerifyHelper.SpanScrubbers.Where(s => s.RegexPattern.ToString() != @"http.client_ip: (.)*(?=,)"); - var settings = VerifyHelper.GetSpanVerifierSettings(scrubbers: scrubbers, parameters: new object[] { test, sanitisedUrl }); + var settings = VerifyHelper.GetSpanVerifierSettings(scrubbers: scrubbers, parameters: [test, sanitisedUrl]); var spanBeforeAsmData = await SendRequestsAsync(agent, url); await agent.SetupRcmAndWait( Output, - new[] - { - ((object)new Payload { RulesData = new[] { new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = new[] { new Data { Expiration = 5545453532, Value = MainIp } } } } }, + [ + (new Payload { RulesData = [new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = [new Data { Expiration = 5545453532, Value = MainIp }] }] }, RcmProducts.AsmData, nameof(AspNetCore5AsmDataBlockingRequestIp)), - (new Payload { RulesData = new[] { new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = new[] { new Data { Expiration = 1545453532, Value = MainIp } } } } }, + (new Payload { RulesData = [new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = [new Data { Expiration = 1545453532, Value = MainIp }] }] }, RcmProducts.AsmData, nameof(AspNetCore5AsmDataBlockingRequestIp) + "2"), - }); + ]); var spanAfterAsmData = await SendRequestsAsync(agent, url); var spans = new List(); @@ -113,11 +110,11 @@ public async Task RunTest(string test, string url) var sanitisedUrl = VerifyHelper.SanitisePathsForVerify(url); // we want to see the ip here var scrubbers = VerifyHelper.SpanScrubbers.Where(s => s.RegexPattern.ToString() != @"http.client_ip: (.)*(?=,)"); - var settings = VerifyHelper.GetSpanVerifierSettings(scrubbers: scrubbers, parameters: new object[] { test, sanitisedUrl }); + var settings = VerifyHelper.GetSpanVerifierSettings(scrubbers: scrubbers, parameters: [test, sanitisedUrl]); var spanBeforeAsmData = await SendRequestsAsync(agent, url); var asmFeaturesFileId = nameof(AspNetCore5AsmDataSecurityEnabledBlockingRequestIpOneClick); - var request = await agent.SetupRcmAndWait(Output, new[] { ((object)new AsmFeatures { Asm = new AsmFeature { Enabled = true } }, RcmProducts.AsmFeatures, asmFeaturesFileId) }); + var request = await agent.SetupRcmAndWait(Output, [(new AsmFeatures { Asm = new AsmFeature { Enabled = true } }, RcmProducts.AsmFeatures, asmFeaturesFileId)]); request.Should().NotBeNull(); request.CachedTargetFiles.Should().HaveCount(1); var spanAfterAsmActivated = await SendRequestsAsync(agent, url); @@ -127,13 +124,12 @@ public async Task RunTest(string test, string url) request = await agent.SetupRcmAndWait( Output, - new[] - { - ((object)new AsmFeatures { Asm = new AsmFeature { Enabled = true } }, RcmProducts.AsmFeatures, asmFeaturesFileId), - (new Payload { RulesData = new[] { new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = new[] { new Data { Expiration = 5545453532, Value = MainIp }, new Data { Expiration = null, Value = "123.1.1.1" } } } } }, RcmProducts.AsmData, fileId), - ((object)new Payload { RulesData = new[] { new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = new[] { new Data { Expiration = 1545453532, Value = MainIp } } } } }, RcmProducts.AsmData, + [ + (new AsmFeatures { Asm = new AsmFeature { Enabled = true } }, RcmProducts.AsmFeatures, asmFeaturesFileId), + (new Payload { RulesData = [new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = [new Data { Expiration = 5545453532, Value = MainIp }, new Data { Expiration = null, Value = "123.1.1.1" }] }] }, RcmProducts.AsmData, fileId), + (new Payload { RulesData = [new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = [new Data { Expiration = 1545453532, Value = MainIp }] }] }, RcmProducts.AsmData, fileId2) - }); + ]); request.Should().NotBeNull(); request.CachedTargetFiles.Should().HaveCount(3); request.CachedTargetFiles.Any(c => c.Path.Contains(fileId)).Should().BeTrue(); @@ -143,28 +139,34 @@ public async Task RunTest(string test, string url) request = await agent.SetupRcmAndWait( Output, - new[] - { - ((object)new AsmFeatures { Asm = new AsmFeature { Enabled = false } }, RcmProducts.AsmFeatures, + [ + (new AsmFeatures { Asm = new AsmFeature { Enabled = false } }, RcmProducts.AsmFeatures, asmFeaturesFileId), - (new Payload { RulesData = new[] { new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = new[] { new Data { Expiration = 5545453532, Value = MainIp }, new Data { Expiration = null, Value = "123.1.1.1" } } } } }, + (new Payload { RulesData = [new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = [new Data { Expiration = 5545453532, Value = MainIp }, new Data { Expiration = null, Value = "123.1.1.1" }] }] }, RcmProducts.AsmData, fileId), - ((object)new Payload { RulesData = new[] { new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = new[] { new Data { Expiration = 1545453532, Value = MainIp } } } } }, + (new Payload { RulesData = [new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = [new Data { Expiration = 1545453532, Value = MainIp }] }] }, RcmProducts.AsmData, fileId2) - }); + ]); request.Should().NotBeNull(); request.CachedTargetFiles.Should().HaveCount(3); var spanAfterAsmDeactivated = await SendRequestsAsync(agent, url); + // we have to send first asm features = true, because asm_data won't be taken into account as rcm subscriptions to asm_data have been removed when turning off the waf. and then, later on, send, separately the asm data. That's the trade off of not subscribing to asm_data and asm when appsec is turned off request = await agent.SetupRcmAndWait( Output, - new[] - { - ((object)new AsmFeatures { Asm = new AsmFeature { Enabled = true } }, RcmProducts.AsmFeatures, asmFeaturesFileId), (new Payload { RulesData = new[] { new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = new[] { new Data { Expiration = 5545453532, Value = MainIp }, new Data { Expiration = null, Value = "123.1.1.1" } } } } }, - RcmProducts.AsmData, fileId), - ((object)new Payload { RulesData = new[] { new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = new[] { new Data { Expiration = 1545453532, Value = MainIp } } } } }, + [ + (new AsmFeatures { Asm = new AsmFeature { Enabled = true } }, RcmProducts.AsmFeatures, asmFeaturesFileId)]); + request.Should().NotBeNull(); + request.CachedTargetFiles.Should().HaveCount(1); + + request = await agent.SetupRcmAndWait( + Output, + [ + (new AsmFeatures { Asm = new AsmFeature { Enabled = true } }, RcmProducts.AsmFeatures, asmFeaturesFileId), + (new Payload { RulesData = [new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = [new Data { Expiration = 5545453532, Value = MainIp }, new Data { Expiration = null, Value = "123.1.1.1" }] }] }, RcmProducts.AsmData, fileId), + (new Payload { RulesData = [new RuleData { Id = "blocked_ips", Type = "ip_with_expiration", Data = [new Data { Expiration = 1545453532, Value = MainIp }] }] }, RcmProducts.AsmData, fileId2) - }); + ]); request.Should().NotBeNull(); request.CachedTargetFiles.Should().HaveCount(3); var spanAfterAsmDataReactivated = await SendRequestsAsync(agent, url); @@ -196,7 +198,7 @@ public async Task RunTest(string test, string url) await TryStartApp(); var agent = Fixture.Agent; var sanitisedUrl = VerifyHelper.SanitisePathsForVerify(url); - var settings = VerifyHelper.GetSpanVerifierSettings(parameters: new object[] { test, sanitisedUrl }); + var settings = VerifyHelper.GetSpanVerifierSettings(parameters: [test, sanitisedUrl]); var spanBeforeAsmData = await SendRequestsAsync(agent, url); // make sure this is unique if it s going to be run parallel @@ -204,7 +206,7 @@ public async Task RunTest(string test, string url) await agent.SetupRcmAndWait( Output, - new[] { ((object)new Payload { RulesData = new[] { new RuleData { Id = "blocked_users", Type = "data_with_expiration", Data = new[] { new Data { Expiration = 5545453532, Value = "user3" } } } } }, RcmProducts.AsmData, acknowledgedId: fileId) }); + [(new Payload { RulesData = [new RuleData { Id = "blocked_users", Type = "data_with_expiration", Data = [new Data { Expiration = 5545453532, Value = "user3" }] }] }, RcmProducts.AsmData, fileId)]); var spanAfterAsmData = await SendRequestsAsync(agent, url); var spans = new List(); spans.AddRange(spanBeforeAsmData); From 8d9dc9fa2c45e9df65b0f3f6bc591071f63a0fdb Mon Sep 17 00:00:00 2001 From: Tony Redondo Date: Thu, 10 Oct 2024 15:31:07 +0200 Subject: [PATCH 3/8] [CI Visibility] Add extra tags to GitHub Action pull_requests runs (#6141) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary of changes This PR adds a couple of CI extra tags when running in GitHub Actions following the ticket: https://datadoghq.atlassian.net/browse/SDTEST-524 ## Reason for change Test visibility .NET implementation is missing these extra tags. ## Implementation details - Added the new tags to the CIEnvironmentVariables file - Added the json event file parser to load the tags. - Added a fallback to the `GITHUB_BASE_REF` environment variable. - Copy the new tags to the test session object (and other objects due to inheritance) ## Test coverage - A new test case was added for testing both the json file parser and the fallback. ## Other details --- .../Ci/CiEnvironment/CIEnvironmentValues.cs | 8 + .../GithubActionsEnvironmentValues.cs | 49 ++ .../Ci/Tagging/TestSessionSpanTags.cs | 12 + .../src/Datadog.Trace/Ci/Tags/CommonTags.cs | 15 + .../TagListGenerator/TestSessionSpanTags.g.cs | 54 ++ .../TagListGenerator/TestSessionSpanTags.g.cs | 54 ++ .../TagListGenerator/TestSessionSpanTags.g.cs | 54 ++ .../TagListGenerator/TestSessionSpanTags.g.cs | 54 ++ .../CI/CIEnvironmentVariableTests.cs | 42 +- .../CI/Data/githubevent/github-event.json | 490 ++++++++++++++++++ 10 files changed, 831 insertions(+), 1 deletion(-) create mode 100644 tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/CI/Data/githubevent/github-event.json diff --git a/tracer/src/Datadog.Trace/Ci/CiEnvironment/CIEnvironmentValues.cs b/tracer/src/Datadog.Trace/Ci/CiEnvironment/CIEnvironmentValues.cs index f329e700b7cf..45926498130a 100644 --- a/tracer/src/Datadog.Trace/Ci/CiEnvironment/CIEnvironmentValues.cs +++ b/tracer/src/Datadog.Trace/Ci/CiEnvironment/CIEnvironmentValues.cs @@ -85,6 +85,12 @@ public string? GitSearchFolder public string[]? NodeLabels { get; protected set; } + public string? HeadCommit { get; protected set; } + + public string? PrBaseCommit { get; protected set; } + + public string? PrBaseBranch { get; protected set; } + public CodeOwners? CodeOwners { get; protected set; } public Dictionary? VariablesToBypass { get; protected set; } @@ -522,6 +528,8 @@ internal sealed class Constants public const string GitHubRunNumber = "GITHUB_RUN_NUMBER"; public const string GitHubWorkflow = "GITHUB_WORKFLOW"; public const string GitHubJob = "GITHUB_JOB"; + public const string GitHubEventPath = "GITHUB_EVENT_PATH"; + public const string GitHubBaseRef = "GITHUB_BASE_REF"; // Teamcity CI Environment variables public const string TeamCityVersion = "TEAMCITY_VERSION"; diff --git a/tracer/src/Datadog.Trace/Ci/CiEnvironment/GithubActionsEnvironmentValues.cs b/tracer/src/Datadog.Trace/Ci/CiEnvironment/GithubActionsEnvironmentValues.cs index a570a8616b2f..9c8ebf1bcb63 100644 --- a/tracer/src/Datadog.Trace/Ci/CiEnvironment/GithubActionsEnvironmentValues.cs +++ b/tracer/src/Datadog.Trace/Ci/CiEnvironment/GithubActionsEnvironmentValues.cs @@ -4,7 +4,10 @@ // #nullable enable +using System; using System.Collections.Generic; +using System.IO; +using Datadog.Trace.Vendors.Newtonsoft.Json.Linq; namespace Datadog.Trace.Ci.CiEnvironment; @@ -77,5 +80,51 @@ protected override void OnInitialize(GitInfo gitInfo) return kvp.Value; }); + + // Load github-event.json + LoadGithubEventJson(); + if (string.IsNullOrEmpty(PrBaseBranch)) + { + PrBaseBranch = ValueProvider.GetValue(Constants.GitHubBaseRef); + } + } + + private void LoadGithubEventJson() + { + // Load github-event.json + try + { + var githubEventPath = ValueProvider.GetValue(Constants.GitHubEventPath); + if (!string.IsNullOrWhiteSpace(githubEventPath)) + { + var githubEvent = File.ReadAllText(githubEventPath); + var githubEventObject = JObject.Parse(githubEvent); + var pullRequestObject = githubEventObject["pull_request"]; + if (pullRequestObject is not null) + { + var prHeadSha = pullRequestObject["head"]?["sha"]?.Value(); + if (!string.IsNullOrWhiteSpace(prHeadSha)) + { + HeadCommit = prHeadSha; + } + + var prBaseSha = pullRequestObject["base"]?["sha"]?.Value(); + if (!string.IsNullOrWhiteSpace(prBaseSha)) + { + PrBaseCommit = prBaseSha; + } + + var prBaseRef = pullRequestObject["base"]?["ref"]?.Value(); + if (!string.IsNullOrWhiteSpace(prBaseRef)) + { + PrBaseBranch = prBaseRef; + } + } + } + } + catch (Exception ex) + { + CIVisibility.Log.Warning(ex, "Error loading the github-event.json"); + } } } diff --git a/tracer/src/Datadog.Trace/Ci/Tagging/TestSessionSpanTags.cs b/tracer/src/Datadog.Trace/Ci/Tagging/TestSessionSpanTags.cs index d9efebf7bdbf..3ef5d5c6f88c 100644 --- a/tracer/src/Datadog.Trace/Ci/Tagging/TestSessionSpanTags.cs +++ b/tracer/src/Datadog.Trace/Ci/Tagging/TestSessionSpanTags.cs @@ -119,6 +119,15 @@ public TestSessionSpanTags() [Metric(CommonTags.LogicalCpuCount)] public double? LogicalCpuCount { get; } + [Tag(CommonTags.GitHeadCommit)] + public string GitHeadCommit { get; set; } + + [Tag(CommonTags.GitPrBaseCommit)] + public string GitPrBaseCommit { get; set; } + + [Tag(CommonTags.GitPrBaseBranch)] + public string GitPrBaseBranch { get; set; } + public void SetCIEnvironmentValues(CIEnvironmentValues environmentValues) { if (environmentValues is not null) @@ -144,6 +153,9 @@ public void SetCIEnvironmentValues(CIEnvironmentValues environmentValues) GitCommitCommitterEmail = environmentValues.CommitterEmail; GitCommitMessage = environmentValues.Message; BuildSourceRoot = environmentValues.SourceRoot; + GitHeadCommit = environmentValues.HeadCommit; + GitPrBaseCommit = environmentValues.PrBaseCommit; + GitPrBaseBranch = environmentValues.PrBaseBranch; if (environmentValues.VariablesToBypass is { } variablesToBypass) { diff --git a/tracer/src/Datadog.Trace/Ci/Tags/CommonTags.cs b/tracer/src/Datadog.Trace/Ci/Tags/CommonTags.cs index ffb0c5769b00..04cb0b5bf062 100644 --- a/tracer/src/Datadog.Trace/Ci/Tags/CommonTags.cs +++ b/tracer/src/Datadog.Trace/Ci/Tags/CommonTags.cs @@ -189,4 +189,19 @@ internal static class CommonTags /// Logical CPU count /// public const string LogicalCpuCount = "_dd.host.vcpu_count"; + + /// + /// GIT Head commit hash + /// + public const string GitHeadCommit = "git.commit.head_sha"; + + /// + /// GIT PR Base commit hash + /// + public const string GitPrBaseCommit = "git.pull_request.base_branch_sha"; + + /// + /// GIT PR Base branch name + /// + public const string GitPrBaseBranch = "git.pull_request.base_branch"; } diff --git a/tracer/src/Datadog.Trace/Generated/net461/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs b/tracer/src/Datadog.Trace/Generated/net461/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs index c78cfa0158d3..afa6777c5a8a 100644 --- a/tracer/src/Datadog.Trace/Generated/net461/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs +++ b/tracer/src/Datadog.Trace/Generated/net461/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs @@ -78,6 +78,12 @@ partial class TestSessionSpanTags private static ReadOnlySpan EarlyFlakeDetectionTestEnabledBytes => new byte[] { 184, 116, 101, 115, 116, 46, 101, 97, 114, 108, 121, 95, 102, 108, 97, 107, 101, 46, 101, 110, 97, 98, 108, 101, 100 }; // EarlyFlakeDetectionTestAbortReasonBytes = MessagePack.Serialize("test.early_flake.abort_reason"); private static ReadOnlySpan EarlyFlakeDetectionTestAbortReasonBytes => new byte[] { 189, 116, 101, 115, 116, 46, 101, 97, 114, 108, 121, 95, 102, 108, 97, 107, 101, 46, 97, 98, 111, 114, 116, 95, 114, 101, 97, 115, 111, 110 }; + // GitHeadCommitBytes = MessagePack.Serialize("git.commit.head_sha"); + private static ReadOnlySpan GitHeadCommitBytes => new byte[] { 179, 103, 105, 116, 46, 99, 111, 109, 109, 105, 116, 46, 104, 101, 97, 100, 95, 115, 104, 97 }; + // GitPrBaseCommitBytes = MessagePack.Serialize("git.pull_request.base_branch_sha"); + private static ReadOnlySpan GitPrBaseCommitBytes => new byte[] { 217, 32, 103, 105, 116, 46, 112, 117, 108, 108, 95, 114, 101, 113, 117, 101, 115, 116, 46, 98, 97, 115, 101, 95, 98, 114, 97, 110, 99, 104, 95, 115, 104, 97 }; + // GitPrBaseBranchBytes = MessagePack.Serialize("git.pull_request.base_branch"); + private static ReadOnlySpan GitPrBaseBranchBytes => new byte[] { 188, 103, 105, 116, 46, 112, 117, 108, 108, 95, 114, 101, 113, 117, 101, 115, 116, 46, 98, 97, 115, 101, 95, 98, 114, 97, 110, 99, 104 }; public override string? GetTag(string key) { @@ -114,6 +120,9 @@ partial class TestSessionSpanTags "test.itr.tests_skipping.type" => IntelligentTestRunnerSkippingType, "test.early_flake.enabled" => EarlyFlakeDetectionTestEnabled, "test.early_flake.abort_reason" => EarlyFlakeDetectionTestAbortReason, + "git.commit.head_sha" => GitHeadCommit, + "git.pull_request.base_branch_sha" => GitPrBaseCommit, + "git.pull_request.base_branch" => GitPrBaseBranch, _ => base.GetTag(key), }; } @@ -212,6 +221,15 @@ public override void SetTag(string key, string value) case "test.early_flake.abort_reason": EarlyFlakeDetectionTestAbortReason = value; break; + case "git.commit.head_sha": + GitHeadCommit = value; + break; + case "git.pull_request.base_branch_sha": + GitPrBaseCommit = value; + break; + case "git.pull_request.base_branch": + GitPrBaseBranch = value; + break; case "library_version": Logger.Value.Warning("Attempted to set readonly tag {TagName} on {TagType}. Ignoring.", key, nameof(TestSessionSpanTags)); break; @@ -378,6 +396,21 @@ public override void EnumerateTags(ref TProcessor processor) processor.Process(new TagItem("test.early_flake.abort_reason", EarlyFlakeDetectionTestAbortReason, EarlyFlakeDetectionTestAbortReasonBytes)); } + if (GitHeadCommit is not null) + { + processor.Process(new TagItem("git.commit.head_sha", GitHeadCommit, GitHeadCommitBytes)); + } + + if (GitPrBaseCommit is not null) + { + processor.Process(new TagItem("git.pull_request.base_branch_sha", GitPrBaseCommit, GitPrBaseCommitBytes)); + } + + if (GitPrBaseBranch is not null) + { + processor.Process(new TagItem("git.pull_request.base_branch", GitPrBaseBranch, GitPrBaseBranchBytes)); + } + base.EnumerateTags(ref processor); } @@ -600,6 +633,27 @@ protected override void WriteAdditionalTags(System.Text.StringBuilder sb) .Append(','); } + if (GitHeadCommit is not null) + { + sb.Append("git.commit.head_sha (tag):") + .Append(GitHeadCommit) + .Append(','); + } + + if (GitPrBaseCommit is not null) + { + sb.Append("git.pull_request.base_branch_sha (tag):") + .Append(GitPrBaseCommit) + .Append(','); + } + + if (GitPrBaseBranch is not null) + { + sb.Append("git.pull_request.base_branch (tag):") + .Append(GitPrBaseBranch) + .Append(','); + } + base.WriteAdditionalTags(sb); } public override double? GetMetric(string key) diff --git a/tracer/src/Datadog.Trace/Generated/net6.0/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs b/tracer/src/Datadog.Trace/Generated/net6.0/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs index c78cfa0158d3..afa6777c5a8a 100644 --- a/tracer/src/Datadog.Trace/Generated/net6.0/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs +++ b/tracer/src/Datadog.Trace/Generated/net6.0/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs @@ -78,6 +78,12 @@ partial class TestSessionSpanTags private static ReadOnlySpan EarlyFlakeDetectionTestEnabledBytes => new byte[] { 184, 116, 101, 115, 116, 46, 101, 97, 114, 108, 121, 95, 102, 108, 97, 107, 101, 46, 101, 110, 97, 98, 108, 101, 100 }; // EarlyFlakeDetectionTestAbortReasonBytes = MessagePack.Serialize("test.early_flake.abort_reason"); private static ReadOnlySpan EarlyFlakeDetectionTestAbortReasonBytes => new byte[] { 189, 116, 101, 115, 116, 46, 101, 97, 114, 108, 121, 95, 102, 108, 97, 107, 101, 46, 97, 98, 111, 114, 116, 95, 114, 101, 97, 115, 111, 110 }; + // GitHeadCommitBytes = MessagePack.Serialize("git.commit.head_sha"); + private static ReadOnlySpan GitHeadCommitBytes => new byte[] { 179, 103, 105, 116, 46, 99, 111, 109, 109, 105, 116, 46, 104, 101, 97, 100, 95, 115, 104, 97 }; + // GitPrBaseCommitBytes = MessagePack.Serialize("git.pull_request.base_branch_sha"); + private static ReadOnlySpan GitPrBaseCommitBytes => new byte[] { 217, 32, 103, 105, 116, 46, 112, 117, 108, 108, 95, 114, 101, 113, 117, 101, 115, 116, 46, 98, 97, 115, 101, 95, 98, 114, 97, 110, 99, 104, 95, 115, 104, 97 }; + // GitPrBaseBranchBytes = MessagePack.Serialize("git.pull_request.base_branch"); + private static ReadOnlySpan GitPrBaseBranchBytes => new byte[] { 188, 103, 105, 116, 46, 112, 117, 108, 108, 95, 114, 101, 113, 117, 101, 115, 116, 46, 98, 97, 115, 101, 95, 98, 114, 97, 110, 99, 104 }; public override string? GetTag(string key) { @@ -114,6 +120,9 @@ partial class TestSessionSpanTags "test.itr.tests_skipping.type" => IntelligentTestRunnerSkippingType, "test.early_flake.enabled" => EarlyFlakeDetectionTestEnabled, "test.early_flake.abort_reason" => EarlyFlakeDetectionTestAbortReason, + "git.commit.head_sha" => GitHeadCommit, + "git.pull_request.base_branch_sha" => GitPrBaseCommit, + "git.pull_request.base_branch" => GitPrBaseBranch, _ => base.GetTag(key), }; } @@ -212,6 +221,15 @@ public override void SetTag(string key, string value) case "test.early_flake.abort_reason": EarlyFlakeDetectionTestAbortReason = value; break; + case "git.commit.head_sha": + GitHeadCommit = value; + break; + case "git.pull_request.base_branch_sha": + GitPrBaseCommit = value; + break; + case "git.pull_request.base_branch": + GitPrBaseBranch = value; + break; case "library_version": Logger.Value.Warning("Attempted to set readonly tag {TagName} on {TagType}. Ignoring.", key, nameof(TestSessionSpanTags)); break; @@ -378,6 +396,21 @@ public override void EnumerateTags(ref TProcessor processor) processor.Process(new TagItem("test.early_flake.abort_reason", EarlyFlakeDetectionTestAbortReason, EarlyFlakeDetectionTestAbortReasonBytes)); } + if (GitHeadCommit is not null) + { + processor.Process(new TagItem("git.commit.head_sha", GitHeadCommit, GitHeadCommitBytes)); + } + + if (GitPrBaseCommit is not null) + { + processor.Process(new TagItem("git.pull_request.base_branch_sha", GitPrBaseCommit, GitPrBaseCommitBytes)); + } + + if (GitPrBaseBranch is not null) + { + processor.Process(new TagItem("git.pull_request.base_branch", GitPrBaseBranch, GitPrBaseBranchBytes)); + } + base.EnumerateTags(ref processor); } @@ -600,6 +633,27 @@ protected override void WriteAdditionalTags(System.Text.StringBuilder sb) .Append(','); } + if (GitHeadCommit is not null) + { + sb.Append("git.commit.head_sha (tag):") + .Append(GitHeadCommit) + .Append(','); + } + + if (GitPrBaseCommit is not null) + { + sb.Append("git.pull_request.base_branch_sha (tag):") + .Append(GitPrBaseCommit) + .Append(','); + } + + if (GitPrBaseBranch is not null) + { + sb.Append("git.pull_request.base_branch (tag):") + .Append(GitPrBaseBranch) + .Append(','); + } + base.WriteAdditionalTags(sb); } public override double? GetMetric(string key) diff --git a/tracer/src/Datadog.Trace/Generated/netcoreapp3.1/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs b/tracer/src/Datadog.Trace/Generated/netcoreapp3.1/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs index c78cfa0158d3..afa6777c5a8a 100644 --- a/tracer/src/Datadog.Trace/Generated/netcoreapp3.1/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs +++ b/tracer/src/Datadog.Trace/Generated/netcoreapp3.1/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs @@ -78,6 +78,12 @@ partial class TestSessionSpanTags private static ReadOnlySpan EarlyFlakeDetectionTestEnabledBytes => new byte[] { 184, 116, 101, 115, 116, 46, 101, 97, 114, 108, 121, 95, 102, 108, 97, 107, 101, 46, 101, 110, 97, 98, 108, 101, 100 }; // EarlyFlakeDetectionTestAbortReasonBytes = MessagePack.Serialize("test.early_flake.abort_reason"); private static ReadOnlySpan EarlyFlakeDetectionTestAbortReasonBytes => new byte[] { 189, 116, 101, 115, 116, 46, 101, 97, 114, 108, 121, 95, 102, 108, 97, 107, 101, 46, 97, 98, 111, 114, 116, 95, 114, 101, 97, 115, 111, 110 }; + // GitHeadCommitBytes = MessagePack.Serialize("git.commit.head_sha"); + private static ReadOnlySpan GitHeadCommitBytes => new byte[] { 179, 103, 105, 116, 46, 99, 111, 109, 109, 105, 116, 46, 104, 101, 97, 100, 95, 115, 104, 97 }; + // GitPrBaseCommitBytes = MessagePack.Serialize("git.pull_request.base_branch_sha"); + private static ReadOnlySpan GitPrBaseCommitBytes => new byte[] { 217, 32, 103, 105, 116, 46, 112, 117, 108, 108, 95, 114, 101, 113, 117, 101, 115, 116, 46, 98, 97, 115, 101, 95, 98, 114, 97, 110, 99, 104, 95, 115, 104, 97 }; + // GitPrBaseBranchBytes = MessagePack.Serialize("git.pull_request.base_branch"); + private static ReadOnlySpan GitPrBaseBranchBytes => new byte[] { 188, 103, 105, 116, 46, 112, 117, 108, 108, 95, 114, 101, 113, 117, 101, 115, 116, 46, 98, 97, 115, 101, 95, 98, 114, 97, 110, 99, 104 }; public override string? GetTag(string key) { @@ -114,6 +120,9 @@ partial class TestSessionSpanTags "test.itr.tests_skipping.type" => IntelligentTestRunnerSkippingType, "test.early_flake.enabled" => EarlyFlakeDetectionTestEnabled, "test.early_flake.abort_reason" => EarlyFlakeDetectionTestAbortReason, + "git.commit.head_sha" => GitHeadCommit, + "git.pull_request.base_branch_sha" => GitPrBaseCommit, + "git.pull_request.base_branch" => GitPrBaseBranch, _ => base.GetTag(key), }; } @@ -212,6 +221,15 @@ public override void SetTag(string key, string value) case "test.early_flake.abort_reason": EarlyFlakeDetectionTestAbortReason = value; break; + case "git.commit.head_sha": + GitHeadCommit = value; + break; + case "git.pull_request.base_branch_sha": + GitPrBaseCommit = value; + break; + case "git.pull_request.base_branch": + GitPrBaseBranch = value; + break; case "library_version": Logger.Value.Warning("Attempted to set readonly tag {TagName} on {TagType}. Ignoring.", key, nameof(TestSessionSpanTags)); break; @@ -378,6 +396,21 @@ public override void EnumerateTags(ref TProcessor processor) processor.Process(new TagItem("test.early_flake.abort_reason", EarlyFlakeDetectionTestAbortReason, EarlyFlakeDetectionTestAbortReasonBytes)); } + if (GitHeadCommit is not null) + { + processor.Process(new TagItem("git.commit.head_sha", GitHeadCommit, GitHeadCommitBytes)); + } + + if (GitPrBaseCommit is not null) + { + processor.Process(new TagItem("git.pull_request.base_branch_sha", GitPrBaseCommit, GitPrBaseCommitBytes)); + } + + if (GitPrBaseBranch is not null) + { + processor.Process(new TagItem("git.pull_request.base_branch", GitPrBaseBranch, GitPrBaseBranchBytes)); + } + base.EnumerateTags(ref processor); } @@ -600,6 +633,27 @@ protected override void WriteAdditionalTags(System.Text.StringBuilder sb) .Append(','); } + if (GitHeadCommit is not null) + { + sb.Append("git.commit.head_sha (tag):") + .Append(GitHeadCommit) + .Append(','); + } + + if (GitPrBaseCommit is not null) + { + sb.Append("git.pull_request.base_branch_sha (tag):") + .Append(GitPrBaseCommit) + .Append(','); + } + + if (GitPrBaseBranch is not null) + { + sb.Append("git.pull_request.base_branch (tag):") + .Append(GitPrBaseBranch) + .Append(','); + } + base.WriteAdditionalTags(sb); } public override double? GetMetric(string key) diff --git a/tracer/src/Datadog.Trace/Generated/netstandard2.0/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs b/tracer/src/Datadog.Trace/Generated/netstandard2.0/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs index c78cfa0158d3..afa6777c5a8a 100644 --- a/tracer/src/Datadog.Trace/Generated/netstandard2.0/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs +++ b/tracer/src/Datadog.Trace/Generated/netstandard2.0/Datadog.Trace.SourceGenerators/TagListGenerator/TestSessionSpanTags.g.cs @@ -78,6 +78,12 @@ partial class TestSessionSpanTags private static ReadOnlySpan EarlyFlakeDetectionTestEnabledBytes => new byte[] { 184, 116, 101, 115, 116, 46, 101, 97, 114, 108, 121, 95, 102, 108, 97, 107, 101, 46, 101, 110, 97, 98, 108, 101, 100 }; // EarlyFlakeDetectionTestAbortReasonBytes = MessagePack.Serialize("test.early_flake.abort_reason"); private static ReadOnlySpan EarlyFlakeDetectionTestAbortReasonBytes => new byte[] { 189, 116, 101, 115, 116, 46, 101, 97, 114, 108, 121, 95, 102, 108, 97, 107, 101, 46, 97, 98, 111, 114, 116, 95, 114, 101, 97, 115, 111, 110 }; + // GitHeadCommitBytes = MessagePack.Serialize("git.commit.head_sha"); + private static ReadOnlySpan GitHeadCommitBytes => new byte[] { 179, 103, 105, 116, 46, 99, 111, 109, 109, 105, 116, 46, 104, 101, 97, 100, 95, 115, 104, 97 }; + // GitPrBaseCommitBytes = MessagePack.Serialize("git.pull_request.base_branch_sha"); + private static ReadOnlySpan GitPrBaseCommitBytes => new byte[] { 217, 32, 103, 105, 116, 46, 112, 117, 108, 108, 95, 114, 101, 113, 117, 101, 115, 116, 46, 98, 97, 115, 101, 95, 98, 114, 97, 110, 99, 104, 95, 115, 104, 97 }; + // GitPrBaseBranchBytes = MessagePack.Serialize("git.pull_request.base_branch"); + private static ReadOnlySpan GitPrBaseBranchBytes => new byte[] { 188, 103, 105, 116, 46, 112, 117, 108, 108, 95, 114, 101, 113, 117, 101, 115, 116, 46, 98, 97, 115, 101, 95, 98, 114, 97, 110, 99, 104 }; public override string? GetTag(string key) { @@ -114,6 +120,9 @@ partial class TestSessionSpanTags "test.itr.tests_skipping.type" => IntelligentTestRunnerSkippingType, "test.early_flake.enabled" => EarlyFlakeDetectionTestEnabled, "test.early_flake.abort_reason" => EarlyFlakeDetectionTestAbortReason, + "git.commit.head_sha" => GitHeadCommit, + "git.pull_request.base_branch_sha" => GitPrBaseCommit, + "git.pull_request.base_branch" => GitPrBaseBranch, _ => base.GetTag(key), }; } @@ -212,6 +221,15 @@ public override void SetTag(string key, string value) case "test.early_flake.abort_reason": EarlyFlakeDetectionTestAbortReason = value; break; + case "git.commit.head_sha": + GitHeadCommit = value; + break; + case "git.pull_request.base_branch_sha": + GitPrBaseCommit = value; + break; + case "git.pull_request.base_branch": + GitPrBaseBranch = value; + break; case "library_version": Logger.Value.Warning("Attempted to set readonly tag {TagName} on {TagType}. Ignoring.", key, nameof(TestSessionSpanTags)); break; @@ -378,6 +396,21 @@ public override void EnumerateTags(ref TProcessor processor) processor.Process(new TagItem("test.early_flake.abort_reason", EarlyFlakeDetectionTestAbortReason, EarlyFlakeDetectionTestAbortReasonBytes)); } + if (GitHeadCommit is not null) + { + processor.Process(new TagItem("git.commit.head_sha", GitHeadCommit, GitHeadCommitBytes)); + } + + if (GitPrBaseCommit is not null) + { + processor.Process(new TagItem("git.pull_request.base_branch_sha", GitPrBaseCommit, GitPrBaseCommitBytes)); + } + + if (GitPrBaseBranch is not null) + { + processor.Process(new TagItem("git.pull_request.base_branch", GitPrBaseBranch, GitPrBaseBranchBytes)); + } + base.EnumerateTags(ref processor); } @@ -600,6 +633,27 @@ protected override void WriteAdditionalTags(System.Text.StringBuilder sb) .Append(','); } + if (GitHeadCommit is not null) + { + sb.Append("git.commit.head_sha (tag):") + .Append(GitHeadCommit) + .Append(','); + } + + if (GitPrBaseCommit is not null) + { + sb.Append("git.pull_request.base_branch_sha (tag):") + .Append(GitPrBaseCommit) + .Append(','); + } + + if (GitPrBaseBranch is not null) + { + sb.Append("git.pull_request.base_branch (tag):") + .Append(GitPrBaseBranch) + .Append(','); + } + base.WriteAdditionalTags(sb); } public override double? GetMetric(string key) diff --git a/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/CI/CIEnvironmentVariableTests.cs b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/CI/CIEnvironmentVariableTests.cs index b4b2e36ba14e..c177762aa2d3 100644 --- a/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/CI/CIEnvironmentVariableTests.cs +++ b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/CI/CIEnvironmentVariableTests.cs @@ -7,6 +7,7 @@ using System.Collections; using System.Collections.Generic; using System.IO; +using System.Reflection; using System.Text.RegularExpressions; using Datadog.Trace.Ci; using Datadog.Trace.Ci.CiEnvironment; @@ -40,7 +41,10 @@ public static IEnumerable GetJsonItems() var name = Path.GetFileNameWithoutExtension(filePath); var content = File.ReadAllText(filePath); var jsonObject = JsonConvert.DeserializeObject[][]>(content); - yield return new object[] { new JsonDataItem(name, jsonObject) }; + if (jsonObject is not null) + { + yield return [new JsonDataItem(name, jsonObject)]; + } } } @@ -134,6 +138,42 @@ public void CheckEnvironmentVariables(JsonDataItem jsonData) } } + [SkippableFact] + public void GithubEventJsonTest() + { + var reloadEnvironmentData = typeof(CIEnvironmentValues).GetMethod("ReloadEnvironmentData", BindingFlags.Instance | BindingFlags.NonPublic); + + // Check if the CI\Data folder exists. + var ciDataFolder = DataHelpers.GetCiDataDirectory(); + + // JSON file path + var jsonFile = Path.Combine(ciDataFolder, "githubevent", "github-event.json"); + + // Let's test the github-event.json load and check the values first. + var githubEnvVars = new GithubActionsEnvironmentValues( + new DictionaryValuesProvider( + new Dictionary + { + [CIEnvironmentValues.Constants.GitHubEventPath] = jsonFile, + })); + + reloadEnvironmentData?.Invoke(githubEnvVars, null); + githubEnvVars.HeadCommit.Should().Be("df289512a51123083a8e6931dd6f57bb3883d4c4"); + githubEnvVars.PrBaseCommit.Should().Be("52e0974c74d41160a03d59ddc73bb9f5adab054b"); + githubEnvVars.PrBaseBranch.Should().Be("main"); + + // Let's test now the `GITHUB_BASE_REF` environment variable. + githubEnvVars = new GithubActionsEnvironmentValues( + new DictionaryValuesProvider( + new Dictionary + { + [CIEnvironmentValues.Constants.GitHubBaseRef] = "my-custom-branch", + })); + + reloadEnvironmentData?.Invoke(githubEnvVars, null); + githubEnvVars.PrBaseBranch.Should().Be("my-custom-branch"); + } + public class JsonDataItem : IXunitSerializable { public JsonDataItem() diff --git a/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/CI/Data/githubevent/github-event.json b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/CI/Data/githubevent/github-event.json new file mode 100644 index 000000000000..b9fe79f2aaba --- /dev/null +++ b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/CI/Data/githubevent/github-event.json @@ -0,0 +1,490 @@ +{ + "action": "synchronize", + "after": "df289512a51123083a8e6931dd6f57bb3883d4c4", + "before": "f659d2fdd7bedffb40d9ab223dbde6afa5eadc32", + "number": 1, + "pull_request": { + "_links": { + "comments": { + "href": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/1/comments" + }, + "commits": { + "href": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls/1/commits" + }, + "html": { + "href": "https://github.com/nikita-tkachenko-datadog/ci-test-project/pull/1" + }, + "issue": { + "href": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/1" + }, + "review_comment": { + "href": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls/comments{/number}" + }, + "review_comments": { + "href": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls/1/comments" + }, + "self": { + "href": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls/1" + }, + "statuses": { + "href": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/statuses/df289512a51123083a8e6931dd6f57bb3883d4c4" + } + }, + "active_lock_reason": null, + "additions": 2, + "assignee": null, + "assignees": [], + "author_association": "OWNER", + "auto_merge": null, + "base": { + "label": "nikita-tkachenko-datadog:main", + "ref": "main", + "repo": { + "allow_auto_merge": false, + "allow_forking": true, + "allow_merge_commit": true, + "allow_rebase_merge": true, + "allow_squash_merge": true, + "allow_update_branch": false, + "archive_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/{archive_format}{/ref}", + "archived": false, + "assignees_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/assignees{/user}", + "blobs_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/branches{/branch}", + "clone_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project.git", + "collaborators_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/comments{/number}", + "commits_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/commits{/sha}", + "compare_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/contents/{+path}", + "contributors_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/contributors", + "created_at": "2023-01-09T10:24:06Z", + "default_branch": "main", + "delete_branch_on_merge": false, + "deployments_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/deployments", + "description": null, + "disabled": false, + "downloads_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/downloads", + "events_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/events", + "fork": false, + "forks": 0, + "forks_count": 0, + "forks_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/forks", + "full_name": "nikita-tkachenko-datadog/ci-test-project", + "git_commits_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/tags{/sha}", + "git_url": "git://github.com/nikita-tkachenko-datadog/ci-test-project.git", + "has_discussions": false, + "has_downloads": true, + "has_issues": true, + "has_pages": false, + "has_projects": true, + "has_wiki": false, + "homepage": null, + "hooks_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/hooks", + "html_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project", + "id": 586827266, + "is_template": false, + "issue_comment_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/events{/number}", + "issues_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues{/number}", + "keys_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/keys{/key_id}", + "labels_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/labels{/name}", + "language": "Shell", + "languages_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/languages", + "license": null, + "merge_commit_message": "PR_TITLE", + "merge_commit_title": "MERGE_MESSAGE", + "merges_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/merges", + "milestones_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/milestones{/number}", + "mirror_url": null, + "name": "ci-test-project", + "node_id": "R_kgDOIvpGAg", + "notifications_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/notifications{?since,all,participating}", + "open_issues": 1, + "open_issues_count": 1, + "owner": { + "avatar_url": "https://avatars.githubusercontent.com/u/121111529?v=4", + "events_url": "https://api.github.com/users/nikita-tkachenko-datadog/events{/privacy}", + "followers_url": "https://api.github.com/users/nikita-tkachenko-datadog/followers", + "following_url": "https://api.github.com/users/nikita-tkachenko-datadog/following{/other_user}", + "gists_url": "https://api.github.com/users/nikita-tkachenko-datadog/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/nikita-tkachenko-datadog", + "id": 121111529, + "login": "nikita-tkachenko-datadog", + "node_id": "U_kgDOBzgD6Q", + "organizations_url": "https://api.github.com/users/nikita-tkachenko-datadog/orgs", + "received_events_url": "https://api.github.com/users/nikita-tkachenko-datadog/received_events", + "repos_url": "https://api.github.com/users/nikita-tkachenko-datadog/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/nikita-tkachenko-datadog/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/nikita-tkachenko-datadog/subscriptions", + "type": "User", + "url": "https://api.github.com/users/nikita-tkachenko-datadog" + }, + "private": true, + "pulls_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls{/number}", + "pushed_at": "2024-09-11T15:12:25Z", + "releases_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/releases{/id}", + "size": 90, + "squash_merge_commit_message": "COMMIT_MESSAGES", + "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", + "ssh_url": "git@github.com:nikita-tkachenko-datadog/ci-test-project.git", + "stargazers_count": 0, + "stargazers_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/stargazers", + "statuses_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/subscribers", + "subscription_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/subscription", + "svn_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project", + "tags_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/tags", + "teams_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/teams", + "topics": [], + "trees_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/trees{/sha}", + "updated_at": "2024-09-11T13:41:11Z", + "url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project", + "use_squash_pr_title_as_default": false, + "visibility": "private", + "watchers": 0, + "watchers_count": 0, + "web_commit_signoff_required": false + }, + "sha": "52e0974c74d41160a03d59ddc73bb9f5adab054b", + "user": { + "avatar_url": "https://avatars.githubusercontent.com/u/121111529?v=4", + "events_url": "https://api.github.com/users/nikita-tkachenko-datadog/events{/privacy}", + "followers_url": "https://api.github.com/users/nikita-tkachenko-datadog/followers", + "following_url": "https://api.github.com/users/nikita-tkachenko-datadog/following{/other_user}", + "gists_url": "https://api.github.com/users/nikita-tkachenko-datadog/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/nikita-tkachenko-datadog", + "id": 121111529, + "login": "nikita-tkachenko-datadog", + "node_id": "U_kgDOBzgD6Q", + "organizations_url": "https://api.github.com/users/nikita-tkachenko-datadog/orgs", + "received_events_url": "https://api.github.com/users/nikita-tkachenko-datadog/received_events", + "repos_url": "https://api.github.com/users/nikita-tkachenko-datadog/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/nikita-tkachenko-datadog/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/nikita-tkachenko-datadog/subscriptions", + "type": "User", + "url": "https://api.github.com/users/nikita-tkachenko-datadog" + } + }, + "body": "# What Does This Do\r\n\r\n# Motivation\r\n\r\n# Additional Notes\r\n", + "changed_files": 3, + "closed_at": null, + "comments": 0, + "comments_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/1/comments", + "commits": 2, + "commits_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls/1/commits", + "created_at": "2024-09-11T15:08:02Z", + "deletions": 0, + "diff_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project/pull/1.diff", + "draft": false, + "head": { + "label": "nikita-tkachenko-datadog:test-branch", + "ref": "test-branch", + "repo": { + "allow_auto_merge": false, + "allow_forking": true, + "allow_merge_commit": true, + "allow_rebase_merge": true, + "allow_squash_merge": true, + "allow_update_branch": false, + "archive_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/{archive_format}{/ref}", + "archived": false, + "assignees_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/assignees{/user}", + "blobs_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/branches{/branch}", + "clone_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project.git", + "collaborators_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/comments{/number}", + "commits_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/commits{/sha}", + "compare_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/contents/{+path}", + "contributors_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/contributors", + "created_at": "2023-01-09T10:24:06Z", + "default_branch": "main", + "delete_branch_on_merge": false, + "deployments_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/deployments", + "description": null, + "disabled": false, + "downloads_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/downloads", + "events_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/events", + "fork": false, + "forks": 