From 62753de63b5fc33c27d9ad915738bca60fad4c09 Mon Sep 17 00:00:00 2001 From: Santiago Mola Date: Wed, 21 Jun 2023 16:13:21 +0200 Subject: [PATCH 1/7] WIP --- utils/build/docker/java/app.sh | 0 .../docker/java/spring-boot-payara.Dockerfile | 35 +++++++++++++++++++ utils/build/docker/java/spring-boot/pom.xml | 24 +++++++++++++ 3 files changed, 59 insertions(+) mode change 100644 => 100755 utils/build/docker/java/app.sh create mode 100644 utils/build/docker/java/spring-boot-payara.Dockerfile diff --git a/utils/build/docker/java/app.sh b/utils/build/docker/java/app.sh old mode 100644 new mode 100755 diff --git a/utils/build/docker/java/spring-boot-payara.Dockerfile b/utils/build/docker/java/spring-boot-payara.Dockerfile new file mode 100644 index 0000000000..4297fa022c --- /dev/null +++ b/utils/build/docker/java/spring-boot-payara.Dockerfile @@ -0,0 +1,35 @@ +FROM maven:3.9-eclipse-temurin-11 as build + +COPY ./utils/build/docker/java/iast-common/src /iast-common/src + +WORKDIR /app + +COPY ./utils/build/docker/java/spring-boot/pom.xml . +RUN mkdir /maven && mvn -Dmaven.repo.local=/maven -B dependency:go-offline -Ppayara + +COPY ./utils/build/docker/java/spring-boot/src ./src +RUN mvn -Dmaven.repo.local=/maven package -Ppayara + +COPY ./utils/build/docker/java/install_ddtrace.sh binaries* /binaries/ +RUN /binaries/install_ddtrace.sh + +FROM payara/micro:latest + +WORKDIR /app +COPY --from=build /binaries/SYSTEM_TESTS_LIBRARY_VERSION SYSTEM_TESTS_LIBRARY_VERSION +COPY --from=build /binaries/SYSTEM_TESTS_LIBDDWAF_VERSION SYSTEM_TESTS_LIBDDWAF_VERSION +COPY --from=build /binaries/SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION +COPY --from=build /app/target/myproject-0.0.1-SNAPSHOT.war /opt/payara/deployments/app.war + +COPY --from=build /dd-tracer/dd-java-agent.jar . + +USER root +RUN set -eux;\ + mkdir -p /app;\ + chown -R payara /app;\ + chmod a+rwx / /app +USER payara + +ENV DD_TRACE_HEADER_TAGS='user-agent:http.request.headers.user-agent' +ENV DD_DATA_STREAMS_ENABLED=true + diff --git a/utils/build/docker/java/spring-boot/pom.xml b/utils/build/docker/java/spring-boot/pom.xml index e5ee962e4e..582e24899c 100644 --- a/utils/build/docker/java/spring-boot/pom.xml +++ b/utils/build/docker/java/spring-boot/pom.xml @@ -233,6 +233,30 @@ + + payara + + war + + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-tomcat + + + + + javax.servlet + javax.servlet-api + 3.0.1 + provided + + + wildfly From d8efa10f602e2dccb53885bbb003e9d63215f68d Mon Sep 17 00:00:00 2001 From: Santiago Mola Date: Thu, 22 Jun 2023 12:43:43 +0200 Subject: [PATCH 2/7] SERVER full --- tests/appsec/corrupted_rules.yml | 1 + utils/build/build.sh | 10 +++++----- utils/build/docker/java/app-payara.sh | 4 ++++ .../build/docker/java/spring-boot-payara.Dockerfile | 12 ++++++++++-- utils/build/docker/java/spring-boot/pom.xml | 2 +- .../src/main/webapp/WEB-INF/glassfish-web.xml | 7 +++++++ .../docker/set-system-tests-weblog-env.Dockerfile | 5 ++--- utils/build/docker/weblog-cmd.sh | 4 ++-- 8 files changed, 32 insertions(+), 13 deletions(-) create mode 100644 tests/appsec/corrupted_rules.yml create mode 100644 utils/build/docker/java/app-payara.sh create mode 100644 utils/build/docker/java/spring-boot/src/main/webapp/WEB-INF/glassfish-web.xml diff --git a/tests/appsec/corrupted_rules.yml b/tests/appsec/corrupted_rules.yml new file mode 100644 index 0000000000..24c1f5b093 --- /dev/null +++ b/tests/appsec/corrupted_rules.yml @@ -0,0 +1 @@ +corrupted::data diff --git a/utils/build/build.sh b/utils/build/build.sh index 32672917d2..d44005fe4e 100755 --- a/utils/build/build.sh +++ b/utils/build/build.sh @@ -5,7 +5,7 @@ # Copyright 2021 Datadog, Inc. set -eu - +set -x # set .env if exists. Allow users to keep their conf via env vars if [[ -f "./.env" ]]; then source ./.env @@ -226,10 +226,10 @@ build() { # If anybody has an idea to achieve this in a cleanest way ... echo "Getting system test context and saving it in weblog image" - SYSTEM_TESTS_LIBRARY_VERSION=$(docker run --rm system_tests/weblog cat SYSTEM_TESTS_LIBRARY_VERSION) - SYSTEM_TESTS_PHP_APPSEC_VERSION=$(docker run --rm system_tests/weblog bash -c "touch SYSTEM_TESTS_PHP_APPSEC_VERSION && cat SYSTEM_TESTS_PHP_APPSEC_VERSION") - SYSTEM_TESTS_LIBDDWAF_VERSION=$(docker run --rm system_tests/weblog cat SYSTEM_TESTS_LIBDDWAF_VERSION) - SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION=$(docker run --rm system_tests/weblog cat SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION) + SYSTEM_TESTS_LIBRARY_VERSION=$(docker run --rm --entrypoint cat system_tests/weblog SYSTEM_TESTS_LIBRARY_VERSION) + SYSTEM_TESTS_PHP_APPSEC_VERSION=$(docker run --rm --entrypoint /bin/sh system_tests/weblog -c "[ -f SYSTEM_TESTS_PHP_APPSEC_VERSION ] && cat SYSTEM_TESTS_PHP_APPSEC_VERSION || true") + SYSTEM_TESTS_LIBDDWAF_VERSION=$(docker run --rm --entrypoint cat system_tests/weblog SYSTEM_TESTS_LIBDDWAF_VERSION) + SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION=$(docker run --rm --entrypoint cat system_tests/weblog SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION) docker buildx build \ --build-arg BUILDKIT_INLINE_CACHE=1 \ diff --git a/utils/build/docker/java/app-payara.sh b/utils/build/docker/java/app-payara.sh new file mode 100644 index 0000000000..7249fb4243 --- /dev/null +++ b/utils/build/docker/java/app-payara.sh @@ -0,0 +1,4 @@ +#!