From ca330432deb0ccb2a96e23783b3f61358d8f7512 Mon Sep 17 00:00:00 2001 From: Anna Date: Tue, 29 Oct 2024 18:08:19 +0100 Subject: [PATCH] change snapshots accordingly. As now, if cookies are empty, and count is 0, not null, we dont send the address to the waf --- ....Classic.enableSecurity=True.__test=blocking.verified.txt | 5 ----- ...dy={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt | 5 ----- ..._UploadStruct_body={-Property1-- -[$slice]-}.verified.txt | 5 ----- ...=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt | 5 ----- ...params_appscan_fingerprint-&q=help_body=null.verified.txt | 5 ----- ..._Health_params_appscan_fingerprint_body=null.verified.txt | 5 ----- ...st.query_url=_Health_-arg=[$slice]_body=null.verified.txt | 5 ----- ...tegrated.enableSecurity=True.__test=blocking.verified.txt | 5 ----- ...covery.scans_url=_Health_wp-config_body=null.verified.txt | 5 ----- ...dy={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt | 5 ----- ..._UploadStruct_body={-Property1-- -[$slice]-}.verified.txt | 5 ----- ...=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt | 5 ----- ...params_appscan_fingerprint-&q=help_body=null.verified.txt | 5 ----- ..._Health_params_appscan_fingerprint_body=null.verified.txt | 5 ----- ...st.query_url=_Health_-arg=[$slice]_body=null.verified.txt | 5 ----- ...rs.no_cookies_url=_Home_LangHeader_body=null.verified.txt | 5 ----- ...ity=True.__type=block_request_statusCode=200.verified.txt | 2 -- ...=True.__type=redirect_request_statusCode=302.verified.txt | 2 -- ...ity=True.__type=block_request_statusCode=200.verified.txt | 2 -- ...=True.__type=redirect_request_statusCode=302.verified.txt | 2 -- ...nableSecurity=True.__test=blocking-ips_url=_.verified.txt | 1 - ...nableSecurity=True.__test=blocking-ips_url=_.verified.txt | 1 - ...AsmRulesToggle.Classic.enableSecurity=True._.verified.txt | 3 --- ...RulesToggle.Integrated.enableSecurity=True._.verified.txt | 3 --- ....Classic.enableSecurity=True.__test=blocking.verified.txt | 5 ----- ...i_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt | 5 ----- ...rl=_api_Health_appscan_fingerprint_body=null.verified.txt | 5 ----- ...rams_url=_api_route_2-arg=[$slice]_body=null.verified.txt | 5 ----- ...=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt | 5 ----- ...uery_url=_api_Health_-arg=[$slice]_body=null.verified.txt | 5 ----- ...tegrated.enableSecurity=True.__test=blocking.verified.txt | 5 ----- ...i_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt | 5 ----- ...rl=_api_Health_appscan_fingerprint_body=null.verified.txt | 5 ----- ...rams_url=_api_route_2-arg=[$slice]_body=null.verified.txt | 5 ----- ...=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt | 5 ----- ...uery_url=_api_Health_-arg=[$slice]_body=null.verified.txt | 5 ----- ...ity=True.__test=blocking-ips_url=_api_health.verified.txt | 1 - ...ity=True.__test=blocking-ips_url=_api_health.verified.txt | 1 - ....Classic.enableSecurity=True.__test=blocking.verified.txt | 5 ----- ...ty=True.__url=_Health-arg=[$slice]_body=null.verified.txt | 5 ----- ..._Health_Params_appscan_fingerprint_body=null.verified.txt | 5 ----- ...ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt | 5 ----- ...tegrated.enableSecurity=True.__test=blocking.verified.txt | 5 ----- ...ty=True.__url=_Health-arg=[$slice]_body=null.verified.txt | 5 ----- ..._Health_Params_appscan_fingerprint_body=null.verified.txt | 5 ----- ...ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt | 5 ----- ...y=True.__test=blocking-ips_url=_default.aspx.verified.txt | 1 - ...y=True.__test=blocking-ips_url=_default.aspx.verified.txt | 1 - 48 files changed, 200 deletions(-) diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt index 07d299b9b986..fb0905e68ab9 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=blocking.verified.txt @@ -26,7 +26,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -71,7 +70,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,7 +114,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -161,7 +158,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -206,7 +202,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt index 7ac12e82bbc4..6da030b29599 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt @@ -53,7 +53,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -125,7 +124,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -197,7 +195,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -269,7 +266,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -341,7 +337,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt index 185200d6be61..c6b4c65a0845 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt @@ -53,7 +53,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -125,7 +124,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -197,7 +195,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -269,7 +266,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -341,7 +337,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 19a3cca6fdb7..6dace1ca5e1b 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -53,7 +53,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -125,7 +124,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -197,7 +195,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -269,7 +266,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -341,7 +337,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt index f1726ca3b176..27278ef284c7 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt @@ -51,7 +51,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -121,7 +120,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -191,7 +189,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -261,7 +258,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -331,7 +327,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt index 62ae97e9175d..df78cbdda69f 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt @@ -51,7 +51,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -121,7 +120,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -191,7 +189,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -261,7 +258,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -331,7 +327,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt index 8dd8f11753fc..59fe954bcb7c 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt @@ -51,7 +51,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -121,7 +120,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -191,7 +189,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -261,7 +258,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -331,7 +327,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt index 1d300c039c7e..8a099971f1e2 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=blocking.verified.txt @@ -27,7 +27,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -73,7 +72,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +117,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -165,7 +162,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -211,7 +207,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt index 1f3f1863ee04..1201dff1789a 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=discovery.scans_url=_Health_wp-config_body=null.verified.txt @@ -52,7 +52,6 @@ _dd.appsec.fp.http.endpoint: http-get-74ef4633--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -123,7 +122,6 @@ _dd.appsec.fp.http.endpoint: http-get-74ef4633--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +192,6 @@ _dd.appsec.fp.http.endpoint: http-get-74ef4633--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -265,7 +262,6 @@ _dd.appsec.fp.http.endpoint: http-get-74ef4633--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -336,7 +332,6 @@ _dd.appsec.fp.http.endpoint: http-get-74ef4633--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"nfd-000-001","name":"Detect common directory discovery scans","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"^404$","parameters":[{"address":"server.response.status","highlight":["404"],"key_path":[],"value":"404"}]},{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.uri.raw","highlight":["/wp-config"],"key_path":[],"value":"/health/wp-config"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt index 44b75aca3508..0d67de705121 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt @@ -54,7 +54,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,7 +126,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -200,7 +198,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -273,7 +270,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -346,7 +342,6 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt index 1323d4aad5d6..02fcbd1d6b14 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt @@ -54,7 +54,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,7 +126,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -200,7 +198,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -273,7 +270,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -346,7 +342,6 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 013448d4b62a..82d94900697c 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -54,7 +54,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -127,7 +126,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -200,7 +198,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -273,7 +270,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -346,7 +342,6 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt index 34ba6e454877..06011500c39f 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt @@ -52,7 +52,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -123,7 +122,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +192,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -265,7 +262,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -336,7 +332,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt index 6b8e721cb6c0..c1a0bf91b862 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt @@ -52,7 +52,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -123,7 +122,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +192,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -265,7 +262,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -336,7 +332,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt index 60c09b046bb2..4b53de7d7313 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.query_url=_Health_-arg=[$slice]_body=null.verified.txt @@ -52,7 +52,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -123,7 +122,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -194,7 +192,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -265,7 +262,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -336,7 +332,6 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt index 560306513db2..cb437f7a405b 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.response.headers.no_cookies_url=_Home_LangHeader_body=null.verified.txt @@ -53,7 +53,6 @@ _dd.appsec.fp.http.endpoint: http-get-0cfc1178--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -125,7 +124,6 @@ _dd.appsec.fp.http.endpoint: http-get-0cfc1178--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -197,7 +195,6 @@ _dd.appsec.fp.http.endpoint: http-get-0cfc1178--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -269,7 +266,6 @@ _dd.appsec.fp.http.endpoint: http-get-0cfc1178--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -341,7 +337,6 @@ _dd.appsec.fp.http.endpoint: http-get-0cfc1178--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt index a882ee58f0c5..06bd10e72a36 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=block_request_statusCode=200.verified.txt @@ -26,7 +26,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -71,7 +70,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt index d4c8c5dc9386..78cfc582b9ea 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Classic.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt @@ -26,7 +26,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -71,7 +70,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt index 0abadb993e01..170c8768ce00 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=block_request_statusCode=200.verified.txt @@ -27,7 +27,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -73,7 +72,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt index 33d302f67eac..ecd97b48aea6 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmBlockingActions.Integrated.enableSecurity=True.__type=redirect_request_statusCode=302.verified.txt @@ -27,7 +27,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -73,7 +72,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["dummy_rule"],"key_path":["arg","0"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_.verified.txt index 64eed2ac8ced..c70759deb694 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_.verified.txt @@ -85,7 +85,6 @@ _dd.appsec.fp.http.endpoint: http-get-8a5edab2--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-001","name":"Block IP Addresses","tags":{"category":"security_response","type":"block_ip"}},"rule_matches":[{"operator":"ip_match","operator_value":"","parameters":[{"address":"http.client_ip","highlight":["86.242.244.246"],"key_path":[],"value":"86.242.244.246"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_.verified.txt index a40f22c4ed71..f2b0b992b0ef 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_.verified.txt @@ -86,7 +86,6 @@ _dd.appsec.fp.http.endpoint: http-get-8a5edab2--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-001","name":"Block IP Addresses","tags":{"category":"security_response","type":"block_ip"}},"rule_matches":[{"operator":"ip_match","operator_value":"","parameters":[{"address":"http.client_ip","highlight":["86.242.244.246"],"key_path":[],"value":"86.242.244.246"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt index 12b64641a3de..e7803f9eba41 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Classic.enableSecurity=True._.verified.txt @@ -51,7 +51,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0100000000-948f4ea1-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -96,7 +95,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-948f4ea1-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -166,7 +164,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-948f4ea1-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt index 5e380b3651a2..9d0886d6ad92 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmRulesToggle.Integrated.enableSecurity=True._.verified.txt @@ -52,7 +52,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0100000000-948f4ea1-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -98,7 +97,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-948f4ea1-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -169,7 +167,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-948f4ea1-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ua0-600-16x","name":"SQL power injector","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"sql power injector","parameters":[{"address":"server.request.headers.no_cookies","highlight":["sql power injector"],"key_path":["user-agent"],"value":"Mistake Not... (sql power injector)"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt index 8dafaf1d2632..79fe5b5a9cb8 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=blocking.verified.txt @@ -26,7 +26,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -71,7 +70,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,7 +114,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -161,7 +158,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -206,7 +202,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index f79f445d0748..b97006b034d8 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -50,7 +50,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +118,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -188,7 +186,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -257,7 +254,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -326,7 +322,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt index 9932a55b78e2..d8ab906e9248 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt @@ -48,7 +48,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -115,7 +114,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,7 +180,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -249,7 +246,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -316,7 +312,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt index 90a324bf2567..9fa88afe4301 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt @@ -48,7 +48,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -115,7 +114,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,7 +180,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -249,7 +246,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -316,7 +312,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt index 5996c8277569..2d5fd47ed4d4 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt @@ -48,7 +48,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -115,7 +114,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,7 +180,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -249,7 +246,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -316,7 +312,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt index ec837e8ac4cf..ab450bebac96 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt @@ -48,7 +48,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -115,7 +114,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,7 +180,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -249,7 +246,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -316,7 +312,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt index 0cd2c75dc854..3f91cadd89e4 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=blocking.verified.txt @@ -27,7 +27,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -73,7 +72,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +117,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -165,7 +162,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -211,7 +207,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 3d47ad442ae4..e8865529d57c 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -50,7 +50,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +118,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -188,7 +186,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -257,7 +254,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -326,7 +322,6 @@ _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt index f1f05e10d9e9..612b219b67d6 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_Health_appscan_fingerprint_body=null.verified.txt @@ -49,7 +49,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -117,7 +116,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -185,7 +183,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -253,7 +250,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -321,7 +317,6 @@ _dd.appsec.fp.http.endpoint: http-get-0553e2d1--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt index 9f1a4cfbd9aa..b05275f07077 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[$slice]_body=null.verified.txt @@ -49,7 +49,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -117,7 +116,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -185,7 +183,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -253,7 +250,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -321,7 +317,6 @@ _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt index 62da7d86e8bf..a3ca479e6e73 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_TwoMember-arg=[$slice]_body=null.verified.txt @@ -49,7 +49,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -117,7 +116,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -185,7 +183,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -253,7 +250,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -321,7 +317,6 @@ _dd.appsec.fp.http.endpoint: http-get-42b7ca6a-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt index efbf2834d36d..9157d2692841 100644 --- a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.query_url=_api_Health_-arg=[$slice]_body=null.verified.txt @@ -49,7 +49,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -117,7 +116,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -185,7 +183,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -253,7 +250,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -321,7 +317,6 @@ _dd.appsec.fp.http.endpoint: http-get-5ca47921-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt index 54f61d55f546..456a70712930 100644 --- a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt @@ -79,7 +79,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-001","name":"Block IP Addresses","tags":{"category":"security_response","type":"block_ip"}},"rule_matches":[{"operator":"ip_match","operator_value":"","parameters":[{"address":"http.client_ip","highlight":["86.242.244.246"],"key_path":[],"value":"86.242.244.246"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt index 765322bf5c12..0da8101ad895 100644 --- a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt @@ -83,7 +83,6 @@ _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-001","name":"Block IP Addresses","tags":{"category":"security_response","type":"block_ip"}},"rule_matches":[{"operator":"ip_match","operator_value":"","parameters":[{"address":"http.client_ip","highlight":["86.242.244.246"],"key_path":[],"value":"86.242.244.246"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt index 07d299b9b986..fb0905e68ab9 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__test=blocking.verified.txt @@ -26,7 +26,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -71,7 +70,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,7 +114,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -161,7 +158,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -206,7 +202,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt index 4cfe3d234471..84795255fd22 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt @@ -25,7 +25,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0100000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -69,7 +68,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -113,7 +111,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -157,7 +154,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -201,7 +197,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt index 368d013ac0f0..805bc4edef65 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt @@ -25,7 +25,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -69,7 +68,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -113,7 +111,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -157,7 +154,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -201,7 +197,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt index 4bb98c95f1a2..c08e68df9207 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Classic.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt @@ -27,7 +27,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -73,7 +72,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +117,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -165,7 +162,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -211,7 +207,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt index 1d300c039c7e..8a099971f1e2 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__test=blocking.verified.txt @@ -27,7 +27,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -73,7 +72,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -119,7 +117,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -165,7 +162,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -211,7 +207,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e--, _dd.appsec.fp.http.header: hdr-0000000000-197358b8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"ublock","name":"Hello","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"match_regex","operator_value":"hello","parameters":[{"address":"server.request.headers.no_cookies","highlight":["hello"],"key_path":["user-agent"],"value":"mistake not... hello/v"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt index 159cc039a8b6..29f18b703914 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health-arg=[$slice]_body=null.verified.txt @@ -26,7 +26,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -71,7 +70,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,7 +114,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -161,7 +158,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -206,7 +202,6 @@ _dd.appsec.fp.http.endpoint: http-get-0587c50e-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt index 6ac5964f0e05..9525da8f20e6 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_Params_appscan_fingerprint_body=null.verified.txt @@ -26,7 +26,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -71,7 +70,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -116,7 +114,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -161,7 +158,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -206,7 +202,6 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt index d84458d1daaf..599778044e16 100644 --- a/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebForms.Integrated.enableSecurity=True.__url=_Health_body=ctl00%24MainContent%24testBox=%5B%24slice%5D.verified.txt @@ -28,7 +28,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -75,7 +74,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,7 +120,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -169,7 +166,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -216,7 +212,6 @@ _dd.appsec.fp.http.endpoint: http-post-0587c50e--8a8abefe, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["ctl00$MainContent$testBox"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt index f6732a7381d8..7b6cf3e49846 100644 --- a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt @@ -57,7 +57,6 @@ _dd.appsec.fp.http.endpoint: http-get-d2b1037e--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-001","name":"Block IP Addresses","tags":{"category":"security_response","type":"block_ip"}},"rule_matches":[{"operator":"ip_match","operator_value":"","parameters":[{"address":"http.client_ip","highlight":["86.242.244.246"],"key_path":[],"value":"86.242.244.246"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt index 773da9af1c07..cc629b434dc2 100644 --- a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt @@ -61,7 +61,6 @@ _dd.appsec.fp.http.endpoint: http-get-d2b1037e--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-001","name":"Block IP Addresses","tags":{"category":"security_response","type":"block_ip"}},"rule_matches":[{"operator":"ip_match","operator_value":"","parameters":[{"address":"http.client_ip","highlight":["86.242.244.246"],"key_path":[],"value":"86.242.244.246"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet