Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tickets to bug declarations on java #3084

Merged
merged 1 commit into from
Sep 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 16 additions & 18 deletions manifests/java.yml
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ tests/:
play: missing_feature
ratpack: missing_feature
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-openliberty: bug (not working as expected)
spring-boot-openliberty: bug (APPSEC-54981)
test_insecure_cookie.py:
TestInsecureCookie:
'*': v1.18.0
Expand Down Expand Up @@ -253,7 +253,7 @@ tests/:
ratpack: missing_feature
resteasy-netty3: missing_feature
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-openliberty: bug (not working as expected)
spring-boot-openliberty: bug (APPSEC-54981)
vertx3: missing_feature
vertx4: missing_feature
test_xpath_injection.py:
Expand Down Expand Up @@ -299,7 +299,7 @@ tests/:
TestCookieValue:
'*': v1.10.0
akka-http: v1.12.0
jersey-grizzly2: bug (name field of source not set)
jersey-grizzly2: bug (APPSEC-54982)
play: missing_feature
ratpack: missing_feature
resteasy-netty3: v1.11.0
Expand All @@ -323,7 +323,7 @@ tests/:
TestHeaderValue:
'*': v1.3.0
akka-http: v1.12.0
jersey-grizzly2: bug (name field of source not set)
jersey-grizzly2: bug (APPSEC-54982)
play: missing_feature
ratpack: missing_feature
resteasy-netty3: v1.11.0
Expand Down Expand Up @@ -377,7 +377,7 @@ tests/:
TestParameterValue:
'*': v1.1.0
akka-http: v1.12.0
jersey-grizzly2: bug (name field of source not set)
jersey-grizzly2: bug (APPSEC-54982)
play: missing_feature
ratpack: missing_feature
resteasy-netty3: v1.11.0
Expand Down Expand Up @@ -544,8 +544,7 @@ tests/:
ratpack: v0.99.0
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
vertx3: v0.99.0
vertx4: bug (Capability to read body content is incomplete after vert.x
4.0.0)
vertx4: bug (APPSEC-54983)
Test_BodyRaw:
'*': missing_feature
akka-http: v1.22.0
Expand All @@ -566,8 +565,7 @@ tests/:
ratpack: v0.99.0
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
vertx3: missing_feature
vertx4: bug (Capability to read body content is incomplete after vert.x
4.0.0)
vertx4: bug (APPSEC-54983)
Test_Cookies:
akka-http: v1.22.0
play: v1.22.0
Expand Down Expand Up @@ -779,7 +777,7 @@ tests/:
akka-http: v1.22.0
play: v1.22.0
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-payara: bug (blocking not working)
spring-boot-payara: bug (APPSEC-54985)
Test_Blocking_request_body_multipart:
'*': v1.15.0
akka-http: v1.22.0
Expand All @@ -788,8 +786,8 @@ tests/:
ratpack: missing_feature
resteasy-netty3: missing_feature
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-openliberty: bug
spring-boot-payara: bug (blocking not working)
spring-boot-openliberty: bug (APPSEC-54985)
spring-boot-payara: bug (APPSEC-54985)
Test_Blocking_request_cookies:
'*': missing_feature
akka-http: v1.22.0
Expand Down Expand Up @@ -906,9 +904,9 @@ tests/:
vertx4: v1.7.0
Test_Suspicious_Request_Blocking:
'*': v1.6.0
akka-http: bug
akka-http: bug (APPSEC-54985)
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
spring-boot-payara: bug
spring-boot-payara: bug (APPSEC-54985)
test_client_ip.py:
Test_StandardTagsClientIp: v0.114.0
test_conf.py:
Expand Down Expand Up @@ -1035,7 +1033,7 @@ tests/:
test_suspicious_attacker_blocking.py:
Test_Suspicious_Attacker_Blocking:
'*': v1.39.0
play: bug (endpoint returns 404)
play: bug (APPSEC-54986)
spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
test_traces.py:
Test_AppSecEventSpanTags:
Expand Down Expand Up @@ -1164,7 +1162,7 @@ tests/:
"*": irrelevant
spring-boot: v0.1 # real version not known
test_cassandra.py:
Test_Cassandra: bug (Endpoint is probably improperly implemented on weblog)
Test_Cassandra: bug (APMAPI-729)
test_db_integrations_sql.py:
Test_MsSql:
'*': missing_feature
Expand Down Expand Up @@ -1215,9 +1213,9 @@ tests/:
"*": irrelevant
spring-boot: bug (AIDM-325)
test_mongo.py:
Test_Mongo: bug (Endpoint is probably improperly implemented on weblog)
Test_Mongo: bug (APMAPI-729)
test_sql.py:
Test_Sql: bug (Endpoint is probably improperly implemented on weblog)
Test_Sql: bug (APMAPI-729)
k8s_lib_injection/:
test_k8s_manual_inject.py:
TestAdmisionControllerProfiling: v1.39.0
Expand Down
14 changes: 0 additions & 14 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,7 @@ allow_no_jira_ticket_for_bugs = [
"tests/appsec/test_traces.py::Test_AppSecEventSpanTags.test_header_collection",
"tests/appsec/test_traces.py::Test_RetainTraces",
"tests/appsec/test_user_blocking_full_denylist.py::Test_UserBlocking_FullDenylist.test_blocking_test",
"tests/appsec/waf/test_addresses.py::Test_BodyJson",
"tests/appsec/waf/test_addresses.py::Test_BodyUrlEncoded",
"tests/appsec/waf/test_addresses.py::Test_BodyXml",
"tests/appsec/waf/test_addresses.py::Test_BodyXml.test_xml_attr_value",
"tests/appsec/waf/test_addresses.py::Test_BodyXml.test_xml_content",
"tests/appsec/waf/test_miscs.py::Test_404",
Expand All @@ -85,18 +83,15 @@ allow_no_jira_ticket_for_bugs = [
"tests/auto_inject/test_auto_inject_install.py::TestInstallerAutoInjectManual.test_install_uninstall",
"tests/auto_inject/test_auto_inject_install.py::TestSimpleInstallerAutoInjectManual.test_install",
"tests/debugger/test_debugger_pii.py::Test_Debugger_PII_Redaction.test_pii_redaction_dotnet_2_50",
"tests/integrations/test_cassandra.py::Test_Cassandra",
"tests/integrations/test_db_integrations_sql.py::Test_MsSql.test_db_name",
"tests/integrations/test_db_integrations_sql.py::Test_MsSql.test_db_system",
"tests/integrations/test_db_integrations_sql.py::Test_MsSql.test_db_user",
"tests/integrations/test_db_integrations_sql.py::Test_Postgres.test_db_type",
"tests/integrations/test_dbm.py::Test_Dbm.test_trace_payload_service",
"tests/integrations/test_dsm.py::Test_DsmRabbitmq.test_dsm_rabbitmq",
"tests/integrations/test_mongo.py::Test_Mongo",
"tests/integrations/test_open_telemetry.py::_BaseOtelDbIntegrationTestClass.test_db_operation",
"tests/integrations/test_open_telemetry.py::Test_MsSql.test_db_operation",
"tests/integrations/test_open_telemetry.py::Test_MsSql.test_resource",
"tests/integrations/test_sql.py::Test_Sql",
"tests/k8s_lib_injection/test_k8s_init_image_validator.py::TestK8sInitImageValidator.test_valid_weblog_instrumented",
"tests/k8s_lib_injection/test_k8s_init_image_validator.py::TestK8sInitImageValidatorUnsupported.test_invalid_weblog_not_instrumented",

