diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt index e8a0d5b1932f..70010f2917ab 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_data_model_body=property=test&property2=dummy_rule.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -33,6 +33,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -81,6 +82,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -129,6 +131,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -177,6 +180,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -225,6 +229,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property2"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt index 6556e23a92ba..ba90cfbccd97 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_dataapi_model_body={-property---dummy_rule-, -property2---test2-}.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -33,6 +33,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -81,6 +82,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -129,6 +131,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -177,6 +180,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -225,6 +229,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt index 8458c5841dbc..019cdbb3bc10 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.body_expectedStatusCode=403_url=_datarazorpage_body=property=dummy_rule&property2=value2.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -33,6 +33,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -81,6 +82,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -129,6 +131,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -177,6 +180,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -225,6 +229,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test-dummy-rule","name":"Dummy rule to test blocking","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dummy_rule"],"key_path":["Property"],"value":"dummy_rule"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint-&q=help.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint-&q=help.verified.txt index af0cc467d1fa..9562e9b8ee1c 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint-&q=help.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint-&q=help.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -32,6 +32,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -82,6 +83,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -132,6 +134,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,6 +185,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -232,6 +236,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-8e35c2cd-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint.verified.txt index 49c00c6373db..88d903300199 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_health_params_appscan_fingerprint.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -31,6 +31,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -80,6 +81,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -129,6 +131,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -178,6 +181,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -227,6 +231,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_params-endpoint_appscan_fingerprint.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_params-endpoint_appscan_fingerprint.verified.txt index 9bbec3f6a811..782d4efd37af 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_params-endpoint_appscan_fingerprint.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.path_params_expectedStatusCode=200_url=_params-endpoint_appscan_fingerprint.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -29,6 +29,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -76,6 +77,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -123,6 +125,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -170,6 +173,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -217,6 +221,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["s"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_Health_-[$slice]=value.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_Health_-[$slice]=value.verified.txt index 5280f9545e6f..0160b58e5a98 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_Health_-[$slice]=value.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_Health_-[$slice]=value.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -32,6 +32,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -82,6 +83,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -132,6 +134,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,6 +185,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -232,6 +236,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_Health_-arg&[$slice].verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_Health_-arg&[$slice].verified.txt index ca2d736c9fe8..6b5532372cec 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_Health_-arg&[$slice].verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_Health_-arg&[$slice].verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -32,6 +32,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-17b4850e-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -82,6 +83,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-17b4850e-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -132,6 +134,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-17b4850e-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,6 +185,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-17b4850e-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -232,6 +236,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-17b4850e-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_health_params_appscan_fingerprint-[$slice]=value.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_health_params_appscan_fingerprint-[$slice]=value.verified.txt index 649672eeeca0..6cd664aa0594 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_health_params_appscan_fingerprint-[$slice]=value.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.request.query_expectedStatusCode=200_url=_health_params_appscan_fingerprint-[$slice]=value.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -32,6 +32,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]},{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -82,6 +83,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]},{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -132,6 +134,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]},{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,6 +185,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]},{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -232,6 +236,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]},{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index 9c35b0047912..dbe881c8cee6 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -31,6 +31,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -77,6 +78,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -123,6 +125,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -169,6 +172,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -215,6 +219,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt index 496dfa7bc98e..a783f8d8f0d5 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabled.__test=server.response.status_expectedStatusCode=403_url=_status_418.verified.txt @@ -31,6 +31,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -77,6 +78,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -123,6 +125,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -169,6 +172,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -215,6 +219,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-010","name":"No teapot","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"418","parameters":[{"address":"server.response.status","highlight":["418"],"key_path":[],"value":"418"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt index df0623d3b2ca..28fb0dd192e7 100644 --- a/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5.SecurityEnabledIIS.__test=server.response.headers.no_cookies_expectedStatusCode=403_url=_Home_LangHeader.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -31,6 +31,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -77,6 +78,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -123,6 +125,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -169,6 +172,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -215,6 +219,7 @@ span.kind: server, _dd.appsec.fp.http.header: _dd.appsec.fp.http.network: , + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"tst-037-009","name":"Test block on response header","tags":{"category":"attack_attempt","type":"lfi"}},"rule_matches":[{"operator":"match_regex","operator_value":"en-us|krypton","parameters":[{"address":"server.response.headers.no_cookies","highlight":["krypton"],"key_path":["content-language"],"value":"krypton"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt index 90908bf768aa..1038be0ce689 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmCustomRules._.verified.txt @@ -65,6 +65,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"test_custom_rule","name":"Test custom rule","tags":{"category":"attack_attempt","type":"custom_rule"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.query","highlight":["customrule"],"key_path":["arg","0"],"value":"customrule_trigger"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmDataSecurityEnabled.__test=blocking-user_url=_user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmDataSecurityEnabled.__test=blocking-user_url=_user.verified.txt index 1910e9e36842..ba155cabefcd 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmDataSecurityEnabled.__test=blocking-user_url=_user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmDataSecurityEnabled.__test=blocking-user_url=_user.verified.txt @@ -69,7 +69,7 @@ _dd.appsec.event_rules.version: 1.13.3, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-5860faf0---, + _dd.appsec.fp.session: ssn-5860faf0---, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-002","name":"Block User Addresses","tags":{"category":"security_response","type":"block_user"}},"rule_matches":[{"operator":"exact_match","operator_value":"","parameters":[{"address":"usr.id","highlight":["user3"],"key_path":[],"value":"user3"}]}]}]}, _dd.appsec.user.collection_mode: sdk, _dd.origin: appsec, diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmFeatureUserIdSecurityEnabled._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmFeatureUserIdSecurityEnabled._.verified.txt index 8d1fce2e4c84..8f2a8ed70256 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmFeatureUserIdSecurityEnabled._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmFeatureUserIdSecurityEnabled._.verified.txt @@ -32,7 +32,7 @@ _dd.appsec.events.users.login.success.auto.mode: identification, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmFeatureUserIdSecurityRemoteActivated._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmFeatureUserIdSecurityRemoteActivated._.verified.txt index 8d1fce2e4c84..ddf9f233827e 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmFeatureUserIdSecurityRemoteActivated._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmFeatureUserIdSecurityRemoteActivated._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -32,7 +32,7 @@ _dd.appsec.events.users.login.success.auto.mode: identification, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmInitializationSecurityEnabled.TestSecurityInitialization.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmInitializationSecurityEnabled.TestSecurityInitialization.verified.txt index 3c122312479f..08105583569a 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmInitializationSecurityEnabled.TestSecurityInitialization.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmInitializationSecurityEnabled.TestSecurityInitialization.verified.txt @@ -33,6 +33,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.appsec.waf.version: 1.22.0, _dd.origin: appsec, diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt index 3631955b3552..f1c9b68c4cce 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmRemoteRules._.verified.txt @@ -33,6 +33,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -84,6 +85,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290-new","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -135,6 +137,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290-new","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -184,6 +187,7 @@ _dd.appsec.event_rules.version: 18.18.18, _dd.appsec.fp.http.header: hdr-0000000000-bf177a93-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"new-test-non-blocking","name":"Datadog test scanner - NON blocking version: user-agent","tags":{"category":"attack_attempt","type":"attack_tool"}},"rule_matches":[{"operator":"match_regex","operator_value":"^dd-test-scanner-log-block(?:$|/|\\s)","parameters":[{"address":"server.request.headers.no_cookies","highlight":["dd-test-scanner-log-block"],"key_path":["user-agent"],"value":"dd-test-scanner-log-block"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmRulesToggle._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmRulesToggle._.verified.txt index 07f417675f2e..163212b62c77 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmRulesToggle._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmRulesToggle._.verified.txt @@ -32,6 +32,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -115,6 +116,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -211,6 +213,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmToggleSecurityDefault._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmToggleSecurityDefault._.verified.txt