internal/appsec: update the security rules to v1.2.6

DataDog · Mar 1, 2022 · e8c8b53 · e8c8b53
1 parent 7f165e6
commit e8c8b53
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 17 deletions.
diff --git a/contrib/gin-gonic/gin/gintrace_test.go b/contrib/gin-gonic/gin/gintrace_test.go
@@ -561,7 +561,7 @@ func TestAppSec(t *testing.T) {
 	t.Run("request-uri", func(t *testing.T) {
 		mt := mocktracer.Start()
 		defer mt.Stop()
-		// Send an LFI attack (according to appsec rule id crs-930-100)
+		// Send an LFI attack (according to appsec rule id crs-930-110)
 		req, err := http.NewRequest("POST", srv.URL+"/lfi/../../../secret.txt", nil)
 		if err != nil {
 			panic(err)
@@ -581,7 +581,7 @@ func TestAppSec(t *testing.T) {
 		event := finished[0].Tag("_dd.appsec.json").(string)
 		require.NotNil(t, event)
 		require.True(t, strings.Contains(event, "server.request.uri.raw"))
-		require.True(t, strings.Contains(event, "crs-930-100"))
+		require.True(t, strings.Contains(event, "crs-930-110"))
 	})
 
 	// Test a security scanner attack via path parameters

diff --git a/contrib/go-chi/chi.v4/chi_test.go b/contrib/go-chi/chi.v4/chi_test.go
@@ -331,7 +331,7 @@ func TestAppSec(t *testing.T) {
 	t.Run("request-uri", func(t *testing.T) {
 		mt := mocktracer.Start()
 		defer mt.Stop()
-		// Send an LFI attack (according to appsec rule id crs-930-100)
+		// Send an LFI attack (according to appsec rule id crs-930-110)
 		req, err := http.NewRequest("POST", srv.URL+"/../../../secret.txt", nil)
 		if err != nil {
 			panic(err)
@@ -351,7 +351,7 @@ func TestAppSec(t *testing.T) {
 		event := finished[0].Tag("_dd.appsec.json").(string)
 		require.NotNil(t, event)
 		require.True(t, strings.Contains(event, "server.request.uri.raw"))
-		require.True(t, strings.Contains(event, "crs-930-100"))
+		require.True(t, strings.Contains(event, "crs-930-110"))
 	})
 
 	// Test a security scanner attack via path parameters

diff --git a/contrib/go-chi/chi.v5/chi_test.go b/contrib/go-chi/chi.v5/chi_test.go
@@ -331,7 +331,7 @@ func TestAppSec(t *testing.T) {
 	t.Run("request-uri", func(t *testing.T) {
 		mt := mocktracer.Start()
 		defer mt.Stop()
-		// Send an LFI attack (according to appsec rule id crs-930-100)
+		// Send an LFI attack (according to appsec rule id crs-930-110)
 		req, err := http.NewRequest("POST", srv.URL+"/../../../secret.txt", nil)
 		if err != nil {
 			panic(err)
@@ -351,7 +351,7 @@ func TestAppSec(t *testing.T) {
 		event := finished[0].Tag("_dd.appsec.json").(string)
 		require.NotNil(t, event)
 		require.True(t, strings.Contains(event, "server.request.uri.raw"))
-		require.True(t, strings.Contains(event, "crs-930-100"))
+		require.True(t, strings.Contains(event, "crs-930-110"))
 	})
 
 	// Test a security scanner attack via path parameters

diff --git a/contrib/go-chi/chi/chi_test.go b/contrib/go-chi/chi/chi_test.go
@@ -331,7 +331,7 @@ func TestAppSec(t *testing.T) {
 	t.Run("request-uri", func(t *testing.T) {
 		mt := mocktracer.Start()
 		defer mt.Stop()
-		// Send an LFI attack (according to appsec rule id crs-930-100)
+		// Send an LFI attack (according to appsec rule id crs-930-110)
 		req, err := http.NewRequest("POST", srv.URL+"/../../../secret.txt", nil)
 		if err != nil {
 			panic(err)
@@ -351,7 +351,7 @@ func TestAppSec(t *testing.T) {
 		event := finished[0].Tag("_dd.appsec.json").(string)
 		require.NotNil(t, event)
 		require.True(t, strings.Contains(event, "server.request.uri.raw"))
-		require.True(t, strings.Contains(event, "crs-930-100"))
+		require.True(t, strings.Contains(event, "crs-930-110"))
 	})
 
