use ASM_DATA instead of ASM_DD for blacklists (#3748)

DataDog · Jan 6, 2025 · 587906e · 587906e
1 parent 1573ab3
commit 587906e
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/tests/appsec/test_automated_user_and_session_tracking.py b/tests/appsec/test_automated_user_and_session_tracking.py
@@ -98,6 +98,12 @@ def test_user_tracking_sdk_overwrite(self):
                 "on_match": ["block"],
             }
         ],
+    },
+)
+
+BLOCK_USER_DATA = (
+    "datadog/2/ASM_DATA/blocked_users/config",
+    {
         "rules_data": [
             {
                 "id": "blocked_users",
@@ -120,6 +126,7 @@ def setup_user_blocking_auto(self):
         self.r_login = weblog.post("/login?auth=local", data=login_data(context, USER, PASSWORD))
 
         self.config_state_2 = rc.rc_state.set_config(*BLOCK_USER).apply()
+        self.config_state_3 = rc.rc_state.set_config(*BLOCK_USER_DATA).apply()
         self.r_home_blocked = weblog.get(
             "/",
             cookies=self.r_login.cookies,
@@ -130,6 +137,7 @@ def test_user_blocking_auto(self):
         assert self.r_login.status_code == 200
 
         assert self.config_state_2[rc.RC_STATE] == rc.ApplyState.ACKNOWLEDGED
+        assert self.config_state_3[rc.RC_STATE] == rc.ApplyState.ACKNOWLEDGED
         interfaces.library.assert_waf_attack(self.r_home_blocked, rule="block-users")
         assert self.r_home_blocked.status_code == 403
 
@@ -138,6 +146,7 @@ def setup_user_blocking_sdk(self):
 
         self.config_state_1 = rc.rc_state.set_config(*CONFIG_ENABLED).apply()
         self.config_state_2 = rc.rc_state.set_config(*BLOCK_USER).apply()
+        self.config_state_3 = rc.rc_state.set_config(*BLOCK_USER_DATA).apply()
         self.r_login = weblog.post("/login?auth=local", data=login_data(context, UUID_USER, PASSWORD))
         self.r_login_blocked = weblog.post(
             "/login?auth=local&sdk_event=success&sdk_user=sdkUser", data=login_data(context, UUID_USER, PASSWORD)
@@ -146,6 +155,7 @@ def setup_user_blocking_sdk(self):
     def test_user_blocking_sdk(self):
         assert self.config_state_1[rc.RC_STATE] == rc.ApplyState.ACKNOWLEDGED
         assert self.config_state_2[rc.RC_STATE] == rc.ApplyState.ACKNOWLEDGED
+        assert self.config_state_3[rc.RC_STATE] == rc.ApplyState.ACKNOWLEDGED
 
         assert self.r_login.status_code == 200
 
@@ -173,6 +183,12 @@ def test_user_blocking_sdk(self):
                 "on_match": ["block"],
             }
         ],
+    },
+)
+
+BLOCK_SESSION_DATA = (
+    "datadog/2/ASM_DATA/blocked_sessions/config",
+    {
         "rules_data": [
             {"id": "blocked_sessions", "type": "data_with_expiration", "data": []},
         ],
@@ -191,8 +207,9 @@ def setup_session_blocking(self):
         self.r_create_session = weblog.get("/session/new")
         self.session_id = self.r_create_session.text
 
-        BLOCK_SESSION[1]["rules_data"][0]["data"].append({"value": self.session_id, "expiration": 0})
+        BLOCK_SESSION_DATA[1]["rules_data"][0]["data"].append({"value": self.session_id, "expiration": 0})
         self.config_state_2 = rc.rc_state.set_config(*BLOCK_SESSION).apply()
+        self.config_state_3 = rc.rc_state.set_config(*BLOCK_SESSION_DATA).apply()
         self.r_home_blocked = weblog.get(
             "/",
             cookies=self.r_create_session.cookies,
@@ -203,5 +220,6 @@ def test_session_blocking(self):
         assert self.r_create_session.status_code == 200
 
         assert self.config_state_2[rc.RC_STATE] == rc.ApplyState.ACKNOWLEDGED
+        assert self.config_state_3[rc.RC_STATE] == rc.ApplyState.ACKNOWLEDGED
         interfaces.library.assert_waf_attack(self.r_home_blocked, pattern=self.session_id, rule="block-sessions")
         assert self.r_home_blocked.status_code == 403