Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AppSec] Added smoke test to validate WAF #3010

Merged
merged 1 commit into from
Nov 30, 2021
Merged

[AppSec] Added smoke test to validate WAF #3010

merged 1 commit into from
Nov 30, 2021

Conversation

ValentinZakharov
Copy link
Contributor

@ValentinZakharov ValentinZakharov commented Aug 17, 2021
edited

AppSec smoke test implemented based on SpringBoot smoke test.
Added AppSec report simulator to track if the malicious request reported correctly.
Thу test is a sequence of 200 malicious requests. Each request will be detected by AppSec and should be sent 200 events to the backend with corresponding information about the attack. To validate AppSec we are checking events reported by AppSec.

Since the event dispatch mechanism has a timeout (minimum and maximum time between dispatches), I added the appsec.report.timeout configuration option to force the maximum interval between dispatches. Thus, for tests, we set the value -Dappsec.report.timeout=0, which allows perform tests fast as possible (event commitment happens almost instantly).

To use the additional option, I had to modify Config.java, but after switching to AppSec Span Interface, I need to get rid of this option.

@ValentinZakharov ValentinZakharov requested a review from a team as a code owner August 17, 2021 15:35
devinsba
devinsba reviewed Aug 17, 2021
View reviewed changes
Copy link
Contributor

@devinsba devinsba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm interested in opinions from others on the spring-boot version.

As far as a smoke test goes, at some point it would probably be good to have an app that includes spring-security to ensure there aren't interoperability issues

dd-smoke-tests/appsec/springboot/springboot.gradle Outdated Show resolved Hide resolved
@ValentinZakharov ValentinZakharov requested a review from a team as a code owner November 26, 2021 15:20
@ValentinZakharov ValentinZakharov force-pushed the vzakharov/appsec_smoke_test branch 6 times, most recently from 47b9aa2 to 36d05c3 Compare November 29, 2021 08:06
bantonsson
bantonsson requested changes Nov 29, 2021
View reviewed changes
Copy link
Contributor

@bantonsson bantonsson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Only minor things.

dd-java-agent/appsec/src/main/java/com/datadog/appsec/report/ReportStrategy.java Outdated Show resolved Hide resolved
...-tests/appsec/springboot/src/test/groovy/datadog/smoketest/appsec/SpringBootSmokeTest.groovy Outdated
class SpringBootSmokeTest extends AbstractAppSecServerSmokeTest {

// Estimate for the amount of time instrumentation, plus request, plus some extra
public static final int TIMEOUT_SECS = 30
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment makes no sense to me, since it's the total time it would take from the request is done to the AppSec attack has been reported.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I'm sorry, blind copy-paste. Removed redundant code.

internal-api/src/main/java/datadog/trace/api/Config.java Outdated
@@ -858,6 +861,10 @@ private Config(final ConfigProvider configProvider) {
appSecEnabled = configProvider.getBoolean(APPSEC_ENABLED, DEFAULT_APPSEC_ENABLED);
appSecRulesFile = configProvider.getString(APPSEC_RULES_FILE, null);

// Default AppSec report timeout min=5, max=60
appSecReportMaxTimeout = configProvider.getInteger(APPSEC_REPORT_TIMEOUT_SEC, 30);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment says 60, but code says 30

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Old comment - fixed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, the comment might be old, but the tests seem to think that it should be 60 seconds since this fails subsequent event of same type should wait 1 min

@ValentinZakharov ValentinZakharov force-pushed the vzakharov/appsec_smoke_test branch 3 times, most recently from 607dddd to fc23b75 Compare November 30, 2021 00:18
@ValentinZakharov ValentinZakharov force-pushed the vzakharov/appsec_smoke_test branch 2 times, most recently from 0eda189 to c82c814 Compare November 30, 2021 15:45
@ValentinZakharov ValentinZakharov merged commit c066b30 into master Nov 30, 2021
@ValentinZakharov ValentinZakharov deleted the vzakharov/appsec_smoke_test branch November 30, 2021 21:27
@github-actions github-actions bot added this to the 0.91.0 milestone Nov 30, 2021
@smola smola added the comp: asm waf Application Security Management (WAF) label Feb 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devinsba devinsba devinsba left review comments

@bantonsson bantonsson bantonsson approved these changes

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF)
Projects
None yet
Milestone
0.91.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ValentinZakharov @devinsba @bantonsson @smola