diff --git a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetWebApi.cs b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetWebApi.cs index 706f579ec633..3087b3e50ff4 100644 --- a/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetWebApi.cs +++ b/tracer/test/Datadog.Trace.Security.IntegrationTests/AspNetWebApi.cs @@ -106,6 +106,22 @@ public async Task TestBlockedRequest(string test) await TestAppSecRequestWithVerifyAsync(_iisFixture.Agent, url, null, 5, 1, settings, userAgent: "Hello/V"); } + [Trait("Category", "EndToEnd")] + [Trait("RunOnWindows", "True")] + [Trait("LoadFromGAC", "True")] + [SkippableTheory] + [InlineData(AddressesConstants.RequestPathParams, "/api/route/2?arg=[blocking_test]")] + [InlineData(AddressesConstants.RequestBody, "/api/Home/Upload", "{\"Property1\": \"[blocking_test]\"}")] + public async Task TestBlockedRequests(string test, string url, string body = null) + { + var sanitisedUrl = VerifyHelper.SanitisePathsForVerify(url); + var settings = VerifyHelper.GetSpanVerifierSettings(test, sanitisedUrl, body); + + var expectedSpans = test == AddressesConstants.RequestPathParams ? 1 : 2; + + await TestAppSecRequestWithVerifyAsync(_iisFixture.Agent, url, body, 5, expectedSpans, settings, "application/json"); + } + [SkippableFact] public async Task TestNullAction() { diff --git a/tracer/test/Datadog.Trace.Security.IntegrationTests/ruleset.3.0.json b/tracer/test/Datadog.Trace.Security.IntegrationTests/ruleset.3.0.json index 3c7740fb8083..8d747488a7ab 100644 --- a/tracer/test/Datadog.Trace.Security.IntegrationTests/ruleset.3.0.json +++ b/tracer/test/Datadog.Trace.Security.IntegrationTests/ruleset.3.0.json @@ -5946,6 +5946,42 @@ "on_match": [ "block" ] + }, + { + "id": "block-on-path-params", + "name": "Block on path params", + "tags": { + "type": "nosql_injection", + "crs_id": "000009", + "category": "attack_attempt" + }, + "conditions": [ + { + "parameters": { + "inputs": [ + { + "address": "server.request.query" + }, + { + "address": "server.request.body" + }, + { + "address": "server.request.path_params" + } + ], + "regex": "(?i:(?:\\[blocking_test\\]))", + "options": { + "case_sensitive": true, + "min_length": 5 + } + }, + "operator": "match_regex" + } + ], + "transformers": [], + "on_match": [ + "block" + ] } ] } \ No newline at end of file diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=False.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=False.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt new file mode 100644 index 000000000000..aa6e6b09c085 --- /dev/null +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=False.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt @@ -0,0 +1,237 @@ +[ + { + TraceId: Id_1, + SpanId: Id_2, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_3, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_1, + SpanId: Id_3, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_4, + SpanId: Id_5, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_6, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_4, + SpanId: Id_6, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_7, + SpanId: Id_8, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_9, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_7, + SpanId: Id_9, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_10, + SpanId: Id_11, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_12, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_10, + SpanId: Id_12, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_13, + SpanId: Id_14, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_15, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_13, + SpanId: Id_15, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + } +] \ No newline at end of file diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=False.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=False.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt new file mode 100644 index 000000000000..b3f43ae6a294 --- /dev/null +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=False.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt @@ -0,0 +1,237 @@ +[ + { + TraceId: Id_1, + SpanId: Id_2, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_3, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_1, + SpanId: Id_3, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_4, + SpanId: Id_5, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_6, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_4, + SpanId: Id_6, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_7, + SpanId: Id_8, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_9, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_7, + SpanId: Id_9, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_10, + SpanId: Id_11, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_12, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_10, + SpanId: Id_12, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_13, + SpanId: Id_14, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_15, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_13, + SpanId: Id_15, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + } +] \ No newline at end of file diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt new file mode 100644 index 000000000000..19b2638823eb --- /dev/null +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt @@ -0,0 +1,347 @@ +[ + { + TraceId: Id_1, + SpanId: Id_2, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_3, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_1, + SpanId: Id_3, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_4, + SpanId: Id_5, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_6, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_4, + SpanId: Id_6, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_7, + SpanId: Id_8, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_9, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_7, + SpanId: Id_9, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_10, + SpanId: Id_11, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_12, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_10, + SpanId: Id_12, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_13, + SpanId: Id_14, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_15, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_13, + SpanId: Id_15, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + } +] \ No newline at end of file diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt new file mode 100644 index 000000000000..01089b212941 --- /dev/null +++ b/tracer/test/snapshots/Security.AspNetWebApi.Classic.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt @@ -0,0 +1,222 @@ +[ + { + TraceId: Id_1, + SpanId: Id_2, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_3, + SpanId: Id_4, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_5, + SpanId: Id_6, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_7, + SpanId: Id_8, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_9, + SpanId: Id_10, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + } +] \ No newline at end of file diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=False.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=False.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt new file mode 100644 index 000000000000..aa6e6b09c085 --- /dev/null +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=False.