Adds a map of properties per languages

DataDog · Nov 28, 2024 · bac103c · bac103c
1 parent e4f2ec6
commit bac103c
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 17 deletions.
diff --git a/.github/workflows/run-end-to-end.yml b/.github/workflows/run-end-to-end.yml
@@ -112,9 +112,6 @@ jobs:
     - name: Run IAST_DEDUPLICATION scenario
       if: always() && steps.build.outcome == 'success' && contains(inputs.scenarios, '"IAST_DEDUPLICATION"')
       run: ./run.sh IAST_DEDUPLICATION
-    - name: Run IAST_SECURITY_CONTROLS scenario
-      if: always() && steps.build.outcome == 'success' && contains(inputs.scenarios, '"IAST_SECURITY_CONTROLS"')
-      run: ./run.sh IAST_SECURITY_CONTROLS
     - name: Run DEFAULT scenario
       if: always() && steps.build.outcome == 'success' && contains(inputs.scenarios, '"DEFAULT"')
       run: ./run.sh DEFAULT

diff --git a/tests/appsec/iast/test_security_controls.py b/tests/appsec/iast/test_security_controls.py
@@ -2,18 +2,17 @@
 # This product includes software developed at Datadog (https://www.datadoghq.com/).
 # Copyright 2021 Datadog, Inc.
 
-from utils import features, rfc, scenarios, weblog, interfaces
+from utils import features, rfc, weblog, interfaces
 from tests.appsec.iast.utils import BaseSinkTest, assert_iast_vulnerability
 
 
 @features.iast_security_controls
 @rfc("https://docs.google.com/document/d/1j1hp87-2wJnXUGADZxzLnvKJmaF_Gd6ZR1hPS3LVguQ/edit?pli=1&tab=t.0")
-@scenarios.iast_security_controls
 class TestSecurityControls:
     @staticmethod
     def assert_iast_is_enabled(request):
         product_enabled = False
-        for data, trace, span in interfaces.library.get_spans(request=request):
+        for _, _, span in interfaces.library.get_spans(request=request):
             # Check if the product is enabled in meta
             meta = span["meta"]
             if "_dd.iast.json" in meta:
@@ -24,7 +23,7 @@ def assert_iast_is_enabled(request):
             if meta_struct and meta_struct.get("vulnerability"):
                 product_enabled = True
                 break
-        assert product_enabled, f"IAST is not available"
+        assert product_enabled, "IAST is not available"
 
     def setup_iast_is_enabled(self):
         self.check_r = weblog.post("/iast/sc/iv/sqli", data={"param": "param"})

diff --git a/utils/_context/_scenarios/__init__.py b/utils/_context/_scenarios/__init__.py
@@ -387,16 +387,6 @@ def all_endtoend_scenarios(test_object):
         scenario_groups=[ScenarioGroup.APPSEC],
     )
 
-    iast_security_controls = EndToEndScenario(
-        "IAST_SECURITY_CONTROLS",
-        weblog_env={
-            "DD_IAST_ENABLED": "true",
-            "DD_IAST_SECURITY_CONTROLS_CONFIGURATION": "SANITIZER:XSS:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:sanitize;SANITIZER:*:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:sanitizeForAllVulns;SANITIZER:*:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:overloadedSanitize:java.lang.String;INPUT_VALIDATOR:XSS:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:validate;INPUT_VALIDATOR:*:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:validateForAllVulns;INPUT_VALIDATOR:*:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:overloadedValidation:java.lang.Object,java.lang.String,java.lang.String:1,2",
-        },
-        doc="Iast scenario with security controls",
-        scenario_groups=[ScenarioGroup.APPSEC],
-    )
-
     remote_config_mocked_backend_asm_features = EndToEndScenario(
         "REMOTE_CONFIG_MOCKED_BACKEND_ASM_FEATURES",
         rc_api_enabled=True,

diff --git a/utils/_context/_scenarios/default.py b/utils/_context/_scenarios/default.py
@@ -2,6 +2,20 @@
 from .endtoend import EndToEndScenario
 
 
+# TODO : short explaination of the purpose of this value
+# a link to the RFC would be perfect
+_iast_security_controls_map = {
+    "cpp": "TODO",
+    "dotnet": "TODO",
+    "golang": "TODO",
+    "java": "SANITIZER:XSS:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:sanitize;SANITIZER:*:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:sanitizeForAllVulns;SANITIZER:*:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:overloadedSanitize:java.lang.String;INPUT_VALIDATOR:XSS:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:validate;INPUT_VALIDATOR:*:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:validateForAllVulns;INPUT_VALIDATOR:*:com.datadoghq.system_tests.iast.utils.SecurityControlUtil:overloadedValidation:java.lang.Object,java.lang.String,java.lang.String:1,2",
+    "nodejs": "TODO",
+    "php": "TODO",
+    "python": "TODO",
+    "ruby": "TODO",
+}
+
+
 class DefaultScenario(EndToEndScenario):
     def __init__(self, name: str):
         super().__init__(
@@ -18,3 +32,10 @@ def __init__(self, name: str):
             scenario_groups=[ScenarioGroup.ESSENTIALS],
             doc="Default scenario, spawn tracer, the Postgres databases and agent, and run most of exisiting tests",
         )
+
+    def configure(self, config):
+        super().configure(config)
+
+        self.weblog_container.environment["DD_IAST_SECURITY_CONTROLS_CONFIGURATION"] = _iast_security_controls_map[
+            self.weblog_container.library.library
+        ]