/bin/sh +set -eu +cd /opt/payara +exec /opt/payara/scripts/entrypoint.sh --deploymentDir /opt/payara/deployments \ No newline at end of file diff --git a/utils/build/docker/java/spring-boot-payara.Dockerfile b/utils/build/docker/java/spring-boot-payara.Dockerfile index 4297fa022c..a380010609 100644 --- a/utils/build/docker/java/spring-boot-payara.Dockerfile +++ b/utils/build/docker/java/spring-boot-payara.Dockerfile @@ -13,17 +13,21 @@ RUN mvn -Dmaven.repo.local=/maven package -Ppayara COPY ./utils/build/docker/java/install_ddtrace.sh binaries* /binaries/ RUN /binaries/install_ddtrace.sh -FROM payara/micro:latest +FROM payara/server-full:latest WORKDIR /app COPY --from=build /binaries/SYSTEM_TESTS_LIBRARY_VERSION SYSTEM_TESTS_LIBRARY_VERSION COPY --from=build /binaries/SYSTEM_TESTS_LIBDDWAF_VERSION SYSTEM_TESTS_LIBDDWAF_VERSION COPY --from=build /binaries/SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION COPY --from=build /app/target/myproject-0.0.1-SNAPSHOT.war /opt/payara/deployments/app.war - COPY --from=build /dd-tracer/dd-java-agent.jar . +COPY ./utils/build/docker/java/app-payara.sh /app/app.sh USER root + +# DEBUG +#RUN sed -i -e 's~INFO~FINE~g' /opt/payara/appserver/glassfish/domains/domain1/config/logging.properties + RUN set -eux;\ mkdir -p /app;\ chown -R payara /app;\ @@ -33,3 +37,7 @@ USER payara ENV DD_TRACE_HEADER_TAGS='user-agent:http.request.headers.user-agent' ENV DD_DATA_STREAMS_ENABLED=true +# payara/micro uses an entry point and we need to unset it. +# ENTRYPOINT [] +# but payara/server-full uses tini, which is fine. +CMD ["/app/app.sh"] diff --git a/utils/build/docker/java/spring-boot/pom.xml b/utils/build/docker/java/spring-boot/pom.xml index 582e24899c..d4a99b7958 100644 --- a/utils/build/docker/java/spring-boot/pom.xml +++ b/utils/build/docker/java/spring-boot/pom.xml @@ -10,7 +10,7 @@ org.springframework.boot spring-boot-starter-parent - 2.6.0 + 2.7.12 ${packaging.type} diff --git a/utils/build/docker/java/spring-boot/src/main/webapp/WEB-INF/glassfish-web.xml b/utils/build/docker/java/spring-boot/src/main/webapp/WEB-INF/glassfish-web.xml new file mode 100644 index 0000000000..d57d5c11be --- /dev/null +++ b/utils/build/docker/java/spring-boot/src/main/webapp/WEB-INF/glassfish-web.xml @@ -0,0 +1,7 @@ + + + + / + + \ No newline at end of file diff --git a/utils/build/docker/set-system-tests-weblog-env.Dockerfile b/utils/build/docker/set-system-tests-weblog-env.Dockerfile index 6757d559a6..336f65f95e 100644 --- a/utils/build/docker/set-system-tests-weblog-env.Dockerfile +++ b/utils/build/docker/set-system-tests-weblog-env.Dockerfile @@ -53,7 +53,7 @@ ENV DD_INSTRUMENTATION_TELEMETRY_ENABLED=1 ENV DD_HEARTBEAT_TELEMETRY_INTERVAL=5 # files for exotic scenarios -RUN echo "corrupted::data" > /appsec_corrupted_rules.yml +COPY tests/appsec/corrupted_rules.yml /appsec_corrupted_rules.yml COPY tests/appsec/custom_rules.json /appsec_custom_rules.json COPY tests/appsec/custom_rules_with_errors.json /appsec_custom_rules_with_errors.json COPY tests/appsec/blocking_rule.json /appsec_blocking_rule.json @@ -61,7 +61,6 @@ COPY tests/appsec/blocking_rule.json /appsec_blocking_rule.json # for remote configuration tests ENV DD_RC_TUF_ROOT='{"signed":{"_type":"root","spec_version":"1.0","version":1,"expires":"2032-05-29T12:49:41.030418-04:00","keys":{"ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e":{"keytype":"ed25519","scheme":"ed25519","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"7d3102e39abe71044d207550bda239c71380d013ec5a115f79f51622630054e6"}}},"roles":{"root":{"keyids":["ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e"],"threshold":1},"snapshot":{"keyids":["ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e"],"threshold":1},"targets":{"keyids":["ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e"],"threshold":1},"timestsmp":{"keyids":["ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e"],"threshold":1}},"consistent_snapshot":true},"signatures":[{"keyid":"ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e","sig":"d7e24828d1d3104e48911860a13dd6ad3f4f96d45a9ea28c4a0f04dbd3ca6c205ed406523c6c4cacfb7ebba68f7e122e42746d1c1a83ffa89c8bccb6f7af5e06"}]}' -COPY ./utils/build/docker/weblog-cmd.sh ./weblog-cmd.sh +COPY --chmod=775 ./utils/build/docker/weblog-cmd.sh ./weblog-cmd.sh RUN chmod +x app.sh -RUN chmod +x weblog-cmd.sh CMD [ "./weblog-cmd.sh" ] diff --git a/utils/build/docker/weblog-cmd.sh b/utils/build/docker/weblog-cmd.sh index 81c99b98ec..19dee0d25e 100755 --- a/utils/build/docker/weblog-cmd.sh +++ b/utils/build/docker/weblog-cmd.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Unless explicitly stated otherwise all files in this repository are licensed under the the Apache License Version 2.0. # This product includes software developed at Datadog (https://www.datadoghq.com/). @@ -15,4 +15,4 @@ echo "Configuration script executed from: ${PWD}" BASEDIR=$(dirname $0) echo "Configuration script location: ${BASEDIR}" -./app.sh +exec ./app.sh From 30b5f4a954944ce2e3843775b017c20bc6a73764 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20=C3=81lvarez=20=C3=81lvarez?