Skip to content

Commit

Permalink
Add tickets to bug declarations on java (#3084)
Browse files Browse the repository at this point in the history
  • Loading branch information
cbeauchesne authored Sep 20, 2024
1 parent 2f631c8 commit 8b69939
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 34 deletions.
34 changes: 16 additions & 18 deletions manifests/java.yml
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ tests/:
play: missing_feature
ratpack: missing_feature
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-openliberty: bug (not working as expected)
spring-boot-openliberty: bug (APPSEC-54981)
test_insecure_cookie.py:
TestInsecureCookie:
'*': v1.18.0
Expand Down Expand Up @@ -253,7 +253,7 @@ tests/:
ratpack: missing_feature
resteasy-netty3: missing_feature
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-openliberty: bug (not working as expected)
spring-boot-openliberty: bug (APPSEC-54981)
vertx3: missing_feature
vertx4: missing_feature
test_xpath_injection.py:
Expand Down Expand Up @@ -299,7 +299,7 @@ tests/:
TestCookieValue:
'*': v1.10.0
akka-http: v1.12.0
jersey-grizzly2: bug (name field of source not set)
jersey-grizzly2: bug (APPSEC-54982)
play: missing_feature
ratpack: missing_feature
resteasy-netty3: v1.11.0
Expand All @@ -323,7 +323,7 @@ tests/:
TestHeaderValue:
'*': v1.3.0
akka-http: v1.12.0
jersey-grizzly2: bug (name field of source not set)
jersey-grizzly2: bug (APPSEC-54982)
play: missing_feature
ratpack: missing_feature
resteasy-netty3: v1.11.0
Expand Down Expand Up @@ -377,7 +377,7 @@ tests/:
TestParameterValue:
'*': v1.1.0
akka-http: v1.12.0
jersey-grizzly2: bug (name field of source not set)
jersey-grizzly2: bug (APPSEC-54982)
play: missing_feature
ratpack: missing_feature
resteasy-netty3: v1.11.0
Expand Down Expand Up @@ -544,8 +544,7 @@ tests/:
ratpack: v0.99.0
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
vertx3: v0.99.0
vertx4: bug (Capability to read body content is incomplete after vert.x
4.0.0)
vertx4: bug (APPSEC-54983)
Test_BodyRaw:
'*': missing_feature
akka-http: v1.22.0
Expand All @@ -566,8 +565,7 @@ tests/:
ratpack: v0.99.0
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
vertx3: missing_feature
vertx4: bug (Capability to read body content is incomplete after vert.x
4.0.0)
vertx4: bug (APPSEC-54983)
Test_Cookies:
akka-http: v1.22.0
play: v1.22.0
Expand Down Expand Up @@ -779,7 +777,7 @@ tests/:
akka-http: v1.22.0
play: v1.22.0
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-payara: bug (blocking not working)
spring-boot-payara: bug (APPSEC-54985)
Test_Blocking_request_body_multipart:
'*': v1.15.0
akka-http: v1.22.0
Expand All @@ -788,8 +786,8 @@ tests/:
ratpack: missing_feature
resteasy-netty3: missing_feature
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-openliberty: bug
spring-boot-payara: bug (blocking not working)
spring-boot-openliberty: bug (APPSEC-54985)
spring-boot-payara: bug (APPSEC-54985)
Test_Blocking_request_cookies:
'*': missing_feature
akka-http: v1.22.0
Expand Down Expand Up @@ -906,9 +904,9 @@ tests/:
vertx4: v1.7.0
Test_Suspicious_Request_Blocking:
'*': v1.6.0
akka-http: bug
akka-http: bug (APPSEC-54985)
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-payara: bug
spring-boot-payara: bug (APPSEC-54985)
test_client_ip.py:
Test_StandardTagsClientIp: v0.114.0
test_conf.py:
Expand Down Expand Up @@ -1035,7 +1033,7 @@ tests/:
test_suspicious_attacker_blocking.py:
Test_Suspicious_Attacker_Blocking:
'*': v1.39.0
play: bug (endpoint returns 404)
play: bug (APPSEC-54986)
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
test_traces.py:
Test_AppSecEventSpanTags:
Expand Down Expand Up @@ -1164,7 +1162,7 @@ tests/:
"*": irrelevant
spring-boot: v0.1 # real version not known
test_cassandra.py:
Test_Cassandra: bug (Endpoint is probably improperly implemented on weblog)
Test_Cassandra: bug (APMAPI-729)
test_db_integrations_sql.py:
Test_MsSql:
'*': missing_feature
Expand Down Expand Up @@ -1215,9 +1213,9 @@ tests/:
"*": irrelevant
spring-boot: bug (AIDM-325)
test_mongo.py:
Test_Mongo: bug (Endpoint is probably improperly implemented on weblog)
Test_Mongo: bug (APMAPI-729)
test_sql.py:
Test_Sql: bug (Endpoint is probably improperly implemented on weblog)
Test_Sql: bug (APMAPI-729)
k8s_lib_injection/:
test_k8s_manual_inject.py:
TestAdmisionControllerProfiling: v1.39.0
Expand Down
14 changes: 0 additions & 14 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,7 @@ allow_no_jira_ticket_for_bugs = [
"tests/appsec/test_traces.py::Test_AppSecEventSpanTags.test_header_collection",
"tests/appsec/test_traces.py::Test_RetainTraces",
"tests/appsec/test_user_blocking_full_denylist.py::Test_UserBlocking_FullDenylist.test_blocking_test",
"tests/appsec/waf/test_addresses.py::Test_BodyJson",
"tests/appsec/waf/test_addresses.py::Test_BodyUrlEncoded",
"tests/appsec/waf/test_addresses.py::Test_BodyXml",
"tests/appsec/waf/test_addresses.py::Test_BodyXml.test_xml_attr_value",
"tests/appsec/waf/test_addresses.py::Test_BodyXml.test_xml_content",
"tests/appsec/waf/test_miscs.py::Test_404",
Expand All @@ -85,18 +83,15 @@ allow_no_jira_ticket_for_bugs = [
"tests/auto_inject/test_auto_inject_install.py::TestInstallerAutoInjectManual.test_install_uninstall",
"tests/auto_inject/test_auto_inject_install.py::TestSimpleInstallerAutoInjectManual.test_install",
"tests/debugger/test_debugger_pii.py::Test_Debugger_PII_Redaction.test_pii_redaction_dotnet_2_50",
"tests/integrations/test_cassandra.py::Test_Cassandra",
"tests/integrations/test_db_integrations_sql.py::Test_MsSql.test_db_name",
"tests/integrations/test_db_integrations_sql.py::Test_MsSql.test_db_system",
"tests/integrations/test_db_integrations_sql.py::Test_MsSql.test_db_user",
"tests/integrations/test_db_integrations_sql.py::Test_Postgres.test_db_type",
"tests/integrations/test_dbm.py::Test_Dbm.test_trace_payload_service",
"tests/integrations/test_dsm.py::Test_DsmRabbitmq.test_dsm_rabbitmq",
"tests/integrations/test_mongo.py::Test_Mongo",
"tests/integrations/test_open_telemetry.py::_BaseOtelDbIntegrationTestClass.test_db_operation",
"tests/integrations/test_open_telemetry.py::Test_MsSql.test_db_operation",
"tests/integrations/test_open_telemetry.py::Test_MsSql.test_resource",
"tests/integrations/test_sql.py::Test_Sql",
"tests/k8s_lib_injection/test_k8s_init_image_validator.py::TestK8sInitImageValidator.test_valid_weblog_instrumented",
"tests/k8s_lib_injection/test_k8s_init_image_validator.py::TestK8sInitImageValidatorUnsupported.test_invalid_weblog_not_instrumented",