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt @@ -0,0 +1,237 @@ +[ + { + TraceId: Id_1, + SpanId: Id_2, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_3, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_1, + SpanId: Id_3, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_4, + SpanId: Id_5, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_6, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_4, + SpanId: Id_6, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_7, + SpanId: Id_8, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_9, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_7, + SpanId: Id_9, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_10, + SpanId: Id_11, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_12, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_10, + SpanId: Id_12, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_13, + SpanId: Id_14, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_15, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_13, + SpanId: Id_15, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 204, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + } +] \ No newline at end of file diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=False.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=False.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt new file mode 100644 index 000000000000..b3f43ae6a294 --- /dev/null +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=False.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt @@ -0,0 +1,237 @@ +[ + { + TraceId: Id_1, + SpanId: Id_2, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_3, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_1, + SpanId: Id_3, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_4, + SpanId: Id_5, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_6, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_4, + SpanId: Id_6, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_7, + SpanId: Id_8, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_9, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_7, + SpanId: Id_9, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_10, + SpanId: Id_11, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_12, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_10, + SpanId: Id_12, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + }, + { + TraceId: Id_13, + SpanId: Id_14, + Name: aspnet-webapi.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + ParentId: Id_15, + Tags: { + aspnet.controller: route, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server + } + }, + { + TraceId: Id_13, + SpanId: Id_15, + Name: aspnet.request, + Resource: GET /api/route/{id}, + Service: sample, + Type: web, + Tags: { + env: integration_tests, + http.method: GET, + http.request.headers.host: localhost:00000, + http.route: api/{controller}/{id}, + http.status_code: 200, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + runtime-id: Guid_1, + span.kind: server + }, + Metrics: { + process_id: 0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 1.0 + } + } +] \ No newline at end of file diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt new file mode 100644 index 000000000000..3cd14a8d9588 --- /dev/null +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.body_url=_api_Home_Upload_body={-Property1-- -[blocking_test]-}.verified.txt @@ -0,0 +1,357 @@ +[ + { + TraceId: Id_1, + SpanId: Id_2, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_3, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_1, + SpanId: Id_3, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-length: 167, + http.response.headers.content-type: application/json; charset=utf-8, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_4, + SpanId: Id_5, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_6, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_4, + SpanId: Id_6, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-length: 167, + http.response.headers.content-type: application/json; charset=utf-8, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_7, + SpanId: Id_8, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_9, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_7, + SpanId: Id_9, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-length: 167, + http.response.headers.content-type: application/json; charset=utf-8, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_10, + SpanId: Id_11, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_12, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_10, + SpanId: Id_12, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-length: 167, + http.response.headers.content-type: application/json; charset=utf-8, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_13, + SpanId: Id_14, + Name: aspnet-webapi.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + ParentId: Id_15, + Tags: { + aspnet.controller: home, + aspnet.route: api/{controller}/{id}, + env: integration_tests, + http.method: POST, + http.request.headers.host: localhost:00000, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + span.kind: server, + _dd.origin: appsec + } + }, + { + TraceId: Id_13, + SpanId: Id_15, + Name: aspnet.request, + Resource: POST /api/home/{id}, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: POST, + http.request.headers.content-length: 32, + http.request.headers.content-type: application/json; charset=utf-8, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-length: 167, + http.response.headers.content-type: application/json; charset=utf-8, + http.route: api/{controller}/{id}, + http.status_code: 403, + http.url: http://localhost:00000/api/Home/Upload, + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-post-ae7cd782--2d59fcb7, + _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.body","highlight":["[blocking_test]"],"key_path":["miscModel","Property1"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + } +] \ No newline at end of file diff --git a/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt new file mode 100644 index 000000000000..d9d6e95c4164 --- /dev/null +++ b/tracer/test/snapshots/Security.AspNetWebApi.Integrated.enableSecurity=True.__test=server.request.path_params_url=_api_route_2-arg=[blocking_test]_body=null.verified.txt @@ -0,0 +1,227 @@ +[ + { + TraceId: Id_1, + SpanId: Id_2, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-type: application/json; charset=utf-8, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_3, + SpanId: Id_4, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-type: application/json; charset=utf-8, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_5, + SpanId: Id_6, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-type: application/json; charset=utf-8, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_7, + SpanId: Id_8, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-type: application/json; charset=utf-8, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + }, + { + TraceId: Id_9, + SpanId: Id_10, + Name: aspnet.request, + Resource: GET /api/route/?, + Service: sample, + Type: web, + Tags: { + actor.ip: 86.242.244.246, + appsec.blocked: true, + appsec.event: true, + env: integration_tests, + http.client_ip: 127.0.0.1, + http.method: GET, + http.request.headers.host: localhost:00000, + http.request.headers.user-agent: Mistake Not..., + http.request.headers.x-forwarded-for: 86.242.244.246, + http.response.headers.content-type: application/json; charset=utf-8, + http.status_code: 403, + http.url: http://localhost:00000/api/route/2?arg=[blocking_test], + http.useragent: Mistake Not..., + language: dotnet, + network.client.ip: ::1, + runtime-id: Guid_1, + span.kind: server, + _dd.appsec.fp.http.endpoint: http-get-33e6044f-b25f03de-, + _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, + _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.json: {"triggers":[{"rule":{"id":"block-on-path-params","name":"Block on path params","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[blocking_test\\]))","parameters":[{"address":"server.request.query","highlight":["[blocking_test]"],"key_path":["arg","0"],"value":"[blocking_test]"}]}]}]}, + _dd.origin: appsec, + _dd.runtime_family: dotnet + }, + Metrics: { + process_id: 0, + _dd.appsec.enabled: 1.0, + _dd.appsec.waf.duration: 0.0, + _dd.appsec.waf.duration_ext: 0.0, + _dd.top_level: 1.0, + _dd.tracer_kr: 1.0, + _sampling_priority_v1: 2.0 + }, + MetaStruct: { + appsec: + } + } +] \ No newline at end of file