index 6c12d1ef44f7..214a8caa45ab 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmToggleSecurityDefault._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmToggleSecurityDefault._.verified.txt @@ -90,6 +90,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AsmToggleSecurityEnabled._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AsmToggleSecurityEnabled._.verified.txt index 871fca410d0d..63ba95f5e31b 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AsmToggleSecurityEnabled._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AsmToggleSecurityEnabled._.verified.txt @@ -32,6 +32,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -82,6 +83,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -132,6 +134,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,6 +185,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-49fefa92-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)","parameters":[{"address":"server.request.query","highlight":["[$slice"],"key_path":["[$slice]"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-TestLoginWithSdk.blocked-user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-TestLoginWithSdk.blocked-user.verified.txt index 3fdd7591c268..95f35fb24326 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-TestLoginWithSdk.blocked-user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-TestLoginWithSdk.blocked-user.verified.txt @@ -40,7 +40,7 @@ _dd.appsec.fp.http.endpoint: http-post-ae2b84ee-5843629a-, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-ef8eb89f---, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-002","name":"Block User Addresses","tags":{"category":"security_response","type":"block_user"}},"rule_matches":[{"operator":"exact_match","operator_value":"","parameters":[{"address":"usr.id","highlight":["blocked-user"],"key_path":[],"value":"blocked-user"}]}]}]}, _dd.appsec.usr.id: anon_7bcd1c9fc4f6e4c2460e0ad38d6ad0d9, _dd.appsec.usr.login: anon_eb97d409396a3e5392936dad92b909da, diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-TestLoginWithSdk.not-blocked-user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-TestLoginWithSdk.not-blocked-user.verified.txt index 86b5654d84b1..a91eb27c4af5 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-TestLoginWithSdk.not-blocked-user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-TestLoginWithSdk.not-blocked-user.verified.txt @@ -35,7 +35,7 @@ _dd.appsec.fp.http.endpoint: http-post-ae2b84ee-5843629a-, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-ef8eb89f---, _dd.appsec.usr.id: anon_7bcd1c9fc4f6e4c2460e0ad38d6ad0d9, _dd.appsec.usr.login: anon_eb97d409396a3e5392936dad92b909da, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-login.auto.success.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-login.auto.success.verified.txt index aaaee6c8868b..3a81c37b624a 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-login.auto.success.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.anonmode-login.auto.success.verified.txt @@ -32,7 +32,7 @@ _dd.appsec.events.users.login.success.auto.mode: anonymization, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-ef8eb89f---, _dd.appsec.usr.id: anon_7bcd1c9fc4f6e4c2460e0ad38d6ad0d9, _dd.appsec.usr.login: anon_eb97d409396a3e5392936dad92b909da, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestAuthenticatedRequest.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestAuthenticatedRequest.verified.txt index 904e2b7dc4c5..b3e27c7f43e1 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestAuthenticatedRequest.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestAuthenticatedRequest.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestLoginWithSdk.blocked-user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestLoginWithSdk.blocked-user.verified.txt index 100cf88b6a24..b3f2be2b8181 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestLoginWithSdk.blocked-user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestLoginWithSdk.blocked-user.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -40,7 +40,7 @@ _dd.appsec.fp.http.endpoint: http-post-ae2b84ee-5843629a-, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-002","name":"Block User Addresses","tags":{"category":"security_response","type":"block_user"}},"rule_matches":[{"operator":"exact_match","operator_value":"","parameters":[{"address":"usr.id","highlight":["blocked-user"],"key_path":[],"value":"blocked-user"}]}]}]}, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestLoginWithSdk.not-blocked-user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestLoginWithSdk.not-blocked-user.verified.txt index b83789658370..d396098e2e8a 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestLoginWithSdk.not-blocked-user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-TestLoginWithSdk.not-blocked-user.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -35,7 +35,7 @@ _dd.appsec.fp.http.endpoint: http-post-ae2b84ee-5843629a-, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-login.auto.success.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-login.auto.success.verified.txt index 8811b3af2a6d..c7d834b56f44 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-login.auto.success.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.defaultmode-login.auto.success.verified.txt @@ -32,7 +32,7 @@ _dd.appsec.events.users.login.success.auto.mode: identification, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestAuthenticatedRequest.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestAuthenticatedRequest.verified.txt index 904e2b7dc4c5..b3e27c7f43e1 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestAuthenticatedRequest.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestAuthenticatedRequest.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestLoginWithSdk.blocked-user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestLoginWithSdk.blocked-user.verified.txt index 100cf88b6a24..b3f2be2b8181 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestLoginWithSdk.blocked-user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestLoginWithSdk.blocked-user.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -40,7 +40,7 @@ _dd.appsec.fp.http.endpoint: http-post-ae2b84ee-5843629a-, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-002","name":"Block User Addresses","tags":{"category":"security_response","type":"block_user"}},"rule_matches":[{"operator":"exact_match","operator_value":"","parameters":[{"address":"usr.id","highlight":["blocked-user"],"key_path":[],"value":"blocked-user"}]}]}]}, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestLoginWithSdk.not-blocked-user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestLoginWithSdk.not-blocked-user.verified.txt index b83789658370..d396098e2e8a 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestLoginWithSdk.not-blocked-user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-TestLoginWithSdk.not-blocked-user.