Small fixes and test

DataDog · Oct 9, 2023 · a25f61e · a25f61e
1 parent c20107b
commit a25f61e
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 11 deletions.
diff --git a/tests/integration/context/test.cpp b/tests/integration/context/test.cpp
@@ -13,7 +13,7 @@ constexpr std::string_view base_dir = "integration/context/";
 
 TEST(TestContextIntegration, Basic)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = read_file("processor.yaml", base_dir);
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);
 
@@ -58,7 +58,7 @@ TEST(TestContextIntegration, Basic)
 
 TEST(TestContextIntegration, KeyPaths)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = read_file("processor5.yaml", base_dir);
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);
 
@@ -140,7 +140,7 @@ TEST(TestContextIntegration, KeyPaths)
 
 TEST(TestContextIntegration, MissingParameter)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = read_file("processor.yaml", base_dir);
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);
 
@@ -172,7 +172,7 @@ TEST(TestContextIntegration, MissingParameter)
 
 TEST(TestContextIntegration, InvalidUTF8Input)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = yaml_to_object(
         R"({version: '2.1', rules: [{id: 1, name: rule1, tags: {type: flow1, category: category1}, conditions: [{operator: match_regex, parameters: {inputs: [{address: values}, {address: keys}], regex: bla}}]}]})");
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);
@@ -213,7 +213,7 @@ TEST(TestContextIntegration, InvalidUTF8Input)
 TEST(TestContextIntegration, SingleCollectionMatch)
 {
     // NOTE: this test only works due to the order of the rules in the ruleset
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = read_file("processor3.yaml", base_dir);
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);
 
@@ -262,7 +262,7 @@ TEST(TestContextIntegration, SingleCollectionMatch)
 
 TEST(TestContextIntegration, MultiCollectionMatches)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = read_file("processor4.yaml", base_dir);
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);
 
@@ -352,4 +352,63 @@ TEST(TestContextIntegration, Timeout)
     ddwaf_destroy(handle);
 }
 
+TEST(TestContextIntegration, ParameterOverride)
+{
+    // Initialize a PowerWAF rule
+    auto rule = yaml_to_object(
+        R"({version: '2.1', rules: [{id: 1, name: rule1, tags: {type: flow1, category: category1}, conditions: [{operator: match_regex, parameters: {inputs: [{address: arg1}], regex: ^string.*}}, {operator: match_regex, parameters: {inputs: [{address: arg2}], regex: .*}}]}]})");
+    ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);
+
+    ddwaf_handle handle = ddwaf_init(&rule, nullptr, nullptr);
+    ASSERT_NE(handle, nullptr);
+    ddwaf_object_free(&rule);
+
+    ddwaf_context context = ddwaf_context_init(handle);
+    ASSERT_NE(context, nullptr);
+
+    ddwaf_object param1 = DDWAF_OBJECT_MAP;
+    ddwaf_object param2 = DDWAF_OBJECT_MAP;
+    ddwaf_object tmp;
+
+    ddwaf_object_map_add(&param1, "arg1", ddwaf_object_string(&tmp, "not string 1"));
+    ddwaf_object_map_add(&param1, "arg2", ddwaf_object_string(&tmp, "string 2"));
+    ddwaf_object_map_add(&param2, "arg1", ddwaf_object_string(&tmp, "string 1"));
+
+    // Run with both arg1 and arg2, but arg1 is wrong
+    //	// Run with just arg1
+    ddwaf_result ret;
+    auto code = ddwaf_run(context, &param1, nullptr, &ret, LONG_TIME);
+    EXPECT_EQ(code, DDWAF_OK);
+    EXPECT_FALSE(ret.timeout);
+    ddwaf_result_free(&ret);
+
+    // Override `arg1`
+    code = ddwaf_run(context, &param2, nullptr, &ret, LONG_TIME);
+    EXPECT_EQ(code, DDWAF_MATCH);
+    EXPECT_EVENTS(ret, {.id = "1",
+                           .name = "rule1",
+                           .tags = {{"type", "flow1"}, {"category", "category1"}},
+                           .matches = {{.op = "match_regex",
+                                           .op_value = "^string.*",
+                                           .address = "arg1",
+                                           .value = "string 1",
+                                           .highlight = "string 1"},
+                               {.op = "match_regex",
+                                   .op_value = ".*",
+                                   .address = "arg2",
+                                   .value = "string 2",
+                                   .highlight = "string 2"}}});
+
+    ddwaf_result_free(&ret);
+
+    // Run again without change
+    code = ddwaf_run(context, ddwaf_object_map(&tmp), nullptr, &ret, LONG_TIME);
+    EXPECT_EQ(code, DDWAF_OK);
+    EXPECT_FALSE(ret.timeout);
+    ddwaf_result_free(&ret);
+
+    ddwaf_context_destroy(context);
+    ddwaf_destroy(handle);
+}
+
 } // namespace
diff --git a/tests/matcher/is_sqli_test.cpp b/tests/matcher/is_sqli_test.cpp
@@ -50,7 +50,7 @@ TEST(TestIsSQLi, TestInvalidInput)
 
 TEST(TestIsSQLi, TestRuleset)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = yaml_to_object(
         R"({version: '2.1', rules: [{id: 1, name: rule1, tags: {type: flow1, category: category1}, conditions: [{operator: is_sqli, parameters: {inputs: [{address: arg1}]}}]}]})");
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);

diff --git a/tests/matcher/is_xss_test.cpp b/tests/matcher/is_xss_test.cpp
@@ -49,7 +49,7 @@ TEST(TestIsXSS, TestInvalidInput)
 
 TEST(TestIsXSS, TestRuleset)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = yaml_to_object(
         R"({version: '2.1', rules: [{id: 1, name: rule1, tags: {type: flow1, category: category1}, conditions: [{operator: is_xss, parameters: {inputs: [{address: arg1}]}}]}]})");
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);

diff --git a/tests/matcher/regex_match_test.cpp b/tests/matcher/regex_match_test.cpp
@@ -76,7 +76,7 @@ TEST(TestRegexMatch, TestInvalidInput)
 
 TEST(TestRegexMatch, TestRulesetCaseSensitive)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = yaml_to_object(
         R"({version: '2.1', rules: [{id: 1, name: rule1, tags: {type: flow1, category: category1}, conditions: [{operator: match_regex, parameters: {inputs: [{address: arg1}], regex: alert, options: {case_sensitive: true}}}]}]})");
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);
@@ -139,7 +139,7 @@ TEST(TestRegexMatch, TestRulesetCaseSensitive)
 
 TEST(TestRegexMatch, TestRulesetCaseInsensitive)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = yaml_to_object(
         R"({version: '2.1', rules: [{id: 1, name: rule1, tags: {type: flow1, category: category1}, conditions: [{operator: match_regex, parameters: {inputs: [{address: arg1}], regex: alert, options: {case_sensitive: false}}}]}]})");
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);
@@ -213,7 +213,7 @@ TEST(TestRegexMatch, TestRulesetCaseInsensitive)
 
 TEST(TestRegexMatch, TestRulesetMinLength)
 {
-    // Initialize a PowerWAF rule
+    // Initialize a WAF rule
     auto rule = yaml_to_object(
         R"({version: '2.1', rules: [{id: 1, name: rule1, tags: {type: flow1, category: category1}, conditions: [{operator: match_regex, parameters: {inputs: [{address: arg1}], regex: alert, options: {min_length: 10}}}]}]})");
     ASSERT_TRUE(rule.type != DDWAF_OBJ_INVALID);