0, + "forks_count": 0, + "forks_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/forks", + "full_name": "nikita-tkachenko-datadog/ci-test-project", + "git_commits_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/tags{/sha}", + "git_url": "git://github.com/nikita-tkachenko-datadog/ci-test-project.git", + "has_discussions": false, + "has_downloads": true, + "has_issues": true, + "has_pages": false, + "has_projects": true, + "has_wiki": false, + "homepage": null, + "hooks_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/hooks", + "html_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project", + "id": 586827266, + "is_template": false, + "issue_comment_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/events{/number}", + "issues_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues{/number}", + "keys_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/keys{/key_id}", + "labels_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/labels{/name}", + "language": "Shell", + "languages_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/languages", + "license": null, + "merge_commit_message": "PR_TITLE", + "merge_commit_title": "MERGE_MESSAGE", + "merges_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/merges", + "milestones_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/milestones{/number}", + "mirror_url": null, + "name": "ci-test-project", + "node_id": "R_kgDOIvpGAg", + "notifications_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/notifications{?since,all,participating}", + "open_issues": 1, + "open_issues_count": 1, + "owner": { + "avatar_url": "https://avatars.githubusercontent.com/u/121111529?v=4", + "events_url": "https://api.github.com/users/nikita-tkachenko-datadog/events{/privacy}", + "followers_url": "https://api.github.com/users/nikita-tkachenko-datadog/followers", + "following_url": "https://api.github.com/users/nikita-tkachenko-datadog/following{/other_user}", + "gists_url": "https://api.github.com/users/nikita-tkachenko-datadog/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/nikita-tkachenko-datadog", + "id": 121111529, + "login": "nikita-tkachenko-datadog", + "node_id": "U_kgDOBzgD6Q", + "organizations_url": "https://api.github.com/users/nikita-tkachenko-datadog/orgs", + "received_events_url": "https://api.github.com/users/nikita-tkachenko-datadog/received_events", + "repos_url": "https://api.github.com/users/nikita-tkachenko-datadog/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/nikita-tkachenko-datadog/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/nikita-tkachenko-datadog/subscriptions", + "type": "User", + "url": "https://api.github.com/users/nikita-tkachenko-datadog" + }, + "private": true, + "pulls_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls{/number}", + "pushed_at": "2024-09-11T15:12:25Z", + "releases_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/releases{/id}", + "size": 90, + "squash_merge_commit_message": "COMMIT_MESSAGES", + "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", + "ssh_url": "git@github.com:nikita-tkachenko-datadog/ci-test-project.git", + "stargazers_count": 0, + "stargazers_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/stargazers", + "statuses_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/subscribers", + "subscription_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/subscription", + "svn_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project", + "tags_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/tags", + "teams_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/teams", + "topics": [], + "trees_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/trees{/sha}", + "updated_at": "2024-09-11T13:41:11Z", + "url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project", + "use_squash_pr_title_as_default": false, + "visibility": "private", + "watchers": 0, + "watchers_count": 0, + "web_commit_signoff_required": false + }, + "sha": "df289512a51123083a8e6931dd6f57bb3883d4c4", + "user": { + "avatar_url": "https://avatars.githubusercontent.com/u/121111529?v=4", + "events_url": "https://api.github.com/users/nikita-tkachenko-datadog/events{/privacy}", + "followers_url": "https://api.github.com/users/nikita-tkachenko-datadog/followers", + "following_url": "https://api.github.com/users/nikita-tkachenko-datadog/following{/other_user}", + "gists_url": "https://api.github.com/users/nikita-tkachenko-datadog/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/nikita-tkachenko-datadog", + "id": 121111529, + "login": "nikita-tkachenko-datadog", + "node_id": "U_kgDOBzgD6Q", + "organizations_url": "https://api.github.com/users/nikita-tkachenko-datadog/orgs", + "received_events_url": "https://api.github.com/users/nikita-tkachenko-datadog/received_events", + "repos_url": "https://api.github.com/users/nikita-tkachenko-datadog/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/nikita-tkachenko-datadog/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/nikita-tkachenko-datadog/subscriptions", + "type": "User", + "url": "https://api.github.com/users/nikita-tkachenko-datadog" + } + }, + "html_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project/pull/1", + "id": 2066570986, + "issue_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/1", + "labels": [], + "locked": false, + "maintainer_can_modify": false, + "merge_commit_sha": "d9a3212d0d5d1483426dbbdf0beea32ee50abcde", + "mergeable": null, + "mergeable_state": "unknown", + "merged": false, + "merged_at": null, + "merged_by": null, + "milestone": null, + "node_id": "PR_kwDOIvpGAs57LV7q", + "number": 1, + "patch_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project/pull/1.patch", + "rebaseable": null, + "requested_reviewers": [], + "requested_teams": [], + "review_comment_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls/comments{/number}", + "review_comments": 0, + "review_comments_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls/1/comments", + "state": "open", + "statuses_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/statuses/df289512a51123083a8e6931dd6f57bb3883d4c4", + "title": "Test commit", + "updated_at": "2024-09-11T15:12:26Z", + "url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls/1", + "user": { + "avatar_url": "https://avatars.githubusercontent.com/u/121111529?v=4", + "events_url": "https://api.github.com/users/nikita-tkachenko-datadog/events{/privacy}", + "followers_url": "https://api.github.com/users/nikita-tkachenko-datadog/followers", + "following_url": "https://api.github.com/users/nikita-tkachenko-datadog/following{/other_user}", + "gists_url": "https://api.github.com/users/nikita-tkachenko-datadog/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/nikita-tkachenko-datadog", + "id": 121111529, + "login": "nikita-tkachenko-datadog", + "node_id": "U_kgDOBzgD6Q", + "organizations_url": "https://api.github.com/users/nikita-tkachenko-datadog/orgs", + "received_events_url": "https://api.github.com/users/nikita-tkachenko-datadog/received_events", + "repos_url": "https://api.github.com/users/nikita-tkachenko-datadog/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/nikita-tkachenko-datadog/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/nikita-tkachenko-datadog/subscriptions", + "type": "User", + "url": "https://api.github.com/users/nikita-tkachenko-datadog" + } + }, + "repository": { + "allow_forking": true, + "archive_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/{archive_format}{/ref}", + "archived": false, + "assignees_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/assignees{/user}", + "blobs_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/branches{/branch}", + "clone_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project.git", + "collaborators_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/comments{/number}", + "commits_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/commits{/sha}", + "compare_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/contents/{+path}", + "contributors_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/contributors", + "created_at": "2023-01-09T10:24:06Z", + "default_branch": "main", + "deployments_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/deployments", + "description": null, + "disabled": false, + "downloads_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/downloads", + "events_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/events", + "fork": false, + "forks": 0, + "forks_count": 0, + "forks_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/forks", + "full_name": "nikita-tkachenko-datadog/ci-test-project", + "git_commits_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/tags{/sha}", + "git_url": "git://github.com/nikita-tkachenko-datadog/ci-test-project.git", + "has_discussions": false, + "has_downloads": true, + "has_issues": true, + "has_pages": false, + "has_projects": true, + "has_wiki": false, + "homepage": null, + "hooks_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/hooks", + "html_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project", + "id": 586827266, + "is_template": false, + "issue_comment_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues/events{/number}", + "issues_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/issues{/number}", + "keys_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/keys{/key_id}", + "labels_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/labels{/name}", + "language": "Shell", + "languages_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/languages", + "license": null, + "merges_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/merges", + "milestones_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/milestones{/number}", + "mirror_url": null, + "name": "ci-test-project", + "node_id": "R_kgDOIvpGAg", + "notifications_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/notifications{?since,all,participating}", + "open_issues": 1, + "open_issues_count": 1, + "owner": { + "avatar_url": "https://avatars.githubusercontent.com/u/121111529?v=4", + "events_url": "https://api.github.com/users/nikita-tkachenko-datadog/events{/privacy}", + "followers_url": "https://api.github.com/users/nikita-tkachenko-datadog/followers", + "following_url": "https://api.github.com/users/nikita-tkachenko-datadog/following{/other_user}", + "gists_url": "https://api.github.com/users/nikita-tkachenko-datadog/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/nikita-tkachenko-datadog", + "id": 121111529, + "login": "nikita-tkachenko-datadog", + "node_id": "U_kgDOBzgD6Q", + "organizations_url": "https://api.github.com/users/nikita-tkachenko-datadog/orgs", + "received_events_url": "https://api.github.com/users/nikita-tkachenko-datadog/received_events", + "repos_url": "https://api.github.com/users/nikita-tkachenko-datadog/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/nikita-tkachenko-datadog/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/nikita-tkachenko-datadog/subscriptions", + "type": "User", + "url": "https://api.github.com/users/nikita-tkachenko-datadog" + }, + "private": true, + "pulls_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/pulls{/number}", + "pushed_at": "2024-09-11T15:12:25Z", + "releases_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/releases{/id}", + "size": 90, + "ssh_url": "git@github.com:nikita-tkachenko-datadog/ci-test-project.git", + "stargazers_count": 0, + "stargazers_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/stargazers", + "statuses_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/subscribers", + "subscription_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/subscription", + "svn_url": "https://github.com/nikita-tkachenko-datadog/ci-test-project", + "tags_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/tags", + "teams_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/teams", + "topics": [], + "trees_url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project/git/trees{/sha}", + "updated_at": "2024-09-11T13:41:11Z", + "url": "https://api.github.com/repos/nikita-tkachenko-datadog/ci-test-project", + "visibility": "private", + "watchers": 0, + "watchers_count": 0, + "web_commit_signoff_required": false + }, + "sender": { + "avatar_url": "https://avatars.githubusercontent.com/u/121111529?v=4", + "events_url": "https://api.github.com/users/nikita-tkachenko-datadog/events{/privacy}", + "followers_url": "https://api.github.com/users/nikita-tkachenko-datadog/followers", + "following_url": "https://api.github.com/users/nikita-tkachenko-datadog/following{/other_user}", + "gists_url": "https://api.github.com/users/nikita-tkachenko-datadog/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/nikita-tkachenko-datadog", + "id": 121111529, + "login": "nikita-tkachenko-datadog", + "node_id": "U_kgDOBzgD6Q", + "organizations_url": "https://api.github.com/users/nikita-tkachenko-datadog/orgs", + "received_events_url": "https://api.github.com/users/nikita-tkachenko-datadog/received_events", + "repos_url": "https://api.github.com/users/nikita-tkachenko-datadog/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/nikita-tkachenko-datadog/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/nikita-tkachenko-datadog/subscriptions", + "type": "User", + "url": "https://api.github.com/users/nikita-tkachenko-datadog" + } +} From 56b733e21259d3f03cf3d70cff3a9ca954d3893a Mon Sep 17 00:00:00 2001 From: Andrew Lock Date: Fri, 11 Oct 2024 10:45:02 +0100 Subject: [PATCH 4/8] Fix crashes on .NET Core 2.1 CI (#6139) ## Summary of changes Fix failing .NET Core 2.1 Windows integration tests ## Reason for change The .NET Core 2.1 Windows Integration tests are failing ## Implementation details After merging #6117 (to fix a weird issue in the .NET 6 windows integration tests related to procdump), we started getting failures in .NET Core 2.1. This is almost certainly a bug in the runtime, and as it's a CI-only issue, trivially fixing by not setting the variable ## Test coverage [Ran a full test here and all ok](https://dev.azure.com/datadoghq/dd-trace-dotnet/_build/results?buildId=165403&view=results) --- .../test/Datadog.Trace.TestHelpers/EnvironmentHelper.cs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tracer/test/Datadog.Trace.TestHelpers/EnvironmentHelper.cs b/tracer/test/Datadog.Trace.TestHelpers/EnvironmentHelper.cs index 4f6d5b5b6268..bcb0aa8b7434 100644 --- a/tracer/test/Datadog.Trace.TestHelpers/EnvironmentHelper.cs +++ b/tracer/test/Datadog.Trace.TestHelpers/EnvironmentHelper.cs @@ -197,7 +197,13 @@ public void SetEnvironmentVariables( // In some scenarios (.NET 6, SSI run enabled) enabling procdump makes // grabbing a stack trace _crazy_ expensive (10s). Setting this "fixes" it. - environmentVariables["_NO_DEBUG_HEAP"] = "1"; + // But for some reason, .NET Core 2.1 gets _very_ unhappy about it - + // given we don't really support .NET Core 2.1 anyway, and this _only_ happens + // when procdump is attached, just skip in that + if (_major > 2) + { + environmentVariables["_NO_DEBUG_HEAP"] = "1"; + } // Set a canary variable that should always be ignored // and check that it doesn't appear in the logs From c8399df44468f83c22a978418e0cfc314f9c3542 Mon Sep 17 00:00:00 2001 From: NachoEchevarria <53266532+NachoEchevarria@users.noreply.github.com> Date: Fri, 11 Oct 2024 13:35:42 +0200 Subject: [PATCH 5/8] [ASM] Send header values as string to the WAF (#6144) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary of changes Util this PR, we woudl store the request headers in a array of strings and we would send that array to the WAF. When generating fingerprints, the WAF does not accept arrays of strings but a single string, so, when we have a single header value, we store it in a string instead of in an array of strings with a single value inside the array. This change has fixed some problems related to the fingerprint generation, which has derived in a large amount of updated snapshots. ## Reason for change ## Implementation details ## Test coverage ## Other details --- .../Coordinator/SecurityCoordinator.Core.cs | 15 ++++++--- .../SecurityCoordinator.Framework.cs | 17 ++++++---- .../ApiSecurity/AspNetCoreApiSecurity.cs | 2 +- .../AspNetBase.cs | 2 ++ ....SecurityEnabled.MetaStruct._.verified.txt | 6 ++-- ...d&fromShell=true_exploit=CmdI.verified.txt | 6 ++-- ...ile=-etc-password_exploit=Lfi.verified.txt | 4 +-- ...k-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...y={-UserName-- -' or '1'='1-}.verified.txt | 6 ++-- ...d&fromShell=true_exploit=CmdI.verified.txt | 4 +-- ...ile=-etc-password_exploit=Lfi.verified.txt | 4 +-- ...k-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...y={-UserName-- -' or '1'='1-}.verified.txt | 4 +-- ...d&fromShell=true_exploit=CmdI.verified.txt | 6 ++-- ...ile=-etc-password_exploit=Lfi.verified.txt | 4 +-- ...k-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...h-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...y={-UserName-- -' or '1'='1-}.verified.txt | 6 ++-- ...d&fromShell=true_exploit=CmdI.verified.txt | 6 ++-- ...ile=-etc-password_exploit=Lfi.verified.txt | 4 +-- ...k-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...h-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...y={-UserName-- -' or '1'='1-}.verified.txt | 6 ++-- ...d&fromShell=true_exploit=CmdI.verified.txt | 6 ++-- ...ile=-etc-password_exploit=Lfi.verified.txt | 4 +-- ...k-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...y={-UserName-- -' or '1'='1-}.verified.txt | 6 ++-- ...d&fromShell=true_exploit=CmdI.verified.txt | 4 +-- ...ile=-etc-password_exploit=Lfi.verified.txt | 4 +-- ...k-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...y={-UserName-- -' or '1'='1-}.verified.txt | 4 +-- ...d&fromShell=true_exploit=CmdI.verified.txt | 6 ++-- ...ile=-etc-password_exploit=Lfi.verified.txt | 4 +-- ...k-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...h-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...y={-UserName-- -' or '1'='1-}.verified.txt | 6 ++-- ...d&fromShell=true_exploit=CmdI.verified.txt | 6 ++-- ...ile=-etc-password_exploit=Lfi.verified.txt | 4 +-- ...k-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...h-host=127.0.0.1_exploit=SSRF.verified.txt | 4 +-- ...y={-UserName-- -' or '1'='1-}.verified.txt | 6 ++-- ...ile=-etc-password_exploit=Lfi.verified.txt | 8 ++--- ...oContent_containsAttack=False.verified.txt | 2 +- ...Forbidden_containsAttack=True.verified.txt | 4 +-- ...sCode=OK_containsAttack=False.verified.txt | 4 +-- ...oContent_containsAttack=False.verified.txt | 2 +- ...Forbidden_containsAttack=True.verified.txt | 6 ++-- ...sCode=OK_containsAttack=False.verified.txt | 6 ++-- ...Enabled.__test=blocking_url=_.verified.txt | 30 ++++++++--------- ...rty=test&property2=dummy_rule.verified.txt | 20 ++++++------ ...y_rule-, -property2---test2-}.verified.txt | 20 ++++++------ ...y=dummy_rule&property2=value2.verified.txt | 20 ++++++------ ...tusCode=403_url=_health-q=fun.verified.txt | 10 +++--- ...Code=403_url=_Home_LangHeader.verified.txt | 20 ++++++------ ...tatusCode=403_url=_status_418.verified.txt | 10 +++--- ...tusCode=403_url=_health-q=fun.verified.txt | 6 ++-- ...e=403_url=_Home_Privacy-q=fun.verified.txt | 6 ++-- ...Enabled.__test=blocking_url=_.verified.txt | 32 +++++++++---------- ...rty=test&property2=dummy_rule.verified.txt | 22 ++++++------- ...y_rule-, -property2---test2-}.verified.txt | 22 ++++++------- ...y=dummy_rule&property2=value2.verified.txt | 22 ++++++------- ...tusCode=403_url=_health-q=fun.verified.txt | 12 +++---- ...Code=403_url=_Home_LangHeader.verified.txt | 22 ++++++------- ...tatusCode=403_url=_status_418.verified.txt | 12 +++---- ...Code=403_url=_Home_LangHeader.verified.txt | 22 ++++++------- ...action_actionName=customblock.verified.txt | 10 +++--- ...t=dummy_rule_actionName=block.verified.txt | 10 +++--- ...action_actionName=customblock.verified.txt | 10 +++--- ...t=dummy_rule_actionName=block.verified.txt | 10 +++--- ...y.AspNetCore5AsmCustomRules._.verified.txt | 6 ++-- ...y.AspNetCore5AsmRemoteRules._.verified.txt | 8 ++--- ...ty.AspNetCore5ExternalRules._.verified.txt | 20 ++++++------ ...=200_url=_good-param=[$slice].verified.txt | 22 ++++++------- ...=200_url=_void-param=[$slice].verified.txt | 22 ++++++------- ...e=500_url=_bad-param=[$slice].verified.txt | 22 ++++++------- ...e.__scenario=scan-empty-model.verified.txt | 4 +-- ...e.__scenario=scan-with-attack.verified.txt | 4 +-- ..._scenario=scan-without-attack.verified.txt | 4 +-- ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...Property-- {-a---[$slice]-} }.verified.txt | 20 ++++++------ ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...fingerprint-&q=help_body=null.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...ealth_-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...l=_Health_wp-config_body=null.verified.txt | 20 ++++++------ ...Property-- {-a---[$slice]-} }.verified.txt | 20 ++++++------ ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...fingerprint-&q=help_body=null.