Skip to content

Commit

Permalink
Tests and fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@Anilm3
Anilm3 committed Oct 6, 2023
1 parent 1bfa075 commit 2669a97
Show file tree
Hide file tree
Showing 4 changed files with 229 additions and 15 deletions.
4 changes: 3 additions & 1 deletion src/exclusion/object_filter.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,9 @@ memory::unordered_set<const ddwaf_object *> object_filter::match(
}
iterate_object(filter.get_traverser(), object, objects_to_exclude, limits_);

cache.emplace(target);
if (attr != object_store::attribute::ephemeral) {
cache.emplace(target);
}
}

return objects_to_exclude;
Expand Down
10 changes: 9 additions & 1 deletion src/object_store.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,14 @@ class object_store {
free_fn(&obj);
}
}

// Free ephemeral objects and targets, in practice all ephemeral
// objects should be freed, through the scope but just in case...
for (auto &[obj, free_fn] : ephemeral_objects_) {
if (free_fn != nullptr) {
free_fn(&obj);
}
}
}
object_store(const object_store &) = default;
object_store(object_store &&) = default;
Expand Down Expand Up @@ -71,7 +79,7 @@ class object_store {

bool has_new_targets() const { return !latest_batch_.empty(); }

explicit operator bool() const { return !objects_.empty(); }
bool empty() const { return objects_.empty(); }

eval_scope get_eval_scope() { return eval_scope{*this}; }

Expand Down
58 changes: 58 additions & 0 deletions tests/object_filter_test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
// Copyright 2021 Datadog, Inc.

#include "exclusion/object_filter.hpp"
#include "object_store.hpp"
#include "test_utils.hpp"

using namespace ddwaf;
Expand Down Expand Up @@ -183,6 +184,63 @@ TEST(TestObjectFilter, SingleTargetCache)
}
}

TEST(TestObjectFilter, SingleNotNewTargetCache)
{
auto query = get_target_index("query");

object_store store;

ddwaf_object root, child, tmp;
ddwaf_object_map(&child);
ddwaf_object_map_add(&child, "params", ddwaf_object_string(&tmp, "paramsvalue"));
ddwaf_object_map_add(&child, "uri", ddwaf_object_string(&tmp, "uri_value"));
ddwaf_object_map(&root);
ddwaf_object_map_add(&root, "query", &child);

store.insert(root);

object_filter filter;
filter.insert(query, "query", {"params"});

ddwaf::timer deadline{2s};
object_filter::cache_type cache;

// Clear cache to verify that the target is filtered
store.clear_cache();

auto objects_filtered = filter.match(store, cache, deadline);
ASSERT_EQ(objects_filtered.size(), 1);
EXPECT_NE(objects_filtered.find(&child.array[0]), objects_filtered.end());
}

TEST(TestObjectFilter, SingleEphemeralTargetCache)
{
auto query = get_target_index("query");

object_store store;

ddwaf_object root, child, tmp;
ddwaf_object_map(&child);
ddwaf_object_map_add(&child, "params", ddwaf_object_string(&tmp, "paramsvalue"));
ddwaf_object_map_add(&child, "uri", ddwaf_object_string(&tmp, "uri_value"));
ddwaf_object_map(&root);
ddwaf_object_map_add(&root, "query", &child);

store.insert(root, object_store::attribute::ephemeral);

object_filter filter;
filter.insert(query, "query", {"params"});

ddwaf::timer deadline{2s};
object_filter::cache_type cache;

auto objects_filtered = filter.match(store, cache, deadline);
ASSERT_EQ(objects_filtered.size(), 1);
EXPECT_NE(objects_filtered.find(&child.array[0]), objects_filtered.end());

EXPECT_EQ(cache.find(query), cache.end());
}

TEST(TestObjectFilter, MultipleTargetsCache)
{
auto query = get_target_index("query");
Expand Down
172 changes: 159 additions & 13 deletions tests/object_store_test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ TEST(TestObjectStore, InsertInvalidObject)

store.insert(root);

EXPECT_FALSE((bool)store);
EXPECT_TRUE(store.empty());
EXPECT_FALSE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
Expand All @@ -42,7 +42,7 @@ TEST(TestObjectStore, InsertMalformedMap)

EXPECT_FALSE(store.insert(root));

EXPECT_FALSE((bool)store);
EXPECT_TRUE(store.empty());
}
}

Expand All @@ -63,7 +63,7 @@ TEST(TestObjectStore, InsertMalformedMapKey)
root.array[0].parameterName = nullptr;

EXPECT_TRUE(store.insert(root));
EXPECT_FALSE((bool)store);
EXPECT_TRUE(store.empty());
}
}

Expand All @@ -81,7 +81,7 @@ TEST(TestObjectStore, InsertStringObject)

store.insert(root);

EXPECT_FALSE((bool)store);
EXPECT_TRUE(store.empty());
EXPECT_FALSE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
Expand All @@ -106,7 +106,7 @@ TEST(TestObjectStore, InsertAndGetObject)

store.insert(root);

EXPECT_TRUE((bool)store);
EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
Expand All @@ -131,7 +131,7 @@ TEST(TestObjectStore, InsertAndGetEphemeralObject)

store.insert(root, object_store::attribute::ephemeral);

