fix minor tweaks

florentinl · florentinl · commit 9546648a51a1 · 2025-08-20T10:45:25.000+02:00
diff --git a/tests/appsec/api_security/test_schemas.py b/tests/appsec/api_security/test_schemas.py
@@ -43,6 +43,7 @@ def equal_value(t1, t2):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Schema_Request_Headers:
     """Test API Security - Request Headers Schema"""
@@ -63,6 +64,7 @@ def test_request_method(self):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Schema_Request_Cookies:
     """Test API Security - Request Cookies Schema"""
@@ -87,6 +89,7 @@ def test_request_method(self):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Schema_Request_Query_Parameters:
     """Test API Security - Request Query Parameters Schema"""
@@ -107,6 +110,7 @@ def test_request_method(self):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Schema_Request_Path_Parameters:
     """Test API Security - Request Path Parameters Schema"""
@@ -128,6 +132,7 @@ def test_request_method(self):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Schema_Request_Json_Body:
     """Test API Security - Request Body and list length"""
@@ -148,6 +153,7 @@ def test_request_method(self):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Schema_Request_FormUrlEncoded_Body:
     """Test API Security - Request Body and list length"""
@@ -188,6 +194,7 @@ def test_request_method(self):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Schema_Response_Headers:
     """Test API Security - Response Header Schema"""
@@ -207,6 +214,7 @@ def test_request_method(self):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Schema_Response_Body:
     """Test API Security - Response Body Schema with urlencoded body"""
@@ -233,6 +241,7 @@ def test_request_method(self):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Schema_Response_on_Block:
     """Test API Security - Response Schemas with urlencoded body
@@ -293,6 +302,7 @@ def test_request_method(self):
 
 @rfc("https://docs.google.com/document/d/1OCHPBCAErOL2FhLl64YAHB8woDyq66y5t-JGolxdf1Q/edit#heading=h.bth088vsbjrz")
 @scenarios.appsec_api_security
+@scenarios.appsec_lambda_api_security
 @features.api_security_schemas
 class Test_Scanners:
     """Test API Security - Scanners"""
diff --git a/tests/appsec/test_traces.py b/tests/appsec/test_traces.py
@@ -68,15 +68,20 @@ def setup_custom_span_tags(self):
         weblog.get("/waf", params={"key": "\n :"})  # rules.http_protocol_violation.crs_921_160
         weblog.get("/waf", headers={"random-key": "acunetix-user-agreement"})  # rules.security_scanner.crs_913_110
 
-    @bug(library="python_lambda", reason="APPSEC-58201")
     def test_custom_span_tags(self):
         """AppSec should store in all APM spans some tags when enabled."""
 
         spans = [span for _, span in interfaces.library.get_root_spans()]
         assert spans, "No root spans to validate"
-        spans = [s for s in spans if s.get("type") == "web"]
-        assert spans, "No spans of type web to validate"
+        spans = [s for s in spans if s.get("type") in ("web", "serverless")]
+        assert spans, "No spans of type web or serverless to validate"
         for span in spans:
+            if span.get("type") == "serverless" and "_dd.appsec.unsupported_event_type" in span["metrics"]:
+                # For serverless, the `healthcheck` event is not supported
+                assert (
+                    span["metrics"]["_dd.appsec.unsupported_event_type"] == 1
+                ), "_dd.appsec.unsupported_event_type should be 1 or 1.0"
+                continue
             assert "_dd.appsec.enabled" in span["metrics"], "Cannot find _dd.appsec.enabled in span metrics"
             assert span["metrics"]["_dd.appsec.enabled"] == 1, "_dd.appsec.enabled should be 1 or 1.0"
             assert "_dd.runtime_family" in span["meta"], "Cannot find _dd.runtime_family in span meta"
@@ -87,14 +92,15 @@ def test_custom_span_tags(self):
     def setup_header_collection(self):
         self.r = weblog.get("/headers", headers={"User-Agent": "Arachni/v1", "Content-Type": "text/plain"})
 
