Skip to content

X-Content-Type-Options tests for IAST#1539

Merged
DDJavierSantos merged 2 commits intomainfrom
jsantos/content_type_sniffing_tests
Sep 25, 2023
Merged

X-Content-Type-Options tests for IAST#1539
DDJavierSantos merged 2 commits intomainfrom
jsantos/content_type_sniffing_tests

Conversation

@DDJavierSantos
Copy link
Copy Markdown
Contributor

@DDJavierSantos DDJavierSantos commented Aug 30, 2023

Description

X-Content-Type sniffing vulnerability tests and endpoints

Motivation

This functionality was added recently and we need tests for it.

Workflow

  1. ⚠️⚠️ Create your PR as draft
  2. Follow the style guidelines of this project (See how to easily lint the code)
  3. Work on you PR until the CI passes (if something not related to your task is failing, you can ignore it)
  4. Mark it as ready for review

Once your PR is reviewed, you can merge it! ❤️

Reviewer checklist

  • Check what scenarios are modified. If needed, add the relevant label (run-parametric-scenario, run-profiling-scenario...). If this PR modifies any system-tests internal, then add the run-all-scenarios label (more info).
  • CI is green
    • If not, failing jobs are not related to this change (and you are 100% sure about this statement)
  • if any of build-some-image label is present
    1. is the image labl have been updated ?
    2. just before merging, locally build and push the image to hub.docker.com
  • if a scenario is added (or removed), add (or remove) it in system-test-dasboard nightly

@DDJavierSantos DDJavierSantos requested review from a team as code owners August 30, 2023 10:05
cbeauchesne
cbeauchesne requested changes Aug 30, 2023
View reviewed changes
Comment thread tests/appsec/iast/sink/test_xcontent_sniffing.py Outdated
@DDJavierSantos DDJavierSantos force-pushed the jsantos/content_type_sniffing_tests branch from 9c8ba86 to 5d649a8 Compare August 31, 2023 07:44
@smola smola changed the title Jsantos/content type sniffing tests X-Content-Type-Options tests for IAST Aug 31, 2023
@DDJavierSantos DDJavierSantos force-pushed the jsantos/content_type_sniffing_tests branch 3 times, most recently from 9767fb6 to c59c47d Compare September 4, 2023 23:43
cbeauchesne
cbeauchesne requested changes Sep 5, 2023
View reviewed changes
Comment thread tests/appsec/iast/sink/test_xcontent_sniffing.py Outdated
@DDJavierSantos DDJavierSantos force-pushed the jsantos/content_type_sniffing_tests branch 2 times, most recently from 2bd28ee to 3a4db58 Compare September 6, 2023 09:24
smola
smola approved these changes Sep 6, 2023
View reviewed changes
Comment thread tests/appsec/iast/sink/test_xcontent_sniffing.py Outdated
Comment thread tests/appsec/iast/sink/test_xcontent_sniffing.py Outdated
@smola smola requested a review from uurien September 6, 2023 13:07
cbeauchesne
cbeauchesne requested changes Sep 6, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@cbeauchesne cbeauchesne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cbeauchesne
cbeauchesne requested changes Sep 7, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@cbeauchesne cbeauchesne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test is failing on spring-boot-wildfly

@DDJavierSantos DDJavierSantos force-pushed the jsantos/content_type_sniffing_tests branch from d719167 to 30d767d Compare September 25, 2023 14:31
@DDJavierSantos DDJavierSantos requested a review from a team September 25, 2023 14:31
@DDJavierSantos DDJavierSantos requested review from a team as code owners September 25, 2023 14:31
@DDJavierSantos DDJavierSantos requested review from a team as code owners September 25, 2023 14:31
cbeauchesne
cbeauchesne requested changes Sep 25, 2023
View reviewed changes
Comment thread tests/appsec/iast/sink/test_xcontent_sniffing.py Outdated
@DDJavierSantos DDJavierSantos merged commit cb60617 into main Sep 25, 2023
@DDJavierSantos DDJavierSantos deleted the jsantos/content_type_sniffing_tests branch September 25, 2023 17:14
@smola smola mentioned this pull request Sep 29, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smola smola smola approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@cbeauchesne cbeauchesne cbeauchesne approved these changes

@mcculls mcculls Awaiting requested review from mcculls mcculls is a code owner automatically assigned from DataDog/apm-java

@am312 am312 Awaiting requested review from am312 am312 is a code owner automatically assigned from DataDog/apm-java

@uurien uurien Awaiting requested review from uurien

@emmettbutler emmettbutler Awaiting requested review from emmettbutler emmettbutler is a code owner automatically assigned from DataDog/apm-python

@romainkomorn-exdatadog romainkomorn-exdatadog Awaiting requested review from romainkomorn-exdatadog romainkomorn-exdatadog is a code owner automatically assigned from DataDog/apm-python

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@DDJavierSantos @smola @manuel-alvarez-alvarez @cbeauchesne