make sure the default value for client_ip_denylist and user_id_denyli…

…st is an array
DataDog · Feb 13, 2023 · 296b62b · 296b62b
1 parent 36aaf27
commit 296b62b
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 30 deletions.
diff --git a/lib/datadog/appsec/configuration.rb b/lib/datadog/appsec/configuration.rb
@@ -37,11 +37,11 @@ def ruleset=(value)
         end
 
         def ip_denylist=(value)
-          options[:ip_denylist] = value || []
+          options[:ip_denylist] = value
         end
 
         def user_id_denylist=(value)
-          options[:user_id_denylist] = value || []
+          options[:user_id_denylist] = value
         end
 
         # in microseconds

diff --git a/lib/datadog/appsec/configuration/settings.rb b/lib/datadog/appsec/configuration/settings.rb
@@ -139,14 +139,14 @@ def ruleset
         #               is very useful for testing. It may change at any point in time.
         def ip_denylist
           # Cast for Steep
-          _ = @options[:ip_denylist]
+          _ = @options[:ip_denylist] || []
         end
 
         # EXPERIMENTAL: This configurable is not meant to be publicly used, but
         #               is very useful for testing. It may change at any point in time.
         def user_id_denylist
           # Cast for Steep
-          _ = @options[:user_id_denylist]
+          _ = @options[:user_id_denylist] || []
         end
 
         def waf_timeout

diff --git a/spec/datadog/appsec/configuration/settings_spec.rb b/spec/datadog/appsec/configuration/settings_spec.rb
@@ -84,22 +84,22 @@
 
     describe '#ip_denylist' do
       subject(:ip_denylist) { settings.ip_denylist }
-      it { is_expected.to eq(nil) }
+      it { is_expected.to eq([]) }
     end
 
     describe '#ip_denylist=' do
       subject(:ip_denylist_) { settings.merge(dsl.tap { |c| c.ip_denylist = ['192.192.1.1'] }) }
-      it { expect { ip_denylist_ }.to change { settings.ip_denylist }.from(nil).to(['192.192.1.1']) }
+      it { expect { ip_denylist_ }.to change { settings.ip_denylist }.from([]).to(['192.192.1.1']) }
     end
 
     describe '#user_id_denylist' do
       subject(:user_id_denylist) { settings.user_id_denylist }
-      it { is_expected.to eq(nil) }
+      it { is_expected.to eq([]) }
     end
 
     describe '#user_id_denylist=' do
       subject(:user_id_denylist_) { settings.merge(dsl.tap { |c| c.user_id_denylist = ['8764937902709'] }) }
-      it { expect { user_id_denylist_ }.to change { settings.user_id_denylist }.from(nil).to(['8764937902709']) }
+      it { expect { user_id_denylist_ }.to change { settings.user_id_denylist }.from([]).to(['8764937902709']) }
     end
 
     describe '#obfuscator_key_regex' do

diff --git a/spec/datadog/appsec/extensions_spec.rb b/spec/datadog/appsec/extensions_spec.rb
@@ -105,36 +105,22 @@
 
       describe '#ip_denylist' do
         subject(:ip_denylist) { settings.ip_denylist }
-        it { is_expected.to eq(nil) }
+        it { is_expected.to eq([]) }
       end
 
       describe '#ip_denylist=' do
-        context 'with non nil value' do
-          subject(:ip_denylist_) { settings.ip_denylist = ['192.192.1.1'] }
-          it { expect { ip_denylist_ }.to change { settings.ip_denylist }.from(nil).to(['192.192.1.1']) }
-        end
-
-        context 'with nil value' do
-          subject(:ip_denylist_) { settings.ip_denylist = nil }
-          it { expect { ip_denylist_ }.to change { settings.ip_denylist }.from(nil).to([]) }
-        end
+        subject(:ip_denylist_) { settings.ip_denylist = ['192.192.1.1'] }
+        it { expect { ip_denylist_ }.to change { settings.ip_denylist }.from([]).to(['192.192.1.1']) }
       end
 
       describe '#user_id_denylist' do
         subject(:user_id_denylist) { settings.user_id_denylist }
-        it { is_expected.to eq(nil) }
+        it { is_expected.to eq([]) }
       end
 
       describe '#user_id_denylist=' do
-        context 'with non nil value' do
-          subject(:user_id_denylist_) { settings.user_id_denylist = ['24528736564812'] }
-          it { expect { user_id_denylist_ }.to change { settings.user_id_denylist }.from(nil).to(['24528736564812']) }
-        end
-
-        context 'with nil value' do
-          subject(:user_id_denylist_) { settings.user_id_denylist = nil }
-          it { expect { user_id_denylist_ }.to change { settings.user_id_denylist }.from(nil).to([]) }
-        end
+        subject(:user_id_denylist_) { settings.user_id_denylist = ['24528736564812'] }
+        it { expect { user_id_denylist_ }.to change { settings.user_id_denylist }.from([]).to(['24528736564812']) }
       end
 
       describe '#[]' do

diff --git a/spec/datadog/appsec/processor_spec.rb b/spec/datadog/appsec/processor_spec.rb
@@ -18,8 +18,6 @@
     allow(logger).to receive(:error)
 
     allow(Datadog).to receive(:logger).and_return(logger)
-    allow(Datadog::AppSec.settings).to receive(:ip_denylist).and_return([])
-    allow(Datadog::AppSec.settings).to receive(:user_id_denylist).and_return([])
   end
 
   context 'self' do