diff --git a/tracer/src/Datadog.Trace/AppSec/Rcm/ConfigurationStatus.cs b/tracer/src/Datadog.Trace/AppSec/Rcm/ConfigurationStatus.cs index 6436b17e8dee..78cd40181b5e 100644 --- a/tracer/src/Datadog.Trace/AppSec/Rcm/ConfigurationStatus.cs +++ b/tracer/src/Datadog.Trace/AppSec/Rcm/ConfigurationStatus.cs @@ -126,14 +126,7 @@ internal Dictionary BuildDictionaryForWafAccordingToIncomingUpda if (IncomingUpdateState.WafKeysToApply.Contains(WafActionsKey)) { var actions = ActionsByFile.SelectMany(x => x.Value).ToList(); - var dupes = actions.GroupBy(a => a.Id).Where(g => g.Count() > 1).Select(a => a.Key).ToList(); - var actionsDic = actions.Where(a => !dupes.Contains(a.Id)).Select(a => a.ToKeyValuePair()).ToArray(); - dictionary.Add(WafActionsKey, actionsDic); - - foreach (var dupe in dupes) - { - Log.Warning("Duplicate action found with id: {ActionId}, this action will be discarded, default waf action, if any, will apply", dupe); - } + dictionary.Add(WafActionsKey, actions.Select(r => r.ToKeyValuePair()).ToArray()); } if (IncomingUpdateState.WafKeysToApply.Contains(WafCustomRulesKey)) diff --git a/tracer/test/Datadog.Trace.Security.Unit.Tests/ActionChangeTests.cs b/tracer/test/Datadog.Trace.Security.Unit.Tests/ActionChangeTests.cs index 701377e033b8..0632ba9d72ef 100644 --- a/tracer/test/Datadog.Trace.Security.Unit.Tests/ActionChangeTests.cs +++ b/tracer/test/Datadog.Trace.Security.Unit.Tests/ActionChangeTests.cs @@ -61,55 +61,11 @@ public void GivenADummyRule_WhenActionReturnCodeIsChanged_ThenChangesAreApplied( } } - [Theory] - [InlineData("dummy_rule", "block", BlockingAction.BlockRequestType, 401)] - [InlineData("dummy_rule", "block", BlockingAction.BlockRequestType, 401, true)] - public void GivenADummyRule_WhenDuplicateActionIsReceived_ThenBackToDefaultWafActions(string paramValue, string action, string actionType, int newStatus, bool placeInDifferentFiles = false) - { - var args = CreateArgs(paramValue); - var initResult = Waf.Create( - WafLibraryInvoker!, - string.Empty, - string.Empty, - useUnsafeEncoder: true, - embeddedRulesetPath: "rasp-rule-set.json"); - - var waf = initResult.Waf; - waf.Should().NotBeNull(); - Action[] newActions = - [ - CreateNewStatusAction(action, actionType, newStatus), CreateNewStatusAction(action, actionType, newStatus), CreateNewStatusAction(action, actionType, newStatus), - CreateNewStatusAction("dummy_rule", BlockingAction.BlockRequestType, 500) // add a dummy one, otherwise nothing will be updated - ]; - - UpdateWafWithActions(newActions, waf, placeInDifferentFiles); - - using var context = waf!.CreateContext(); - var result = context!.Run(args, TimeoutMicroSeconds); - result.Should().NotBeNull(); - result!.Timeout.Should().BeFalse("Timeout should be false"); - // default waf action block - result.BlockInfo!["status_code"].Should().Be("403"); - result.BlockInfo["grpc_status_code"].Should().Be("10"); - } - private Dictionary CreateArgs(string requestParam) => new() { { AddressesConstants.RequestUriRaw, "http://localhost:54587/" }, { AddressesConstants.RequestBody, new[] { "param", requestParam } }, { AddressesConstants.RequestMethod, "GET" } }; - private void UpdateWafWithActions(Action[] actions, Waf waf, bool placeInDifferentFiles = false) + private void UpdateWafWithActions(Action[] actions, Waf waf) { - ConfigurationStatus configurationStatus; - if (placeInDifferentFiles) - { - var i = 0; - var dic = actions.ToDictionary(_ => $"file{i++}", action => [action]); - - configurationStatus = new(string.Empty) { ActionsByFile = dic }; - } - else - { - configurationStatus = new(string.Empty) { ActionsByFile = { ["file"] = actions } }; - } - + ConfigurationStatus configurationStatus = new(string.Empty) { ActionsByFile = { ["file"] = actions } }; configurationStatus.IncomingUpdateState.WafKeysToApply.Add(ConfigurationStatus.WafActionsKey); var res = waf.UpdateWafFromConfigurationStatus(configurationStatus); res.Success.Should().BeTrue();