Skip to content

add api10 test for redirection with status code analysis #5831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cbeauchesne merged 6 commits into from
Dec 8, 2025
Merged

add api10 test for redirection with status code analysis #5831

cbeauchesne merged 6 commits into from
Dec 8, 2025

Conversation

@christophe-papazian
Copy link
Contributor

@christophe-papazian christophe-papazian commented Dec 5, 2025
edited
Loading

Motivation

Previous api10 test for redirection didn't check for response analysis.
This one does.

A new static rule is used that will add a meta tag if a redirection is detected in the response analysis. This should ensure that redirection headers and status code are properly analyzed by the tracers.

APPSEC-60065

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed and the CI green, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • If PR title starts with [<language>], double-check that only <language> is impacted by the change
  • No system-tests internal is modified. Otherwise, I have the approval from R&P team
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added (or removed)?

@github-actions
Copy link
Contributor

github-actions bot commented Dec 5, 2025
edited
Loading

CODEOWNERS have been resolved as:

manifests/dotnet.yml                                                    @DataDog/apm-dotnet @DataDog/asm-dotnet
manifests/golang.yml                                                    @DataDog/dd-trace-go-guild
manifests/java.yml                                                      @DataDog/asm-java @DataDog/apm-java
manifests/nodejs.yml                                                    @DataDog/dd-trace-js
manifests/php.yml                                                       @DataDog/apm-php @DataDog/asm-php
manifests/python.yml                                                    @DataDog/apm-python @DataDog/asm-python
manifests/python_lambda.yml                                             @DataDog/system-tests-core
manifests/ruby.yml                                                      @DataDog/ruby-guild @DataDog/asm-ruby
tests/appsec/rasp/rasp_non_blocking_ruleset.json                        @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/rasp/test_api10.py                                         @DataDog/asm-libraries @DataDog/system-tests-core
utils/_context/_scenarios/__init__.py                                   @DataDog/system-tests-core
utils/_context/_scenarios/appsec_rasp.py                                @DataDog/system-tests-core

@christophe-papazian christophe-papazian marked this pull request as ready for review December 5, 2025 15:31
@christophe-papazian christophe-papazian requested review from a team as code owners December 5, 2025 15:31
@christophe-papazian christophe-papazian requested review from claponcet, daniel-romano-DD, mcculls, rachelyangdog and sabrenner and removed request for a team December 5, 2025 15:31
@christophe-papazian christophe-papazian mentioned this pull request Dec 5, 2025
Merged
IlyasShabi
IlyasShabi reviewed Dec 8, 2025
View reviewed changes
christophe-papazian added a commit to DataDog/dd-trace-py that referenced this pull request Dec 8, 2025
@christophe-papazian
chore(aap): improve api10 redirection analysis (#15529)
b93a092 
## Description

Add redirection response waf analysis both to urllib and urllib3

## Testing

This will be tested by DataDog/system-tests#5831

APPSEC-60065
@christophe-papazian
python support
c2f60de
@christophe-papazian
Merge branch 'christophe-papazian/api10_redirection_status_code' of g…
1910180 
…ithub.com:DataDog/system-tests into christophe-papazian/api10_redirection_status_code
@cbeauchesne cbeauchesne merged commit 94529f6 into main Dec 8, 2025
2591 of 2597 checks passed
@cbeauchesne cbeauchesne deleted the christophe-papazian/api10_redirection_status_code branch December 8, 2025 13:35
brettlangdon pushed a commit to DataDog/dd-trace-py that referenced this pull request Dec 8, 2025
@christophe-papazian @brettlangdon
chore(aap): improve api10 redirection analysis (#15529)
94f7d8a 
## Description

Add redirection response waf analysis both to urllib and urllib3

## Testing

This will be tested by DataDog/system-tests#5831

APPSEC-60065
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@IlyasShabi IlyasShabi IlyasShabi approved these changes

@sabrenner sabrenner Awaiting requested review from sabrenner sabrenner is a code owner automatically assigned from DataDog/apm-python

@rachelyangdog rachelyangdog Awaiting requested review from rachelyangdog rachelyangdog is a code owner automatically assigned from DataDog/apm-python

@claponcet claponcet Awaiting requested review from claponcet claponcet is a code owner automatically assigned from DataDog/asm-java

@daniel-romano-DD daniel-romano-DD Awaiting requested review from daniel-romano-DD daniel-romano-DD is a code owner automatically assigned from DataDog/asm-java

@mcculls mcculls Awaiting requested review from mcculls mcculls is a code owner automatically assigned from DataDog/apm-java

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@christophe-papazian @IlyasShabi @cbeauchesne