 	// Test a security scanner attack via path parameters

diff --git a/contrib/gorilla/mux/mux_test.go b/contrib/gorilla/mux/mux_test.go
@@ -334,7 +334,7 @@ func TestAppSec(t *testing.T) {
 	t.Run("request-uri", func(t *testing.T) {
 		mt := mocktracer.Start()
 		defer mt.Stop()
-		// Send an LFI attack (according to appsec rule id crs-930-100)
+		// Send an LFI attack (according to appsec rule id crs-930-110)
 		req, err := http.NewRequest("POST", srv.URL+"/../../../secret.txt", nil)
 		if err != nil {
 			panic(err)
@@ -351,12 +351,12 @@ func TestAppSec(t *testing.T) {
 		event := finished[0].Tag("_dd.appsec.json").(string)
 		require.NotNil(t, event)
 		require.True(t, strings.Contains(event, "server.request.uri.raw"))
-		require.True(t, strings.Contains(event, "crs-930-100"))
+		require.True(t, strings.Contains(event, "crs-930-110"))
 		// The second request should contain the event via the referrer header
 		event = finished[1].Tag("_dd.appsec.json").(string)
 		require.NotNil(t, event)
 		require.True(t, strings.Contains(event, "server.request.headers.no_cookies"))
-		require.True(t, strings.Contains(event, "crs-930-100"))
+		require.True(t, strings.Contains(event, "crs-930-110"))
 	})
 
 	// Test a security scanner attack via path parameters

diff --git a/contrib/labstack/echo.v4/echotrace_test.go b/contrib/labstack/echo.v4/echotrace_test.go
@@ -297,7 +297,7 @@ func TestAppSec(t *testing.T) {
 	t.Run("request-uri", func(t *testing.T) {
 		mt := mocktracer.Start()
 		defer mt.Stop()
-		// Send an LFI attack (according to appsec rule id crs-930-100)
+		// Send an LFI attack (according to appsec rule id crs-930-110)
 		req, err := http.NewRequest("POST", srv.URL+"/../../../secret.txt", nil)
 		if err != nil {
 			panic(err)
@@ -311,7 +311,7 @@ func TestAppSec(t *testing.T) {
 		require.Len(t, finished, 1)
 		event := finished[0].Tag("_dd.appsec.json").(string)
 		require.NotNil(t, event)
-		require.True(t, strings.Contains(event, "crs-930-100"))
+		require.True(t, strings.Contains(event, "crs-930-110"))
 		require.True(t, strings.Contains(event, "server.request.uri.raw"))
 	})
 

diff --git a/internal/appsec/waf_test.go b/internal/appsec/waf_test.go
@@ -12,7 +12,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
-	"strings"
 	"testing"
 
 	httptrace "gopkg.in/DataDog/dd-trace-go.v1/contrib/net/http"
@@ -61,12 +60,12 @@ func TestWAF(t *testing.T) {
 	require.Len(t, finished, 2)
 
 	// Two requests were performed by the client request (due to the 301 redirection) and the two should have the LFI
-	// attack attempt event (appsec rule id crs-930-100).
+	// attack attempt event (appsec rule id crs-930-110).
 	event := finished[0].Tag("_dd.appsec.json")
 	require.NotNil(t, event)
-	require.True(t, strings.Contains(event.(string), "crs-930-100"))
+	require.Contains(t, event.(string), "crs-930-110")
 
 	event = finished[1].Tag("_dd.appsec.json")
 	require.NotNil(t, event)
-	require.True(t, strings.Contains(event.(string), "crs-930-100"))
+	require.Contains(t, event.(string), "crs-930-110")
 }