diff --git a/tracer/build/smoke_test_snapshots/smoke_test_snapshots.json b/tracer/build/smoke_test_snapshots/smoke_test_snapshots.json index 1ce0952b4d49..88dd2b5730e0 100644 --- a/tracer/build/smoke_test_snapshots/smoke_test_snapshots.json +++ b/tracer/build/smoke_test_snapshots/smoke_test_snapshots.json @@ -38,7 +38,7 @@ "parent_id": 1, "type": "web", "meta": { - "_dd.appsec.event_rules.version": "1.13.1", + "_dd.appsec.event_rules.version": "1.13.2", "_dd.appsec.waf.version": "1.20.1", "_dd.runtime_family": "dotnet", "_dd.appsec.s.req.params": "H4sIAAAAAAAAA4uuVkrOzyspys/JSS1Ssoq2iNVRSkwuyczPA3NqYwH+CR9jIQAAAA==", diff --git a/tracer/build/smoke_test_snapshots/smoke_test_snapshots_2_1.json b/tracer/build/smoke_test_snapshots/smoke_test_snapshots_2_1.json index c51d460693db..1ec8ed0de971 100644 --- a/tracer/build/smoke_test_snapshots/smoke_test_snapshots_2_1.json +++ b/tracer/build/smoke_test_snapshots/smoke_test_snapshots_2_1.json @@ -38,7 +38,7 @@ "parent_id": 1, "type": "web", "meta": { - "_dd.appsec.event_rules.version": "1.13.1", + "_dd.appsec.event_rules.version": "1.13.2", "_dd.appsec.waf.version": "1.20.1", "_dd.runtime_family": "dotnet", "_dd.appsec.s.res.body": "H4sIAAAAAAAAA4u2iAUA8YntnQMAAAA=", diff --git a/tracer/src/Datadog.Trace/AppSec/Waf/ConfigFiles/rule-set.json b/tracer/src/Datadog.Trace/AppSec/Waf/ConfigFiles/rule-set.json index a2a52ac89888..d0e486c6731f 100644 --- a/tracer/src/Datadog.Trace/AppSec/Waf/ConfigFiles/rule-set.json +++ b/tracer/src/Datadog.Trace/AppSec/Waf/ConfigFiles/rule-set.json @@ -1,7 +1,7 @@ { "version": "2.2", "metadata": { - "rules_version": "1.13.1" + "rules_version": "1.13.2" }, "rules": [ { @@ -6335,7 +6335,6 @@ { "id": "rasp-934-100", "name": "Server-side request forgery exploit", - "enabled": false, "tags": { "type": "ssrf", "category": "vulnerability_trigger", @@ -6384,7 +6383,6 @@ { "id": "rasp-942-100", "name": "SQL injection exploit", - "enabled": false, "tags": { "type": "sql_injection", "category": "vulnerability_trigger", @@ -6424,7 +6422,7 @@ } ] }, - "operator": "sqli_detector" + "operator": "sqli_detector@v2" } ], "transformers": [], diff --git a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.test-external-waf-headers.verified.txt b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.test-external-waf-headers.verified.txt index 2bc73e2796ef..e4b5e951853a 100644 --- a/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.test-external-waf-headers.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore2.SecurityEnabled.test-external-waf-headers.verified.txt @@ -29,7 +29,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.test-external-waf-headers.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.test-external-waf-headers.verified.txt index 9ee32ed32164..d4593b206a0f 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.test-external-waf-headers.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.test-external-waf-headers.verified.txt @@ -30,7 +30,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.test-null-action.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.test-null-action.verified.txt index d8d1e164ab42..a741f48b6736 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.test-null-action.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.test-null-action.verified.txt @@ -22,7 +22,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmDataSecurityEnabled.__test=blocking-user_url=_user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmDataSecurityEnabled.__test=blocking-user_url=_user.verified.txt index c51f2ec7d1d2..5d7791933acd 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmDataSecurityEnabled.__test=blocking-user_url=_user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmDataSecurityEnabled.__test=blocking-user_url=_user.verified.txt @@ -23,7 +23,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { @@ -65,7 +65,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, _dd.appsec.fp.session: ssn-5860faf0---, diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmInitializationSecurityEnabled.TestSecurityInitialization.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmInitializationSecurityEnabled.TestSecurityInitialization.verified.txt index 22f1ea72d105..d7e88a1cc307 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmInitializationSecurityEnabled.TestSecurityInitialization.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmInitializationSecurityEnabled.TestSecurityInitialization.verified.txt @@ -29,7 +29,7 @@ network.client.ip: 127.0.0.1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_.verified.txt index 64eed2ac8ced..f107e23fc8bb 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_.verified.txt @@ -43,7 +43,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.waf.version: 1.20.1, _dd.runtime_family: dotnet }, @@ -81,7 +81,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-8a5edab2--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-user_url=_user.