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -35,7 +35,7 @@ _dd.appsec.fp.http.endpoint: http-post-ae2b84ee-5843629a-, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-login.auto.success.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-login.auto.success.verified.txt index 8811b3af2a6d..c7d834b56f44 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-login.auto.success.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.extendedmode-login.auto.success.verified.txt @@ -32,7 +32,7 @@ _dd.appsec.events.users.login.success.auto.mode: identification, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestAuthenticatedRequest.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestAuthenticatedRequest.verified.txt index 904e2b7dc4c5..b3e27c7f43e1 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestAuthenticatedRequest.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestAuthenticatedRequest.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestLoginWithSdk.blocked-user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestLoginWithSdk.blocked-user.verified.txt index 100cf88b6a24..b3f2be2b8181 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestLoginWithSdk.blocked-user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestLoginWithSdk.blocked-user.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -40,7 +40,7 @@ _dd.appsec.fp.http.endpoint: http-post-ae2b84ee-5843629a-, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.json: {"triggers":[{"rule":{"id":"blk-001-002","name":"Block User Addresses","tags":{"category":"security_response","type":"block_user"}},"rule_matches":[{"operator":"exact_match","operator_value":"","parameters":[{"address":"usr.id","highlight":["blocked-user"],"key_path":[],"value":"blocked-user"}]}]}]}, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestLoginWithSdk.not-blocked-user.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestLoginWithSdk.not-blocked-user.verified.txt index b83789658370..d396098e2e8a 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestLoginWithSdk.not-blocked-user.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-TestLoginWithSdk.not-blocked-user.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -35,7 +35,7 @@ _dd.appsec.fp.http.endpoint: http-post-ae2b84ee-5843629a-, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-login.auto.success.verified.txt b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-login.auto.success.verified.txt index 8811b3af2a6d..c7d834b56f44 100644 --- a/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-login.auto.success.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5AutoUserEvents.SecurityOn.identmode-login.auto.success.verified.txt @@ -32,7 +32,7 @@ _dd.appsec.events.users.login.success.auto.mode: identification, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-2-da57b738, _dd.appsec.fp.http.network: net-1-1000000000, - _dd.appsec.fp.session: ssn-, + _dd.appsec.fp.session: ssn-7bcd1c9f---, _dd.appsec.usr.id: Guid_2, _dd.appsec.usr.login: TestUser, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt b/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt index 245a1fc80fa8..fb35a77c8035 100644 --- a/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt +++ b/tracer/test/snapshots/Security.AspNetCore5ExternalRules._.verified.txt @@ -1,4 +1,4 @@ -[ +[ { TraceId: Id_1, SpanId: Id_2, @@ -32,6 +32,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -82,6 +83,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -132,6 +134,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -182,6 +185,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -232,6 +236,7 @@ _dd.appsec.fp.http.endpoint: http-get-7f4bf8ee-b25f03de-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.query","highlight":["[$slice]"],"key_path":["arg","0"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt index 6da030b29599..1cce0bf592bc 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt @@ -53,6 +53,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,6 +125,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -195,6 +197,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -266,6 +269,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -337,6 +341,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt index c6b4c65a0845..570fb0a3bc94 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt @@ -53,6 +53,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,6 +125,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -195,6 +197,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -266,6 +269,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -337,6 +341,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 6dace1ca5e1b..dbd0cbd75843 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -53,6 +53,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -124,6 +125,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -195,6 +197,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -266,6 +269,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -337,6 +341,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-3-4d739311, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt index 27278ef284c7..048c4a5bf2aa 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt @@ -51,6 +51,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -120,6 +121,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -189,6 +191,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -258,6 +261,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -327,6 +331,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt index df78cbdda69f..7c6000501afa 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Classic.