From 22d8216ec8b7af1c291c962bb2141a36d028b633 Mon Sep 17 00:00:00 2001 From: Alexandre Rulleau Date: Tue, 3 Dec 2024 15:59:55 +0100 Subject: [PATCH] feat(appsec: extension): create new function for automated user signup event Signed-off-by: Alexandre Rulleau --- appsec/src/extension/tags.c | 174 ++++++++++++------ appsec/src/extension/user_tracking.c | 2 +- appsec/src/extension/user_tracking.h | 4 +- .../extension/track_user_signup_event.phpt | 6 +- ...user_signup_event_automated_anon_mode.phpt | 16 +- ...gnup_event_automated_anon_mode_compat.phpt | 17 +- ...p_event_automated_anon_mode_full_name.phpt | 16 +- ...r_signup_event_automated_default_mode.phpt | 13 +- ...ignup_event_automated_disabled_config.phpt | 7 +- ..._signup_event_automated_disabled_mode.phpt | 7 +- ...ser_signup_event_automated_ident_mode.phpt | 13 +- ...nup_event_automated_ident_mode_compat.phpt | 13 +- ..._event_automated_ident_mode_full_name.phpt | 13 +- ...r_signup_event_automated_invalid_mode.phpt | 7 +- ...r_signup_event_automated_no_root_span.phpt | 29 +++ .../track_user_signup_event_empty_login.phpt | 27 +++ .../track_user_signup_event_empty_user.phpt | 5 +- .../track_user_signup_event_no_root_span.phpt | 5 +- ..._user_signup_event_sdk_takes_priority.phpt | 12 +- ...er_signup_event_sdk_takes_priority_02.phpt | 14 +- ...er_signup_event_sdk_takes_priority_03.phpt | 18 +- tests/Appsec/Mock.php | 25 ++- 22 files changed, 285 insertions(+), 158 deletions(-) create mode 100644 appsec/tests/extension/track_user_signup_event_automated_no_root_span.phpt create mode 100644 appsec/tests/extension/track_user_signup_event_empty_login.phpt diff --git a/appsec/src/extension/tags.c b/appsec/src/extension/tags.c index 5936b950c7..d009136d00 100644 --- a/appsec/src/extension/tags.c +++ b/appsec/src/extension/tags.c @@ -47,8 +47,11 @@ #define DD_METRIC_ENABLED "_dd.appsec.enabled" #define DD_APPSEC_EVENTS_PREFIX "appsec.events." #define DD_SIGNUP_EVENT DD_APPSEC_EVENTS_PREFIX "users.signup" +#define DD_SIGNUP_EVENT_LOGIN DD_APPSEC_EVENTS_PREFIX "users.signup.usr.login" #define DD_LOGIN_SUCCESS_EVENT DD_APPSEC_EVENTS_PREFIX "users.login.success" #define DD_LOGIN_FAILURE_EVENT DD_APPSEC_EVENTS_PREFIX "users.login.failure" +#define DD_APPSEC_USR_ID "_dd.appsec.usr.id" +#define DD_APPSEC_USR_LOGIN "_dd.appsec.usr.login" #define DD_EVENTS_USER_SIGNUP_AUTO_MODE \ "_dd.appsec.events.users.signup.auto.mode" #define DD_EVENTS_USER_LOGIN_SUCCESS_AUTO_MODE \ @@ -79,9 +82,12 @@ static zend_string *_dd_tag_rh_content_language; // response static zend_string *_dd_tag_user_id; static zend_string *_dd_metric_enabled; static zend_string *_dd_signup_event; +static zend_string *_dd_signup_event_login; static zend_string *_dd_login_success_event; static zend_string *_dd_login_failure_event; static zend_string *_dd_login_failure_event; +static zend_string *_dd_appsec_user_id; +static zend_string *_dd_appsec_user_login; static zend_string *_dd_signup_event_auto_mode; static zend_string *_dd_login_success_event_auto_mode; static zend_string *_dd_login_failure_event_auto_mode; @@ -177,10 +183,16 @@ void dd_tags_startup() _track_zstr = zend_string_init_interned(LSTRARG("track"), 1 /* permanent */); _dd_signup_event = zend_string_init_interned(LSTRARG(DD_SIGNUP_EVENT), 1); + _dd_signup_event_login = + zend_string_init_interned(LSTRARG(DD_SIGNUP_EVENT_LOGIN), 1); _dd_login_success_event = zend_string_init_interned(LSTRARG(DD_LOGIN_SUCCESS_EVENT), 1); _dd_login_failure_event = zend_string_init_interned(LSTRARG(DD_LOGIN_FAILURE_EVENT), 1); + _dd_appsec_user_id = + zend_string_init_interned(LSTRARG(DD_APPSEC_USR_ID), 