EXPECT_TRUE((bool)store);
EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
Expand All @@ -140,7 +140,7 @@ TEST(TestObjectStore, InsertAndGetEphemeralObject)
EXPECT_EQ(store.get_target(url).first, nullptr);
}

EXPECT_FALSE((bool)store);
EXPECT_TRUE(store.empty());
EXPECT_FALSE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
Expand All @@ -155,6 +155,65 @@ TEST(TestObjectStore, InsertMultipleUniqueObjects)

ddwaf_object tmp;

object_store store;
{
ddwaf_object first;
ddwaf_object_map(&first);
ddwaf_object_map_add(&first, "query", ddwaf_object_string(&tmp, "hello"));

store.insert(first);
}

EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_EQ(store.get_target(url).first, nullptr);

{
ddwaf_object second;
ddwaf_object_map(&second);
ddwaf_object_map_add(&second, "url", ddwaf_object_string(&tmp, "hello"));
store.insert(second, object_store::attribute::ephemeral);
}

EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_TRUE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_NE(store.get_target(url).first, nullptr);

{
ddwaf_object third = DDWAF_OBJECT_INVALID;
store.insert(third);
}

EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_TRUE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_NE(store.get_target(url).first, nullptr);

store.clear_cache();

EXPECT_FALSE(store.empty());
EXPECT_FALSE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_EQ(store.get_target(url).first, nullptr);
}

TEST(TestObjectStore, InsertMultipleUniqueObjectBatches)
{
auto query = get_target_index("query");
auto url = get_target_index("url");

ddwaf_object tmp;

object_store store;
{
auto scope = store.get_eval_scope();
Expand All @@ -165,7 +224,7 @@ TEST(TestObjectStore, InsertMultipleUniqueObjects)

store.insert(first);

EXPECT_TRUE((bool)store);
EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
Expand All @@ -182,7 +241,7 @@ TEST(TestObjectStore, InsertMultipleUniqueObjects)

store.insert(second);

EXPECT_TRUE((bool)store);
EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_TRUE(store.is_new_target(url));
Expand All @@ -195,7 +254,7 @@ TEST(TestObjectStore, InsertMultipleUniqueObjects)

ddwaf_object third = DDWAF_OBJECT_INVALID;
store.insert(third);
EXPECT_TRUE((bool)store);
EXPECT_FALSE(store.empty());
EXPECT_FALSE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
Expand All @@ -220,7 +279,7 @@ TEST(TestObjectStore, InsertMultipleOverlappingObjects)
ddwaf_object_map_add(&first, "query", ddwaf_object_string(&tmp, "hello"));
store.insert(first);

EXPECT_TRUE((bool)store);
EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
Expand All @@ -243,7 +302,7 @@ TEST(TestObjectStore, InsertMultipleOverlappingObjects)
ddwaf_object_map_add(&second, "query", ddwaf_object_string(&tmp, "bye"));
store.insert(second);

EXPECT_TRUE((bool)store);
EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_TRUE(store.is_new_target(url));
Expand Down Expand Up @@ -271,7 +330,7 @@ TEST(TestObjectStore, InsertMultipleOverlappingObjects)
ddwaf_object_map_add(&third, "url", ddwaf_object_string(&tmp, "bye"));
store.insert(third);

EXPECT_TRUE((bool)store);
EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_TRUE(store.is_new_target(url));
Expand All @@ -284,4 +343,91 @@ TEST(TestObjectStore, InsertMultipleOverlappingObjects)
}
}

TEST(TestObjectStore, InsertSingleTargets)
{
auto query = get_target_index("query");
auto url = get_target_index("url");

object_store store;

ddwaf_object first;
ddwaf_object_string(&first, "hello");

store.insert(query, first);

EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_EQ(store.get_target(url).first, nullptr);

ddwaf_object second;
ddwaf_object_string(&second, "hello");

store.insert(url, second, object_store::attribute::ephemeral);

EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_TRUE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_NE(store.get_target(url).first, nullptr);

store.clear_cache();

EXPECT_FALSE(store.empty());
EXPECT_FALSE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_EQ(store.get_target(url).first, nullptr);
}

TEST(TestObjectStore, InsertSingleTargetBatches)
{
auto query = get_target_index("query");
auto url = get_target_index("url");

object_store store;
{
auto scope = store.get_eval_scope();

ddwaf_object first;
ddwaf_object_string(&first, "hello");

store.insert(query, first);

EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_TRUE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_EQ(store.get_target(url).first, nullptr);
}

{
auto scope = store.get_eval_scope();

ddwaf_object second;
ddwaf_object_string(&second, "hello");

store.insert(url, second, object_store::attribute::ephemeral);

EXPECT_FALSE(store.empty());
EXPECT_TRUE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_TRUE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_NE(store.get_target(url).first, nullptr);
}

EXPECT_FALSE(store.empty());
EXPECT_FALSE(store.has_new_targets());
EXPECT_FALSE(store.is_new_target(query));
EXPECT_FALSE(store.is_new_target(url));
EXPECT_NE(store.get_target(query).first, nullptr);
EXPECT_EQ(store.get_target(url).first, nullptr);
}

} // namespace

0 comments on commit 2669a97

Please sign in to comment.