From fa39292410bab43388d943f2040a2def8740bfcb Mon Sep 17 00:00:00 2001 From: Alberto Vara Date: Mon, 27 Jan 2025 13:06:05 +0100 Subject: [PATCH 1/2] chore(iast): update evidence redaction suite tests --- tests/appsec/iast/taint_sinks/_taint_sinks_utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/appsec/iast/taint_sinks/_taint_sinks_utils.py b/tests/appsec/iast/taint_sinks/_taint_sinks_utils.py index f634d63c0e9..288b72d015c 100644 --- a/tests/appsec/iast/taint_sinks/_taint_sinks_utils.py +++ b/tests/appsec/iast/taint_sinks/_taint_sinks_utils.py @@ -18,6 +18,7 @@ def get_parametrize(vuln_type, ignore_list=None): idx = -1 for element in data["suite"]: if element["description"] in ( + "$1 with query parameters or fragment", "$1 - Tainted range based redaction - multiple ranges", "Redacted source that needs to be truncated", "Query with single quoted string literal and null source", From af92c819524178729e85777ae0912a27eec25686 Mon Sep 17 00:00:00 2001 From: Alberto Vara Date: Tue, 28 Jan 2025 10:00:18 +0100 Subject: [PATCH 2/2] chore(iast): update evidence redaction suite tests --- tests/appsec/iast/taint_sinks/test_code_injection_redacted.py | 2 +- .../appsec/iast/taint_sinks/test_command_injection_redacted.py | 2 +- tests/appsec/iast/taint_sinks/test_header_injection_redacted.py | 2 +- tests/appsec/iast/taint_sinks/test_path_traversal_redacted.py | 2 +- tests/appsec/iast/taint_sinks/test_sql_injection_redacted.py | 2 +- tests/appsec/iast/taint_sinks/test_ssrf_redacted.py | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/appsec/iast/taint_sinks/test_code_injection_redacted.py b/tests/appsec/iast/taint_sinks/test_code_injection_redacted.py index 0a0749fc4b2..3d9890e04bb 100644 --- a/tests/appsec/iast/taint_sinks/test_code_injection_redacted.py +++ b/tests/appsec/iast/taint_sinks/test_code_injection_redacted.py @@ -14,7 +14,7 @@ @pytest.mark.parametrize( - "evidence_input, sources_expected, vulnerabilities_expected,element", + "evidence_input,sources_expected,vulnerabilities_expected,element", list(get_parametrize(VULN_CODE_INJECTION, ignore_list=_ignore_list)), ) def test_code_injection_redaction_suite( diff --git a/tests/appsec/iast/taint_sinks/test_command_injection_redacted.py b/tests/appsec/iast/taint_sinks/test_command_injection_redacted.py index a77257192f3..e8bce5ba22d 100644 --- a/tests/appsec/iast/taint_sinks/test_command_injection_redacted.py +++ b/tests/appsec/iast/taint_sinks/test_command_injection_redacted.py @@ -17,7 +17,7 @@ @pytest.mark.parametrize( - "evidence_input, sources_expected, vulnerabilities_expected,element", list(get_parametrize(VULN_CMDI)) + "evidence_input,sources_expected,vulnerabilities_expected,element", list(get_parametrize(VULN_CMDI)) ) def test_cmdi_redaction_suite( evidence_input, sources_expected, vulnerabilities_expected, iast_context_defaults, element diff --git a/tests/appsec/iast/taint_sinks/test_header_injection_redacted.py b/tests/appsec/iast/taint_sinks/test_header_injection_redacted.py index 26807043be6..05eca6bf3db 100644 --- a/tests/appsec/iast/taint_sinks/test_header_injection_redacted.py +++ b/tests/appsec/iast/taint_sinks/test_header_injection_redacted.py @@ -92,7 +92,7 @@ def test_common_django_header_injection_redact(header_name, header_value, value_ @pytest.mark.parametrize( - "evidence_input, sources_expected, vulnerabilities_expected,element", + "evidence_input,sources_expected,vulnerabilities_expected,element", list(get_parametrize(VULN_HEADER_INJECTION)), ) def test_header_injection_redaction_suite( diff --git a/tests/appsec/iast/taint_sinks/test_path_traversal_redacted.py b/tests/appsec/iast/taint_sinks/test_path_traversal_redacted.py index 1b1d2d83a3a..75fa02802e4 100644 --- a/tests/appsec/iast/taint_sinks/test_path_traversal_redacted.py +++ b/tests/appsec/iast/taint_sinks/test_path_traversal_redacted.py @@ -134,7 +134,7 @@ def test_path_traversal_redact_abs_paths(iast_context_defaults): @pytest.mark.parametrize( - "evidence_input, sources_expected, vulnerabilities_expected,element", + "evidence_input,sources_expected,vulnerabilities_expected,element", list(get_parametrize(VULN_PATH_TRAVERSAL)), ) def test_path_traversal_redaction_suite( diff --git a/tests/appsec/iast/taint_sinks/test_sql_injection_redacted.py b/tests/appsec/iast/taint_sinks/test_sql_injection_redacted.py index 087bc21b012..c30475b4cba 100644 --- a/tests/appsec/iast/taint_sinks/test_sql_injection_redacted.py +++ b/tests/appsec/iast/taint_sinks/test_sql_injection_redacted.py @@ -19,7 +19,7 @@ @pytest.mark.parametrize( - "evidence_input, sources_expected, vulnerabilities_expected,element", + "evidence_input,sources_expected,vulnerabilities_expected,element", list(get_parametrize(VULN_SQL_INJECTION)), ) def test_sqli_redaction_suite( diff --git a/tests/appsec/iast/taint_sinks/test_ssrf_redacted.py b/tests/appsec/iast/taint_sinks/test_ssrf_redacted.py index 2f76ebf3bda..6b7ef145371 100644 --- a/tests/appsec/iast/taint_sinks/test_ssrf_redacted.py +++ b/tests/appsec/iast/taint_sinks/test_ssrf_redacted.py @@ -21,7 +21,7 @@ @pytest.mark.parametrize( - "evidence_input, sources_expected, vulnerabilities_expected,element", list(get_parametrize(VULN_SSRF)) + "evidence_input,sources_expected,vulnerabilities_expected,element", list(get_parametrize(VULN_SSRF)) ) def test_ssrf_redaction_suite( evidence_input, sources_expected, vulnerabilities_expected, iast_context_defaults, element