From 9b7d9726cc00a4bf9b7be696fa6757ca99ffd351 Mon Sep 17 00:00:00 2001
From: "Santiago M. Mola" <santiago.mola@datadoghq.com>
Date: Tue, 16 Apr 2024 17:34:16 +0200
Subject: [PATCH] Avoid false XPASS in test_reports.py (#2345)

* Avoid false XPASS in test_reports.py
* Fix for Nextjs (multiple appsec events)
---
 manifests/java.yml           |  6 +++-
 tests/appsec/test_reports.py | 61 +++++++++++++++++++++++-------------
 2 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/manifests/java.yml b/manifests/java.yml
index 9a35a1ffde..ae9931dc43 100644
--- a/manifests/java.yml
+++ b/manifests/java.yml
@@ -733,7 +733,10 @@ tests/:
     test_reports.py:
       Test_AttackTimestamp:
         akka-http: v1.22.0
-      Test_ExtraTagsFromRule: v1.22.0    # Supported since v1.22.0
+        spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
+      Test_ExtraTagsFromRule:
+        '*': v1.22.0
+        spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
       Test_HttpClientIP:
         '*': v0.98.1
         akka-http: v1.22.0
@@ -752,6 +755,7 @@ tests/:
         spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
       Test_TagsFromRule:
         akka-http: v1.22.0
+        spring-boot-3-native: missing_feature (GraalVM. Tracing support only)
     test_request_blocking.py:
       Test_AppSecRequestBlocking:
         '*': missing_feature
diff --git a/tests/appsec/test_reports.py b/tests/appsec/test_reports.py
index fdc4089e3a..9325ac191b 100644
--- a/tests/appsec/test_reports.py
+++ b/tests/appsec/test_reports.py
@@ -146,36 +146,53 @@ def test_http_request_headers(self):
 
 @features.security_events_metadata
 class Test_TagsFromRule:
-    """Tags (Category & event type) from the rule"""
+    """Tags tags from the rule"""
 
-    def setup_basic(self):
-        self.r = weblog.get("/waf/", headers={"User-Agent": "Arachni/v1"})
+    def _setup(self):
+        if not hasattr(self, "r"):
+            self.r = weblog.get("/waf/", headers={"User-Agent": "Arachni/v1"})
 
-    @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
-    def test_basic(self):
-        """attack timestamp is given by start property of span"""
+    def setup_type(self):
+        self._setup()
+
+    def test_type(self):
+        """Type tag is set"""
+        for trigger in _get_appsec_triggers(self.r):
+            assert "type" in trigger["rule"]["tags"]
+
+    def setup_category(self):
+        self._setup()
 
-        for _, _, _, appsec_data in interfaces.library.get_appsec_events(request=self.r):
-            for trigger in appsec_data["triggers"]:
-                assert "rule" in trigger
-                assert "tags" in trigger["rule"]
-                assert "type" in trigger["rule"]["tags"]
-                assert "category" in trigger["rule"]["tags"]
+    def test_category(self):
+        """Category tag is set"""
+        for trigger in _get_appsec_triggers(self.r):
+            assert "category" in trigger["rule"]["tags"]
 
 
 @features.security_events_metadata
 class Test_ExtraTagsFromRule:
     """Extra tags may be added to the rule match since libddwaf 1.10.0"""
 
-    def setup_basic(self):
+    def setup_tool_name(self):
         self.r = weblog.get("/waf/", headers={"User-Agent": "Arachni/v1"})
 
-    def test_basic(self):
-        for _, _, _, appsec_data in interfaces.library.get_appsec_events(request=self.r):
-            for trigger in appsec_data["triggers"]:
-                assert "rule" in trigger
-                assert "tags" in trigger["rule"]
-                assert "tool_name" in trigger["rule"]["tags"]
+    def test_tool_name(self):
+        """Tool name tag is set"""
+        for trigger in _get_appsec_triggers(self.r):
+            assert "tool_name" in trigger["rule"]["tags"]
+
+
+def _get_appsec_triggers(request):
+    datas = [appsec_data for _, _, _, appsec_data in interfaces.library.get_appsec_events(request=request)]
+    assert datas, "No AppSec events found"
+    triggers = []
+    for data in datas:
+        triggers += data["triggers"]
+    assert triggers, "No triggers found"
+    for trigger in triggers:
+        assert "rule" in trigger
+        assert "tags" in trigger["rule"]
+    return triggers
 
 
 @features.security_events_metadata
@@ -185,10 +202,10 @@ class Test_AttackTimestamp:
     def setup_basic(self):
         self.r = weblog.get("/waf/", headers={"User-Agent": "Arachni/v1"})
 
-    @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
     def test_basic(self):
         """attack timestamp is given by start property of span"""
-
-        for _, _, span, _ in interfaces.library.get_appsec_events(request=self.r):
+        spans = [span for _, _, span, _ in interfaces.library.get_appsec_events(request=self.r)]
+        assert spans, "No AppSec events found"
+        for span in spans:
             assert "start" in span, "span should contain start property"
             assert isinstance(span["start"], int), f"start property should an int, not {repr(span['start'])}"