From ecea4ae636da1235d6cdf89b77b5493b7b79e545 Mon Sep 17 00:00:00 2001
From: Charles de Beauchesne <charles.de.beauchesne@gmail.com>
Date: Mon, 4 Oct 2021 15:49:13 +0200
Subject: [PATCH] Split one tests in two different use case

---
 tests/appsec/test_reports.py   | 18 ++++++++++++++++++
 tests/appsec/waf/test_miscs.py |  8 --------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/tests/appsec/test_reports.py b/tests/appsec/test_reports.py
index 00b9c26d3ae..3eca6122b36 100644
--- a/tests/appsec/test_reports.py
+++ b/tests/appsec/test_reports.py
@@ -13,3 +13,21 @@ def test_waf_eval_ms(self):
     def test_no_overbudget(self):
         """ There is no Appsec process over time budget """
         interfaces.library.assert_metric_absence("_dd.appsec.waf_overtime_ms")
+
+
+@skipif(not context.appsec_is_released, reason=context.appsec_not_released_reason)
+@skipif(context.library == "java", reason="missing feature: response is not reported")
+class Test_StatusCode(BaseTestCase):
+    def test_basic(self):
+        """ Appsec reports good status code """
+        r = self.weblog_get("/path_that_doesn't_exists/", headers={"User-Agent": "Arachni/v1"})
+        assert r.status_code == 404
+        interfaces.library.assert_waf_attack(r)
+
+        def check_http_code(event):
+            status_code = event["context"]["http"]["response"]["status"]
+            assert status_code == 404, f"404 should have been reported, not {status_code}"
+
+            return True
+
+        interfaces.library.add_appsec_validation(r, check_http_code)
diff --git a/tests/appsec/waf/test_miscs.py b/tests/appsec/waf/test_miscs.py
index c3e66bc4307..e6b2ba6420b 100644
--- a/tests/appsec/waf/test_miscs.py
+++ b/tests/appsec/waf/test_miscs.py
@@ -18,14 +18,6 @@ def test_404(self):
             address="server.request.headers.no_cookies",
         )
 
-        def check_http_code(event):
-            status_code = event["context"]["http"]["response"]["status"]
-            assert status_code == 404, f"404 should have been reported, not {status_code}"
-
-            return True
-
-        interfaces.library.add_appsec_validation(r, check_http_code)
-
 
 @skipif(not context.appsec_is_released, reason=context.appsec_not_released_reason)
 class Test_MultipleHighlight(BaseTestCase):