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt @@ -51,6 +51,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -120,6 +121,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -189,6 +191,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -258,6 +261,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -327,6 +331,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt index 0d67de705121..6a31ee360c3d 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadJson_body={-DictionaryProperty-- {-a---[$slice]-} }.verified.txt @@ -54,6 +54,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -126,6 +127,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -198,6 +200,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -270,6 +273,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -342,6 +346,7 @@ _dd.appsec.fp.http.endpoint: http-post-c4e91668--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","DictionaryProperty","a"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt index 02fcbd1d6b14..907fdc502f26 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_UploadStruct_body={-Property1-- -[$slice]-}.verified.txt @@ -54,6 +54,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -126,6 +127,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -198,6 +200,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -270,6 +273,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -342,6 +346,7 @@ _dd.appsec.fp.http.endpoint: http-post-a1fd7e2d--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt index 82d94900697c..3460645a1fb3 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.body_url=_Home_Upload_body={-Property1-- -[$slice]-}.verified.txt @@ -54,6 +54,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0100000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -126,6 +127,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -198,6 +200,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -270,6 +273,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -342,6 +346,7 @@ _dd.appsec.fp.http.endpoint: http-post-3c2db0bd--2d59fcb7, _dd.appsec.fp.http.header: hdr-0000000100-3626b5f8-5-07490af2, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-942-290","name":"Finds basic MongoDB SQL injection attempts","tags":{"category":"attack_attempt","type":"nosql_injection"}},"rule_matches":[{"operator":"match_regex","operator_value":"(?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))","parameters":[{"address":"server.request.body","highlight":["[$slice]"],"key_path":["miscModel","Property1"],"value":"[$slice]"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt index 06011500c39f..5e28a21c0da3 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint-&q=help_body=null.verified.txt @@ -52,6 +52,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,6 +123,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -192,6 +194,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -262,6 +265,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -332,6 +336,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c-2e4a7b5a-, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt index c1a0bf91b862..7e5e85be766a 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5.Integrated.enableSecurity=True.__test=server.request.path_params_url=_Health_params_appscan_fingerprint_body=null.verified.txt @@ -52,6 +52,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -122,6 +123,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -192,6 +194,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -262,6 +265,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -332,6 +336,7 @@ _dd.appsec.fp.http.endpoint: http-get-9ce5b35c--, _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-3-98425651, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-120","name":"Known security scanner filename/argument","tags":{"category":"attack_attempt","type":"security_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.path_params","highlight":["appscan_fingerprint"],"key_path":["id"],"value":"appscan_fingerprint"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet diff --git a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt index 6d9973a5cf1f..1f4e229847a9 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-empty-model.verified.txt @@ -44,7 +44,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], - _dd.appsec.s.req.cookies: [{"cookie-key":[8]}], + _dd.appsec.s.req.cookies: [{"ASP.NET_SessionId":[8],"cookie-key":[8]}], _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8]}], _dd.appsec.s.req.query: [{}], diff --git a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt index 0f85ab7340df..ff24461f98a8 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-with-attack.verified.txt @@ -54,7 +54,7 @@ span.kind: server, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-932-160","name":"Remote Command Execution: Unix Shell Code Found","tags":{"category":"attack_attempt","type":"command_injection"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.body","highlight":["dev/zero"],"key_path":["model","Dog2"],"value":"dev/zero"}]}]}]}, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], - _dd.appsec.s.req.cookies: [{"cookie-key":[8]}], + _dd.appsec.s.req.cookies: [{"ASP.NET_SessionId":[8],"cookie-key":[8]}], _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8],"id":[8]}], _dd.appsec.s.req.query: [{}], diff --git a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt index 0554c39c2c7f..31bba2020211 100644 --- a/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt +++ b/tracer/test/snapshots/Security.AspNetMvc5ApiSecurity.enableApiSecurity=True.__scenario=scan-without-attack.verified.txt @@ -44,7 +44,7 @@ runtime-id: Guid_1, span.kind: server, _dd.appsec.s.req.body: [{"model":[{"Dog":[4],"Dog2":[8],"Dog3":[16],"Dog4":[16],"Dog5":[1]}]}], - _dd.appsec.s.req.cookies: [{"cookie-key":[8]}], + _dd.appsec.s.req.cookies: [{"ASP.NET_SessionId":[8],"cookie-key":[8]}], _dd.appsec.s.req.headers: [{"content-length":[8],"content-type":[8],"expect":[8],"host":[8],"traceparent":[8],"tracestate":[8],"user-agent":[8],"x-datadog-parent-id":[8],"x-datadog-sampling-priority":[8],"x-datadog-tags":[8],"x-datadog-trace-id":[8],"x-forwarded-for":[8]}], _dd.appsec.s.req.params: [{"action":[8],"controller":[8],"id":[8]}], _dd.appsec.s.req.query: [{}], diff --git a/tracer/test/snapshots/Security.TestGlobalRulesToggling._.verified.txt b/tracer/test/snapshots/Security.TestGlobalRulesToggling._.verified.txt index 74222b547c11..b945a91ffa98 100644 --- a/tracer/test/snapshots/Security.TestGlobalRulesToggling._.verified.txt +++ b/tracer/test/snapshots/Security.TestGlobalRulesToggling._.verified.txt @@ -31,6 +31,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-e7f19e02-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent"],"value":"mistake not... acunetix-product"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -80,6 +81,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-e7f19e02-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent"],"value":"mistake not... acunetix-product"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet @@ -129,6 +131,7 @@ span.kind: server, _dd.appsec.fp.http.header: hdr-0000000000-e7f19e02-1-4740ae63, _dd.appsec.fp.http.network: net-1-1000000000, + _dd.appsec.fp.session: ssn----, _dd.appsec.json: {"triggers":[{"rule":{"id":"crs-913-110","name":"Acunetix","tags":{"category":"attack_attempt","type":"commercial_scanner"}},"rule_matches":[{"operator":"phrase_match","operator_value":"","parameters":[{"address":"server.request.headers.no_cookies","highlight":["acunetix-product"],"key_path":["user-agent"],"value":"mistake not... acunetix-product"}]}]}]}, _dd.origin: appsec, _dd.runtime_family: dotnet