APMRP-360 flag legacy bug decorators (#3067)

pyproject.toml

@@ -52,7 +52,6 @@ allow_no_feature_nodes = [
 
 allow_no_jira_ticket_for_bugs = [
     "tests/apm_tracing_e2e/test_otel.py::Test_Otel_Span.test_datadog_otel_span",
-    "tests/appsec/iast/sink/test_sql_injection.py::TestSqlInjection.test_insecure",
     "tests/appsec/iast/source/test_body.py::TestRequestBody.test_source_reported",
     "tests/appsec/iast/source/test_parameter_name.py::TestParameterName.test_source_get_reported",
     "tests/appsec/iast/source/test_parameter_name.py::TestParameterName.test_source_post_reported",
@@ -64,20 +63,10 @@ allow_no_jira_ticket_for_bugs = [
     "tests/appsec/test_asm_standalone.py::Test_AppSecStandalone_UpstreamPropagation.test_any_upstream_propagation__with_attack__raises_priority_to_2__from_minus_1",
     "tests/appsec/test_asm_standalone.py::Test_AppSecStandalone_UpstreamPropagation.test_no_upstream_appsec_propagation__with_attack__is_kept_with_priority_2__from_0",
     "tests/appsec/test_asm_standalone.py::Test_AppSecStandalone_UpstreamPropagation.test_no_upstream_appsec_propagation__with_attack__is_kept_with_priority_2__from_minus_1",
-    "tests/appsec/test_automated_login_events.py::Test_Login_Events.test_login_pii_success_basic",
-    "tests/appsec/test_automated_login_events.py::Test_Login_Events.test_login_pii_success_local",
-    "tests/appsec/test_automated_login_events.py::Test_Login_Events.test_login_wrong_password_failure_basic",
-    "tests/appsec/test_automated_login_events.py::Test_Login_Events.test_login_wrong_password_failure_local",
-    "tests/appsec/test_automated_login_events.py::Test_Login_Events.test_login_wrong_user_failure_basic",
-    "tests/appsec/test_automated_login_events.py::Test_Login_Events.test_login_wrong_user_failure_local",
     "tests/appsec/test_blocking_addresses.py::Test_Blocking_request_method.test_blocking_before",
-    "tests/appsec/test_blocking_addresses.py::Test_Blocking_request_uri.test_blocking_uri_raw",
-    "tests/appsec/test_ip_blocking_full_denylist.py::Test_AppSecIPBlockingFullDenylist",
-    "tests/appsec/test_ip_blocking_full_denylist.py::Test_AppSecIPBlockingFullDenylist.test_blocked_ips",
     "tests/appsec/test_rate_limiter.py::Test_Main.test_main",
     "tests/appsec/test_reports.py::Test_Info",
     "tests/appsec/test_reports.py::Test_RequestHeaders",
-    "tests/appsec/test_reports.py::Test_RequestHeaders.test_http_request_headers",
     "tests/appsec/test_reports.py::Test_StatusCode",
     "tests/appsec/test_runtime_activation.py::Test_RuntimeActivation",
     "tests/appsec/test_shell_execution.py::Test_ShellExecution.test_truncate_1st_argument",
@@ -90,13 +79,7 @@ allow_no_jira_ticket_for_bugs = [
     "tests/appsec/waf/test_addresses.py::Test_BodyXml",
     "tests/appsec/waf/test_addresses.py::Test_BodyXml.test_xml_attr_value",
     "tests/appsec/waf/test_addresses.py::Test_BodyXml.test_xml_content",
-    "tests/appsec/waf/test_blocking.py::Test_Blocking.test_accept_all",
-    "tests/appsec/waf/test_blocking.py::Test_Blocking.test_accept_full_json",
-    "tests/appsec/waf/test_blocking.py::Test_Blocking.test_accept_partial_json",
-    "tests/appsec/waf/test_exclusions.py::Test_Exclusions.test_input_exclusion_negative_test",
-    "tests/appsec/waf/test_exclusions.py::Test_Exclusions.test_rule_exclusion_positive_test",
     "tests/appsec/waf/test_miscs.py::Test_404",
-    "tests/appsec/waf/test_rules.py::Test_SQLI.test_sqli2",
     "tests/appsec/waf/test_rules.py::Test_SQLI.test_sqli3",
     "tests/auto_inject/test_auto_inject_install.py::TestContainerAutoInjectInstallScript.test_install",
     "tests/auto_inject/test_auto_inject_install.py::TestInstallerAutoInjectManual.test_install_uninstall",
@@ -118,6 +101,7 @@ allow_no_jira_ticket_for_bugs = [
     "tests/integrations/test_sql.py::Test_Sql",
     "tests/k8s_lib_injection/test_k8s_init_image_validator.py::TestK8sInitImageValidator.test_valid_weblog_instrumented",
     "tests/k8s_lib_injection/test_k8s_init_image_validator.py::TestK8sInitImageValidatorUnsupported.test_invalid_weblog_not_instrumented",
+
     "tests/parametric/test_dynamic_configuration.py::TestDynamicConfigSamplingRules.test_remote_sampling_rules_retention",
     "tests/parametric/test_dynamic_configuration.py::TestDynamicConfigSamplingRules.test_trace_sampling_rules_override_env",
     "tests/parametric/test_dynamic_configuration.py::TestDynamicConfigSamplingRules.test_trace_sampling_rules_override_rate",
@@ -130,7 +114,6 @@ allow_no_jira_ticket_for_bugs = [
     "tests/parametric/test_headers_precedence.py::Test_Headers_Precedence.test_headers_precedence_propagationstyle_tracecontext_last_extract_first_true_correctly_propagates_tracestate",
     "tests/parametric/test_headers_tracestate_dd.py::Test_Headers_Tracestate_DD.test_headers_tracestate_dd_evicts_32_or_greater_list_members",
     "tests/parametric/test_headers_tracestate_dd.py::Test_Headers_Tracestate_DD.test_headers_tracestate_dd_keeps_32_or_fewer_list_members",
-    "tests/parametric/test_otel_span_methods.py::Test_Otel_Span_Methods.test_otel_get_span_context",
     "tests/parametric/test_otel_span_methods.py::Test_Otel_Span_Methods.test_otel_span_started_with_link_from_other_spans",
     "tests/parametric/test_otel_span_methods.py::Test_Otel_Span_Methods.test_otel_span_started_with_link_from_w3c_headers",
     "tests/parametric/test_partial_flushing.py::Test_Partial_Flushing.test_partial_flushing_one_span_default",
@@ -153,11 +136,9 @@ allow_no_jira_ticket_for_bugs = [
     "tests/remote_config/test_remote_configuration.py::Test_RemoteConfigurationUpdateSequenceFeatures.test_tracer_update_sequence",
     "tests/stats/test_miscs.py::Test_Miscs.test_request_headers",
     "tests/test_data_integrity.py::Test_TraceHeaders.test_trace_header_container_tags",
-    "tests/test_data_integrity.py::Test_TraceHeaders.test_traces_header_present",
     "tests/test_identify.py::Test_Basic.test_identify_tags",
     "tests/test_sampling_rates.py::Test_SamplingDecisions.test_sampling_decision",
     "tests/test_sampling_rates.py::Test_SamplingDecisions.test_sampling_determinism",
-    "tests/test_sampling_rates.py::Test_SamplingRates",
     "tests/test_sampling_rates.py::Test_SamplingRates.test_sampling_rates",
     "tests/test_schemas.py::Test_Agent.test_agent_schema_telemetry_main_payload",
     "tests/test_semantic_conventions.py::Test_Meta.test_meta_component_tag",
@@ -173,7 +154,6 @@ allow_no_jira_ticket_for_bugs = [
     "tests/test_telemetry.py::Test_Telemetry.test_app_dependencies_loaded",
     "tests/test_telemetry.py::Test_Telemetry.test_app_heartbeats_delays",
     "tests/test_telemetry.py::Test_Telemetry.test_app_started_is_first_message",
-    "tests/test_telemetry.py::Test_Telemetry.test_app_started_sent_exactly_once",
     "tests/test_telemetry.py::Test_Telemetry.test_status_ok",
     "tests/test_telemetry.py::Test_Telemetry.test_telemetry_proxy_enrichment",
     "tests/test_telemetry.py::Test_TelemetryV2.test_telemetry_v2_required_headers",

tests/appsec/iast/sink/test_sql_injection.py

@@ -22,9 +22,7 @@ class TestSqlInjection(BaseSinkTest):
     }
 
     @bug(
-        context.library < "nodejs@5.3.0",
-        weblog_variant="express4-typescript",
-        reason="Incorrect vulnerability location",
+        context.library < "nodejs@5.3.0", weblog_variant="express4-typescript", reason="APMRP-360",
     )
     def test_insecure(self):
         super().test_insecure()

tests/appsec/test_automated_login_events.py

@@ -63,7 +63,7 @@ def setup_login_pii_success_local(self):
             "/login?auth=local", data={self.username_key: self.USER, self.password_key: self.PASSWORD}
         )
 
-    @bug(context.library < "nodejs@4.9.0", reason="Reports empty space in usr.id when id is a PII")
+    @bug(context.library < "nodejs@4.9.0", reason="APMRP-360")
     @irrelevant(
         context.library == "python" and context.weblog_variant in ["django-poc", "python3.12"],
         reason="APM reports all user id for now on Django",
@@ -81,7 +81,7 @@ def setup_login_pii_success_basic(self):
         self.r_pii_success = weblog.get("/login?auth=basic", headers={"Authorization": self.BASIC_AUTH_USER_HEADER})
 
     @missing_feature(context.library == "php", reason="Basic auth not implemented")
-    @bug(context.library < "nodejs@4.9.0", reason="Reports empty space in usr.id when id is a PII")
+    @bug(context.library < "nodejs@4.9.0", reason="APMRP-360")
     @irrelevant(
         context.library == "python" and context.weblog_variant in ["django-poc", "python3.12"],
         reason="APM reports all user id for now on Django",
@@ -127,7 +127,7 @@ def setup_login_wrong_user_failure_local(self):
             "/login?auth=local", data={self.username_key: self.INVALID_USER, self.password_key: self.PASSWORD}
         )
 
-    @bug(context.library < "nodejs@4.9.0", reason="Reports empty space in usr.id when id is a PII")
+    @bug(context.library < "nodejs@4.9.0", reason="APMRP-360")
     @missing_feature(weblog_variant="spring-boot-openliberty", reason="weblog returns error 500")
     def test_login_wrong_user_failure_local(self):
         assert self.r_wrong_user_failure.status_code == 401
@@ -149,7 +149,7 @@ def setup_login_wrong_user_failure_basic(self):
         )
 
     @missing_feature(context.library == "php", reason="Basic auth not implemented")
-    @bug(context.library < "nodejs@4.9.0", reason="Reports empty space in usr.id when id is a PII")
+    @bug(context.library < "nodejs@4.9.0", reason="APMRP-360")
     @missing_feature(weblog_variant="spring-boot-openliberty", reason="weblog returns error 500")
     def test_login_wrong_user_failure_basic(self):
         assert self.r_wrong_user_failure.status_code == 401
@@ -170,7 +170,7 @@ def setup_login_wrong_password_failure_local(self):
             "/login?auth=local", data={self.username_key: self.USER, self.password_key: "12345"}
         )
 
-    @bug(context.library < "nodejs@4.9.0", reason="Reports empty space in usr.id when id is a PII")
+    @bug(context.library < "nodejs@4.9.0", reason="APMRP-360")
     @missing_feature(weblog_variant="spring-boot-openliberty", reason="weblog returns error 500")
     def test_login_wrong_password_failure_local(self):
         assert self.r_wrong_user_failure.status_code == 401
@@ -192,7 +192,7 @@ def setup_login_wrong_password_failure_basic(self):
         )
 
     @missing_feature(context.library == "php", reason="Basic auth not implemented")
-    @bug(context.library < "nodejs@4.9.0", reason="Reports empty space in usr.id when id is a PII")
+    @bug(context.library < "nodejs@4.9.0", reason="APMRP-360")
     @missing_feature(weblog_variant="spring-boot-openliberty", reason="weblog returns error 500")
     def test_login_wrong_password_failure_basic(self):
         assert self.r_wrong_user_failure.status_code == 401

tests/appsec/test_blocking_addresses.py

@@ -149,7 +149,7 @@ def test_non_blocking(self):
     def setup_blocking_uri_raw(self):
         self.rm_req_uri_raw = weblog.get("/waf/uri_raw_should_not_include_scheme_domain_and_port")
 
-    @bug(context.library < "dotnet@2.50.0", reason="dotnet may include scheme, domain and port in uri.raw")
+    @bug(context.library < "dotnet@2.50.0", reason="APMRP-360")
     def test_blocking_uri_raw(self):
         interfaces.library.assert_waf_attack(self.rm_req_uri_raw, rule="tst-037-011")
         assert self.rm_req_uri_raw.status_code == 403

tests/appsec/test_ip_blocking_full_denylist.py

@@ -9,7 +9,7 @@
 
 
 @rfc("https://docs.google.com/document/d/1GUd8p7HBp9gP0a6PZmDY26dpGrS1Ztef9OYdbK3Vq3M/edit")
-@bug("nodejs@3.16.0" < context.library < "nodejs@3.18.0", reason="bugged on that version range")
+@bug("nodejs@3.16.0" < context.library < "nodejs@3.18.0", reason="APMRP-360")
 @scenarios.appsec_blocking_full_denylist
 @features.appsec_client_ip_blocking
 class Test_AppSecIPBlockingFullDenylist(BaseFullDenyListTest):
@@ -25,8 +25,7 @@ def setup_blocked_ips(self):
 
     @missing_feature(weblog_variant="spring-boot" and context.library < "java@0.111.0")
     @bug(
-        context.library >= "java@1.22.0" and context.library < "java@1.35.0",
-        reason="Failed on large expiration values, which are used in this test",
+        context.library >= "java@1.22.0" and context.library < "java@1.35.0", reason="APMRP-360",
     )
     def test_blocked_ips(self):
         """test blocked ips are enforced"""

tests/appsec/test_reports.py

@@ -92,7 +92,7 @@ def setup_http_request_headers(self):
             },
         )
 
-    @bug(context.library < "dotnet@2.1.0")
+    @bug(context.library < "dotnet@2.1.0", reason="APMRP-360")
     def test_http_request_headers(self):
         """AppSec reports the HTTP headers used for actor IP detection."""
 

tests/appsec/test_user_blocking_full_denylist.py

@@ -31,10 +31,9 @@ def setup_blocking_test(self):
             weblog.get("/users", params={"user": self.NUM_OF_BLOCKED_USERS - 1}),
         ]
 
-    @bug(context.library < "ruby@1.12.1", reason="not setting the tags on the service entry span")
+    @bug(context.library < "ruby@1.12.1", reason="APMRP-360")
     @bug(
-        context.library >= "java@1.22.0" and context.library < "java@1.35.0",
-        reason="Failed on large expiration values, which are used in this test",
+        context.library >= "java@1.22.0" and context.library < "java@1.35.0", reason="APMRP-360",
     )
     @bug(library="java", reason="Request blocked but appsec.blocked tag not set")
     def test_blocking_test(self):

tests/appsec/waf/test_blocking.py

@@ -91,7 +91,7 @@ def validate_appsec_blocked(span):
     def setup_accept_all(self):
         self.r_aa = weblog.get("/waf/", headers={"User-Agent": "Arachni/v1", "Accept": "*/*"})
 