= Date: Thu, 22 Jun 2023 14:29:45 +0200 Subject: [PATCH 3/7] Update to use a download payara microprofile --- .github/workflows/ci.yml | 4 ++- tests/appsec/corrupted_rules.yml | 1 - utils/build/build.sh | 10 +++--- utils/build/docker/java/app-payara.sh | 3 +- .../docker/java/spring-boot-payara.Dockerfile | 32 +++++++------------ utils/build/docker/java/spring-boot/pom.xml | 2 +- .../src/main/resources/logging.properties | 3 +- .../set-system-tests-weblog-env.Dockerfile | 5 +-- utils/build/docker/weblog-cmd.sh | 4 +-- 9 files changed, 29 insertions(+), 35 deletions(-) delete mode 100644 tests/appsec/corrupted_rules.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a40fd9f2f..198174bbaa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -86,6 +86,8 @@ jobs: weblog: spring-boot-wildfly - library: java weblog: spring-boot-undertow + - library: java + weblog: spring-boot-payara - library: java weblog: akka-http - library: nodejs @@ -746,4 +748,4 @@ jobs: ./build.sh -i agent ./build.sh golang -i weblog - name: Run - run: ./tests/fuzzer/run.sh \ No newline at end of file + run: ./tests/fuzzer/run.sh diff --git a/tests/appsec/corrupted_rules.yml b/tests/appsec/corrupted_rules.yml deleted file mode 100644 index 24c1f5b093..0000000000 --- a/tests/appsec/corrupted_rules.yml +++ /dev/null @@ -1 +0,0 @@ -corrupted::data diff --git a/utils/build/build.sh b/utils/build/build.sh index d44005fe4e..32672917d2 100755 --- a/utils/build/build.sh +++ b/utils/build/build.sh @@ -5,7 +5,7 @@ # Copyright 2021 Datadog, Inc. set -eu -set -x + # set .env if exists. Allow users to keep their conf via env vars if [[ -f "./.env" ]]; then source ./.env @@ -226,10 +226,10 @@ build() { # If anybody has an idea to achieve this in a cleanest way ... echo "Getting system test context and saving it in weblog image" - SYSTEM_TESTS_LIBRARY_VERSION=$(docker run --rm --entrypoint cat system_tests/weblog SYSTEM_TESTS_LIBRARY_VERSION) - SYSTEM_TESTS_PHP_APPSEC_VERSION=$(docker run --rm --entrypoint /bin/sh system_tests/weblog -c "[ -f SYSTEM_TESTS_PHP_APPSEC_VERSION ] && cat SYSTEM_TESTS_PHP_APPSEC_VERSION || true") - SYSTEM_TESTS_LIBDDWAF_VERSION=$(docker run --rm --entrypoint cat system_tests/weblog SYSTEM_TESTS_LIBDDWAF_VERSION) - SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION=$(docker run --rm --entrypoint cat system_tests/weblog SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION) + SYSTEM_TESTS_LIBRARY_VERSION=$(docker run --rm system_tests/weblog cat SYSTEM_TESTS_LIBRARY_VERSION) + SYSTEM_TESTS_PHP_APPSEC_VERSION=$(docker run --rm system_tests/weblog bash -c "touch SYSTEM_TESTS_PHP_APPSEC_VERSION && cat SYSTEM_TESTS_PHP_APPSEC_VERSION") + SYSTEM_TESTS_LIBDDWAF_VERSION=$(docker run --rm system_tests/weblog cat SYSTEM_TESTS_LIBDDWAF_VERSION) + SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION=$(docker run --rm system_tests/weblog cat SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION) docker buildx build \ --build-arg BUILDKIT_INLINE_CACHE=1 \ diff --git a/utils/build/docker/java/app-payara.sh b/utils/build/docker/java/app-payara.sh index 7249fb4243..a9e781467d 100644 --- a/utils/build/docker/java/app-payara.sh +++ b/utils/build/docker/java/app-payara.sh @@ -1,4 +1,3 @@ #!/bin/sh set -eu -cd /opt/payara -exec /opt/payara/scripts/entrypoint.sh --deploymentDir /opt/payara/deployments \ No newline at end of file +exec java -Xmx362m -javaagent:/app/dd-java-agent.jar -jar /app/payara-micro.jar --deploy /app/app.war ${APP_EXTRA_ARGS:-} diff --git a/utils/build/docker/java/spring-boot-payara.Dockerfile b/utils/build/docker/java/spring-boot-payara.Dockerfile index a380010609..02f631476b 100644 --- a/utils/build/docker/java/spring-boot-payara.Dockerfile +++ b/utils/build/docker/java/spring-boot-payara.Dockerfile @@ -5,39 +5,31 @@ COPY ./utils/build/docker/java/iast-common/src /iast-common/src WORKDIR /app COPY ./utils/build/docker/java/spring-boot/pom.xml . -RUN mkdir /maven && mvn -Dmaven.repo.local=/maven -B dependency:go-offline -Ppayara +RUN mkdir /maven && mvn -Dmaven.repo.local=/maven -Ppayara -B dependency:go-offline COPY ./utils/build/docker/java/spring-boot/src ./src -RUN mvn -Dmaven.repo.local=/maven package -Ppayara +RUN mvn -Dmaven.repo.local=/maven -Ppayara package COPY ./utils/build/docker/java/install_ddtrace.sh binaries* /binaries/ RUN /binaries/install_ddtrace.sh -FROM payara/server-full:latest +ARG PAYARA_VERSION=5.2022.1 +RUN curl https://nexus.payara.fish/repository/payara-community/fish/payara/extras/payara-micro/${PAYARA_VERSION}/payara-micro-${PAYARA_VERSION}.jar -o /binaries/payara-micro.jar + +FROM eclipse-temurin:11-jre WORKDIR /app COPY --from=build /binaries/SYSTEM_TESTS_LIBRARY_VERSION SYSTEM_TESTS_LIBRARY_VERSION COPY --from=build /binaries/SYSTEM_TESTS_LIBDDWAF_VERSION SYSTEM_TESTS_LIBDDWAF_VERSION COPY --from=build /binaries/SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION SYSTEM_TESTS_APPSEC_EVENT_RULES_VERSION -COPY --from=build /app/target/myproject-0.0.1-SNAPSHOT.war /opt/payara/deployments/app.war +COPY --from=build /app/target/myproject-0.0.1-SNAPSHOT.war /app/app.war COPY --from=build /dd-tracer/dd-java-agent.jar . -COPY ./utils/build/docker/java/app-payara.sh /app/app.sh - -USER root +COPY --from=build /binaries/payara-micro.jar /app/payara-micro.jar -# DEBUG -#RUN sed -i -e 's~INFO~FINE~g' /opt/payara/appserver/glassfish/domains/domain1/config/logging.properties - -RUN set -eux;\ - mkdir -p /app;\ - chown -R payara /app;\ - chmod a+rwx / /app -USER