Increase test coverage

DataDog · Feb 24, 2025 · e9066a7 · e9066a7
1 parent 5971688
commit e9066a7
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 6 deletions.
diff --git a/test/cases/sec_blocking/conf/http.conf b/test/cases/sec_blocking/conf/http.conf
@@ -16,6 +16,7 @@ http {
     datadog_appsec_ruleset_file /tmp/waf.json;
     datadog_appsec_waf_timeout 2s;
     datadog_waf_thread_pool_name waf_thread_pool;
+    datadog_appsec_max_saved_output_data 64k;
 
     client_max_body_size 10m;
 

diff --git a/test/cases/sec_blocking/test_sec_blocking.py b/test/cases/sec_blocking/test_sec_blocking.py
@@ -42,14 +42,16 @@ def setUp(self):
     def convert_headers(headers):
         return {k.lower(): v for k, v in dict(headers).items()}
 
-    def run_with_ua(self, user_agent, accept, http_version=1):
+    def run_with_ua(self, user_agent, accept, http_version=1, tls=False):
         headers = {'User-Agent': user_agent, 'Accept': accept}
-        if http_version == 3:
-            status, headers, body = self.orch.send_nginx_http_request(
-                '/http', tls=True, port=443, headers=headers, http_version=3)
+        if http_version == 3 or tls:
+            port = 443
+            tls = True
         else:
-            status, headers, body = self.orch.send_nginx_http_request(
-                '/http', 80, headers, http_version=http_version)
+            port = 80
+
+        status, headers, body = self.orch.send_nginx_http_request(
+            '/http', port, headers, http_version=http_version, tls=tls)
 
         self.orch.reload_nginx()
         log_lines = self.orch.sync_service('agent')
@@ -96,6 +98,28 @@ def predicate(x):
         self.assertEqual(appsec_rep['triggers'][0]['rule']['on_match'][0],
                          exp_match)
 
+    def no_block_long_response(self, http_version, port, tls):
+        status, headers, body = self.orch.send_nginx_http_request(
+            '/http/repeat?card=10000&num_bouts=3&delay=200',
+            tls=tls,
+            port=port,
+            http_version=http_version)
+        self.orch.reload_nginx()
+        log_lines = self.orch.sync_service('agent')
+        self.assertEqual(200, status)
+        headers = TestSecBlocking.convert_headers(headers)
+        self.assertEqual(headers['content-type'], 'text/plain')
+        self.assertEqual(body, "Hello world!\n" * 30000)
+
+    def test_no_block_long_response_http11(self):
+        self.no_block_long_response(1, 80, False)
+
+    def test_no_block_long_response_http2(self):
+        self.no_block_long_response(2, 80, False)
+
+    def test_no_block_long_response_http3(self):
+        self.no_block_long_response(3, 443, True)
+
     def test_default_action(self):
         status, headers, body, log_lines = self.run_with_ua(
             'block_default', '*/*')
@@ -139,6 +163,13 @@ def test_html_action(self):
         self.assertEqual(status, 403)
         self.assertEqual(headers['content-type'], 'text/html;charset=utf-8')
 
+    def test_html_action_tls(self):
+        status, headers, body, _ = self.run_with_ua('block_html',
+                                                    'application/json',
+                                                    tls=True)
+        self.assertEqual(status, 403)
+        self.assertEqual(headers['content-type'], 'text/html;charset=utf-8')
+
     def test_html_action_http2(self):
         status, headers, body, _ = self.run_with_ua('block_html',
                                                     'application/json',

diff --git a/test/services/http/http.js b/test/services/http/http.js
@@ -12,6 +12,37 @@ const ignoreRequestBody = request => {
   request.on('end', () => {});
 }
 
+const sendRepeatResponse = (request, response) => {
+  try {
+    const urlObj = new URL(request.url, `http://${request.headers.host}`);
+    const card = parseInt(urlObj.searchParams.get("card"));
+    const numBouts = parseInt(urlObj.searchParams.get("num_bouts"));
+    const delay = parseInt(urlObj.searchParams.get("delay"));
+    if (isNaN(card) || isNaN(numBouts) || isNaN(delay)) {
+      response.writeHead(400, { "Content-Type": "text/plain" });
+      response.end("Invalid query parameters");
+      return;
+    }
+    // Pre-calculate the output string once.
+    const output = "Hello world!\n".repeat(card);
+    response.writeHead(200, { "Content-Type": "text/plain" });
+    let boutCount = 0;
+    const sendBout = () => {
+      response.write(output);
+      boutCount++;
+      if (boutCount >= numBouts) {
+        response.end();
+      } else {
+        setTimeout(sendBout, delay);
+      }
+    }
+    setTimeout(sendBout, delay);
+  } catch (err) {
+    response.writeHead(500, { "Content-Type": "text/plain" });
+    response.end("Server error");
+  }
+}
+
 const requestListener = function (request, response) {
   ignoreRequestBody(request);
   if (request.url === '/auth') {
@@ -26,6 +57,11 @@ const requestListener = function (request, response) {
     return;
   }
 
+  if (request.url.match(/.*\/repeat\/?(?:\?.*)?$/)) {
+    sendRepeatResponse(request, response);
+    return;
+  }
+
   const responseBody = JSON.stringify({
     "service": "http",
     "headers": request.headers