-    @bug(context.library < "ruby@1.12.1", reason="wrong default content-type")
+    @bug(context.library < "ruby@1.12.1", reason="APMRP-360")
     def test_accept_all(self):
         """Blocking with Accept: */*"""
         assert self.r_aa.status_code == 403
@@ -104,7 +104,7 @@ def setup_accept_partial_json(self):
             "/waf/", headers={"User-Agent": "Arachni/v1", "Accept": "text/*;q=0.7, application/*;q=0.8, */*;q=0.9"}
         )
 
-    @bug(context.library < "ruby@1.12.1", reason="wrong default content-type")
+    @bug(context.library < "ruby@1.12.1", reason="APMRP-360")
     def test_accept_partial_json(self):
         """Blocking with Accept: application/*"""
         assert self.r_apj.status_code == 403
@@ -137,7 +137,7 @@ def setup_accept_full_json(self):
             },
         )
 
-    @bug(context.library < "ruby@1.12.1", reason="wrong default content-type")
+    @bug(context.library < "ruby@1.12.1", reason="APMRP-360")
     def test_accept_full_json(self):
         """Blocking with Accept: application/json"""
         assert self.r_afj.status_code == 403

tests/appsec/waf/test_exclusions.py

@@ -10,7 +10,7 @@ def setup_input_exclusion_negative_test(self):
         self.r_iexnt1 = weblog.get("/waf/", params={"excluded_key": "true"})
         self.r_iexnt2 = weblog.get("/waf/", params={"excluded_key": "true", "activate_exclusion": "false"})
 
-    @bug(context.library <= "ruby@1.12.1")
+    @bug(context.library <= "ruby@1.12.1", reason="APMRP-360")
     def test_input_exclusion_negative_test(self):
         interfaces.library.assert_waf_attack(self.r_iexnt1, pattern="true", address="server.request.query")
         interfaces.library.assert_waf_attack(self.r_iexnt2, pattern="true", address="server.request.query")
@@ -32,6 +32,6 @@ def test_rule_exclusion_negative_test(self):
     def setup_rule_exclusion_positive_test(self):
         self.r_rept = weblog.get("/waf/", params={"foo": "bbbb", "activate_exclusion": "true"})
 
-    @bug(context.library <= "ruby@1.12.1")
+    @bug(context.library <= "ruby@1.12.1", reason="APMRP-360")
     def test_rule_exclusion_positive_test(self):
         interfaces.library.assert_no_appsec_event(self.r_rept)

tests/appsec/waf/test_rules.py

@@ -222,7 +222,7 @@ def setup_sqli2(self):
         self.r_3 = weblog.get("/waf/", params={"value": "alter d char set f"})
         self.r_4 = weblog.get("/waf/", params={"value": "merge using("})
 
-    @flaky(context.library <= "php@0.68.2")
+    @flaky(context.library <= "php@0.68.2", reason="APMRP-360")
     def test_sqli2(self):
         """Other SQLI patterns"""
         interfaces.library.assert_waf_attack(self.r_3, waf_rules.sql_injection.crs_942_240)
@@ -231,7 +231,7 @@ def test_sqli2(self):
     def setup_sqli3(self):
         self.r_5 = weblog.get("/waf/", cookies={"value": "%3Bshutdown--"})
 