payara +COPY ./utils/build/docker/java/app-payara.sh /app/app.sh +RUN chmod +x /app/app.sh ENV DD_TRACE_HEADER_TAGS='user-agent:http.request.headers.user-agent' -ENV DD_DATA_STREAMS_ENABLED=true +ENV APP_EXTRA_ARGS="--port 7777" -# payara/micro uses an entry point and we need to unset it. -# ENTRYPOINT [] -# but payara/server-full uses tini, which is fine. -CMD ["/app/app.sh"] +CMD [ "/app/app.sh" ] diff --git a/utils/build/docker/java/spring-boot/pom.xml b/utils/build/docker/java/spring-boot/pom.xml index d4a99b7958..582e24899c 100644 --- a/utils/build/docker/java/spring-boot/pom.xml +++ b/utils/build/docker/java/spring-boot/pom.xml @@ -10,7 +10,7 @@ org.springframework.boot spring-boot-starter-parent - 2.7.12 + 2.6.0 ${packaging.type} diff --git a/utils/build/docker/java/spring-boot/src/main/resources/logging.properties b/utils/build/docker/java/spring-boot/src/main/resources/logging.properties index 99eda6cf21..97065a0320 100644 --- a/utils/build/docker/java/spring-boot/src/main/resources/logging.properties +++ b/utils/build/docker/java/spring-boot/src/main/resources/logging.properties @@ -1 +1,2 @@ -handlers=java.util.logging.ConsoleHandler.level=debug \ No newline at end of file +handlers=java.util.logging.ConsoleHandler +java.util.logging.ConsoleHandler.level=debug diff --git a/utils/build/docker/set-system-tests-weblog-env.Dockerfile b/utils/build/docker/set-system-tests-weblog-env.Dockerfile index 336f65f95e..6757d559a6 100644 --- a/utils/build/docker/set-system-tests-weblog-env.Dockerfile +++ b/utils/build/docker/set-system-tests-weblog-env.Dockerfile @@ -53,7 +53,7 @@ ENV DD_INSTRUMENTATION_TELEMETRY_ENABLED=1 ENV DD_HEARTBEAT_TELEMETRY_INTERVAL=5 # files for exotic scenarios -COPY tests/appsec/corrupted_rules.yml /appsec_corrupted_rules.yml +RUN echo "corrupted::data" > /appsec_corrupted_rules.yml COPY tests/appsec/custom_rules.json /appsec_custom_rules.json COPY tests/appsec/custom_rules_with_errors.json /appsec_custom_rules_with_errors.json COPY tests/appsec/blocking_rule.json /appsec_blocking_rule.json @@ -61,6 +61,7 @@ COPY tests/appsec/blocking_rule.json /appsec_blocking_rule.json # for remote configuration tests ENV DD_RC_TUF_ROOT='{"signed":{"_type":"root","spec_version":"1.0","version":1,"expires":"2032-05-29T12:49:41.030418-04:00","keys":{"ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e":{"keytype":"ed25519","scheme":"ed25519","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"7d3102e39abe71044d207550bda239c71380d013ec5a115f79f51622630054e6"}}},"roles":{"root":{"keyids":["ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e"],"threshold":1},"snapshot":{"keyids":["ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e"],"threshold":1},"targets":{"keyids":["ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e"],"threshold":1},"timestsmp":{"keyids":["ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e"],"threshold":1}},"consistent_snapshot":true},"signatures":[{"keyid":"ed7672c9a24abda78872ee32ee71c7cb1d5235e8db4ecbf1ca28b9c50eb75d9e","sig":"d7e24828d1d3104e48911860a13dd6ad3f4f96d45a9ea28c4a0f04dbd3ca6c205ed406523c6c4cacfb7ebba68f7e122e42746d1c1a83ffa89c8bccb6f7af5e06"}]}' -COPY --chmod=775 ./utils/build/docker/weblog-cmd.sh ./weblog-cmd.sh +COPY ./utils/build/docker/weblog-cmd.sh ./weblog-cmd.sh RUN chmod +x app.sh +RUN chmod +x weblog-cmd.sh CMD [ "./weblog-cmd.sh" ] diff --git a/utils/build/docker/weblog-cmd.sh b/utils/build/docker/weblog-cmd.sh index 19dee0d25e..81c99b98ec 100755 --- a/utils/build/docker/weblog-cmd.sh +++ b/utils/build/docker/weblog-cmd.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # Unless explicitly stated otherwise all files in this repository are licensed under the the Apache License Version 2.0. # This product includes software developed at Datadog (https://www.datadoghq.com/). @@ -15,4 +15,4 @@ echo "Configuration script executed from: ${PWD}" BASEDIR=$(dirname $0) echo "Configuration script location: ${BASEDIR}" -exec ./app.sh +./app.sh From 560952f349c7f4ae79a960a7edf385bfe854106b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20=C3=81lvarez=20=C3=81lvarez?= Date: Thu, 22 Jun 2023 14:34:44 +0200 Subject: [PATCH 4/7] Fix semantic conventions in payara --- tests/test_semantic_conventions.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/test_semantic_conventions.py b/tests/test_semantic_conventions.py index b77dad6270..b220ab301d 100644 --- a/tests/test_semantic_conventions.py +++ b/tests/test_semantic_conventions.py @@ -75,6 +75,13 @@ "spring.handler": "spring-web-controller", "servlet.response": "java-web-servlet-response", }, + "spring-boot-payara": { + "servlet.request": "java-web-servlet", + "hsqldb.query": "java-jdbc-statement", + "servlet.forward": "java-web-servlet-dispatcher", + "spring.handler": "spring-web-controller", + "servlet.response": "java-web-servlet-response", + }, "resteasy-netty3": {"netty.request": ["netty", "jax-rs"], "jax-rs.request": "jax-rs-controller",}, "akka-http": "akka-http-server", "rails": { From de5155d0103afdac4b4d79d9bb8b83431289f602 Mon Sep 17 00:00:00 2001 From: Santiago Mola Date: Thu, 22 Jun 2023 15:07:06 +0200 Subject: [PATCH 5/7] add decorators for payara --- tests/appsec/iast/sink/test_command_injection.py | 1 + tests/appsec/iast/sink/test_ldap_injection.py | 1 + tests/appsec/iast/sink/test_path_traversal.py | 1 + tests/appsec/iast/sink/test_sql_injection.py | 1 + tests/appsec/iast/sink/test_weak_cipher.py | 1 + tests/appsec/iast/sink/test_weak_hash.py | 1 + tests/appsec/iast/source/test_body.py | 1 + tests/appsec/iast/source/test_cookie_name.py | 1 + tests/appsec/iast/source/test_cookie_value.py | 1 + tests/appsec/iast/source/test_header_name.py | 1 + tests/appsec/iast/source/test_header_value.py | 1 + tests/appsec/iast/source/test_parameter_name.py | 1 + tests/appsec/iast/source/test_parameter_value.py | 1 + tests/appsec/test_alpha.py | 3 ++- tests/appsec/test_conf.py | 2 +- tests/appsec/test_event_tracking.py | 3 +++ tests/appsec/test_logs.py | 2 +- tests/appsec/test_reports.py | 11 ++++++++--- tests/appsec/test_traces.py | 10 +++++++--- tests/appsec/waf/test_addresses.py | 2 +- tests/appsec/waf/test_miscs.py | 2 +- tests/appsec/waf/test_rules.py | 2 +- tests/test_standard_tags.py | 3 ++- 23 files changed, 40 insertions(+), 13 deletions(-) diff --git a/tests/appsec/iast/sink/test_command_injection.py b/tests/appsec/iast/sink/test_command_injection.py index 3a5253eb6b..42d016d346 100644 --- a/tests/appsec/iast/sink/test_command_injection.py +++ b/tests/appsec/iast/sink/test_command_injection.py @@ -17,6 +17,7 @@ "spring-boot": "1.1.0", "spring-boot-jetty": "1.1.0", "spring-boot-openliberty": "1.1.0", + "spring-boot-payara": "1.1.0", "spring-boot-wildfly": "1.1.0", "spring-boot-undertow": "1.1.0", "resteasy-netty3": "1.11.0", diff --git a/tests/appsec/iast/sink/test_ldap_injection.py b/tests/appsec/iast/sink/test_ldap_injection.py index fa62613c32..6894b1716b 100644 --- a/tests/appsec/iast/sink/test_ldap_injection.py +++ b/tests/appsec/iast/sink/test_ldap_injection.py @@ -17,6 +17,7 @@ "spring-boot": "1.7.0", "spring-boot-jetty": "1.7.0", "spring-boot-openliberty": "1.7.0", + "spring-boot-payara": "1.7.0", "spring-boot-wildfly": "1.7.0", "spring-boot-undertow": "1.7.0", "resteasy-netty3": "1.11.0", diff --git a/tests/appsec/iast/sink/test_path_traversal.py b/tests/appsec/iast/sink/test_path_traversal.py index 004e6e5acc..af39da2bd0 100644 --- a/tests/appsec/iast/sink/test_path_traversal.py +++ b/tests/appsec/iast/sink/test_path_traversal.py @@ -16,6 +16,7 @@ "spring-boot": "1.1.0", "spring-boot-jetty": "1.1.0", "spring-boot-openliberty": "1.1.0", + "spring-boot-payara": "1.1.0", "spring-boot-wildfly": "1.1.0", "spring-boot-undertow": "1.1.0", "resteasy-netty3": "1.11.0", diff --git a/tests/appsec/iast/sink/test_sql_injection.py b/tests/appsec/iast/sink/test_sql_injection.py index e8674426d4..414f119683 100644 --- a/tests/appsec/iast/sink/test_sql_injection.py +++ b/tests/appsec/iast/sink/test_sql_injection.py @@ -20,6 +20,7 @@ "spring-boot": "1.1.0", "spring-boot-jetty": "1.1.0", "spring-boot-openliberty": "1.1.0", + "spring-boot-payara": "1.1.0", "spring-boot-wildfly": "1.1.0", "spring-boot-undertow": "1.1.0", "resteasy-netty3": "1.11.0", diff --git a/tests/appsec/iast/sink/test_weak_cipher.py b/tests/appsec/iast/sink/test_weak_cipher.py index 826c0ce92f..a93517cff1 100644 --- a/tests/appsec/iast/sink/test_weak_cipher.py +++ b/tests/appsec/iast/sink/test_weak_cipher.py @@ -17,6 +17,7 @@ "spring-boot": "0.108.0", "spring-boot-jetty": "0.108.0", "spring-boot-openliberty": "0.108.0", + "spring-boot-payara": "0.108.0", "spring-boot-wildfly": "0.108.0", "spring-boot-udertow": "0.108.0", "resteasy-netty3": "1.11.0", diff --git a/tests/appsec/iast/sink/test_weak_hash.py b/tests/appsec/iast/sink/test_weak_hash.py index 6706681380..f36ca8bdf2 100644 --- a/tests/appsec/iast/sink/test_weak_hash.py +++ b/tests/appsec/iast/sink/test_weak_hash.py @@ -35,6 +35,7 @@ def _expected_location(): "spring-boot": "0.108.0", "spring-boot-jetty": "0.108.0", "spring-boot-openliberty": "0.108.0", + "spring-boot-payara": "0.108.0", "spring-boot-wildfly": "0.108.0", "spring-boot-undertow": "0.108.0", "resteasy-netty3": "1.11.0", diff --git a/tests/appsec/iast/source/test_body.py b/tests/appsec/iast/source/test_body.py index 380ccd6062..da0760a671 100644 --- a/tests/appsec/iast/source/test_body.py +++ b/tests/appsec/iast/source/test_body.py @@ -17,6 +17,7 @@ "spring-boot": "1.7.0", "spring-boot-jetty": "1.7.0", "spring-boot-openliberty": "1.7.0", + "spring-boot-payara": "1.7.0", "spring-boot-wildfly": "1.7.0", "spring-boot-undertow": "1.7.0", "vertx3": "1.12.0", diff --git a/tests/appsec/iast/source/test_cookie_name.py b/tests/appsec/iast/source/test_cookie_name.py index ab962c130b..0d3873f469 100644 --- a/tests/appsec/iast/source/test_cookie_name.py +++ b/tests/appsec/iast/source/test_cookie_name.py @@ -17,6 +17,7 @@ "spring-boot": "1.5.0", "spring-boot-jetty": "1.5.0", "spring-boot-openliberty": "1.5.0", + "spring-boot-payara": "1.5.0", "spring-boot-wildfly": "1.5.0", "spring-boot-undertow": "1.5.0", "vertx3": "1.12.0", diff --git a/tests/appsec/iast/source/test_cookie_value.py b/tests/appsec/iast/source/test_cookie_value.py index 244e0d6bd9..5f8a3110a2 100644 --- a/tests/appsec/iast/source/test_cookie_value.py +++ b/tests/appsec/iast/source/test_cookie_value.py @@ -18,6 +18,7 @@ "spring-boot": "1.5.0", "spring-boot-jetty": "1.5.0", "spring-boot-openliberty": "1.5.0", + "spring-boot-payara": "1.5.0", "spring-boot-wildfly": "1.5.0", "spring-boot-undertow": "1.5.0", "resteasy-netty3": "1.11.0", diff --git a/tests/appsec/iast/source/test_header_name.py