Expand Down Expand Up @@ -166,16 +161,7 @@ allow_no_jira_ticket_for_bugs = [
"tests/parametric/test_dynamic_configuration.py::TestDynamicConfigTracingEnabled",
"tests/parametric/test_dynamic_configuration.py::TestDynamicConfigV1",
"tests/parametric/test_dynamic_configuration.py::TestDynamicConfigV2",
"tests/appsec/test_blocking_addresses.py::Test_Suspicious_Request_Blocking",
"tests/appsec/iast/source/test_cookie_value.py::TestCookieValue",
"tests/appsec/iast/source/test_header_value.py::TestHeaderValue",
"tests/appsec/iast/source/test_parameter_value.py::TestParameterValue",
"tests/appsec/test_suspicious_attacker_blocking.py::Test_Suspicious_Attacker_Blocking",
"tests/appsec/iast/sink/test_xcontent_sniffing.py::Test_XContentSniffing",
"tests/appsec/iast/sink/test_insecure_auth_protocol.py::Test_InsecureAuthProtocol",
"tests/appsec/test_blocking_addresses.py::Test_Blocking_request_body_multipart",
"tests/parametric/test_config_consistency.py::Test_Config_TraceLogDirectory",
"tests/appsec/test_blocking_addresses.py::Test_Blocking_request_body",
]

[tool.pylint]
Expand Down
4 changes: 2 additions & 2 deletions tests/appsec/waf/test_addresses.py
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,7 @@ def test_body_value(self):
interfaces.library.assert_waf_attack(self.r_value, value='<vmlframe src="xss">', address="server.request.body")


@bug(context.library == "nodejs@2.8.0", reason="Capability to read body content is broken")
@bug(context.library == "nodejs@2.8.0", reason="APMRP-360")
@features.appsec_request_blocking
class Test_BodyJson:
"""Appsec supports <JSON encoded body>"""
Expand Down Expand Up @@ -305,7 +305,7 @@ def test_json_array(self):
interfaces.library.assert_waf_attack(self.r_array, value='<vmlframe src="xss">', address="server.request.body")


@bug(context.library == "nodejs@2.8.0", reason="Capability to read body content is broken")
@bug(context.library == "nodejs@2.8.0", reason="APMRP-360")
@features.appsec_request_blocking
class Test_BodyXml:
"""Appsec supports <XML encoded body>"""
Expand Down

0 comments on commit 8b69939

Please sign in to comment.