-
Notifications
You must be signed in to change notification settings - Fork 279
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add grpc.server.method to WAF addresses with FQN of the grpc method (#…
…7079) Add grpc.server.method to WAF addresses with FQN of the grpc method
- Loading branch information
1 parent
38271ed
commit ca01312
Showing
16 changed files
with
248 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 24 additions & 0 deletions
24
...grpc/src/test/groovy/datadog/smoketest/appsec/AbstractSpringBootWithGRPCAppSecTest.groovy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
package datadog.smoketest.appsec | ||
|
||
abstract class AbstractSpringBootWithGRPCAppSecTest extends AbstractAppSecServerSmokeTest { | ||
|
||
@Override | ||
ProcessBuilder createProcessBuilder() { | ||
String springBootShadowJar = System.getProperty("datadog.smoketest.appsec.springboot-grpc.shadowJar.path") | ||
assert springBootShadowJar != null | ||
|
||
List<String> command = [ | ||
javaPath(), | ||
*defaultJavaProperties, | ||
*defaultAppSecProperties, | ||
"-jar", | ||
springBootShadowJar, | ||
"--server.port=${httpPort}" | ||
].collect { it as String } | ||
|
||
ProcessBuilder processBuilder = new ProcessBuilder(command) | ||
processBuilder.directory(new File(buildDirectory)) | ||
} | ||
|
||
static final String ROUTE = 'async_annotation_greeting' | ||
} |
70 changes: 70 additions & 0 deletions
70
...s/appsec/springboot-grpc/src/test/groovy/datadog/smoketest/appsec/ServerMethodTest.groovy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
package datadog.smoketest.appsec | ||
|
||
|
||
import okhttp3.Request | ||
import spock.lang.Shared | ||
|
||
class ServerMethodTest extends AbstractSpringBootWithGRPCAppSecTest { | ||
|
||
@Shared | ||
String buildDir = new File(System.getProperty("datadog.smoketest.builddir")).absolutePath | ||
@Shared | ||
String customRulesPath = "${buildDir}/appsec_custom_rules.json" | ||
|
||
@Override | ||
ProcessBuilder createProcessBuilder() { | ||
// We run this here to ensure it runs before starting the process. Child setupSpec runs after parent setupSpec, | ||
// so it is not a valid location. | ||
appendRules(customRulesPath, [ | ||
[ | ||
id : '__test_server_method_bock', | ||
name : 'test rule to block on server method', | ||
tags : [ | ||
type : 'test', | ||
category : 'test', | ||
confidence: '1', | ||
], | ||
conditions : [ | ||
[ | ||
parameters: [ | ||
inputs: [[address: 'grpc.server.method']], | ||
regex : 'Greeter', | ||
], | ||
operator : 'match_regex', | ||
] | ||
], | ||
transformers: [], | ||
on_match : ['block'] | ||
] | ||
]) | ||
return super.createProcessBuilder() | ||
} | ||
|
||
void 'test grpc.server.method address'() { | ||
setup: | ||
String url = "http://localhost:${httpPort}/${ROUTE}" | ||
def request = new Request.Builder() | ||
.url("${url}?message=${'Hello!'.bytes.encodeBase64()}") | ||
.get().build() | ||
|
||
when: | ||
def response = client.newCall(request).execute() | ||
|
||
then: | ||
def responseBodyStr = response.body().string() | ||
responseBodyStr != null | ||
responseBodyStr.contains("bye") | ||
response.body().contentType().toString().contains("text/plain") | ||
response.code() == 200 | ||
|
||
and: | ||
waitForTraceCount(2) == 2 | ||
rootSpans.size() == 2 | ||
def grpcRootSpan = rootSpans.find { it.triggers } | ||
grpcRootSpan != null | ||
def match = grpcRootSpan.triggers[0]['rule_matches'][0] | ||
match != null | ||
match['parameters'][0]['address'] == 'grpc.server.method' | ||
match['parameters'][0]['value'] == 'smoketest.Greeter/Hello' | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.