b/tests/appsec/iast/source/test_header_name.py index 19acb90f10..e218f96bfc 100644 --- a/tests/appsec/iast/source/test_header_name.py +++ b/tests/appsec/iast/source/test_header_name.py @@ -17,6 +17,7 @@ "spring-boot": "1.5.0", "spring-boot-jetty": "1.5.0", "spring-boot-openliberty": "1.5.0", + "spring-boot-payara": "1.5.0", "spring-boot-wildfly": "1.5.0", "spring-boot-undertow": "1.5.0", "vertx3": "1.12.0", diff --git a/tests/appsec/iast/source/test_header_value.py b/tests/appsec/iast/source/test_header_value.py index a7179a2113..9bf3dbc8d7 100644 --- a/tests/appsec/iast/source/test_header_value.py +++ b/tests/appsec/iast/source/test_header_value.py @@ -18,6 +18,7 @@ "spring-boot": "1.5.0", "spring-boot-jetty": "1.5.0", "spring-boot-openliberty": "1.5.0", + "spring-boot-payara": "1.5.0", "spring-boot-wildfly": "1.5.0", "spring-boot-undertow": "1.5.0", "resteasy-netty3": "1.11.0", diff --git a/tests/appsec/iast/source/test_parameter_name.py b/tests/appsec/iast/source/test_parameter_name.py index 5ede4c0bed..538a092d57 100644 --- a/tests/appsec/iast/source/test_parameter_name.py +++ b/tests/appsec/iast/source/test_parameter_name.py @@ -17,6 +17,7 @@ "spring-boot": "1.5.0", "spring-boot-jetty": "1.5.0", "spring-boot-openliberty": "1.5.0", + "spring-boot-payara": "1.5.0", "spring-boot-wildfly": "1.5.0", "spring-boot-undertow": "1.5.0", "vertx3": "1.12.0", diff --git a/tests/appsec/iast/source/test_parameter_value.py b/tests/appsec/iast/source/test_parameter_value.py index e9ab28b08b..351eb02afb 100644 --- a/tests/appsec/iast/source/test_parameter_value.py +++ b/tests/appsec/iast/source/test_parameter_value.py @@ -17,6 +17,7 @@ "spring-boot": "1.5.0", "spring-boot-jetty": "1.5.0", "spring-boot-openliberty": "1.5.0", + "spring-boot-payara": "1.5.0", "spring-boot-wildfly": "1.5.0", "spring-boot-undertow": "1.5.0", "resteasy-netty3": "1.11.0", diff --git a/tests/appsec/test_alpha.py b/tests/appsec/test_alpha.py index 642b8721ad..ec11354252 100644 --- a/tests/appsec/test_alpha.py +++ b/tests/appsec/test_alpha.py @@ -15,7 +15,8 @@ @released(dotnet="1.28.6", java="0.87.0", nodejs="2.0.0", php_appsec="0.2.1", python="1.1.0rc2.dev") @missing_feature(context.library == "ruby" and context.libddwaf_version is None) @missing_feature(weblog_variant="akka-http", reason="No AppSec support") -@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.basic class Test_Basic: """ Detect attacks on raw URI and headers with default rules """ diff --git a/tests/appsec/test_conf.py b/tests/appsec/test_conf.py index 8ef326fb92..d1290188c8 100644 --- a/tests/appsec/test_conf.py +++ b/tests/appsec/test_conf.py @@ -11,7 +11,7 @@ if context.library == "cpp": pytestmark = pytest.mark.skip("not relevant") -if context.weblog_variant == "akka-http": +if context.weblog_variant in ("akka-http", "spring-boot-payara"): pytestmark = pytest.mark.skip("missing feature: No AppSec support") diff --git a/tests/appsec/test_event_tracking.py b/tests/appsec/test_event_tracking.py index 608000f1b8..d0eae47b53 100644 --- a/tests/appsec/test_event_tracking.py +++ b/tests/appsec/test_event_tracking.py @@ -10,6 +10,9 @@ if context.library == "cpp": pytestmark = pytest.mark.skip("not relevant") +if context.weblog_variant == "spring-boot-payara": + pytestmark = pytest.mark.skip("missing feature: No AppSec support") + _is_spring_native_weblog = re.fullmatch(r"spring-.+native", context.weblog_variant) is not None diff --git a/tests/appsec/test_logs.py b/tests/appsec/test_logs.py index 9ff49a86c6..7031e1b0fe 100644 --- a/tests/appsec/test_logs.py +++ b/tests/appsec/test_logs.py @@ -9,7 +9,7 @@ if context.library == "cpp": pytestmark = pytest.mark.skip("not relevant") -if context.weblog_variant == "akka-http": +if context.weblog_variant in ("akka-http", "spring-boot-payara"): pytestmark = pytest.mark.skip("missing feature: No AppSec support") # get the default log output diff --git a/tests/appsec/test_reports.py b/tests/appsec/test_reports.py index 481ac66c57..cb8ac7aa83 100644 --- a/tests/appsec/test_reports.py +++ b/tests/appsec/test_reports.py @@ -69,7 +69,8 @@ def check_http_code(span, appsec_data): ) @released(dotnet="1.30.0", java="0.98.1", nodejs="2.0.0", php_appsec="0.3.0", python=PYTHON_RELEASE_GA_1_1) @missing_feature(weblog_variant="akka-http", reason="No AppSec support") -@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.good @missing_feature( True, reason="Bug on system test: with the runner on the host, we do not have the real IP from weblog POV" @@ -116,7 +117,8 @@ def validator(span, appsec_data): @flaky(context.library <= "php@0.68.2") @bug(library="python@1.1.0", reason="a PR was not included in the release") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") -@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.good class Test_Info: """Environment (production, staging) from DD_ENV variable""" @@ -152,7 +154,8 @@ def _check_service(span, appsec_data): @missing_feature(context.library == "ruby" and context.libddwaf_version is None) @bug(library="python@1.1.0", reason="a PR was not included in the release") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") -@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.good class Test_RequestHeaders: """Request Headers for IP resolution""" @@ -190,6 +193,7 @@ def test_http_request_headers(self): @coverage.basic +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") class Test_TagsFromRule: """Tags (Category & event type) from the rule""" @@ -210,6 +214,7 @@ def test_basic(self): @coverage.basic +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") class Test_AttackTimestamp: """Attack timestamp""" diff --git a/tests/appsec/test_traces.py b/tests/appsec/test_traces.py index 742829c7d5..23b63dab4b 100644 --- a/tests/appsec/test_traces.py +++ b/tests/appsec/test_traces.py @@ -28,6 +28,7 @@ @released(nodejs="2.0.0", php_appsec="0.1.0", ruby="0.54.2") @bug(library="python@1.1.0", reason="a PR was not included in the release") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") @missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.good class Test_RetainTraces: @@ -73,7 +74,8 @@ def validate_appsec_event_span_tags(span): @released(dotnet="1.29.0", java="0.104.0", nodejs="2.0.0") @released(php_appsec="0.1.0", python="0.58.5", ruby="0.54.2") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") -@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.good class Test_AppSecEventSpanTags: """AppSec correctly fill span tags.""" @@ -168,7 +170,8 @@ def validator(span): @released(golang="1.38.0", dotnet="2.7.0", java="0.113.0", nodejs="2.6.0") @released(php_appsec="0.3.0", python=PYTHON_RELEASE_GA_1_1, ruby="1.0.0") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") -@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.good class Test_AppSecObfuscator: """AppSec obfuscates sensitive data.""" @@ -332,7 +335,8 @@ def validate_appsec_span_tags(span, appsec_data): # pylint: disable=unused-argu @released(golang="1.37.0" if context.weblog_variant == "gin" else "1.36.2") @released(nodejs="2.0.0", java="0.102.0") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") -@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.good class Test_CollectRespondHeaders: """AppSec should collect some headers for http.response and store them in span tags.""" diff --git a/tests/appsec/waf/test_addresses.py b/tests/appsec/waf/test_addresses.py index 850dbb85ff..0257b3a888 100644 --- a/tests/appsec/waf/test_addresses.py +++ b/tests/appsec/waf/test_addresses.py @@ -23,7 +23,7 @@ if context.library == "cpp": pytestmark = pytest.mark.skip("not relevant") -if context.weblog_variant == "akka-http": +if context.weblog_variant in ("akka-http", "spring-boot-payara"): pytestmark = pytest.mark.skip("missing feature: No AppSec support") diff --git a/tests/appsec/waf/test_miscs.py b/tests/appsec/waf/test_miscs.py index 150cd38526..b18baa7657 100644 --- a/tests/appsec/waf/test_miscs.py +++ b/tests/appsec/waf/test_miscs.py @@ -11,7 +11,7 @@ if context.library == "cpp": pytestmark = pytest.mark.skip("not relevant") -if context.weblog_variant == "akka-http": +if context.weblog_variant in ("akka-http", "spring-boot-payara"): pytestmark = pytest.mark.skip("missing feature: No AppSec support") diff --git a/tests/appsec/waf/test_rules.py b/tests/appsec/waf/test_rules.py index 0323fd4bc5..dc586a553e 100644 --- a/tests/appsec/waf/test_rules.py +++ b/tests/appsec/waf/test_rules.py @@ -13,7 +13,7 @@ if context.library == "cpp": pytestmark = pytest.mark.skip("not relevant") -if context.weblog_variant == "akka-http": +if context.weblog_variant in ("akka-http", "spring-boot-payara"): pytestmark = pytest.mark.skip("missing feature: No AppSec support") diff --git a/tests/test_standard_tags.py b/tests/test_standard_tags.py index 0e5190c174..052a02e000 100644 --- a/tests/test_standard_tags.py +++ b/tests/test_standard_tags.py @@ -174,7 +174,8 @@ def test_route(self): @released(dotnet="2.26.0", golang="1.46.0", java="0.114.0") @released(nodejs="3.6.0", php_appsec="0.4.4", python="1.5.0", ruby="1.10.1") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") -@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.basic class Test_StandardTagsClientIp: """Tests to verify that libraries annotate spans with correct http.client_ip tags""" From 8484feda8fad7cdc7aa05cc1aa82cec21b72c12a Mon Sep 17 00:00:00 2001 From: Santiago Mola Date: Thu, 22 Jun 2023 15:22:33 +0200 Subject: [PATCH 6/7] fix decorators, scripts --- tests/appsec/test_reports.py | 3 ++- tests/appsec/waf/test_reports.py | 2 +- tests/test_standard_tags.py | 1 + utils/build/docker/java/app-payara.sh | 1 + utils/build/docker/java/app.sh | 1 + 5 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/appsec/test_reports.py b/tests/appsec/test_reports.py index cb8ac7aa83..afa9e8e435 100644 --- a/tests/appsec/test_reports.py +++ b/tests/appsec/test_reports.py @@ -28,7 +28,8 @@ @released(golang={"gin": "1.37.0", "echo": "1.36.0", "*": "1.34.0"}) @bug(library="python@1.1.0", reason="a PR was not included in the release") @missing_feature(weblog_variant="akka-http", reason="No AppSec support") -@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support") +@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") @coverage.basic class Test_StatusCode: """Appsec reports good status code""" diff --git a/tests/appsec/waf/test_reports.py b/tests/appsec/waf/test_reports.py index ba905a7a4d..a532e9f1a6 100644 --- a/tests/appsec/waf/test_reports.py +++ b/tests/appsec/waf/test_reports.py @@ -13,7 +13,7 @@ if context.library == "cpp": pytestmark = pytest.mark.skip("not relevant") -if context.weblog_variant == "akka-http": +if