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...ealth_-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...rl=_Home_LangHeader_body=null.verified.txt | 30 ++++++++--------- ...e.__scenario=scan-empty-model.verified.txt | 4 +-- ...e.__scenario=scan-with-attack.verified.txt | 4 +-- ..._scenario=scan-without-attack.verified.txt | 4 +-- ...=block_request_statusCode=200.verified.txt | 8 ++--- ...direct_request_statusCode=302.verified.txt | 8 ++--- ...=block_request_statusCode=200.verified.txt | 8 ++--- ...direct_request_statusCode=302.verified.txt | 8 ++--- ...Classic.enableSecurity=True._.verified.txt | 6 ++-- ...egrated.enableSecurity=True._.verified.txt | 6 ++-- ...y=True.__scenario=null-action.verified.txt | 10 +++--- ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...oute_2-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...Member-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...ealth_-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...y=True.__scenario=null-action.verified.txt | 10 +++--- ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...ody={-Property1-- -[$slice]-}.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...oute_2-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...Member-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...ealth_-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...Health-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...tent%24testBox=%5B%24slice%5D.verified.txt | 20 ++++++------ ...Security=True.__test=blocking.verified.txt | 30 ++++++++--------- ...Health-arg=[$slice]_body=null.verified.txt | 20 ++++++------ ...appscan_fingerprint_body=null.verified.txt | 20 ++++++------ ...tent%24testBox=%5B%24slice%5D.verified.txt | 20 ++++++------ .../TestGlobalRulesToggling._.verified.txt | 8 ++--- 126 files changed, 795 insertions(+), 781 deletions(-) diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs index 80e7b86621cc..8bb22b08be8d 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs @@ -14,6 +14,7 @@ using Datadog.Trace.Util.Http; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Routing; +using Microsoft.Extensions.Primitives; namespace Datadog.Trace.AppSec.Coordinator; @@ -28,22 +29,23 @@ internal SecurityCoordinator(Security security, Span span, HttpTransport? transp private static bool CanAccessHeaders => true; - public static Dictionary ExtractHeadersFromRequest(IHeaderDictionary headers) + public static Dictionary ExtractHeadersFromRequest(IHeaderDictionary headers) { - var headersDic = new Dictionary(headers.Keys.Count); + var headersDic = new Dictionary(headers.Keys.Count); foreach (var k in headers.Keys) { var currentKey = k ?? string.Empty; if (!currentKey.Equals("cookie", System.StringComparison.OrdinalIgnoreCase)) { currentKey = currentKey.ToLowerInvariant(); + var value = GetHeaderValueForWaf(headers[currentKey]); #if NETCOREAPP - if (!headersDic.TryAdd(currentKey, headers[currentKey])) + if (!headersDic.TryAdd(currentKey, value)) { #else if (!headersDic.ContainsKey(currentKey)) { - headersDic.Add(currentKey, headers[currentKey]); + headersDic.Add(currentKey, value); } else { @@ -56,6 +58,11 @@ public static Dictionary ExtractHeadersFromRequest(IHeaderDict return headersDic; } + private static object GetHeaderValueForWaf(StringValues value) + { + return (value.Count == 1 ? value[0] : value); + } + internal void BlockAndReport(IResult? result) { if (result is not null) diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs index 288596dbf889..0245c5604e84 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs @@ -377,12 +377,12 @@ public Dictionary GetBasicRequestArgsForWaf() { var request = _httpTransport.Context.Request; var headers = RequestDataHelper.GetHeaders(request); - Dictionary? headersDic = null; + Dictionary? headersDic = null; if (headers is not null) { var headerKeys = headers.Keys; - headersDic = new Dictionary(headerKeys.Count); + headersDic = new Dictionary(headerKeys.Count); foreach (string originalKey in headerKeys) { var keyForDictionary = originalKey?.ToLowerInvariant() ?? string.Empty; @@ -390,7 +390,7 @@ public Dictionary GetBasicRequestArgsForWaf() { if (!headersDic.ContainsKey(keyForDictionary)) { - headersDic.Add(keyForDictionary, headers.GetValues(originalKey)); + headersDic.Add(keyForDictionary, GetHeaderValueForWaf(headers.GetValues(originalKey))); } else { @@ -488,10 +488,15 @@ public Dictionary GetBasicRequestArgsForWaf() return dict; } - public Dictionary GetResponseHeadersForWaf() + private static object GetHeaderValueForWaf(string[] value) + { + return (value.Count() == 1 ? value[0] : value); + } + + public Dictionary GetResponseHeadersForWaf() { var response = _httpTransport.Context.Response; - var headersDic = new Dictionary(response.Headers.Keys.Count); + var headersDic = new Dictionary(response.Headers.Keys.Count); var headerKeys = response.Headers.Keys; foreach (string originalKey in headerKeys) { @@ -501,7 +506,7 @@ public Dictionary GetResponseHeadersForWaf() keyForDictionary = keyForDictionary.ToLowerInvariant(); if (!headersDic.ContainsKey(keyForDictionary)) { - headersDic.Add(keyForDictionary, response.Headers.GetValues(originalKey)); + headersDic.Add(keyForDictionary, GetHeaderValueForWaf(response.Headers.GetValues(originalKey))); } else { diff --git a/tracer/test/Datadog.Trace.Security.IntegrationTests/ApiSecurity/AspNetCoreApiSecurity.cs b/tracer/test/Datadog.Trace.Security.IntegrationTests/ApiSecurity/AspNetCoreApiSecurity.cs index 2369fe0ca12b..ebe917558b22 100644 --- a/tracer/test/Datadog.Trace.Security.IntegrationTests/ApiSecurity/AspNetCoreApiSecurity.cs +++ b/tracer/test/Datadog.Trace.Security.IntegrationTests/ApiSecurity/AspNetCoreApiSecurity.cs @@ -63,7 +63,7 @@ public async Task TestApiSecurityScan(string url, string body, HttpStatusCode ex // Simple scrubber for the response content type in .NET 8 // .NET 8 doesn't add the content-length header, whereas previous versions do settings.AddSimpleScrubber( - """_dd.appsec.s.res.headers: [{"content-length":[[[8]],{"len":1}]}],""", + """_dd.appsec.s.res.headers: [{"content-length":[8]}],""", """_dd.appsec.s.res.headers: [{}],"""); #endif await VerifySpans(spans, settings); diff --git a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs index 339b404c956a..224fd1b3042f 100644 --- a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs +++ b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetBase.cs @@ -49,6 +49,7 @@ public class AspNetBase : TestHelper private static readonly Regex AppSecRaspWafDuration = new(@"_dd.appsec.rasp.duration: \d+\.0", RegexOptions.IgnoreCase | RegexOptions.Compiled); private static readonly Regex AppSecRaspWafDurationWithBindings = new(@"_dd.appsec.rasp.duration_ext: \d+\.0", RegexOptions.IgnoreCase | RegexOptions.Compiled); private static readonly Regex AppSecFingerPrintHeaders = new(@"_dd.appsec.fp.http.header: hdr-\d+-\S*-\d+-\S*", RegexOptions.IgnoreCase | RegexOptions.Compiled); + private static readonly Regex AppSecFingerPrintNetwork = new(@"_dd.appsec.fp.http.network: net-\d+-\d+", RegexOptions.IgnoreCase | RegexOptions.Compiled); private static readonly Regex AppSecSpanIdRegex = (new Regex("\"span_id\":\\d+")); private static readonly Type MetaStructHelperType = Type.GetType("Datadog.Trace.AppSec.Rasp.MetaStructHelper, Datadog.Trace"); private static readonly MethodInfo MetaStructByteArrayToObject = MetaStructHelperType.GetMethod("ByteArrayToObject", BindingFlags.Public | BindingFlags.Static); @@ -124,6 +125,7 @@ public async Task TestAppSecRequestWithVerifyAsync(MockTracerAgent agent, string public void ScrubFingerprintHeaders(VerifySettings settings) { settings.AddRegexScrubber(AppSecFingerPrintHeaders, "_dd.appsec.fp.http.header: "); + settings.AddRegexScrubber(AppSecFingerPrintNetwork, "_dd.appsec.fp.http.network: "); } public async Task VerifySpans(IImmutableList spans, VerifySettings settings, bool testInit = false, string methodNameOverride = null, string testName = null, bool forceMetaStruct = false, string fileNameOverride = null) diff --git a/tracer/test/snapshots/AspNetCore5.SecurityEnabled.MetaStruct._.verified.txt b/tracer/test/snapshots/AspNetCore5.SecurityEnabled.MetaStruct._.verified.txt index e27bf6994746..d5d99163fbc3 100644 --- a/tracer/test/snapshots/AspNetCore5.SecurityEnabled.MetaStruct._.verified.txt +++ b/tracer/test/snapshots/AspNetCore5.SecurityEnabled.MetaStruct._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.appsec.json.metastruct.test: true, _dd.origin: appsec, diff --git a/tracer/test/snapshots/Rasp.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 8ac94bcb2fa1..d02f8497e8fb 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 942cf83b050b..5b403e2d104f 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 3bff09f09fcb..0a94b71134c6 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 6937b383beee..90c7e54a68aa 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 6bd89207d138..5b37d06d8688 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index a803169994c3..7d30188e43fa 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 6924d0edbc76..f3273a6936d8 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/Rasp.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 30f4f8b12ab5..0e18ab2951b2 100644 --- a/tracer/test/snapshots/Rasp.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -48,8 +48,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 8bc4a5cf3697..0323203ef0a8 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -23,8 +23,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index e4ed2f44f65d..148216e9607c 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 620152e387dc..e390ccf54c8a 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt index 11866ed1034f..0172a79b7868 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt @@ -23,8 +23,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index c09ad0f2a065..ef84b09e5c43 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 61ec6f34fc46..02c28ac82b85 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -24,8 +24,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 4801f41892c0..2c0f3a381f3f 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index e8b4fc4aa8c3..4c77c5a55e96 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt index 693f780e0563..a128e0530502 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt @@ -24,8 +24,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index c262ca252ff1..fed70f3ab30a 100644 --- a/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/Rasp.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -26,8 +26,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/RaspIast.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 220a3d6cef91..948f996cd9cc 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore2.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 5297d8274601..834e295bfbc0 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore2.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 944088a39938..92f8338da1d6 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore2.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index eafe8f0972c9..913672ee3875 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore2.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 9e84d7b1016f..211aafdaef88 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore5.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 35e35a8d8ae2..5364c9c8683b 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 3c30a7304110..4143fd5c2e6b 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore5.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/RaspIast.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 228b26478a66..afa83f61ddd1 100644 --- a/tracer/test/snapshots/RaspIast.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetCore5.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -48,8 +48,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 99c6bdbe4539..de0f78772a05 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -23,8 +23,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 585aaa4c41e9..94c7b825632e 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 4464f5e1101a..fed999106865 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -46,8 +46,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt index a8ee7b202791..ef80f0331c25 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt @@ -23,8 +23,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--3-bf93958a, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-3-bf93958a, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 64a8ae3bf5b4..57b757c73e2b 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Classic.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt index 1920bf8ea56c..45e45ccd7b13 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.CmdI_url=-Iast-ExecuteCommand-file=ls&argumentLine=;evilCommand&fromShell=true_exploit=CmdI.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -24,8 +24,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index dc49fcdd51c1..96b1e5033d66 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt index 11d9a7bb72f6..3960befcb0eb 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttack-host=127.0.0.1_exploit=SSRF.verified.txt @@ -47,8 +47,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt index ab86c0ca7537..2b625ddc423b 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SSRF_url=-Iast-SsrfAttackNoCatch-host=127.0.0.1_exploit=SSRF.verified.txt @@ -24,8 +24,8 @@ language: dotnet, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000001--5-6cdcf2fe, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000001-3626b5f8-5-6cdcf2fe, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-002-001","name":"Server-side request forgery","tags":{"category":"vulnerability_trigger","type":"ssrf"}},"rule_matches":[{"operator":"ssrf_detector","operator_value":"","parameters":[{"address":null,"highlight":["127.0.0.1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt index 8c8c3767f3f1..2b8d794d027d 100644 --- a/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt +++ b/tracer/test/snapshots/RaspIast.AspNetMvc5.Integrated.SqlI_url=-Iast-ExecuteQueryFromBodyQueryData_exploit=SqlI_body={-UserName-- -' or '1'='1-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -26,8 +26,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a13f66cb--6f45fc03, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-942-100","name":"SQL injection exploit","tags":{"category":"vulnerability_trigger","type":"sql_injection"}},"rule_matches":[{"operator":"sqli_detector","operator_value":"","parameters":[{"address":null,"highlight":["' or '1'='1"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.iast.enabled: 1, _dd.iast.json: diff --git a/tracer/test/snapshots/RaspRCM.RuleEnableDisableEnable.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt b/tracer/test/snapshots/RaspRCM.RuleEnableDisableEnable.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt index 345161699fde..8b16226b278d 100644 --- a/tracer/test/snapshots/RaspRCM.RuleEnableDisableEnable.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt +++ b/tracer/test/snapshots/RaspRCM.RuleEnableDisableEnable.AspNetCore5.Lfi_url=-Iast-GetFileContent-file=-etc-password_exploit=Lfi.verified.txt @@ -48,8 +48,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -171,8 +171,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-001-001","name":"Path traversal attack","tags":{"category":"vulnerability_trigger","type":"lfi"}},"rule_matches":[{"operator":"lfi_detector","operator_value":"","parameters":[{"address":null,"highlight":["/etc/password"],"key_path":null,"value":null}]}],"span_id": XXX}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt index 83f09d0fdde5..1217484c78e7 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt @@ -40,7 +40,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"connection":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"connection":[8],"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], _dd.appsec.s.res.headers: [{}], _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt index b78cce3e39df..eca8fffd4519 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt @@ -51,8 +51,8 @@ span.kind: server, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-932-160","name":"Remote Command Execution: Unix Shell Code Found","tags":{"category":"attack_attempt","type":"command_injection"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dev/zero"],"key_path":["Property"],"value":"dev/zero"}]}]}]}, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"connection":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], - _dd.appsec.s.res.headers: [{"content-type":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"connection":[8],"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], + _dd.appsec.s.res.headers: [{"content-type":[8]}], _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt index 98916f2960d9..53cfdc612d20 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore2.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt @@ -40,9 +40,9 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"connection":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"connection":[8],"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], _dd.appsec.s.res.body: [{"PropertyResponse":[8],"PropertyResponse2":[4],"PropertyResponse3":[16],"PropertyResponse4":[4]}], - _dd.appsec.s.res.headers: [{"content-type":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"content-type":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt index f3970a894543..bafd42dc7ef9 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_empty-model_body={-property_expectedStatusCode=NoContent_containsAttack=False.verified.txt @@ -41,7 +41,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8]}], _dd.appsec.s.res.headers: [{}], _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt index eec4d567fdd1..9265c26721e2 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=Forbidden_containsAttack=True.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -52,9 +52,9 @@ span.kind: server, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-932-160","name":"Remote Command Execution: Unix Shell Code Found","tags":{"category":"attack_attempt","type":"command_injection"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dev/zero"],"key_path":["Property"],"value":"dev/zero"}]}]}]}, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8]}], - _dd.appsec.s.res.headers: [{"content-type":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"content-type":[8]}], _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt index 9130fc79f2ec..4f7d76cceaac 100644 --- a/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt +++ b/tracer/test/snapshots/Security.ApiSecurity.AspNetCore5.ApiSecOn.__url=_dataapi_model_body={-property_expectedStatusCode=OK_containsAttack=False.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -41,10 +41,10 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"Property":[8],"Property2":[8],"Property3":[4],"Property4":[4]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"host":[8],"user-agent":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8]}], _dd.appsec.s.res.body: [{"PropertyResponse":[8],"PropertyResponse2":[4],"PropertyResponse3":[16],"PropertyResponse4":[4]}], - _dd.appsec.s.res.headers: [{"content-type":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"content-type":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=blocking_url=_.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=blocking_url=_.verified.txt index a91a170155ba..0a0aedd2819e 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=blocking_url=_.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=blocking_url=_.verified.txt @@ -25,9 +25,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -67,9 +67,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -151,9 +151,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -193,9 +193,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0100000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt index d11569c0745f..1190f94c5d6f 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt @@ -30,8 +30,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -77,8 +77,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -171,8 +171,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -218,8 +218,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt index 9af6dba4863f..2cf8e0543516 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt @@ -30,8 +30,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -77,8 +77,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -171,8 +171,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -218,8 +218,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt index 0060bd47abcb..a489121499ac 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt @@ -30,8 +30,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -77,8 +77,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -171,8 +171,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -218,8 +218,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt index 6ccd04eb5b48..e4adfb339e7c 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt @@ -26,7 +26,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,7 +68,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,7 +110,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,7 +152,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +194,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 9df454b9e0c4..c4d8c0f3d7c2 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -29,8 +29,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -74,8 +74,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -119,8 +119,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -164,8 +164,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -209,8 +209,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt index 29daaa98aae0..f7fb29150387 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt @@ -29,7 +29,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -74,7 +74,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +119,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -164,7 +164,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -209,7 +209,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesHtml.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesHtml.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt index 4e76abece4ec..264784a48343 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesHtml.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesHtml.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -26,8 +26,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000010--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000010-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesJson.__test=server.request.uri.raw_expectedStatusCode=403_url=_Home_Privacy-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesJson.__test=server.request.uri.raw_expectedStatusCode=403_url=_Home_Privacy-q=fun.verified.txt index d563d5c8c765..05f47128ce3c 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesJson.__test=server.request.uri.raw_expectedStatusCode=403_url=_Home_Privacy-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityBlockingTemplatesJson.__test=server.request.uri.raw_expectedStatusCode=403_url=_Home_Privacy-q=fun.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/Home/Privacy?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=blocking_url=_.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=blocking_url=_.verified.txt index b60bce9d17f3..5aa0aceded2a 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=blocking_url=_.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=blocking_url=_.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,9 +25,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -67,9 +67,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -151,9 +151,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -193,9 +193,9 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt index 88d0de893390..e8a0d5b1932f 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -31,8 +31,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -79,8 +79,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,8 +127,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -223,8 +223,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt index 4f42eea19fbc..6556e23a92ba 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -31,8 +31,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -79,8 +79,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,8 +127,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -223,8 +223,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt index 08c60b55e8cb..8458c5841dbc 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -31,8 +31,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -79,8 +79,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,8 +127,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -223,8 +223,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000100--2-da57b738, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt index a47129dc3e23..d50da05768c3 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.uri.raw_expectedStatusCode=403_url=_health-q=fun.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -26,7 +26,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,7 +68,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,7 +110,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,7 +152,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +194,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-011","name":"No fun","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"fun","parameters":[{"address":"server.request.uri.raw","highlight":["fun"],"key_path":[],"value":"/health?q=fun"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 020025c223ea..8106987ad0f4 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -30,8 +30,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -76,8 +76,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -168,8 +168,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -214,8 +214,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt index 080ae01f8ffb..75ec3080c70d 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -30,7 +30,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,7 +76,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,7 +122,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -168,7 +168,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -214,7 +214,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.network: , _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 4080d37e8754..eb7235521c81 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -30,8 +30,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -76,8 +76,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -168,8 +168,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -214,8 +214,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.header: - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.network: , + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_custom_action_actionName=customblock.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_custom_action_actionName=customblock.verified.txt index 7cf7813945d7..0b2e61a91c20 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_custom_action_actionName=customblock.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_custom_action_actionName=customblock.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule-custom-block","name":"Dummy rule to test blocking with a custom action","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_custom_action"],"key_path":["arg","0"],"value":"dummy_custom_action"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule-custom-block","name":"Dummy rule to test blocking with a custom action","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_custom_action"],"key_path":["arg","0"],"value":"dummy_custom_action"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_rule_actionName=block.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_rule_actionName=block.verified.txt index 64ab7dedf465..4c3254286bf4 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_rule_actionName=block.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=block_request_statusCode=200_argument=dummy_rule_actionName=block.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_custom_action_actionName=customblock.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_custom_action_actionName=customblock.verified.txt index 10432385569a..43b2f187c559 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_custom_action_actionName=customblock.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_custom_action_actionName=customblock.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule-custom-block","name":"Dummy rule to test blocking with a custom action","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_custom_action"],"key_path":["arg","0"],"value":"dummy_custom_action"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule-custom-block","name":"Dummy rule to test blocking with a custom action","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_custom_action"],"key_path":["arg","0"],"value":"dummy_custom_action"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_rule_actionName=block.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_rule_actionName=block.verified.txt index 0f6b1c6cd09b..40c83d1a4dbe 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_rule_actionName=block.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmActionsConfiguration.__type=redirect_request_statusCode=302_argument=dummy_rule_actionName=block.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -25,8 +25,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt index c5a06bc0a30c..c8f0b68abd2a 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -62,8 +62,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test_custom_rule","name":"Test custom rule","tags":{"category":"attack_attempt","type":"custom_rule"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["customrule"],"key_path":["arg","0"],"value":"customrule_trigger"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt index 436a2beea22f..cbdfee9f1fe5 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -169,7 +169,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"new-test-non-blocking","name":"Datadog test scanner - NON blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent","0"],"value":"dd-test-scanner-log-block"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"new-test-non-blocking","name":"Datadog test scanner - NON blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent"],"value":"dd-test-scanner-log-block"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -212,7 +212,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-56x","name":"Datadog test scanner - blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent","0"],"value":"dd-test-scanner-log-block"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-56x","name":"Datadog test scanner - blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent"],"value":"dd-test-scanner-log-block"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -255,7 +255,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-56x","name":"Datadog test scanner - blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent","0"],"value":"dd-test-scanner-log-block"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-56x","name":"Datadog test scanner - blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent"],"value":"dd-test-scanner-log-block"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt index 151a86f939e9..d6f1cde96106 100644 --- a/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt @@ -29,8 +29,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -78,8 +78,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,8 +127,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -176,8 +176,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -225,8 +225,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_good-param=[$slice].verified.txt b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_good-param=[$slice].verified.txt index 290fff109e4e..857daaf1576c 100644 --- a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_good-param=[$slice].verified.txt +++ b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_good-param=[$slice].verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -28,8 +28,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,8 +76,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -172,8 +172,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -220,8 +220,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_void-param=[$slice].verified.txt b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_void-param=[$slice].verified.txt index c00a1345b65b..6154b39e94ba 100644 --- a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_void-param=[$slice].verified.txt +++ b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=200_url=_void-param=[$slice].verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -28,8 +28,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,8 +76,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -172,8 +172,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -220,8 +220,8 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=500_url=_bad-param=[$slice].verified.txt b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=500_url=_bad-param=[$slice].verified.txt index 8ecdf10a1bcf..090142eaa9f8 100644 --- a/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=500_url=_bad-param=[$slice].verified.txt +++ b/tracer/test/snapshots/Security.AspNetCoreBare.__expectedStatusCode=500_url=_bad-param=[$slice].verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -34,8 +34,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -88,8 +88,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -142,8 +142,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -196,8 +196,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -250,8 +250,8 @@ at Samples.Security.AspNetCoreBare.Controllers.BadController.Get(), network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["param","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt index 325b8bef16f9..d45bfabcef68 100644 --- a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt +++ b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt @@ -41,10 +41,10 @@ span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"MS_SubRoutes":[[[{}]],{"len":1}]}], _dd.appsec.s.req.query: [{}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expires":[[[8]],{"len":1}],"pragma":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-length":[8],"content-type":[8],"expires":[8],"pragma":[8],"server":[8],"x-aspnet-version":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt index 830087ed7d35..bff3f4aea3df 100644 --- a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt @@ -52,10 +52,10 @@ _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-932-160","name":"Remote Command Execution: Unix Shell Code Found","tags":{"category":"attack_attempt","type":"command_injection"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dev/zero"],"key_path":["model","Dog2"],"value":"dev/zero"}]}]}]}, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"MS_SubRoutes":[[[{}]],{"len":1}]}], _dd.appsec.s.req.query: [{}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expires":[[[8]],{"len":1}],"pragma":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-length":[8],"content-type":[8],"expires":[8],"pragma":[8],"server":[8],"x-aspnet-version":[8]}], _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt index b3f5e60e05b6..23f61bee8d5f 100644 --- a/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetFxWebApiApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt @@ -41,11 +41,11 @@ span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"MS_SubRoutes":[[[{}]],{"len":1}]}], _dd.appsec.s.req.query: [{}], _dd.appsec.s.res.body: [{"Id":[4],"Message":[8]}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expires":[[[8]],{"len":1}],"pragma":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-length":[8],"content-type":[8],"expires":[8],"pragma":[8],"server":[8],"x-aspnet-version":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt index da0c0f516374..b0be44b2ad9b 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt @@ -23,9 +23,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -66,9 +66,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -152,9 +152,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -195,9 +195,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt index cf676a688ca9..6da030b29599 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt @@ -51,8 +51,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -193,8 +193,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -264,8 +264,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -335,8 +335,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt index 2303334e48bc..c6b4c65a0845 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt @@ -51,8 +51,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0100000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -193,8 +193,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -264,8 +264,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -335,8 +335,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 63ac5185d848..6dace1ca5e1b 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -51,8 +51,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,8 +122,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -193,8 +193,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -264,8 +264,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -335,8 +335,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt index 5f7a9c5e4a74..52f15033556f 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt @@ -48,8 +48,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt index 10a8057457e8..1f4cc2803a71 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt @@ -48,8 +48,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt index f8a1c1609b85..2a0d7ed5fe11 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt @@ -48,8 +48,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt index c2b215da8c3a..e0229d974fb4 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt @@ -24,9 +24,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -68,9 +68,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -112,9 +112,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -156,9 +156,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -200,9 +200,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt index 03ff2c84d297..a50698e74a4c 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt @@ -49,8 +49,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -187,8 +187,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -256,8 +256,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -325,8 +325,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt index 9bc90ad90864..0d67de705121 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt @@ -52,8 +52,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -196,8 +196,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -268,8 +268,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -340,8 +340,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt index 81872303bd67..02fcbd1d6b14 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt @@ -52,8 +52,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -196,8 +196,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -268,8 +268,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -340,8 +340,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index d494771670c8..82d94900697c 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -52,8 +52,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0100000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,8 +124,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -196,8 +196,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -268,8 +268,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -340,8 +340,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt index bbf97839bf64..d0088462fffc 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt @@ -49,8 +49,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -187,8 +187,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -256,8 +256,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -325,8 +325,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt index ab653ef4fc59..590b8e35b912 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt @@ -49,8 +49,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -187,8 +187,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -256,8 +256,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -325,8 +325,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt index 3708e726a825..61c6bd3456d2 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt @@ -49,8 +49,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -187,8 +187,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -256,8 +256,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -325,8 +325,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt index ccb2ad183281..56482f067395 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt @@ -50,9 +50,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -120,9 +120,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -190,9 +190,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -260,9 +260,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -330,9 +330,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language","0"],"value":"krypton"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt index 536e3057b55d..2c0a907044b3 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt @@ -45,10 +45,10 @@ span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8]}], _dd.appsec.s.req.query: [{}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnetmvc-version":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-type":[8],"server":[8],"x-aspnetmvc-version":[8],"x-aspnet-version":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt index 6c9a00b26d9a..28ae31830bce 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt @@ -55,10 +55,10 @@ _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-932-160","name":"Remote Command Execution: Unix Shell Code Found","tags":{"category":"attack_attempt","type":"command_injection"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dev/zero"],"key_path":["model","Dog2"],"value":"dev/zero"}]}]}]}, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8],"id":[8]}], _dd.appsec.s.req.query: [{}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-type":[8],"x-aspnet-version":[8]}], _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt index 52da13ca28a9..0d2f0c1d83b9 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt @@ -45,11 +45,11 @@ span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], _dd.appsec.s.req.cookies: [{"cookie-key":[[[8]],{"len":1}]}], - _dd.appsec.s.req.headers: [{"content-length":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"expect":[[[8]],{"len":1}],"host":[[[8]],{"len":1}],"traceparent":[[[8]],{"len":1}],"tracestate":[[[8]],{"len":1}],"user-agent":[[[8]],{"len":1}],"x-datadog-parent-id":[[[8]],{"len":1}],"x-datadog-sampling-priority":[[[8]],{"len":1}],"x-datadog-tags":[[[8]],{"len":1}],"x-datadog-trace-id":[[[8]],{"len":1}],"x-forwarded-for":[[[8]],{"len":1}]}], + _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8],"id":[8]}], _dd.appsec.s.req.query: [{}], _dd.appsec.s.res.body: [{"Id":[4],"Message":[8],"PathParamId":[4]}], - _dd.appsec.s.res.headers: [{"cache-control":[[[8]],{"len":1}],"content-type":[[[8]],{"len":1}],"server":[[[8]],{"len":1}],"x-aspnetmvc-version":[[[8]],{"len":1}],"x-aspnet-version":[[[8]],{"len":1}]}], + _dd.appsec.s.res.headers: [{"cache-control":[8],"content-type":[8],"server":[8],"x-aspnetmvc-version":[8],"x-aspnet-version":[8]}], _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt index f72ee4ce5dc4..4d9cd87bf01d 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt @@ -23,8 +23,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -66,8 +66,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt index 5b7615fb4042..3dbd9ec650d6 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt @@ -23,8 +23,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -66,8 +66,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt index 583d189d53e4..9bc3daeb0b2c 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt @@ -24,8 +24,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,8 +68,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt index 219fa87deb6e..9109a121b84a 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt @@ -24,8 +24,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -68,8 +68,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt index 3cd162285bcb..8356bafb2770 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt @@ -48,7 +48,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -89,7 +89,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -155,7 +155,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt index 2d14e0e813f5..07f15f5ade00 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt @@ -49,7 +49,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -91,7 +91,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -158,7 +158,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent","0"],"value":"Mistake Not... (sql power injector)"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__scenario=null-action.