-    @bug(context.library < "dotnet@2.1.0")
+    @bug(context.library < "dotnet@2.1.0", reason="APMRP-360")
     @bug(library="java", reason="under Valentin's investigations")
     @missing_feature(library="golang", reason="cookies are not url-decoded and this attack works with a ;")
     @irrelevant(context.appsec_rules_version >= "1.2.7", reason="cookies were disabled for the time being")

tests/parametric/test_dynamic_configuration.py

@@ -706,7 +706,7 @@ def test_trace_sampling_rules_override_rate(self, library_env, test_agent, test_
         reason="JSON tag format in RC differs from the JSON tag format used in DD_TRACE_SAMPLING_RULES",
     )
     @bug(context.library == "ruby", reason="RC_SAMPLING_TAGS_RULE_RATE is not respected")
-    @bug(context.library <= "dotnet@2.53.2", reason="Applies rate from local sampling rule when no remote rules match.")
+    @bug(context.library <= "dotnet@2.53.2", reason="APMRP-360")
     @missing_feature(library="python")
     @missing_feature(context.library < "nodejs@5.19.0")
     def test_trace_sampling_rules_with_tags(self, test_agent, test_library):

tests/parametric/test_otel_span_methods.py

@@ -410,7 +410,7 @@ def test_otel_set_span_status_ok(self, test_agent, test_library):
         assert span.get("name") == "internal"
         assert span.get("resource") == "ok_span"
 
-    @bug(context.library < "ruby@2.2.0", reason="Older versions do not generate datadog spans with the correct ids")
+    @bug(context.library < "ruby@2.2.0", reason="APMRP-360")
     def test_otel_get_span_context(self, test_agent, test_library):
         """
             This test verifies retrieving the span context of a span

tests/parametric/test_sampling_span_tags.py

@@ -120,7 +120,7 @@ def test_tags_child_kept_sst007(self, test_agent, test_library):
     @bug(library="ruby", reason="ruby does not set dm tag on first span")
     @bug(library="dotnet", reason="dotnet does not set dm tag on first span")
     @bug(library="cpp", reason="unknown")
-    @bug(context.library < "nodejs@5.17.0", reason="nodejs sets dm tag -0")  # actual fixed version is not known
+    @bug(context.library < "nodejs@5.17.0", reason="APMRP-360")  # actual fixed version is not known
     def test_tags_defaults_sst002(self, test_agent, test_library):
         parent_span, child_span, first_span = _get_spans(test_agent, test_library)
         _assert_sampling_tags(

tests/test_data_integrity.py

@@ -23,7 +23,7 @@ class Test_TraceHeaders:
     """All required headers are present in all traces submitted to the agent"""
 
     @missing_feature(library="cpp")
-    @bug(context.library <= "golang@1.37.0")
+    @bug(context.library <= "golang@1.37.0", reason="APMRP-360")
     def test_traces_header_present(self):
         """Verify that headers described in RFC are present in traces submitted to the agent"""
 

tests/test_sampling_rates.py

@@ -44,8 +44,8 @@ def _spans_with_parent(traces, parent_ids):
                     yield span
 
 
-@bug(context.library >= "golang@1.35.0" and context.library < "golang@1.36.2")
-@bug(context.agent_version < "7.33.0", reason="Before this version, tracerPayloads was named traces")
+@bug(context.library >= "golang@1.35.0" and context.library < "golang@1.36.2", reason="APMRP-360")
+@bug(context.agent_version < "7.33.0", reason="APMRP-360")
 @scenarios.sampling
 @features.twl_customer_controls_ingestion_dd_trace_sampling_rules
 @features.ensure_that_sampling_is_consistent_across_languages
@@ -66,7 +66,7 @@ def setup_sampling_rates(self):
         context.library > "nodejs@3.14.1" and context.library < "nodejs@4.8.0",
         reason="_sampling_priority_v1 is missing",
     )
-    @bug(context.library < "nodejs@5.17.0", reason="Unexpected amount of sampled traces")  # fixed version is not known
+    @bug(context.library < "nodejs@5.17.0", reason="APMRP-360")  # fixed version is not known
     @flaky(context.weblog_variant == "spring-boot-3-native", reason="Needs investigation")
     @flaky(library="golang", reason="Needs investigation")
     @flaky(library="ruby", reason="Needs investigation")