Skip to content

Commit

Permalink
Merge pull request #2281 from DataDog/cbeauchesne/fix-false-positives
Browse files Browse the repository at this point in the history
Merge some tests with negative searchs to avoid false positive
  • Loading branch information
cbeauchesne authored Mar 29, 2024
2 parents 7cd401f + 8014e8a commit d72123d
Showing 1 changed file with 10 additions and 12 deletions.
22 changes: 10 additions & 12 deletions tests/appsec/test_customconf.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@
class Test_CorruptedRules:
"""AppSec do not report anything if rule file is invalid"""

def setup_c05(self):
self.r_1 = weblog.get("/", headers={"User-Agent": "Arachni/v1"})
self.r_2 = weblog.get("/waf", params={"attack": "<script>"})

@missing_feature(library="golang")
@missing_feature(library="nodejs")
@missing_feature(library="python")
Expand All @@ -24,12 +28,7 @@ def test_c05(self):
"""Log C5: Rules file is corrupted"""
stdout.assert_presence(r"AppSec could not read the rule file .* as it was invalid: .*", level="CRITICAL")

def setup_no_attack_detected(self):
self.r_1 = weblog.get("/", headers={"User-Agent": "Arachni/v1"})
self.r_2 = weblog.get("/waf", params={"attack": "<script>"})

def test_no_attack_detected(self):
""" Appsec does not catch any attack """
# Appsec does not catch any attack
interfaces.library.assert_no_appsec_event(self.r_1)
interfaces.library.assert_no_appsec_event(self.r_2)

Expand All @@ -39,6 +38,10 @@ def test_no_attack_detected(self):
class Test_MissingRules:
"""AppSec do not report anything if rule file is missing"""

def setup_c04(self):
self.r_1 = weblog.get("/", headers={"User-Agent": "Arachni/v1"})
self.r_2 = weblog.get("/waf", params={"attack": "<script>"})

@missing_feature(library="golang")
@missing_feature(library="nodejs")
@missing_feature(library="python")
Expand All @@ -54,12 +57,7 @@ def test_c04(self):
level="CRITICAL",
)

def setup_no_attack_detected(self):
self.r_1 = weblog.get("/", headers={"User-Agent": "Arachni/v1"})
self.r_2 = weblog.get("/waf", params={"attack": "<script>"})

def test_no_attack_detected(self):
""" Appsec does not catch any attack """
# Appsec does not catch any attack
interfaces.library.assert_no_appsec_event(self.r_1)
interfaces.library.assert_no_appsec_event(self.r_2)

Expand Down

0 comments on commit d72123d

Please sign in to comment.