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__scenario=null-action.verified.txt index 2eab761ea65f..cb0da9edec2c 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__scenario=null-action.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__scenario=null-action.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -44,8 +44,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["pathparam2"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -108,8 +108,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["pathparam2"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt index 35d755890d96..0163856aa2d5 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt @@ -23,9 +23,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -66,9 +66,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -152,9 +152,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -195,9 +195,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 3e04a9d7140f..b97006b034d8 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -48,8 +48,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt index 966c92410981..93e05bfc143b 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -240,8 +240,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -305,8 +305,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt index 300b60660106..12eb9c3a826e 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -240,8 +240,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -305,8 +305,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt index 0d4f8145f974..8cc3b5e1bbd5 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -240,8 +240,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -305,8 +305,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt index 3645b216f573..b7ae498b361a 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -175,8 +175,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -240,8 +240,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -305,8 +305,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__scenario=null-action.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__scenario=null-action.verified.txt index 0c2b6ff7f015..7b111c66a5a3 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__scenario=null-action.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__scenario=null-action.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -45,8 +45,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["pathparam2"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -110,8 +110,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["pathparam2"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt index 8a194ad0645d..7d2de38e32de 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt @@ -24,9 +24,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -68,9 +68,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -112,9 +112,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -156,9 +156,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -200,9 +200,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 01b8b2ed1ddb..e8865529d57c 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -48,8 +48,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,8 +116,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,8 +184,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -252,8 +252,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -320,8 +320,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt index e740c4a40980..5cc3a3119d4b 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt @@ -46,8 +46,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -112,8 +112,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -178,8 +178,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -244,8 +244,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -310,8 +310,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt index 45244b542998..3330e046418b 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt @@ -46,8 +46,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -112,8 +112,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -178,8 +178,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -244,8 +244,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -310,8 +310,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt index 426c5d92b5c6..966d621fa4b2 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt @@ -46,8 +46,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -112,8 +112,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -178,8 +178,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -244,8 +244,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -310,8 +310,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt index b44120c6af4e..03fa0917349b 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt @@ -46,8 +46,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -112,8 +112,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -178,8 +178,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -244,8 +244,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -310,8 +310,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt index da0c0f516374..b0be44b2ad9b 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt @@ -23,9 +23,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -66,9 +66,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -109,9 +109,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -152,9 +152,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -195,9 +195,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt index af7ae69eb0ab..99688ac33a08 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt @@ -22,8 +22,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0100000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -64,8 +64,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -106,8 +106,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -148,8 +148,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -190,8 +190,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt index c1b6d1a94e7a..005696060e3c 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt @@ -22,8 +22,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -64,8 +64,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -106,8 +106,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -148,8 +148,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -190,8 +190,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--1-4740ae63, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt index ef3b69712e15..c08e68df9207 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt @@ -25,8 +25,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -70,8 +70,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -115,8 +115,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -160,8 +160,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -205,8 +205,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--3-4d739311, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt index c2b215da8c3a..e0229d974fb4 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt @@ -24,9 +24,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -68,9 +68,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -112,9 +112,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -156,9 +156,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -200,9 +200,9 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, - _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent","0"],"value":"mistake not... hello/v"}]}]}]}, + _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt index 489d1efd7899..a6e7a09ee519 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt @@ -23,8 +23,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -66,8 +66,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -109,8 +109,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,8 +152,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -195,8 +195,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt index 77757855c884..90d2a5e1742a 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt @@ -23,8 +23,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -66,8 +66,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -109,8 +109,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -152,8 +152,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -195,8 +195,8 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.fp.http.header: hdr-0000000000--3-98425651, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt index c881d3cac341..599778044e16 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt @@ -26,8 +26,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0100000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -72,8 +72,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -118,8 +118,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -164,8 +164,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -210,8 +210,8 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, - _dd.appsec.fp.http.header: hdr-0000000100--5-07490af2, - _dd.appsec.fp.http.network: net-0-1000000000, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/TestGlobalRulesToggling._.verified.txt b/tracer/test/snapshots/TestGlobalRulesToggling._.verified.txt index bf87f94b4486..7109954e83dd 100644 --- a/tracer/test/snapshots/TestGlobalRulesToggling._.verified.txt +++ b/tracer/test/snapshots/TestGlobalRulesToggling._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -29,7 +29,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent","0"],"value":"mistake not... acunetix-product"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent"],"value":"mistake not... acunetix-product"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -76,7 +76,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent","0"],"value":"mistake not... acunetix-product"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent"],"value":"mistake not... acunetix-product"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, @@ -123,7 +123,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent","0"],"value":"mistake not... acunetix-product"}]}]}]}, + _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent"],"value":"mistake not... acunetix-product"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet }, From 10dbd01ffe9dfe84013d3d0323a590bc2059e424 Mon Sep 17 00:00:00 2001 From: Steven Bouwkamp Date: Fri, 11 Oct 2024 14:07:04 -0400 Subject: [PATCH 6/8] Add support for `3.*` of `log4net` (#6075) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary of changes Adds support for v3 of `log4net` ## Reason for change We only went to v2. ## Implementation details Updated to v3 in places necessary. ## Test coverage Updated sample app to use v3 and tests passed. ## Other details --- .../PackageVersionsGeneratorDefinitions.json | 5 +- .../build/PackageVersionsLatestMajors.g.props | 48 +++++++++++++++++++ .../build/PackageVersionsLatestMinors.g.props | 48 +++++++++++++++++++ .../PackageVersionsLatestSpecific.g.props | 48 +++++++++++++++++++ tracer/build/supported_versions.json | 8 ++-- .../Datadog.Dependabot.Integrations.csproj | 4 +- .../AppenderCollectionIntegration.cs | 4 +- .../AppenderAttachedImplIntegration.cs | 2 +- .../InstrumentationDefinitions.g.cs | 4 +- .../InstrumentationDefinitions.g.cs | 4 +- .../InstrumentationDefinitions.g.cs | 4 +- .../InstrumentationDefinitions.g.cs | 4 +- .../PackageVersionsLatestMajors.g.cs | 8 ++++ .../PackageVersionsLatestMinors.g.cs | 8 ++++ .../PackageVersionsLatestSpecific.g.cs | 8 ++++ .../LogsInjection.Log4Net.csproj | 3 +- 16 files changed, 190 insertions(+), 20 deletions(-) diff --git a/tracer/build/PackageVersionsGeneratorDefinitions.json b/tracer/build/PackageVersionsGeneratorDefinitions.json index f30ebb47b87a..2422b2b5a663 100644 --- a/tracer/build/PackageVersionsGeneratorDefinitions.json +++ b/tracer/build/PackageVersionsGeneratorDefinitions.json @@ -540,10 +540,11 @@ "SampleProjectName": "LogsInjection.Log4Net", "NugetPackageSearchName": "log4net", "MinVersion": "1.0.0", - "MaxVersionExclusive": "3.0.0", + "MaxVersionExclusive": "4.0.0", "SpecificVersions": [ "1.*.*", - "2.*.*" + "2.*.*", + "3.*.*" ], "VersionConditions": [{ "MaxVersionExclusive": "2.0.6", diff --git a/tracer/build/PackageVersionsLatestMajors.g.props b/tracer/build/PackageVersionsLatestMajors.g.props index 99f5a6250756..05637bc1273d 100644 --- a/tracer/build/PackageVersionsLatestMajors.g.props +++ b/tracer/build/PackageVersionsLatestMajors.g.props @@ -3156,48 +3156,96 @@ NOTE: This code was generated by the GeneratePackageVersions tool. To safely None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net462 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false netcoreapp2.1 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + netcoreapp2.1 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false netcoreapp3.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + netcoreapp3.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false netcoreapp3.1 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + netcoreapp3.1 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net5.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net5.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net6.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net6.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net7.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net7.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net8.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net8.0 + None + LogsInjection.Log4Net + ApiVersion=8.9.1;RestoreRecursive=false;BuildProjectReferences=false net462 diff --git a/tracer/build/PackageVersionsLatestMinors.g.props b/tracer/build/PackageVersionsLatestMinors.g.props index f4a171b75477..a8f5ae5cc008 100644 --- a/tracer/build/PackageVersionsLatestMinors.g.props +++ b/tracer/build/PackageVersionsLatestMinors.g.props @@ -17412,48 +17412,96 @@ NOTE: This code was generated by the GeneratePackageVersions tool. To safely None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net462 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false netcoreapp2.1 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + netcoreapp2.1 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false netcoreapp3.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + netcoreapp3.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false netcoreapp3.1 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + netcoreapp3.1 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net5.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net5.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net6.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net6.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net7.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net7.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net8.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net8.0 + None + LogsInjection.Log4Net + ApiVersion=8.0.0;RestoreRecursive=false;BuildProjectReferences=false net462 diff --git a/tracer/build/PackageVersionsLatestSpecific.g.props b/tracer/build/PackageVersionsLatestSpecific.g.props index 2d8dab1c06ca..ae6d4e38f9c5 100644 --- a/tracer/build/PackageVersionsLatestSpecific.g.props +++ b/tracer/build/PackageVersionsLatestSpecific.g.props @@ -4506,48 +4506,96 @@ NOTE: This code was generated by the GeneratePackageVersions tool. To safely None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net462 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false netcoreapp2.1 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + netcoreapp2.1 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false netcoreapp3.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + netcoreapp3.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false netcoreapp3.1 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + netcoreapp3.1 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net5.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net5.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net6.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net6.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net7.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net7.0 + None + LogsInjection.Log4Net + ApiVersion=2.0.17;RestoreRecursive=false;BuildProjectReferences=false net8.0 None LogsInjection.Log4Net + + ApiVersion=3.0.0;RestoreRecursive=false;BuildProjectReferences=false + net8.0 + None + LogsInjection.Log4Net + ApiVersion=8.9.1;RestoreRecursive=false;BuildProjectReferences=false net462 diff --git a/tracer/build/supported_versions.json b/tracer/build/supported_versions.json index 41a79a39e729..4a8d1734a66d 100644 --- a/tracer/build/supported_versions.json +++ b/tracer/build/supported_versions.json @@ -761,16 +761,16 @@ "integrationName": "Log4Net", "assemblyName": "log4net", "minAssemblyVersionInclusive": "1.0.0", - "maxAssemblyVersionInclusive": "2.65535.65535", + "maxAssemblyVersionInclusive": "3.65535.65535", "packages": [ { "name": "log4net", "minVersionAvailableInclusive": "1.2.10", "minVersionSupportedInclusive": "1.2.10", "minVersionTestedInclusive": "1.2.11", - "maxVersionSupportedInclusive": "2.0.17", - "maxVersionAvailableInclusive": "3.0.1", - "maxVersionTestedInclusive": "2.0.17" + "maxVersionSupportedInclusive": "3.0.0", + "maxVersionAvailableInclusive": "3.0.0", + "maxVersionTestedInclusive": "3.0.0" } ] }, diff --git a/tracer/dependabot/Datadog.Dependabot.Integrations.csproj b/tracer/dependabot/Datadog.Dependabot.Integrations.csproj index 67723e10f89a..e6702cd9f4a4 100644 --- a/tracer/dependabot/Datadog.Dependabot.Integrations.csproj +++ b/tracer/dependabot/Datadog.Dependabot.Integrations.csproj @@ -100,8 +100,8 @@ - - + + diff --git a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Logging/Log4Net/DirectSubmission/AppenderCollectionIntegration.cs b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Logging/Log4Net/DirectSubmission/AppenderCollectionIntegration.cs index 5a3e8d0ba18e..efc5f476eb9f 100644 --- a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Logging/Log4Net/DirectSubmission/AppenderCollectionIntegration.cs +++ b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Logging/Log4Net/DirectSubmission/AppenderCollectionIntegration.cs @@ -1,4 +1,4 @@ -// +// // Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License. // This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc. // @@ -22,7 +22,7 @@ namespace Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSu ReturnTypeName = "log4net.Appender.IAppender[]", ParameterTypeNames = new string[0], MinimumVersion = "2.0.0", - MaximumVersion = "2.*.*", + MaximumVersion = "3.*.