Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JAVA]Enable XPASSED test_extended_location_data for some vulnerabilities #4204

Merged
merged 2 commits into from
Feb 27, 2025
Merged

[JAVA]Enable XPASSED test_extended_location_data for some vulnerabilities #4204

merged 2 commits into from
Feb 27, 2025

Conversation

jandro996
Copy link
Member

@jandro996 jandro996 commented Feb 27, 2025
edited
Loading

Motivation

The test_extended_location_data tests are reporting XPASS for vulnerabilities where is_expected_location_required=False.

It needs to be enabled for the same versions as the original vulnerability test, since for these vulnerabilities, location is not relevant, and the test only verifies the presence of that vulnerability type.

APPSEC-54879

Changes

  • Enable Test_XContentSniffing_ExtendedLocation, Test_HstsMissingHeader_ExtendedLocation

  • TrustBoundaryViolation produce a vulnerability with location so Test_TrustBoundaryViolation_ExtendedLocation is_expected_location_required should be True

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes (if something not related to your task is failing, you can ignore it)
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner. We're working on refining the codeowners file quickly.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • If PR title starts with [<language>], double-check that only <language> is impacted by the change
  • No system-tests internal is modified. Otherwise, I have the approval from R&P team
  • CI is green, or failing jobs are not related to this change (and you are 100% sure about this statement)
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added (or removed)?

@jandro996 jandro996 marked this pull request as ready for review February 27, 2025 08:22
@jandro996 jandro996 requested review from a team as code owners February 27, 2025 08:22
@jandro996 jandro996 requested review from a team as code owners February 27, 2025 09:50
@jandro996 jandro996 merged commit 6d7ef19 into main Feb 27, 2025
55 checks passed
@jandro996 jandro996 deleted the alejandro.gonzalez/test_extended_location_data-XPASS branch February 27, 2025 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola smola approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@sezen-datadog sezen-datadog Awaiting requested review from sezen-datadog sezen-datadog is a code owner automatically assigned from DataDog/asm-java

@cbeauchesne cbeauchesne Awaiting requested review from cbeauchesne

@robertomonteromiguel robertomonteromiguel Awaiting requested review from robertomonteromiguel

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jandro996 @smola