context.weblog_variant in ("akka-http", "spring-boot-payara"): pytestmark = pytest.mark.skip("missing feature: No AppSec support") diff --git a/tests/test_standard_tags.py b/tests/test_standard_tags.py index 052a02e000..af42b61d39 100644 --- a/tests/test_standard_tags.py +++ b/tests/test_standard_tags.py @@ -31,6 +31,7 @@ def setup_method_trace(self): self.trace_request = weblog.trace("/waf", data=None) @irrelevant(library="php", reason="Trace method does not reach php-land") + @bug(weblog_variant="spring-boot-payara", reason="This weblog variant is currently not accepting TRACE") def test_method_trace(self): interfaces.library.add_span_tag_validation(request=self.trace_request, tags={"http.method": "TRACE"}) diff --git a/utils/build/docker/java/app-payara.sh b/utils/build/docker/java/app-payara.sh index a9e781467d..9e4fa929e9 100644 --- a/utils/build/docker/java/app-payara.sh +++ b/utils/build/docker/java/app-payara.sh @@ -1,3 +1,4 @@ #!/bin/sh set -eu +# shellcheck disable=SC2086 exec java -Xmx362m -javaagent:/app/dd-java-agent.jar -jar /app/payara-micro.jar --deploy /app/app.war ${APP_EXTRA_ARGS:-} diff --git a/utils/build/docker/java/app.sh b/utils/build/docker/java/app.sh index b06322f787..ed9f0697d2 100755 --- a/utils/build/docker/java/app.sh +++ b/utils/build/docker/java/app.sh @@ -1,3 +1,4 @@ #!/bin/sh set -eu +# shellcheck disable=SC2086 exec java -Xmx362m -javaagent:/app/dd-java-agent.jar -jar /app/app.jar ${APP_EXTRA_ARGS:-} \ No newline at end of file From 3d767e56b28080f291a14c778523f94434b38166 Mon Sep 17 00:00:00 2001 From: Santiago Mola Date: Thu, 22 Jun 2023 16:43:09 +0200 Subject: [PATCH 7/7] More decorators --- tests/appsec/test_blocking_addresses.py | 8 ++++++++ tests/appsec/waf/test_blocking.py | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/appsec/test_blocking_addresses.py b/tests/appsec/test_blocking_addresses.py index abb5cf9231..35817960d9 100644 --- a/tests/appsec/test_blocking_addresses.py +++ b/tests/appsec/test_blocking_addresses.py @@ -47,6 +47,7 @@ @scenarios.appsec_blocking @bug(context.library < "java@0.111.0", reason="Missing handler for default block action") @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support") @missing_feature(weblog_variant="akka-http", reason="Missing support") class Test_BlockingAddresses: """Test the addresses supported for blocking""" @@ -335,6 +336,7 @@ def test_blocking_before(self): ruby="1.0.0", ) @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support") @missing_feature(weblog_variant="akka-http", reason="Missing support") @irrelevant(context.library == "golang" and context.weblog_variant == "net-http") @irrelevant(context.library == "ruby" and context.weblog_variant == "rack") @@ -389,6 +391,7 @@ def test_blocking_before(self): java=_released_java_blocking, ) @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support") @missing_feature(weblog_variant="akka-http", reason="Missing support") @irrelevant(context.library == "golang" and context.weblog_variant == "net-http") class Test_Blocking_request_query: @@ -445,6 +448,7 @@ def test_blocking_before(self): java=_released_java_blocking, ) @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support") @missing_feature(weblog_variant="akka-http", reason="Missing support") @irrelevant(context.library == "golang" and context.weblog_variant == "net-http") class Test_Blocking_request_headers: @@ -501,6 +505,7 @@ def test_blocking_before(self): java=_released_java_blocking, ) @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support") @missing_feature(weblog_variant="akka-http", reason="Missing support") @irrelevant(context.library == "golang" and context.weblog_variant == "net-http") class Test_Blocking_request_cookies: @@ -557,6 +562,7 @@ def test_blocking_before(self): ruby="1.0.0", ) @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support") @missing_feature(weblog_variant="akka-http", reason="Missing support") @irrelevant(library="php", reason="Php does not accept url encoded entries without key") class Test_Blocking_request_body: @@ -628,6 +634,7 @@ def test_blocking_before(self): ruby="1.10.0", ) @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support") @missing_feature(weblog_variant="akka-http", reason="Missing support") @irrelevant(library="php", reason="On php it is not possible change the status code once its header is sent") class Test_Blocking_response_status: @@ -665,6 +672,7 @@ def test_non_blocking(self): ruby="1.0.0", ) @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only") +@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support") @missing_feature(weblog_variant="akka-http", reason="Missing support") @irrelevant(library="php", reason="On php it is not possible change the status code once its header is sent") class Test_Blocking_response_headers: diff --git a/tests/appsec/waf/test_blocking.py b/tests/appsec/waf/test_blocking.py index 8d58dae234..ba15bd54e9 100644 --- a/tests/appsec/waf/test_blocking.py +++ b/tests/appsec/waf/test_blocking.py @@ -8,7 +8,7 @@ if context.library == "cpp": pytestmark = pytest.mark.skip("not relevant") -if context.weblog_variant == "akka-http": +if context.weblog_variant in ("akka-http", "spring-boot-payara"): pytestmark = pytest.mark.skip("missing feature: No AppSec support") _CUR_DIR = os.path.dirname(os.path.abspath(__file__))