*", IntegrationName = nameof(IntegrationId.Log4Net))] [Browsable(false)] [EditorBrowsable(EditorBrowsableState.Never)] diff --git a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Logging/Log4Net/LogsInjection/AppenderAttachedImplIntegration.cs b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Logging/Log4Net/LogsInjection/AppenderAttachedImplIntegration.cs index 6b4d8f2c04a2..7359e2101109 100644 --- a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Logging/Log4Net/LogsInjection/AppenderAttachedImplIntegration.cs +++ b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/Logging/Log4Net/LogsInjection/AppenderAttachedImplIntegration.cs @@ -19,7 +19,7 @@ namespace Datadog.Trace.ClrProfiler.AutoInstrumentation.Log4Net ReturnTypeName = ClrNames.Int32, ParameterTypeNames = new[] { "log4net.Core.LoggingEvent" }, MinimumVersion = "1.0.0", - MaximumVersion = "2.*.*", + MaximumVersion = "3.*.*", IntegrationName = "Log4Net")] [Browsable(false)] [EditorBrowsable(EditorBrowsableState.Never)] diff --git a/tracer/src/Datadog.Trace/Generated/net461/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs b/tracer/src/Datadog.Trace/Generated/net461/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs index 3503dc627f97..17e7520f63e0 100644 --- a/tracer/src/Datadog.Trace/Generated/net461/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs +++ b/tracer/src/Datadog.Trace/Generated/net461/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs @@ -358,9 +358,9 @@ static InstrumentationDefinitions() new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Confluent.Kafka"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Confluent.Kafka.Producer`2+TypedDeliveryHandlerShim_Action"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(".ctor"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Void", "System.String", "!0", "!1", "System.Action`1[Confluent.Kafka.DeliveryReport`2[!0,!1]]"), 5, 1, 4, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Kafka.KafkaProduceSyncDeliveryHandlerIntegration"), 0, 1), // Log4Net - new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 2, 0, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionIntegration"), 0, 1), + new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 2, 0, 0, 3, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionIntegration"), 0, 1), new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 1, 0, 0, 1, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionLegacyIntegration"), 0, 1), - new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Util.AppenderAttachedImpl"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("AppendLoopOnAppenders"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Int32", "log4net.Core.LoggingEvent"), 2, 1, 0, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Log4Net.AppenderAttachedImplIntegration"), 0, 1), + new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Util.AppenderAttachedImpl"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("AppendLoopOnAppenders"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Int32", "log4net.Core.LoggingEvent"), 2, 1, 0, 0, 3, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Log4Net.AppenderAttachedImplIntegration"), 0, 1), // MongoDb new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("MongoDB.Driver.Core"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("MongoDB.Driver.Core.WireProtocol.CommandUsingCommandMessageWireProtocol`1"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Execute"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("!0", "MongoDB.Driver.Core.Connections.IConnection", "System.Threading.CancellationToken"), 3, 2, 2, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.MongoDb.IWireProtocol_Generic_Execute_Integration"), 0, 1), diff --git a/tracer/src/Datadog.Trace/Generated/net6.0/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs b/tracer/src/Datadog.Trace/Generated/net6.0/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs index fd94b1c317b8..87fb058e6165 100644 --- a/tracer/src/Datadog.Trace/Generated/net6.0/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs +++ b/tracer/src/Datadog.Trace/Generated/net6.0/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs @@ -383,9 +383,9 @@ static InstrumentationDefinitions() new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Confluent.Kafka"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Confluent.Kafka.Producer`2+TypedDeliveryHandlerShim_Action"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(".ctor"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Void", "System.String", "!0", "!1", "System.Action`1[Confluent.Kafka.DeliveryReport`2[!0,!1]]"), 5, 1, 4, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Kafka.KafkaProduceSyncDeliveryHandlerIntegration"), 0, 1), // Log4Net - new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 2, 0, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionIntegration"), 0, 1), + new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 2, 0, 0, 3, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionIntegration"), 0, 1), new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 1, 0, 0, 1, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionLegacyIntegration"), 0, 1), - new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Util.AppenderAttachedImpl"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("AppendLoopOnAppenders"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Int32", "log4net.Core.LoggingEvent"), 2, 1, 0, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Log4Net.AppenderAttachedImplIntegration"), 0, 1), + new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Util.AppenderAttachedImpl"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("AppendLoopOnAppenders"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Int32", "log4net.Core.LoggingEvent"), 2, 1, 0, 0, 3, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Log4Net.AppenderAttachedImplIntegration"), 0, 1), // MongoDb new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("MongoDB.Driver.Core"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("MongoDB.Driver.Core.WireProtocol.CommandUsingCommandMessageWireProtocol`1"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Execute"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("!0", "MongoDB.Driver.Core.Connections.IConnection", "System.Threading.CancellationToken"), 3, 2, 2, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.MongoDb.IWireProtocol_Generic_Execute_Integration"), 0, 1), diff --git a/tracer/src/Datadog.Trace/Generated/netcoreapp3.1/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs b/tracer/src/Datadog.Trace/Generated/netcoreapp3.1/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs index 50bec2f96cca..afa5fe473e05 100644 --- a/tracer/src/Datadog.Trace/Generated/netcoreapp3.1/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs +++ b/tracer/src/Datadog.Trace/Generated/netcoreapp3.1/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs @@ -379,9 +379,9 @@ static InstrumentationDefinitions() new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Confluent.Kafka"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Confluent.Kafka.Producer`2+TypedDeliveryHandlerShim_Action"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(".ctor"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Void", "System.String", "!0", "!1", "System.Action`1[Confluent.Kafka.DeliveryReport`2[!0,!1]]"), 5, 1, 4, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Kafka.KafkaProduceSyncDeliveryHandlerIntegration"), 0, 1), // Log4Net - new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 2, 0, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionIntegration"), 0, 1), + new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 2, 0, 0, 3, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionIntegration"), 0, 1), new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 1, 0, 0, 1, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionLegacyIntegration"), 0, 1), - new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Util.AppenderAttachedImpl"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("AppendLoopOnAppenders"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Int32", "log4net.Core.LoggingEvent"), 2, 1, 0, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Log4Net.AppenderAttachedImplIntegration"), 0, 1), + new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Util.AppenderAttachedImpl"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("AppendLoopOnAppenders"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Int32", "log4net.Core.LoggingEvent"), 2, 1, 0, 0, 3, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Log4Net.AppenderAttachedImplIntegration"), 0, 1), // MongoDb new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("MongoDB.Driver.Core"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("MongoDB.Driver.Core.WireProtocol.CommandUsingCommandMessageWireProtocol`1"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Execute"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("!0", "MongoDB.Driver.Core.Connections.IConnection", "System.Threading.CancellationToken"), 3, 2, 2, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.MongoDb.IWireProtocol_Generic_Execute_Integration"), 0, 1), diff --git a/tracer/src/Datadog.Trace/Generated/netstandard2.0/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs b/tracer/src/Datadog.Trace/Generated/netstandard2.0/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs index 50bec2f96cca..afa5fe473e05 100644 --- a/tracer/src/Datadog.Trace/Generated/netstandard2.0/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs +++ b/tracer/src/Datadog.Trace/Generated/netstandard2.0/Datadog.Trace.SourceGenerators/InstrumentationDefinitionsGenerator/InstrumentationDefinitions.g.cs @@ -379,9 +379,9 @@ static InstrumentationDefinitions() new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Confluent.Kafka"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Confluent.Kafka.Producer`2+TypedDeliveryHandlerShim_Action"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(".ctor"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Void", "System.String", "!0", "!1", "System.Action`1[Confluent.Kafka.DeliveryReport`2[!0,!1]]"), 5, 1, 4, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Kafka.KafkaProduceSyncDeliveryHandlerIntegration"), 0, 1), // Log4Net - new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 2, 0, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionIntegration"), 0, 1), + new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 2, 0, 0, 3, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionIntegration"), 0, 1), new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Appender.AppenderCollection"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("ToArray"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("log4net.Appender.IAppender[]"), 1, 1, 0, 0, 1, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Logging.Log4Net.DirectSubmission.AppenderCollectionLegacyIntegration"), 0, 1), - new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Util.AppenderAttachedImpl"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("AppendLoopOnAppenders"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Int32", "log4net.Core.LoggingEvent"), 2, 1, 0, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Log4Net.AppenderAttachedImplIntegration"), 0, 1), + new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("log4net.Util.AppenderAttachedImpl"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("AppendLoopOnAppenders"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("System.Int32", "log4net.Core.LoggingEvent"), 2, 1, 0, 0, 3, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.Log4Net.AppenderAttachedImplIntegration"), 0, 1), // MongoDb new (NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("MongoDB.Driver.Core"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("MongoDB.Driver.Core.WireProtocol.CommandUsingCommandMessageWireProtocol`1"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Execute"), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16StringArray("!0", "MongoDB.Driver.Core.Connections.IConnection", "System.Threading.CancellationToken"), 3, 2, 2, 0, 2, 65535, 65535, NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String(assemblyFullName), NativeCallTargetUnmanagedMemoryHelper.AllocateAndWriteUtf16String("Datadog.Trace.ClrProfiler.AutoInstrumentation.MongoDb.IWireProtocol_Generic_Execute_Integration"), 0, 1), diff --git a/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestMajors.g.cs b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestMajors.g.cs index 019aecf37df2..b61954608020 100644 --- a/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestMajors.g.cs +++ b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestMajors.g.cs @@ -1379,27 +1379,35 @@ public class PackageVersionsLatestMajors #if NET462 new object[] { "1.2.11" }, new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NETCOREAPP2_1 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NETCOREAPP3_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NETCOREAPP3_1 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET5_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET6_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET7_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET8_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #endif }; diff --git a/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestMinors.g.cs b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestMinors.g.cs index 91eddd0c08b7..bb2fa55abcbf 100644 --- a/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestMinors.g.cs +++ b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestMinors.g.cs @@ -3755,27 +3755,35 @@ public class PackageVersionsLatestMinors #if NET462 new object[] { "1.2.11" }, new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NETCOREAPP2_1 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NETCOREAPP3_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NETCOREAPP3_1 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET5_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET6_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET7_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET8_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #endif }; diff --git a/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestSpecific.g.cs b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestSpecific.g.cs index d5b725817a3f..1bf02ed45eaa 100644 --- a/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestSpecific.g.cs +++ b/tracer/test/Datadog.Trace.ClrProfiler.IntegrationTests/PackageVersionsLatestSpecific.g.cs @@ -1604,27 +1604,35 @@ public class PackageVersionsLatestSpecific #if NET462 new object[] { "1.2.11" }, new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NETCOREAPP2_1 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NETCOREAPP3_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NETCOREAPP3_1 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET5_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET6_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET7_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #if NET8_0 new object[] { "2.0.17" }, + new object[] { "3.0.0" }, #endif #endif }; diff --git a/tracer/test/test-applications/integrations/LogsInjection.Log4Net/LogsInjection.Log4Net.csproj b/tracer/test/test-applications/integrations/LogsInjection.Log4Net/LogsInjection.Log4Net.csproj index cfb59c36610d..7cf492b87052 100644 --- a/tracer/test/test-applications/integrations/LogsInjection.Log4Net/LogsInjection.Log4Net.csproj +++ b/tracer/test/test-applications/integrations/LogsInjection.Log4Net/LogsInjection.Log4Net.csproj @@ -2,7 +2,7 @@ 1.2.11 - 2.0.12 + 3.0.0 $(DefineConstants);LOG4NET_2_0_5 @@ -30,6 +30,7 @@ + Always From 0bf704ba04f46310cae963c99e92a1fdf07c9fe4 Mon Sep 17 00:00:00 2001 From: Anna Date: Fri, 11 Oct 2024 21:43:21 +0200 Subject: [PATCH 7/8] Refactoring and hardening of security coordinator (#6143) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary of changes Security coordinator should NEVER be able to be instantiated if http context is null ## Reason for change Refering to several errors at customers with NullReferenceException or waf additive contexts disposed ## Implementation details ## Test coverage ## Other details --------- Co-authored-by: Andrew Lock --- tracer/missing-nullability-files.csv | 1 - .../AttackerFingerprintHelper.cs | 9 ++++++-- .../ControllerContextExtensions.Framework.cs | 3 ++- .../AppSec/Coordinator/HttpTransportBase.cs | 1 + .../Coordinator/SecurityCoordinator.Core.cs | 22 +++++++++++++++--- .../SecurityCoordinator.Framework.cs | 21 +++++++++++++++-- .../AppSec/Coordinator/SecurityCoordinator.cs | 20 +++++----------- .../SecurityCoordinatorHelpers.Core.cs | 13 ++++++----- .../AppSec/CoreHttpContextStore.cs | 19 ++++++++++++--- .../Datadog.Trace/AppSec/Rasp/RaspModule.cs | 11 +++++---- .../Datadog.Trace/AspNet/TracingHttpModule.cs | 4 ++-- ...rActionInvoker_InvokeAction_Integration.cs | 2 +- ...tionDescriptor_ExecuteAsync_Integration.cs | 2 +- .../AspNetCore/BlockingMiddleware.cs | 4 ++-- .../AspNetCoreDiagnosticObserver.cs | 2 +- .../AspNetCoreHttpRequestHandler.cs | 2 +- .../Datadog.Trace/SpanExtensions.Framework.cs | 8 +++++-- .../SecurityCoordinatorTests.cs | 23 +++++++++++++++++++ .../Util/RequestDataHelperTests.cs | 5 ++-- .../Asm/AppSecBodyBenchmark.cs | 4 ++-- 20 files changed, 124 insertions(+), 52 deletions(-) create mode 100644 tracer/test/Datadog.Trace.Security.Unit.Tests/SecurityCoordinatorTests.cs diff --git a/tracer/missing-nullability-files.csv b/tracer/missing-nullability-files.csv index f65cc13d46b1..bb24ee0f582b 100644 --- a/tracer/missing-nullability-files.csv +++ b/tracer/missing-nullability-files.csv @@ -60,7 +60,6 @@ src/Datadog.Trace/Agent/TracesTransportType.cs src/Datadog.Trace/AppSec/AddressesConstants.cs src/Datadog.Trace/AppSec/AppSecRateLimiter.cs src/Datadog.Trace/AppSec/BlockingAction.cs -src/Datadog.Trace/AppSec/CoreHttpContextStore.cs src/Datadog.Trace/AppSec/EventTrackingSdk.cs src/Datadog.Trace/AppSec/IDatadogSecurity.cs src/Datadog.Trace/AppSec/IEvent.cs diff --git a/tracer/src/Datadog.Trace/AppSec/AttackerFingerprint/AttackerFingerprintHelper.cs b/tracer/src/Datadog.Trace/AppSec/AttackerFingerprint/AttackerFingerprintHelper.cs index ee644fc7bbc9..81967ea6c6dc 100644 --- a/tracer/src/Datadog.Trace/AppSec/AttackerFingerprint/AttackerFingerprintHelper.cs +++ b/tracer/src/Datadog.Trace/AppSec/AttackerFingerprint/AttackerFingerprintHelper.cs @@ -24,10 +24,15 @@ public static void AddSpanTags(Span span, IResult result) return; } - var securityCoordinator = new SecurityCoordinator(Security.Instance, span); + var securityCoordinator = SecurityCoordinator.TryGet(Security.Instance, span); + + if (securityCoordinator is null) + { + return; + } // We need a context - if (!securityCoordinator.HasContext() || securityCoordinator.IsAdditiveContextDisposed()) + if (securityCoordinator.Value.IsAdditiveContextDisposed()) { return; } diff --git a/tracer/src/Datadog.Trace/AppSec/ControllerContextExtensions.Framework.cs b/tracer/src/Datadog.Trace/AppSec/ControllerContextExtensions.Framework.cs index a96383e2a4bf..982a1543006b 100644 --- a/tracer/src/Datadog.Trace/AppSec/ControllerContextExtensions.Framework.cs +++ b/tracer/src/Datadog.Trace/AppSec/ControllerContextExtensions.Framework.cs @@ -9,6 +9,7 @@ using System.Collections.Generic; using System.Linq; using System.Web; +using Datadog.Trace.AppSec.Coordinator; using Datadog.Trace.AspNet; using Datadog.Trace.ClrProfiler.AutoInstrumentation.AspNet; using Datadog.Trace.Iast; @@ -78,7 +79,7 @@ internal static void MonitorBodyAndPathParams(this IControllerContext controller if (security.Enabled) { - var securityTransport = new Coordinator.SecurityCoordinator(security, scope.Span!); + var securityTransport = SecurityCoordinator.Get(security, scope.Span!, context); if (!securityTransport.IsBlocked) { var inputData = new Dictionary(); diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/HttpTransportBase.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/HttpTransportBase.cs index a09391a0991f..d03f8b4cb351 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/HttpTransportBase.