diff --git a/manifests/nodejs.yml b/manifests/nodejs.yml index 9e6f775f3b..0e7b4ad3a6 100644 --- a/manifests/nodejs.yml +++ b/manifests/nodejs.yml @@ -95,12 +95,16 @@ tests/: TestCodeInjection: '*': *ref_5_20_0 nextjs: missing_feature - TestCodeInjection_StackTrace: missing_feature + TestCodeInjection_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_command_injection.py: TestCommandInjection: '*': *ref_3_11_0 nextjs: missing_feature - TestCommandInjection_StackTrace: missing_feature + TestCommandInjection_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_hardcoded_passwords.py: Test_HardcodedPasswords: '*': *ref_5_13_0 @@ -134,7 +138,9 @@ tests/: '*': *ref_5_26_0 express5: *ref_5_29_0 # test uses querystring nextjs: missing_feature - TestHeaderInjection_StackTrace: missing_feature + TestHeaderInjection_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_hsts_missing_header.py: Test_HstsMissingHeader: '*': *ref_4_8_0 @@ -155,7 +161,9 @@ tests/: TestLDAPInjection: '*': *ref_4_1_0 nextjs: missing_feature - TestLDAPInjection_StackTrace: missing_feature + TestLDAPInjection_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_no_httponly_cookie.py: TestNoHttponlyCookie: '*': *ref_4_3_0 @@ -176,12 +184,16 @@ tests/: TestNoSqlMongodbInjection: '*': *ref_4_17_0 nextjs: missing_feature - TestNoSqlMongodbInjection_StackTrace: missing_feature + TestNoSqlMongodbInjection_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_path_traversal.py: TestPathTraversal: '*': *ref_3_19_0 nextjs: missing_feature - TestPathTraversal_StackTrace: missing_feature + TestPathTraversal_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_reflection_injection.py: TestReflectionInjection: missing_feature TestReflectionInjection_StackTrace: missing_feature @@ -189,12 +201,16 @@ tests/: TestSqlInjection: '*': *ref_3_11_0 nextjs: missing_feature - TestSqlInjection_StackTrace: missing_feature + TestSqlInjection_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_ssrf.py: TestSSRF: '*': *ref_4_1_0 nextjs: missing_feature - TestSSRF_StackTrace: missing_feature + TestSSRF_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_template_injection.py: TestTemplateInjection: '*': *ref_5_26_0 @@ -211,11 +227,15 @@ tests/: TestUnvalidatedHeader: '*': *ref_4_3_0 nextjs: missing_feature - TestUnvalidatedHeader_StackTrace: missing_feature + TestUnvalidatedHeader_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature TestUnvalidatedRedirect: '*': *ref_4_3_0 nextjs: missing_feature - TestUnvalidatedRedirect_StackTrace: missing_feature + TestUnvalidatedRedirect_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_unvalidated_redirect_forward.py: TestUnvalidatedForward: missing_feature TestUnvalidatedForward_StackTrace: missing_feature @@ -223,7 +243,9 @@ tests/: TestWeakCipher: '*': *ref_3_6_0 nextjs: missing_feature - TestWeakCipher_StackTrace: missing_feature + TestWeakCipher_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_weak_hash.py: TestDeduplication: '*': *ref_3_11_0 @@ -231,12 +253,16 @@ tests/: TestWeakHash: '*': *ref_3_11_0 nextjs: missing_feature - TestWeakHash_StackTrace: missing_feature + TestWeakHash_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_weak_randomness.py: TestWeakRandomness: '*': *ref_5_1_0 nextjs: missing_feature - TestWeakRandomness_StackTrace: missing_feature + TestWeakRandomness_StackTrace: + '*': *ref_5_32_0 + nextjs: missing_feature test_xcontent_sniffing.py: Test_XContentSniffing: '*': *ref_4_8_0 diff --git a/tests/appsec/iast/sink/test_nosql_mongodb_injection.py b/tests/appsec/iast/sink/test_nosql_mongodb_injection.py index b5c157cd63..419df3636e 100644 --- a/tests/appsec/iast/sink/test_nosql_mongodb_injection.py +++ b/tests/appsec/iast/sink/test_nosql_mongodb_injection.py @@ -41,6 +41,7 @@ def test_telemetry_metric_executed_sink(self): @rfc( "https://docs.google.com/document/d/1ga7yCKq2htgcwgQsInYZKktV0hNlv4drY9XzSxT-o5U/edit?tab=t.0#heading=h.d0f5wzmlfhat" ) +@scenarios.integrations @features.iast_stack_trace class TestNoSqlMongodbInjection_StackTrace: """Validate stack trace generation""" diff --git a/tests/appsec/iast/utils.py b/tests/appsec/iast/utils.py index 0a02173ce8..23cee0e22e 100644 --- a/tests/appsec/iast/utils.py +++ b/tests/appsec/iast/utils.py @@ -235,7 +235,7 @@ def validate_stack_traces(request): locationFrame = None for frame in stack_trace["frames"]: # We are looking for the frame that corresponds to the location of the vulnerability, we will need to update this to cover all tracers - # currently support: Java, Python + # currently support: Java, Python, Node.js if ( stack_trace["language"] == "java" and ( @@ -244,7 +244,7 @@ def validate_stack_traces(request): and location["line"] == frame["line"] ) ) or ( - stack_trace["language"] == "python" + stack_trace["language"] in ("python", "nodejs") and (frame.get("file", "").endswith(location["path"]) and location["line"] == frame["line"]) ): locationFrame = frame