+    @bug(library="python_lambda", reason="APPSEC-58202")
     @bug(context.library < f"python@{PYTHON_RELEASE_GA_1_1}", reason="APMRP-360")
     @bug(context.library < "java@1.2.0", weblog_variant="spring-boot-openliberty", reason="APPSEC-6734")
     @bug(
         context.library < "nodejs@5.57.0",
         weblog_variant="fastify",
         reason="APPSEC-57432",  # Response headers collection not supported yet
     )
-    @irrelevant(context.library not in ["golang", "nodejs", "java", "dotnet"], reason="test")
+    @irrelevant(context.library not in ["golang", "nodejs", "java", "dotnet", "python_lambda"], reason="test")
     @irrelevant(context.scenario is scenarios.external_processing, reason="Irrelevant tag set for golang")
     def test_header_collection(self):
         """AppSec should collect some headers for http.request and http.response and store them in span tags.
diff --git a/utils/_context/_scenarios/__init__.py b/utils/_context/_scenarios/__init__.py
@@ -1,10 +1,10 @@
 import json
 
-from utils._context._scenarios.aws_lambda import LambdaScenario
 from utils._context.header_tag_vars import VALID_CONFIGS, INVALID_CONFIGS, CONFIG_WILDCARD
 from utils.proxy.ports import ProxyPorts
 from utils.tools import update_environ_with_local_env
 
+from .aws_lambda import LambdaScenario
 from .core import Scenario, scenario_groups
 from .default import DefaultScenario
 from .endtoend import DockerScenario, EndToEndScenario
@@ -1085,6 +1085,22 @@ class _Scenarios:
         doc="Default Lambda scenario",
         scenario_groups=[scenario_groups.appsec],
     )
+    appsec_lambda_api_security = LambdaScenario(
+        "APPSEC_LAMBDA_API_SECURITY",
+        weblog_env={
+            "DD_API_SECURITY_ENABLED": "true",
+            "DD_API_SECURITY_REQUEST_SAMPLE_RATE": "1.0",
+            "DD_API_SECURITY_SAMPLE_DELAY": "0.0",
+            "DD_API_SECURITY_MAX_CONCURRENT_REQUESTS": "50",
+            "DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED": "true",
+            "DD_API_SECURITY_ENDPOINT_COLLECTION_MESSAGE_LIMIT": "30",
+        },
+        doc="""
+        Scenario for API Security feature in lambda, testing schema types sent into span tags if
+        DD_API_SECURITY_ENABLED is set to true.
+        """,
+        scenario_groups=[scenario_groups.appsec],
+    )
 
 
 scenarios = _Scenarios()
diff --git a/utils/_context/containers.py b/utils/_context/containers.py
@@ -1060,26 +1060,24 @@ def __init__(
             "DD_SITE": os.environ.get("DD_SITE", "datad0g.com"),
             "DD_API_KEY": os.environ.get("DD_API_KEY", _FAKE_DD_API_KEY),
             "DD_SERVERLESS_FLUSH_STRATEGY": "periodically,100",
+            "DD_TRACE_MANAGED_SERVICES": "false",
         }
 
         volumes = volumes or {}
 
         environment["DD_PROXY_HTTPS"] = f"http://proxy:{ProxyPorts.agent}"
-        environment["DD_PROXY_HTTP"] = f"http://proxy:{ProxyPorts.agent}"
-        environment["DD_APM_NON_LOCAL_TRAFFIC"] = (
-            "true"  # Required for the extension to receive traces from outside the container
-        )
+        environment["DD_LOG_LEVEL"] = "debug"
         volumes.update(
             {
                 "./utils/build/docker/agent/ca-certificates.crt": {
                     "bind": "/etc/ssl/certs/ca-certificates.crt",
                     "mode": "ro",
                 },
                 "./utils/build/docker/agent/datadog.yaml": {
-                    "bind": "/etc/datadog-agent/datadog.yaml",
+                    "bind": "/var/task/datadog.yaml",
                     "mode": "ro",
                 },
-            },
+            }
         )
 
         super().__init__(
diff --git a/utils/build/docker/python_lambda/function/requirements.txt b/utils/build/docker/python_lambda/function/requirements.txt
@@ -1 +1 @@
-aws-lambda-powertools
+aws-lambda-powertools==3.17.0

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-aws-lambda-powertools`
	`1`	`+aws-lambda-powertools==3.17.0`