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/HttpTransportBase.cs @@ -4,6 +4,7 @@ // #nullable enable +using System; using System.Collections.Generic; using Datadog.Trace.AppSec.Waf; using Datadog.Trace.Headers; diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs index 8bb22b08be8d..cab8b08e820f 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs @@ -20,15 +20,31 @@ namespace Datadog.Trace.AppSec.Coordinator; internal readonly partial struct SecurityCoordinator { - internal SecurityCoordinator(Security security, Span span, HttpTransport? transport = null) + private SecurityCoordinator(Security security, Span span, HttpTransport transport) { _security = security; _localRootSpan = TryGetRoot(span); - _httpTransport = transport ?? new HttpTransport(CoreHttpContextStore.Instance.Get()); + _httpTransport = transport; } private static bool CanAccessHeaders => true; + internal static SecurityCoordinator? TryGet(Security security, Span span) + { + var context = CoreHttpContextStore.Instance.Get(); + if (context is null) + { + Log.Warning("Can't instantiate SecurityCoordinator.Core as no transport has been provided and CoreHttpContextStore.Instance.Get() returned null, make sure HttpContext is available"); + return null; + } + + return new SecurityCoordinator(security, span, new(context)); + } + + internal static SecurityCoordinator Get(Security security, Span span, HttpContext context) => new(security, span, new HttpTransport(context)); + + internal static SecurityCoordinator Get(Security security, Span span, HttpTransport transport) => new(security, span, transport); + public static Dictionary ExtractHeadersFromRequest(IHeaderDictionary headers) { var headersDic = new Dictionary(headers.Keys.Count); @@ -162,7 +178,7 @@ internal override bool IsBlocked { if (Context.Items.TryGetValue(BlockingAction.BlockDefaultActionName, out var value)) { - return value is bool boolValue && boolValue; + return value is true; } return false; diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs index 0245c5604e84..561479433f5d 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs @@ -45,15 +45,32 @@ static SecurityCoordinator() } } - internal SecurityCoordinator(Security security, Span span, HttpTransport? transport = null) + private SecurityCoordinator(Security security, Span span, HttpTransport transport) { _security = security; _localRootSpan = TryGetRoot(span); - _httpTransport = transport ?? new HttpTransport(HttpContext.Current); + _httpTransport = transport; } private bool CanAccessHeaders => UsingIntegratedPipeline is true or null; + internal static SecurityCoordinator? TryGet(Security security, Span span) + { + if (HttpContext.Current is not { } current) + { + Log.Warning("Can't instantiate SecurityCoordinator.Framework as no transport has been provided and HttpContext.Current null, make sure HttpContext is available"); + return null; + } + + var transport = new HttpTransport(current); + + return new SecurityCoordinator(security, span, transport); + } + + internal static SecurityCoordinator Get(Security security, Span span, HttpContext context) => new(security, span, new HttpTransport(context)); + + internal static SecurityCoordinator Get(Security security, Span span, HttpTransport transport) => new(security, span, transport); + private static Action? CreateThrowHttpResponseExceptionDynMeth() { try diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.cs index d6b99284f91d..d7432c4cfdc8 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.cs @@ -67,23 +67,10 @@ private static void LogMatchesIfDebugEnabled(IReadOnlyCollection? result return RunWaf(args, lastTime); } - public bool HasContext() - { - return _httpTransport.Context is not null; - } - - public bool IsAdditiveContextDisposed() - { - return _httpTransport.IsAdditiveContextDisposed(); - } + public bool IsAdditiveContextDisposed() => _httpTransport.IsAdditiveContextDisposed(); public IResult? RunWaf(Dictionary args, bool lastWafCall = false, bool runWithEphemeral = false, bool isRasp = false) { - if (!HasContext()) - { - return null; - } - LogAddressIfDebugEnabled(args); IResult? result = null; try @@ -99,6 +86,11 @@ public bool IsAdditiveContextDisposed() _httpTransport.SetAdditiveContext(additiveContext); } } + else if (_httpTransport.IsAdditiveContextDisposed()) + { + Log.Warning("Waf could not run as waf additive context is disposed"); + return null; + } _security.ApiSecurity.ShouldAnalyzeSchema(lastWafCall, _localRootSpan, args, _httpTransport.StatusCode.ToString(), _httpTransport.RouteData); diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinatorHelpers.Core.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinatorHelpers.Core.cs index 208b11282608..563035099f56 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinatorHelpers.Core.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinatorHelpers.Core.cs @@ -25,7 +25,7 @@ internal static void CheckAndBlock(this Security security, HttpContext context, var transport = new SecurityCoordinator.HttpTransport(context); if (!transport.IsBlocked) { - var securityCoordinator = new SecurityCoordinator(security, span, transport); + var securityCoordinator = SecurityCoordinator.Get(security, span, context); var result = securityCoordinator.Scan(); securityCoordinator.BlockAndReport(result); } @@ -41,7 +41,8 @@ internal static void CheckReturnedHeaders(this Security security, Span span, IHe var transport = new SecurityCoordinator.HttpTransport(httpContext); if (!transport.IsBlocked) { - var securityCoordinator = new SecurityCoordinator(security, span, transport); + var securityCoordinator = SecurityCoordinator.Get(security, span, transport); + var args = new Dictionary { { @@ -73,7 +74,7 @@ internal static void CheckPathParams(this Security security, HttpContext context var transport = new SecurityCoordinator.HttpTransport(context); if (!transport.IsBlocked) { - var securityCoordinator = new SecurityCoordinator(security, span, transport); + var securityCoordinator = SecurityCoordinator.Get(security, span, transport); var args = new Dictionary { { AddressesConstants.RequestPathParams, pathParams } }; var result = securityCoordinator.RunWaf(args); securityCoordinator.BlockAndReport(result); @@ -88,7 +89,7 @@ internal static void CheckUser(this Security security, HttpContext context, Span var transport = new SecurityCoordinator.HttpTransport(context); if (!transport.IsBlocked) { - var securityCoordinator = new SecurityCoordinator(security, span, transport); + var securityCoordinator = SecurityCoordinator.Get(security, span, transport); var args = new Dictionary { { AddressesConstants.UserId, userId } }; var result = securityCoordinator.RunWaf(args); securityCoordinator.BlockAndReport(result); @@ -103,7 +104,7 @@ internal static void CheckPathParamsFromAction(this Security security, HttpConte var transport = new SecurityCoordinator.HttpTransport(context); if (!transport.IsBlocked) { - var securityCoordinator = new SecurityCoordinator(security, span, transport); + var securityCoordinator = SecurityCoordinator.Get(security, span, transport); var pathParams = new Dictionary(actionPathParams.Count); for (var i = 0; i < actionPathParams.Count; i++) { @@ -131,7 +132,7 @@ internal static void CheckPathParamsFromAction(this Security security, HttpConte var transport = new SecurityCoordinator.HttpTransport(context); if (!transport.IsBlocked) { - var securityCoordinator = new SecurityCoordinator(security, span, transport); + var securityCoordinator = SecurityCoordinator.Get(security, span, transport); var keysAndValues = ObjectExtractor.Extract(body); if (keysAndValues is not null) diff --git a/tracer/src/Datadog.Trace/AppSec/CoreHttpContextStore.cs b/tracer/src/Datadog.Trace/AppSec/CoreHttpContextStore.cs index d5b1b090707b..4f670ab0e692 100644 --- a/tracer/src/Datadog.Trace/AppSec/CoreHttpContextStore.cs +++ b/tracer/src/Datadog.Trace/AppSec/CoreHttpContextStore.cs @@ -2,6 +2,7 @@ // Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License. // This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc. // +#nullable enable #if !NETFRAMEWORK using System; @@ -10,19 +11,31 @@ using System.Text; using System.Threading; using System.Threading.Tasks; +using Datadog.Trace.AppSec.Coordinator; +using Datadog.Trace.Logging; using Microsoft.AspNetCore.Http; namespace Datadog.Trace.AppSec { internal class CoreHttpContextStore { + private static readonly IDatadogLogger Log = DatadogLogging.GetLoggerFor(); + public static readonly CoreHttpContextStore Instance = new(); - private AsyncLocal localStore = new(); + private readonly AsyncLocal _localStore = new(); + + public HttpContext? Get() + { + if (_localStore.Value is null) + { + Log.Debug("CoreHttpContextStore.Get called but returning null for HttpContext"); + } - public HttpContext Get() => localStore.Value; + return _localStore.Value; + } - public void Set(HttpContext context) => localStore.Value = context; + public void Set(HttpContext context) => _localStore.Value = context; } } diff --git a/tracer/src/Datadog.Trace/AppSec/Rasp/RaspModule.cs b/tracer/src/Datadog.Trace/AppSec/Rasp/RaspModule.cs index da15c0dcdeed..6cad1d4f7fa9 100644 --- a/tracer/src/Datadog.Trace/AppSec/Rasp/RaspModule.cs +++ b/tracer/src/Datadog.Trace/AppSec/Rasp/RaspModule.cs @@ -107,15 +107,16 @@ private static void RecordRaspTelemetry(string address, bool isMatch, bool timeO private static void RunWafRasp(Dictionary arguments, Span rootSpan, string address) { - var securityCoordinator = new SecurityCoordinator(Security.Instance, rootSpan); + var securityCoordinator = SecurityCoordinator.TryGet(Security.Instance, rootSpan); // We need a context for RASP - if (!securityCoordinator.HasContext() || securityCoordinator.IsAdditiveContextDisposed()) + if (securityCoordinator is null) { + Log.Warning("Tried to run Rasp but security coordinator couldn't be instantiated, probably because of httpcontext missing"); return; } - var result = securityCoordinator.RunWaf(arguments, runWithEphemeral: true, isRasp: true); + var result = securityCoordinator.Value.RunWaf(arguments, runWithEphemeral: true, isRasp: true); if (result is not null) { @@ -139,7 +140,7 @@ private static void RunWafRasp(Dictionary arguments, Span rootSp } } } - catch (System.Exception ex) + catch (Exception ex) { Log.Error(ex, "RASP: Error while sending stack."); } @@ -148,7 +149,7 @@ private static void RunWafRasp(Dictionary arguments, Span rootSp // we want to report first because if we are inside a try{} catch(Exception ex){} block, we will not report // the blockings, so we report first and then block - securityCoordinator.ReportAndBlock(result); + securityCoordinator.Value.ReportAndBlock(result); } private static void AddSpanId(IResult? result) diff --git a/tracer/src/Datadog.Trace/AspNet/TracingHttpModule.cs b/tracer/src/Datadog.Trace/AspNet/TracingHttpModule.cs index 73e53884362f..0f59d94e4b83 100644 --- a/tracer/src/Datadog.Trace/AspNet/TracingHttpModule.cs +++ b/tracer/src/Datadog.Trace/AspNet/TracingHttpModule.cs @@ -184,7 +184,7 @@ private void OnBeginRequest(object sender, EventArgs eventArgs) if (security.Enabled) { SecurityCoordinator.ReportWafInitInfoOnce(security, scope.Span); - var securityCoordinator = new SecurityCoordinator(security, scope.Span); + var securityCoordinator = SecurityCoordinator.Get(security, scope.Span, httpContext); // request args var args = securityCoordinator.GetBasicRequestArgsForWaf(); @@ -245,7 +245,7 @@ private void OnEndRequest(object sender, EventArgs eventArgs) var security = Security.Instance; if (security.Enabled) { - var securityCoordinator = new SecurityCoordinator(security, rootSpan); + var securityCoordinator = SecurityCoordinator.Get(security, rootSpan, app.Context); var args = securityCoordinator.GetBasicRequestArgsForWaf(); args.Add(AddressesConstants.RequestPathParams, securityCoordinator.GetPathParams()); diff --git a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/AspNet/ControllerActionInvoker_InvokeAction_Integration.cs b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/AspNet/ControllerActionInvoker_InvokeAction_Integration.cs index 4ce267d20a25..9141581f0fe8 100644 --- a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/AspNet/ControllerActionInvoker_InvokeAction_Integration.cs +++ b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/AspNet/ControllerActionInvoker_InvokeAction_Integration.cs @@ -96,7 +96,7 @@ internal static CallTargetState OnMethodBegin(TTarget inst var scope = SharedItems.TryPeekScope(HttpContext.Current, AspNetWebApi2Integration.HttpContextKey); if (scope is not null) { - var securityTransport = new SecurityCoordinator(security, scope.Span); + var securityTransport = SecurityCoordinator.Get(security, scope.Span, HttpContext.Current); if (!securityTransport.IsBlocked) { var extractedObj = ObjectExtractor.Extract(responseObject); diff --git a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/AspNetCore/BlockingMiddleware.cs b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/AspNetCore/BlockingMiddleware.cs index f662b8896ad7..61bc72b5574f 100644 --- a/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/AspNetCore/BlockingMiddleware.cs +++ b/tracer/src/Datadog.Trace/ClrProfiler/AutoInstrumentation/AspNetCore/BlockingMiddleware.cs @@ -80,7 +80,7 @@ internal async Task Invoke(HttpContext context) { if (Tracer.Instance?.ActiveScope?.Span is Span span) { - var securityCoordinator = new SecurityCoordinator(security, span, new SecurityCoordinator.HttpTransport(context)); + var securityCoordinator = SecurityCoordinator.Get(security, span, new SecurityCoordinator.HttpTransport(context)); if (_endPipeline && !context.Response.HasStarted) { context.Response.StatusCode = 404; @@ -123,7 +123,7 @@ internal async Task Invoke(HttpContext context) { if (Tracer.Instance?.ActiveScope?.Span is Span span) { - var securityCoordinator = new SecurityCoordinator(security, span, new SecurityCoordinator.HttpTransport(context)); + var securityCoordinator = SecurityCoordinator.Get(security, span, new SecurityCoordinator.HttpTransport(context)); if (!blockException.Reported) { securityCoordinator.TryReport(blockException.Result, endedResponse); diff --git a/tracer/src/Datadog.Trace/DiagnosticListeners/AspNetCoreDiagnosticObserver.cs b/tracer/src/Datadog.Trace/DiagnosticListeners/AspNetCoreDiagnosticObserver.cs index c0c3a0a0cff4..e6d2f9bf782d 100644 --- a/tracer/src/Datadog.Trace/DiagnosticListeners/AspNetCoreDiagnosticObserver.cs +++ b/tracer/src/Datadog.Trace/DiagnosticListeners/AspNetCoreDiagnosticObserver.cs @@ -423,7 +423,7 @@ private void OnHostingHttpRequestInStart(object arg) if (arg.TryDuckCast(out var requestStruct)) { - HttpContext httpContext = requestStruct.HttpContext; + var httpContext = requestStruct.HttpContext; if (shouldTrace) { // Use an empty resource name here, as we will likely replace it as part of the request diff --git a/tracer/src/Datadog.Trace/PlatformHelpers/AspNetCoreHttpRequestHandler.cs b/tracer/src/Datadog.Trace/PlatformHelpers/AspNetCoreHttpRequestHandler.cs index e4f907ca7e69..0252dd0a7b2e 100644 --- a/tracer/src/Datadog.Trace/PlatformHelpers/AspNetCoreHttpRequestHandler.cs +++ b/tracer/src/Datadog.Trace/PlatformHelpers/AspNetCoreHttpRequestHandler.cs @@ -169,7 +169,7 @@ public void StopAspNetCorePipelineScope(Tracer tracer, Security security, Scope span.SetHeaderTags(new HeadersCollectionAdapter(httpContext.Response.Headers), tracer.Settings.HeaderTagsInternal, defaultTagPrefix: SpanContextPropagator.HttpResponseHeadersTagPrefix); if (security.Enabled) { - var transport = new SecurityCoordinator(security, span, new SecurityCoordinator.HttpTransport(httpContext)); + var transport = SecurityCoordinator.Get(security, span, new SecurityCoordinator.HttpTransport(httpContext)); transport.AddResponseHeadersToSpanAndCleanup(); } else diff --git a/tracer/src/Datadog.Trace/SpanExtensions.Framework.cs b/tracer/src/Datadog.Trace/SpanExtensions.Framework.cs index cb337faf23b3..5bc0ec2ab696 100644 --- a/tracer/src/Datadog.Trace/SpanExtensions.Framework.cs +++ b/tracer/src/Datadog.Trace/SpanExtensions.Framework.cs @@ -26,14 +26,18 @@ private static void RunBlockingCheck(Span span, string userId) if (security.Enabled) { - var securityCoordinator = new SecurityCoordinator(Security.Instance, span); + var securityCoordinator = SecurityCoordinator.TryGet(Security.Instance, span); + if (securityCoordinator is null) + { + return; + } var wafArgs = new Dictionary { { AddressesConstants.UserId, userId }, }; - securityCoordinator.BlockAndReport(wafArgs); + securityCoordinator.Value.BlockAndReport(wafArgs); } } } diff --git a/tracer/test/Datadog.Trace.Security.Unit.Tests/SecurityCoordinatorTests.cs b/tracer/test/Datadog.Trace.Security.Unit.Tests/SecurityCoordinatorTests.cs new file mode 100644 index 000000000000..955a5a1e1d6d --- /dev/null +++ b/tracer/test/Datadog.Trace.Security.Unit.Tests/SecurityCoordinatorTests.cs @@ -0,0 +1,23 @@ +// +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc. +// + +using Datadog.Trace.AppSec.Coordinator; +using FluentAssertions; +using Xunit; + +namespace Datadog.Trace.Security.Unit.Tests +{ + public class SecurityCoordinatorTests + { + [Fact] + public void DefaultBehavior() + { + var target = new AppSec.Security(); + var span = new Span(new SpanContext(1, 1), new System.DateTimeOffset()); + var secCoord = SecurityCoordinator.TryGet(target, span); + secCoord.Should().BeNull(); + } + } +} diff --git a/tracer/test/Datadog.Trace.Tests/Util/RequestDataHelperTests.cs b/tracer/test/Datadog.Trace.Tests/Util/RequestDataHelperTests.cs index 20f0984ca141..9584eb789385 100644 --- a/tracer/test/Datadog.Trace.Tests/Util/RequestDataHelperTests.cs +++ b/tracer/test/Datadog.Trace.Tests/Util/RequestDataHelperTests.cs @@ -14,7 +14,6 @@ using FluentAssertions; using Moq; using Xunit; -using static Datadog.Trace.AppSec.Coordinator.SecurityCoordinator; namespace Datadog.Trace.Tests.Util; @@ -79,8 +78,8 @@ private static void CheckRequest(HttpRequest request) scope.Span.ServiceName = "service"; HttpContext context = new HttpContext(request, new HttpResponse(new System.IO.StringWriter())); request.ValidateInput(); - HttpTransport transport = new HttpTransport(context); - var securityCoordinator = new SecurityCoordinator(security, scope.Span, transport); + var transport = new SecurityCoordinator.HttpTransport(context); + var securityCoordinator = SecurityCoordinator.Get(security, scope.Span, transport); // We should not launch any exception here var result = securityCoordinator.GetBasicRequestArgsForWaf(); var iastContext = new IastRequestContext(); diff --git a/tracer/test/benchmarks/Benchmarks.Trace/Asm/AppSecBodyBenchmark.cs b/tracer/test/benchmarks/Benchmarks.Trace/Asm/AppSecBodyBenchmark.cs index 7c5f82a6d23f..986ccc32a242 100644 --- a/tracer/test/benchmarks/Benchmarks.Trace/Asm/AppSecBodyBenchmark.cs +++ b/tracer/test/benchmarks/Benchmarks.Trace/Asm/AppSecBodyBenchmark.cs @@ -80,8 +80,8 @@ private void ExecuteCycle(object body) context?.Dispose(); _httpContext.Features.Set(null); #else - var securityTransport = new SecurityCoordinator(_security, span, new SecurityCoordinator.HttpTransport(_httpContext)); - securityTransport.RunWaf(new Dictionary { { AddressesConstants.RequestBody, ObjectExtractor.Extract(body) } }); + var securityTransport = SecurityCoordinator.Get(_security, span, new SecurityCoordinator.HttpTransport(_httpContext)); + securityTransport!.RunWaf(new Dictionary { { AddressesConstants.RequestBody, ObjectExtractor.Extract(body) } }); var context = _httpContext.Items["waf"] as IContext; context?.Dispose(); _httpContext.Items["waf"] = null; From a721f7b1e580f3afea7f54303cc4c7ab91b8eab7 Mon Sep 17 00:00:00 2001 From: NachoEchevarria <53266532+NachoEchevarria@users.noreply.github.com> Date: Mon, 14 Oct 2024 09:22:29 +0200 Subject: [PATCH 8/8] [ASM] Fix exception when accessing ReportedExternalWafsRequestHeaders (#6030) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary of changes This PR is closely related to [this one](https://github.com/DataDog/dd-trace-dotnet/pull/6017) In this case, the error is thrown when accessing the key ReportedExternalWafsRequestHeaders No other httpRequest.Items problematic accesses have been found. This error can happen only in netcore versions of the framework. When we access httpcontext.Items, the exception is thrown if the key is not found. httpcontext.Items is defined as a IDictionary. Usually, it will be a Microsoft.AspNetCore.Http.ItemsDictionary, which does not throw an exception when trying to retrieve a key that is not stored, but other custom implementations such as Dictionary will throw it. It seems that in one customer, we are receiving a context in which Items is a Dictionary. This might be due to custom middlewares, third party extensions, use of custom http contexts, etc. ## Reason for change ## Implementation details ## Test coverage ## Other details --- .../AppSec/Coordinator/SecurityCoordinator.Core.cs | 12 ++++++++++-- .../Coordinator/SecurityCoordinator.Framework.cs | 4 ++-- .../AppSec/Coordinator/SecurityCoordinator.cs | 1 + 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs index cab8b08e820f..4073118697eb 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Core.cs @@ -191,8 +191,16 @@ internal override bool IsBlocked internal override bool ReportedExternalWafsRequestHeaders { - get => Context.Items["ReportedExternalWafsRequestHeaders"] is true; - set => Context.Items["ReportedExternalWafsRequestHeaders"] = value; + get + { + if (Context.Items.TryGetValue(ReportedExternalWafsRequestHeadersStr, out var value)) + { + return value is bool boolValue && boolValue; + } + + return false; + } + set => Context.Items[ReportedExternalWafsRequestHeadersStr] = value; } internal override void MarkBlocked() => Context.Items[BlockingAction.BlockDefaultActionName] = true; diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs index 561479433f5d..666ee51b3e3e 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.Framework.cs @@ -558,8 +558,8 @@ public HttpTransport(HttpContext context) internal override bool ReportedExternalWafsRequestHeaders { - get => Context.Items["ReportedExternalWafsRequestHeaders"] is true; - set => Context.Items["ReportedExternalWafsRequestHeaders"] = value; + get => Context.Items[ReportedExternalWafsRequestHeadersStr] is true; + set => Context.Items[ReportedExternalWafsRequestHeadersStr] = value; } internal override void MarkBlocked() => Context.Items[BlockingAction.BlockDefaultActionName] = true; diff --git a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.cs b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.cs index d7432c4cfdc8..4a235a85e0d6 100644 --- a/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.cs +++ b/tracer/src/Datadog.Trace/AppSec/Coordinator/SecurityCoordinator.cs @@ -27,6 +27,7 @@ namespace Datadog.Trace.AppSec.Coordinator; /// internal readonly partial struct SecurityCoordinator { + private const string ReportedExternalWafsRequestHeadersStr = "ReportedExternalWafsRequestHeaders"; private static readonly IDatadogLogger Log = DatadogLogging.GetLoggerFor(); private readonly Security _security; private readonly Span _localRootSpan;