Expand Down Expand Up @@ -166,16 +161,7 @@ allow_no_jira_ticket_for_bugs = [
"tests/parametric/test_dynamic_configuration.py::TestDynamicConfigTracingEnabled",
"tests/parametric/test_dynamic_configuration.py::TestDynamicConfigV1",
"tests/parametric/test_dynamic_configuration.py::TestDynamicConfigV2",
"tests/appsec/test_blocking_addresses.py::Test_Suspicious_Request_Blocking",
"tests/appsec/iast/source/test_cookie_value.py::TestCookieValue",
"tests/appsec/iast/source/test_header_value.py::TestHeaderValue",
"tests/appsec/iast/source/test_parameter_value.py::TestParameterValue",
"tests/appsec/test_suspicious_attacker_blocking.py::Test_Suspicious_Attacker_Blocking",
"tests/appsec/iast/sink/test_xcontent_sniffing.py::Test_XContentSniffing",
"tests/appsec/iast/sink/test_insecure_auth_protocol.py::Test_InsecureAuthProtocol",
"tests/appsec/test_blocking_addresses.py::Test_Blocking_request_body_multipart",
"tests/parametric/test_config_consistency.py::Test_Config_TraceLogDirectory",
"tests/appsec/test_blocking_addresses.py::Test_Blocking_request_body",
]

[tool.pylint]
Expand Down
4 changes: 2 additions & 2 deletions tests/appsec/waf/test_addresses.py
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,7 @@ def test_body_value(self):
interfaces.library.assert_waf_attack(self.r_value, value='<vmlframe src="xss">', address="server.request.body")


@bug(context.library == "nodejs@2.8.0", reason="Capability to read body content is broken")
@bug(context.library == "nodejs@2.8.0", reason="APMRP-360")
@features.appsec_request_blocking
class Test_BodyJson:
"""Appsec supports <JSON encoded body>"""
Expand Down Expand Up @@ -305,7 +305,7 @@ def test_json_array(self):
interfaces.library.assert_waf_attack(self.r_array, value='<vmlframe src="xss">', address="server.request.body")


@bug(context.library == "nodejs@2.8.0", reason="Capability to read body content is broken")
@bug(context.library == "nodejs@2.8.0", reason="APMRP-360")
@features.appsec_request_blocking
class Test_BodyXml:
"""Appsec supports <XML encoded body>"""
Expand Down
Loading