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-user_url=_user.verified.txt index df94e1340f67..7f48883ad00b 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-user_url=_user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Classic.enableSecurity=True.__test=blocking-user_url=_user.verified.txt @@ -44,7 +44,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { @@ -106,7 +106,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-c9ffce19--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_.verified.txt index a40f22c4ed71..0b86e59e1477 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_.verified.txt @@ -43,7 +43,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.waf.version: 1.20.1, _dd.runtime_family: dotnet }, @@ -82,7 +82,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-8a5edab2--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_user.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_user.verified.txt index 62fa67c5edad..4edcc71332de 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5AsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_user.verified.txt @@ -44,7 +44,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { @@ -107,7 +107,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-c9ffce19--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt index 54f61d55f546..87f20a78d48e 100644 --- a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt @@ -40,7 +40,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { @@ -75,7 +75,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-user_url=_api_user.verified.txt b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-user_url=_api_user.verified.txt index f61a0904a04d..c636d605beb8 100644 --- a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-user_url=_api_user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Classic.enableSecurity=True.__test=blocking-user_url=_api_user.verified.txt @@ -41,7 +41,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.waf.version: 1.20.1, _dd.runtime_family: dotnet }, @@ -103,7 +103,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-c4cf151d--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt index 765322bf5c12..88a9c672f007 100644 --- a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_api_health.verified.txt @@ -40,7 +40,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.waf.version: 1.20.1, _dd.runtime_family: dotnet }, @@ -79,7 +79,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-7ab84831--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_api_user.verified.txt b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_api_user.verified.txt index e8b1668cc9d0..9a641f1dfb48 100644 --- a/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_api_user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebApiAsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_api_user.verified.txt @@ -41,7 +41,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { @@ -102,7 +102,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-c4cf151d--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt index f6732a7381d8..ae28b3168344 100644 --- a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt @@ -18,7 +18,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { @@ -53,7 +53,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-d2b1037e--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-user_url=_user.verified.txt b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-user_url=_user.verified.txt index 4047cd3c20bc..b56630e7f95d 100644 --- a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-user_url=_user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Classic.enableSecurity=True.__test=blocking-user_url=_user.verified.txt @@ -19,7 +19,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.waf.version: 1.20.1, _dd.runtime_family: dotnet }, @@ -58,7 +58,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-c9ffce19--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt index 773da9af1c07..2118bf069b66 100644 --- a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-ips_url=_default.aspx.verified.txt @@ -18,7 +18,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.waf.version: 1.20.1, _dd.runtime_family: dotnet }, @@ -57,7 +57,7 @@ network.client.ip: ::1, runtime-id: Guid_1, span.kind: server, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-d2b1037e--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, diff --git a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_user.verified.txt b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_user.verified.txt index b2f9c521a596..0708feaf107a 100644 --- a/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetWebFormsAsmData.Integrated.enableSecurity=True.__test=blocking-user_url=_user.verified.txt @@ -19,7 +19,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.runtime_family: dotnet }, Metrics: { @@ -56,7 +56,7 @@ runtime-id: Guid_1, span.kind: server, usr.id: user3, - _dd.appsec.event_rules.version: 1.13.1, + _dd.appsec.event_rules.version: 1.13.2, _dd.appsec.fp.http.endpoint: http-get-c9ffce19--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000,