Skip to content

Commit 02d3cb7

Browse files
jandro996jandro996
authored
Update evidence-redaction-suite.yml and ignore not defined vulnerability type tests (#6774)
1 parent 9bbee45 commit 02d3cb7

File tree

2 files changed

+184
-5
lines changed

2 files changed

+184
-5
lines changed

dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/model/json/EvidenceRedactionTest.groovy

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import datadog.trace.test.util.DDSpecification
1111
import groovy.json.JsonOutput
1212
import groovy.json.JsonSlurper
1313
import groovy.yaml.YamlSlurper
14+
import org.junit.Assume
1415
import org.skyscreamer.jsonassert.JSONAssert
1516
import org.skyscreamer.jsonassert.JSONCompareMode
1617
import spock.lang.Shared
@@ -76,6 +77,7 @@ class EvidenceRedactionTest extends DDSpecification {
7677

7778
void 'test #suite'() {
7879
given:
80+
Assume.assumeFalse("Ignored test", suite.ignored)
7981
final type = suite.type == Type.SOURCES ? Types.newParameterizedType(List, Source) : VulnerabilityBatch
8082
final adapter = VulnerabilityEncoding.MOSHI.adapter(type)
8183

@@ -133,12 +135,17 @@ class EvidenceRedactionTest extends DDSpecification {
133135
suite.input = sourcesParser.fromJson(input)
134136
break
135137
default:
136-
final batch = new VulnerabilityBatch(vulnerabilities: vulnerabilitiesParser.fromJson(input))
137-
if (suite.context != null) {
138-
final context = json.parseText(suite.context) as Map<String, String>
139-
batch.vulnerabilities.evidence.context.each { context.each(it.&put) }
138+
try{
139+
final batch = new VulnerabilityBatch(vulnerabilities: vulnerabilitiesParser.fromJson(input))
140+
if (suite.context != null) {
141+
final context = json.parseText(suite.context) as Map<String, String>
142+
batch.vulnerabilities.evidence.context.each { context.each(it.&put) }
143+
}
144+
suite.input = batch
145+
}catch (Exception ex){
146+
suite.ignored = true
147+
println "Failed to parse test ${ex.message}"
140148
}
141-
suite.input = batch
142149
break
143150
}
144151
return suite
@@ -198,6 +205,7 @@ class EvidenceRedactionTest extends DDSpecification {
198205
String context
199206
Object input
200207
String expected
208+
boolean ignored
201209

202210
@Override
203211
String toString() {

dd-java-agent/agent-iast/src/test/resources/redaction/evidence-redaction-suite.yml

Lines changed: 171 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1958,6 +1958,177 @@ suite:
19581958
]
19591959
}
19601960
1961+
- type: 'VULNERABILITIES'
1962+
description: 'Mongodb json query with sensitive source'
1963+
input: >
1964+
[
1965+
{
1966+
"type": "NOSQL_MONGODB_INJECTION",
1967+
"evidence": {
1968+
"value": "{\n \"password\": \"1234\"\n}",
1969+
"ranges": [
1970+
{ "start" : 17, "length" : 4, "source": { "origin": "http.request.parameter", "name": "password", "value": "1234" } }
1971+
]
1972+
}
1973+
}
1974+
]
1975+
expected: >
1976+
{
1977+
"sources": [
1978+
{ "origin": "http.request.parameter", "name": "password", "redacted": true, "pattern": "abcd" }
1979+
],
1980+
"vulnerabilities": [
1981+
{
1982+
"type": "NOSQL_MONGODB_INJECTION",
1983+
"evidence": {
1984+
"valueParts": [
1985+
{ "value": "{\n \"password\": \"" },
1986+
{ "source": 0, "redacted": true, "pattern": "abcd"},
1987+
{ "value": "\"\n}" }
1988+
]
1989+
}
1990+
}
1991+
]
1992+
}
1993+
1994+
- type: 'VULNERABILITIES'
1995+
description: 'Mongodb json query with non sensitive source'
1996+
input: >
1997+
[
1998+
{
1999+
"type": "NOSQL_MONGODB_INJECTION",
2000+
"evidence": {
2001+
"value": "{\n \"username\": \"user\"\n}",
2002+
"ranges": [
2003+
{ "start" : 17, "length" : 4, "source": { "origin": "http.request.parameter", "name": "username", "value": "user" } }
2004+
]
2005+
}
2006+
}
2007+
]
2008+
expected: >
2009+
{
2010+
"sources": [
2011+
{ "origin": "http.request.parameter", "name": "username", "redacted": true, "pattern": "abcd" }
2012+
],
2013+
"vulnerabilities": [
2014+
{
2015+
"type": "NOSQL_MONGODB_INJECTION",
2016+
"evidence": {
2017+
"valueParts": [
2018+
{ "value": "{\n \"username\": \"" },
2019+
{ "source": 0, "redacted": true, "pattern": "abcd"},
2020+
{ "value": "\"\n}" }
2021+
]
2022+
}
2023+
}
2024+
]
2025+
}
2026+
2027+
- type: 'VULNERABILITIES'
2028+
description: 'Mongodb json query with partial non sensitive source'
2029+
input: >
2030+
[
2031+
{
2032+
"type": "NOSQL_MONGODB_INJECTION",
2033+
"evidence": {
2034+
"value": "{\n \"username\": \"user\"\n}",
2035+
"ranges": [
2036+
{ "start" : 17, "length" : 4, "source": { "origin": "http.request.parameter", "name": "username", "value": "PREFIX_user" } }
2037+
]
2038+
}
2039+
}
2040+
]
2041+
expected: >
2042+
{
2043+
"sources": [
2044+
{ "origin": "http.request.parameter", "name": "username", "redacted": true, "pattern": "abcdefghijk" }
2045+
],
2046+
"vulnerabilities": [
2047+
{
2048+
"type": "NOSQL_MONGODB_INJECTION",
2049+
"evidence": {
2050+
"valueParts": [
2051+
{ "value": "{\n \"username\": \"" },
2052+
{ "source": 0, "redacted": true, "pattern": "hijk"},
2053+
{ "value": "\"\n}" }
2054+
]
2055+
}
2056+
}
2057+
]
2058+
}
2059+
2060+
- type: 'VULNERABILITIES'
2061+
description: 'Mongodb json query with non sensitive source and other fields'
2062+
input: >
2063+
[
2064+
{
2065+
"type": "NOSQL_MONGODB_INJECTION",
2066+
"evidence": {
2067+
"value": "{\n \"username\": \"user\",\n \"secret\": \"SECRET_VALUE\"\n}",
2068+
"ranges": [
2069+
{ "start" : 17, "length" : 4, "source": { "origin": "http.request.parameter", "name": "username", "value": "user" } }
2070+
]
2071+
}
2072+
}
2073+
]
2074+
expected: >
2075+
{
2076+
"sources": [
2077+
{ "origin": "http.request.parameter", "name": "username", "redacted": true, "pattern": "abcd" }
2078+
],
2079+
"vulnerabilities": [
2080+
{
2081+
"type": "NOSQL_MONGODB_INJECTION",
2082+
"evidence": {
2083+
"valueParts": [
2084+
{ "value": "{\n \"username\": \"" },
2085+
{ "source": 0, "redacted": true, "pattern": "abcd"},
2086+
{ "value": "\",\n \"secret\": \"" },
2087+
{ "redacted": true },
2088+
{ "value": "\"\n}" }
2089+
]
2090+
}
2091+
}
2092+
]
2093+
}
2094+
2095+
- type: 'VULNERABILITIES'
2096+
description: 'Mongodb json query with sensitive value in a key'
2097+
input: >
2098+
[
2099+
{
2100+
"type": "NOSQL_MONGODB_INJECTION",
2101+
"evidence": {
2102+
"value": "{\n \"username\": \"user\",\n \"token_usage\": {\n \"bearer zss8dR9QP81A\": 10\n }\n}",
2103+
"ranges": [
2104+
{ "start" : 17, "length" : 4, "source": { "origin": "http.request.parameter", "name": "username", "value": "user" } }
2105+
]
2106+
}
2107+
}
2108+
]
2109+
expected: >
2110+
{
2111+
"sources": [
2112+
{ "origin": "http.request.parameter", "name": "username", "redacted": true, "pattern": "abcd" }
2113+
],
2114+
"vulnerabilities": [
2115+
{
2116+
"type": "NOSQL_MONGODB_INJECTION",
2117+
"evidence": {
2118+
"valueParts": [
2119+
{ "value": "{\n \"username\": \"" },
2120+
{ "source": 0, "redacted": true, "pattern": "abcd"},
2121+
{ "value": "\",\n \"token_usage\": {\n \"" },
2122+
{ "redacted": true },
2123+
{ "value": "\": " },
2124+
{ "redacted": true },
2125+
{ "value": "\n }\n}" }
2126+
]
2127+
}
2128+
}
2129+
]
2130+
}
2131+
19612132
- type: 'VULNERABILITIES'
19622133
description: 'Redacted source that needs to be truncated'
19632134
input: >

0 commit comments

Comments
 (0)