diff --git a/spec/datadog/appsec/configuration/settings_spec.rb b/spec/datadog/appsec/configuration/settings_spec.rb index 7e2fbe07bf5..d3b33844a1b 100644 --- a/spec/datadog/appsec/configuration/settings_spec.rb +++ b/spec/datadog/appsec/configuration/settings_spec.rb @@ -90,13 +90,13 @@ def patcher context 'is not defined' do let(:rasp_enabled_env_var) { nil } - it { is_expected.to eq true } + it { expect(settings.appsec.rasp_enabled).to eq(true) } end context 'is defined' do let(:rasp_enabled_env_var) { 'false' } - it { is_expected.to eq(false) } + it { expect(settings.appsec.rasp_enabled).to eq(false) } end end end diff --git a/spec/datadog/appsec/contrib/active_record/mysql2_adapter_spec.rb b/spec/datadog/appsec/contrib/active_record/mysql2_adapter_spec.rb index cb50e1c19c8..e0598617dac 100644 --- a/spec/datadog/appsec/contrib/active_record/mysql2_adapter_spec.rb +++ b/spec/datadog/appsec/contrib/active_record/mysql2_adapter_spec.rb @@ -16,7 +16,6 @@ let(:ruleset) { Datadog::AppSec::Processor::RuleLoader.load_rules(ruleset: :recommended, telemetry: telemetry) } let(:processor) { Datadog::AppSec::Processor.new(ruleset: ruleset, telemetry: telemetry) } let(:context) { Datadog::AppSec::Context.new(trace, span, processor) } - let(:rasp_enabled) { true } let(:span) { Datadog::Tracing::SpanOperation.new('root') } let(:trace) { Datadog::Tracing::TraceOperation.new } @@ -55,8 +54,6 @@ Datadog::AppSec::Context.activate(context) - allow(Datadog::AppSec).to receive(:rasp_enabled?).and_return(rasp_enabled) - raise_on_rails_deprecation! end @@ -68,7 +65,9 @@ end context 'when RASP is disabled' do - let(:rasp_enabled) { false } + before do + allow(Datadog::AppSec).to receive(:rasp_enabled?).and_return(false) + end it 'does not call waf when querying using .where' do expect(Datadog::AppSec.active_context).not_to receive(:run_rasp) @@ -83,46 +82,52 @@ end end - it 'calls waf with correct arguments when querying using .where' do - expect(Datadog::AppSec.active_context).to( - receive(:run_rasp).with( - Datadog::AppSec::Ext::RASP_SQLI, - {}, - { - 'server.db.statement' => "SELECT `users`.* FROM `users` WHERE `users`.`name` = 'Bob'", - 'server.db.system' => 'mysql2' - }, - Datadog.configuration.appsec.waf_timeout - ).and_call_original - ) - - User.where(name: 'Bob').to_a - end + context 'when RASP is enabled' do + before do + allow(Datadog::AppSec).to receive(:rasp_enabled?).and_return(true) + end - it 'calls waf with correct arguments when querying using .find_by_sql' do - expect(Datadog::AppSec.active_context).to( - receive(:run_rasp).with( - Datadog::AppSec::Ext::RASP_SQLI, - {}, - { - 'server.db.statement' => "SELECT * FROM users WHERE name = 'Bob'", - 'server.db.system' => 'mysql2' - }, - Datadog.configuration.appsec.waf_timeout - ).and_call_original - ) - - User.find_by_sql("SELECT * FROM users WHERE name = 'Bob'").to_a - end + it 'calls waf with correct arguments when querying using .where' do + expect(Datadog::AppSec.active_context).to( + receive(:run_rasp).with( + Datadog::AppSec::Ext::RASP_SQLI, + {}, + { + 'server.db.statement' => "SELECT `users`.* FROM `users` WHERE `users`.`name` = 'Bob'", + 'server.db.system' => 'mysql2' + }, + Datadog.configuration.appsec.waf_timeout + ).and_call_original + ) + + User.where(name: 'Bob').to_a + end + + it 'calls waf with correct arguments when querying using .find_by_sql' do + expect(Datadog::AppSec.active_context).to( + receive(:run_rasp).with( + Datadog::AppSec::Ext::RASP_SQLI, + {}, + { + 'server.db.statement' => "SELECT * FROM users WHERE name = 'Bob'", + 'server.db.system' => 'mysql2' + }, + Datadog.configuration.appsec.waf_timeout + ).and_call_original + ) - it 'adds an event to processor context if waf result is a match' do - result = Datadog::AppSec::SecurityEngine::Result::Match.new( - events: [], actions: {}, derivatives: {}, timeout: false, duration_ns: 0, duration_ext_ns: 0 - ) + User.find_by_sql("SELECT * FROM users WHERE name = 'Bob'").to_a + end - expect(Datadog::AppSec.active_context).to receive(:run_rasp).and_return(result) - expect(Datadog::AppSec.active_context.events).to receive(:<<).and_call_original + it 'adds an event to processor context if waf result is a match' do + result = Datadog::AppSec::SecurityEngine::Result::Match.new( + events: [], actions: {}, derivatives: {}, timeout: false, duration_ns: 0, duration_ext_ns: 0 + ) - User.where(name: 'Bob').to_a + expect(Datadog::AppSec.active_context).to receive(:run_rasp).and_return(result) + expect(Datadog::AppSec.active_context.events).to receive(:<<).and_call_original + + User.where(name: 'Bob').to_a + end end end diff --git a/spec/datadog/appsec/contrib/active_record/postgresql_adapter_spec.rb b/spec/datadog/appsec/contrib/active_record/postgresql_adapter_spec.rb index 7b266acbb1a..40a14101820 100644 --- a/spec/datadog/appsec/contrib/active_record/postgresql_adapter_spec.rb +++ b/spec/datadog/appsec/contrib/active_record/postgresql_adapter_spec.rb @@ -16,7 +16,6 @@ let(:ruleset) { Datadog::AppSec::Processor::RuleLoader.load_rules(ruleset: :recommended, telemetry: telemetry) } let(:processor) { Datadog::AppSec::Processor.new(ruleset: ruleset, telemetry: telemetry) } let(:context) { Datadog::AppSec::Context.new(trace, span, processor) } - let(:rasp_enabled) { true } let(:span) { Datadog::Tracing::SpanOperation.new('root') } let(:trace) { Datadog::Tracing::TraceOperation.new } @@ -56,8 +55,6 @@ Datadog::AppSec::Context.activate(context) - allow(Datadog::AppSec).to receive(:rasp_enabled?).and_return(rasp_enabled) - raise_on_rails_deprecation! end @@ -69,7 +66,9 @@ end context 'when RASP is disabled' do - let(:rasp_enabled) { false } + before do + allow(Datadog::AppSec).to receive(:rasp_enabled?).and_return(false) + end it 'does not call waf when querying using .where' do expect(Datadog::AppSec.active_context).not_to receive(:run_rasp) @@ -84,52 +83,58 @@ end end - it 'calls waf with correct arguments when querying using .where' do - expected_db_statement = if PlatformHelpers.jruby? - 'SELECT "users".* FROM "users" WHERE "users"."name" = ?' - else - 'SELECT "users".* FROM "users" WHERE "users"."name" = $1' - end - - expect(Datadog::AppSec.active_context).to( - receive(:run_rasp).with( - Datadog::AppSec::Ext::RASP_SQLI, - {}, - { - 'server.db.statement' => expected_db_statement, - 'server.db.system' => 'postgresql' - }, - Datadog.configuration.appsec.waf_timeout - ).and_call_original - ) - - User.where(name: 'Bob').to_a - end + context 'when RASP is enabled' do + before do + allow(Datadog::AppSec).to receive(:rasp_enabled?).and_return(true) + end - it 'calls waf with correct arguments when querying using .find_by_sql' do - expect(Datadog::AppSec.active_context).to( - receive(:run_rasp).with( - Datadog::AppSec::Ext::RASP_SQLI, - {}, - { - 'server.db.statement' => "SELECT * FROM users WHERE name = 'Bob'", - 'server.db.system' => 'postgresql' - }, - Datadog.configuration.appsec.waf_timeout - ).and_call_original - ) - - User.find_by_sql("SELECT * FROM users WHERE name = 'Bob'").to_a - end + it 'calls waf with correct arguments when querying using .where' do + expected_db_statement = if PlatformHelpers.jruby? + 'SELECT "users".* FROM "users" WHERE "users"."name" = ?' + else + 'SELECT "users".* FROM "users" WHERE "users"."name" = $1' + end + + expect(Datadog::AppSec.active_context).to( + receive(:run_rasp).with( + Datadog::AppSec::Ext::RASP_SQLI, + {}, + { + 'server.db.statement' => expected_db_statement, + 'server.db.system' => 'postgresql' + }, + Datadog.configuration.appsec.waf_timeout + ).and_call_original + ) + + User.where(name: 'Bob').to_a + end + + it 'calls waf with correct arguments when querying using .find_by_sql' do + expect(Datadog::AppSec.active_context).to( + receive(:run_rasp).with( + Datadog::AppSec::Ext::RASP_SQLI, + {}, + { + 'server.db.statement' => "SELECT * FROM users WHERE name = 'Bob'", + 'server.db.system' => 'postgresql' + }, + Datadog.configuration.appsec.waf_timeout + ).and_call_original + ) - it 'adds an event to processor context if waf result is a match' do - result = Datadog::AppSec::SecurityEngine::Result::Match.new( - events: [], actions: {}, derivatives: {}, timeout: false, duration_ns: 0, duration_ext_ns: 0 - ) + User.find_by_sql("SELECT * FROM users WHERE name = 'Bob'").to_a + end - expect(Datadog::AppSec.active_context).to receive(:run_rasp).and_return(result) - expect(Datadog::AppSec.active_context.events).to receive(:<<).and_call_original + it 'adds an event to processor context if waf result is a match' do + result = Datadog::AppSec::SecurityEngine::Result::Match.new( + events: [], actions: {}, derivatives: {}, timeout: false, duration_ns: 0, duration_ext_ns: 0 + ) - User.where(name: 'Bob').to_a + expect(Datadog::AppSec.active_context).to receive(:run_rasp).and_return(result) + expect(Datadog::AppSec.active_context.events).to receive(:<<).and_call_original + + User.where(name: 'Bob').to_a + end end end diff --git a/spec/datadog/appsec/contrib/active_record/sqlite3_adapter_spec.rb b/spec/datadog/appsec/contrib/active_record/sqlite3_adapter_spec.rb index aa121a924b6..203780f834d 100644 --- a/spec/datadog/appsec/contrib/active_record/sqlite3_adapter_spec.rb +++ b/spec/datadog/appsec/contrib/active_record/sqlite3_adapter_spec.rb @@ -16,7 +16,6 @@ let(:ruleset) { Datadog::AppSec::Processor::RuleLoader.load_rules(ruleset: :recommended, telemetry: telemetry) } let(:processor) { Datadog::AppSec::Processor.new(ruleset: ruleset, telemetry: telemetry) } let(:context) { Datadog::AppSec::Context.new(trace, span, processor) } - let(:rasp_enabled) { true } let(:span) { Datadog::Tracing::SpanOperation.new('root') } let(:trace) { Datadog::Tracing::TraceOperation.new } @@ -49,8 +48,6 @@ Datadog::AppSec::Context.activate(context) - allow(Datadog::AppSec).to receive(:rasp_enabled?).and_return(rasp_enabled) - raise_on_rails_deprecation! end @@ -62,7 +59,9 @@ end context 'when RASP is disabled' do - let(:rasp_enabled) { false } + before do + allow(Datadog::AppSec).to receive(:rasp_enabled?).and_return(false) + end it 'does not call waf when querying using .where' do expect(Datadog::AppSec.active_context).not_to receive(:run_rasp) @@ -77,46 +76,52 @@ end end - it 'calls waf with correct arguments when querying using .where' do - expect(Datadog::AppSec.active_context).to( - receive(:run_rasp).with( - Datadog::AppSec::Ext::RASP_SQLI, - {}, - { - 'server.db.statement' => 'SELECT "users".* FROM "users" WHERE "users"."name" = ?', - 'server.db.system' => 'sqlite' - }, - Datadog.configuration.appsec.waf_timeout - ).and_call_original - ) - - User.where(name: 'Bob').to_a - end + context 'when RASP is enabled' do + before do + allow(Datadog::AppSec).to receive(:rasp_enabled?).and_return(true) + end - it 'calls waf with correct arguments when querying using .find_by_sql' do - expect(Datadog::AppSec.active_context).to( - receive(:run_rasp).with( - Datadog::AppSec::Ext::RASP_SQLI, - {}, - { - 'server.db.statement' => "SELECT * FROM users WHERE name = 'Bob'", - 'server.db.system' => 'sqlite' - }, - Datadog.configuration.appsec.waf_timeout - ).and_call_original - ) - - User.find_by_sql("SELECT * FROM users WHERE name = 'Bob'").to_a - end + it 'calls waf with correct arguments when querying using .where' do + expect(Datadog::AppSec.active_context).to( + receive(:run_rasp).with( + Datadog::AppSec::Ext::RASP_SQLI, + {}, + { + 'server.db.statement' => 'SELECT "users".* FROM "users" WHERE "users"."name" = ?', + 'server.db.system' => 'sqlite' + }, + Datadog.configuration.appsec.waf_timeout + ).and_call_original + ) + + User.where(name: 'Bob').to_a + end + + it 'calls waf with correct arguments when querying using .find_by_sql' do + expect(Datadog::AppSec.active_context).to( + receive(:run_rasp).with( + Datadog::AppSec::Ext::RASP_SQLI, + {}, + { + 'server.db.statement' => "SELECT * FROM users WHERE name = 'Bob'", + 'server.db.system' => 'sqlite' + }, + Datadog.configuration.appsec.waf_timeout + ).and_call_original + ) - it 'adds an event to processor context if waf result is a match' do - result = Datadog::AppSec::SecurityEngine::Result::Match.new( - events: [], actions: {}, derivatives: {}, timeout: false, duration_ns: 0, duration_ext_ns: 0 - ) + User.find_by_sql("SELECT * FROM users WHERE name = 'Bob'").to_a + end - expect(Datadog::AppSec.active_context).to receive(:run_rasp).and_return(result) - expect(Datadog::AppSec.active_context.events).to receive(:<<).and_call_original + it 'adds an event to processor context if waf result is a match' do + result = Datadog::AppSec::SecurityEngine::Result::Match.new( + events: [], actions: {}, derivatives: {}, timeout: false, duration_ns: 0, duration_ext_ns: 0 + ) - User.where(name: 'Bob').to_a + expect(Datadog::AppSec.active_context).to receive(:run_rasp).and_return(result) + expect(Datadog::AppSec.active_context.events).to receive(:<<).and_call_original + + User.where(name: 'Bob').to_a + end end end