1); + _dd_appsec_user_login = + zend_string_init_interned(LSTRARG(DD_APPSEC_USR_LOGIN), 1); _dd_signup_event_auto_mode = zend_string_init_interned(LSTRARG(DD_EVENTS_USER_SIGNUP_AUTO_MODE), 1); _dd_login_success_event_auto_mode = zend_string_init_interned( @@ -877,7 +889,7 @@ static zval *nullable _root_span_get_meta() return meta; } -static PHP_FUNCTION(datadog_appsec_track_user_signup_event) +static PHP_FUNCTION(datadog_appsec_track_user_signup_event_automated) { UNUSED(return_value); if (!DDAPPSEC_G(active)) { @@ -886,83 +898,136 @@ static PHP_FUNCTION(datadog_appsec_track_user_signup_event) return; } - zend_string *user_id = NULL; zend_string *user_login = NULL; + zend_string *user_id = NULL; HashTable *metadata = NULL; - zend_bool automated = false; // Don't document. Only internal usage - zend_bool copy_user_id = true; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "SS|hb", &user_id, &user_login, - &metadata, &automated) == FAILURE) { + zend_bool copy_user_info = true; + if (zend_parse_parameters(ZEND_NUM_ARGS(), "SS|h", &user_login, &user_id, + &metadata) == FAILURE) { mlog(dd_log_warning, "Unexpected parameter combination, expected " - "(user_id, metadata)"); + "(user_login, user_id, metadata)"); return; } - if (automated) { - user_collection_mode mode = dd_get_user_collection_mode(); - if (mode == user_mode_disabled || - !get_DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED()) { - return; - } + if (user_login == NULL || ZSTR_LEN(user_login) == 0) { + mlog(dd_log_warning, "Unexpected empty user login"); + return; + } - if (mode == user_mode_anon) { - // Anonymize the user ID and ensure it isn't copied twice - user_id = dd_user_id_anonymize(user_id); - if (user_id == NULL) { - mlog(dd_log_debug, "Failed to anonymize user ID"); - return; - } + user_collection_mode mode = dd_get_user_collection_mode(); + if (mode == user_mode_disabled || + !get_DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED()) { + return; + } - copy_user_id = false; + if (mode == user_mode_anon) { + // Anonymize the user ID and ensure it isn't copied twice + user_id = dd_user_info_anonymize(user_id); + if (user_id == NULL) { + mlog(dd_log_debug, "Failed to anonymize user ID"); + return; } - } else { - if (user_id == NULL || ZSTR_LEN(user_id) == 0) { - mlog(dd_log_warning, "Unexpected empty user id"); + + user_login = dd_user_info_anonymize(user_login); + if (user_login == NULL) { + mlog(dd_log_debug, "Failed to anonymize user login"); return; } + + copy_user_info = false; } zval *nullable meta = _root_span_get_meta(); if (!meta) { - if (!copy_user_id) { + if (!copy_user_info) { zend_string_release(user_id); + zend_string_release(user_login); } return; } _user_event_triggered = true; - zend_array *meta_ht = Z_ARRVAL_P(meta); - bool override = !automated; if (user_id && ZSTR_LEN(user_id) > 0) { // usr.id = _add_new_zstr_to_meta( - meta_ht, _dd_tag_user_id, user_id, copy_user_id, override); + meta_ht, _dd_tag_user_id, user_id, copy_user_info, false); + + // _dd.appsec.usr.id = + _add_new_zstr_to_meta( + meta_ht, _dd_appsec_user_id, user_id, copy_user_info, true); } - if (automated) { - // In automated mode, metadata must no longer be sent + // _dd.appsec.events.users.signup.auto.mode = + // + if (mode != user_mode_disabled) { + _add_new_zstr_to_meta(meta_ht, _dd_signup_event_auto_mode, + dd_get_user_collection_mode_zstr(), true, false); + } - // _dd.appsec.events.users.signup.auto.mode = - // - if (dd_get_user_collection_mode() != user_mode_disabled) { - _add_new_zstr_to_meta(meta_ht, _dd_signup_event_auto_mode, - dd_get_user_collection_mode_zstr(), true, override); - } - } else { - // _dd.appsec.events.users.signup.sdk = true - _add_new_zstr_to_meta( - meta_ht, _dd_signup_event_sdk, _true_zstr, true, override); + // _dd.appsec.events.users.signup.usr.login = + _add_new_zstr_to_meta( + meta_ht, _dd_signup_event_login, user_login, copy_user_info, true); - // appsec.events.users.signup. = - _add_custom_event_metadata( - meta_ht, _dd_signup_event, metadata, override); + // _dd.appsec.usr.login = + _add_new_zstr_to_meta( + meta_ht, _dd_appsec_user_login, user_login, copy_user_info, true); + + // appsec.events.users.login.success.track = true + _add_custom_event_keyval( + meta_ht, _dd_signup_event, _track_zstr, _true_zstr, true, false); + + dd_tags_set_sampling_priority(); +} + +static PHP_FUNCTION(datadog_appsec_track_user_signup_event) +{ + UNUSED(return_value); + if (!DDAPPSEC_G(active)) { + mlog(dd_log_debug, "Trying to access to track_user_signup_event " + "function while appsec is disabled"); + return; + } + + zend_string *user_id = NULL; + HashTable *metadata = NULL; + zend_bool automated = false; // Don't document. Only internal usage + zend_bool copy_user_id = true; + if (zend_parse_parameters(ZEND_NUM_ARGS(), "S|hb", &user_id, &metadata, + &automated) == FAILURE) { + mlog(dd_log_warning, "Unexpected parameter combination, expected " + "(user_id, metadata)"); + return; } + if (user_id == NULL || ZSTR_LEN(user_id) == 0) { + mlog(dd_log_warning, "Unexpected empty user id"); + return; + } + + zval *nullable meta = _root_span_get_meta(); + if (!meta) { + return; + } + + _user_event_triggered = true; + zend_array *meta_ht = Z_ARRVAL_P(meta); + + // usr.id = + _add_new_zstr_to_meta( + meta_ht, _dd_tag_user_id, user_id, copy_user_id, true); + + // _dd.appsec.events.users.signup.sdk = true + _add_new_zstr_to_meta( + meta_ht, _dd_signup_event_sdk, _true_zstr, true, true); + + // appsec.events.users.signup. = + _add_custom_event_metadata(meta_ht, _dd_signup_event, metadata, true); + // appsec.events.users.login.success.track = true _add_custom_event_keyval( - meta_ht, _dd_signup_event, _track_zstr, _true_zstr, true, override); + meta_ht, _dd_signup_event, _track_zstr, _true_zstr, true, true); dd_tags_set_sampling_priority(); } @@ -995,7 +1060,7 @@ static PHP_FUNCTION(datadog_appsec_track_user_login_success_event) } if (mode == user_mode_anon) { - user_id = dd_user_id_anonymize(user_id); + user_id = dd_user_info_anonymize(user_id); if (user_id == NULL) { mlog(dd_log_debug, "Failed to anonymize user ID"); return; @@ -1086,7 +1151,7 @@ static PHP_FUNCTION(datadog_appsec_track_user_login_failure_event) } if (mode == user_mode_anon) { - user_id = dd_user_id_anonymize(user_id); + user_id = dd_user_info_anonymize(user_id); if (user_id == NULL) { mlog(dd_log_debug, "Failed to anonymize user ID"); return; @@ -1254,23 +1319,27 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(add_ancillary_tags, 0, 1, IS_VOID, 0) ZEND_ARG_TYPE_INFO(2, "_server", IS_ARRAY, 0) ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(track_user_login_success_event_arginfo, 0, 0, IS_VOID, 4) +ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(track_user_login_success_event_arginfo, 0, 0, IS_VOID, 3) ZEND_ARG_INFO(0, user_id) +ZEND_ARG_INFO(0, metadata) +ZEND_ARG_INFO(0, automated) +ZEND_END_ARG_INFO() + +ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(track_user_signup_event_automated_arginfo, 0, 0, IS_VOID, 4) ZEND_ARG_INFO(0, user_login) +ZEND_ARG_INFO(0, user_id) ZEND_ARG_INFO(0, metadata) ZEND_ARG_INFO(0, automated) ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(datadog_appsec_track_user_signup_event_arginfo, 0, 0, IS_VOID, 4) +ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(track_user_signup_event_arginfo, 0, 0, IS_VOID, 3) ZEND_ARG_INFO(0, user_id) -ZEND_ARG_INFO(0, user_login) ZEND_ARG_INFO(0, metadata) ZEND_ARG_INFO(0, automated) ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(track_user_login_failure_event_arginfo, 0, 0, IS_VOID, 5) +ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(track_user_login_failure_event_arginfo, 0, 0, IS_VOID, 4) ZEND_ARG_INFO(0, user_id) -ZEND_ARG_INFO(0, user_login) ZEND_ARG_INFO(0, exists) ZEND_ARG_INFO(0, metadata) ZEND_ARG_INFO(0, automated) @@ -1282,7 +1351,8 @@ ZEND_ARG_INFO(0, metadata) ZEND_END_ARG_INFO() static const zend_function_entry functions[] = { - ZEND_RAW_FENTRY(DD_APPSEC_NS "track_user_signup_event", PHP_FN(datadog_appsec_track_user_signup_event), datadog_appsec_track_user_signup_event_arginfo, 0, NULL, NULL) + ZEND_RAW_FENTRY(DD_APPSEC_NS "track_user_signup_event_automated", PHP_FN(datadog_appsec_track_user_signup_event_automated), track_user_signup_event_automated_arginfo, 0, NULL, NULL) + ZEND_RAW_FENTRY(DD_APPSEC_NS "track_user_signup_event", PHP_FN(datadog_appsec_track_user_signup_event), track_user_signup_event_arginfo, 0, NULL, NULL) ZEND_RAW_FENTRY(DD_APPSEC_NS "track_user_login_success_event", PHP_FN(datadog_appsec_track_user_login_success_event), track_user_login_success_event_arginfo, 0, NULL, NULL) ZEND_RAW_FENTRY(DD_APPSEC_NS "track_user_login_failure_event", PHP_FN(datadog_appsec_track_user_login_failure_event), track_user_login_failure_event_arginfo, 0, NULL, NULL) ZEND_RAW_FENTRY(DD_APPSEC_NS "track_custom_event", PHP_FN(datadog_appsec_track_custom_event), track_custom_event_arginfo, 0, NULL, NULL) diff --git a/appsec/src/extension/user_tracking.c b/appsec/src/extension/user_tracking.c index 8f301128f4..a2e65dfedd 100644 --- a/appsec/src/extension/user_tracking.c +++ b/appsec/src/extension/user_tracking.c @@ -181,7 +181,7 @@ bool dd_parse_user_collection_mode( return true; } -zend_string *nullable dd_user_id_anonymize(zend_string *nonnull user_id) +zend_string *nullable dd_user_info_anonymize(zend_string *nonnull user_id) { zend_string *digest; const php_hash_ops *ops; diff --git a/appsec/src/extension/user_tracking.h b/appsec/src/extension/user_tracking.h index 2137b8c0c4..9db34d309a 100644 --- a/appsec/src/extension/user_tracking.h +++ b/appsec/src/extension/user_tracking.h @@ -5,8 +5,8 @@ // (https://www.datadoghq.com/). Copyright 2021 Datadog, Inc. #pragma once -#include "configuration.h" #include "attributes.h" +#include "configuration.h" #include typedef enum _user_collection_mode { @@ -23,7 +23,7 @@ void dd_find_and_apply_verdict_for_user(zend_string *nonnull user_id); bool dd_parse_user_collection_mode( zai_str value, zval *nonnull decoded_value, bool persistent); -zend_string*nullable dd_user_id_anonymize(zend_string *nonnull user_id); +zend_string *nullable dd_user_info_anonymize(zend_string *nonnull user_id); user_collection_mode dd_get_user_collection_mode(void); zend_string *nonnull dd_get_user_collection_mode_zstr(void); diff --git a/appsec/tests/extension/track_user_signup_event.phpt b/appsec/tests/extension/track_user_signup_event.phpt index 9dc3141d8d..bb146db255 100644 --- a/appsec/tests/extension/track_user_signup_event.phpt +++ b/appsec/tests/extension/track_user_signup_event.phpt @@ -12,12 +12,12 @@ include __DIR__ . '/inc/ddtrace_version.php'; ddtrace_version_at_least('0.79.0'); -track_user_signup_event("Admin", "1234", +track_user_signup_event("sdkID", [ "value" => "something", "metadata" => "some other metadata", "email" => "noneofyour@business.com" -], false); +]); rshutdown(); @@ -34,7 +34,7 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => Admin + [usr.id] => sdkID [_dd.appsec.events.users.signup.sdk] => true [appsec.events.users.signup.value] => something [appsec.events.users.signup.metadata] => some other metadata diff --git a/appsec/tests/extension/track_user_signup_event_automated_anon_mode.phpt b/appsec/tests/extension/track_user_signup_event_automated_anon_mode.phpt index 6c5e4b5964..714987b228 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_anon_mode.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_anon_mode.phpt @@ -8,18 +8,17 @@ DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=anon --FILE-- "something", "metadata" => "some other metadata", "email" => "noneofyour@business.com" -], -true); +]); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); @@ -29,11 +28,10 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => anon_03ac674216f3e15c761ee1a5e255f067 + [usr.id] => anon_b3ddafd7029d645b44fb990eea55b003 + [_dd.appsec.usr.id] => anon_b3ddafd7029d645b44fb990eea55b003 [_dd.appsec.events.users.signup.auto.mode] => anonymization + [appsec.events.users.signup.usr.login] => anon_428821350e9691491f616b754cd8315f + [_dd.appsec.usr.login] => anon_428821350e9691491f616b754cd8315f [appsec.events.users.signup.track] => true - [_dd.appsec.usr.id] => anon_03ac674216f3e15c761ee1a5e255f067 - [appsec.events.users.signup.usr.id] => anon_03ac674216f3e15c761ee1a5e255f067 - [_dd.appsec.usr.login] => anon_03ac674216f3e15c761ee1a5e255f067 - [appsec.events.users.signup.usr.login] => anon_03ac674216f3e15c761ee1a5e255f067 ) diff --git a/appsec/tests/extension/track_user_signup_event_automated_anon_mode_compat.phpt b/appsec/tests/extension/track_user_signup_event_automated_anon_mode_compat.phpt index e988fe3084..54312780d7 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_anon_mode_compat.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_anon_mode_compat.phpt @@ -8,18 +8,17 @@ DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING=safe --FILE-- "something", "metadata" => "some other metadata", "email" => "noneofyour@business.com" -], -true); +]); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); @@ -29,12 +28,10 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => anon_03ac674216f3e15c761ee1a5e255f067 + [usr.id] => anon_b3ddafd7029d645b44fb990eea55b003 + [_dd.appsec.usr.id] => anon_b3ddafd7029d645b44fb990eea55b003 [_dd.appsec.events.users.signup.auto.mode] => anonymization + [appsec.events.users.signup.usr.login] => anon_428821350e9691491f616b754cd8315f + [_dd.appsec.usr.login] => anon_428821350e9691491f616b754cd8315f [appsec.events.users.signup.track] => true - - [_dd.appsec.usr.id] => anon_03ac674216f3e15c761ee1a5e255f067 - [appsec.events.users.signup.usr.id] => anon_03ac674216f3e15c761ee1a5e255f067 - [_dd.appsec.usr.login] => anon_03ac674216f3e15c761ee1a5e255f067 - [appsec.events.users.signup.usr.login] => anon_03ac674216f3e15c761ee1a5e255f067 ) diff --git a/appsec/tests/extension/track_user_signup_event_automated_anon_mode_full_name.phpt b/appsec/tests/extension/track_user_signup_event_automated_anon_mode_full_name.phpt index a230fbbdeb..5cb465019e 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_anon_mode_full_name.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_anon_mode_full_name.phpt @@ -8,18 +8,17 @@ DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=anonymization --FILE-- "something", "metadata" => "some other metadata", "email" => "noneofyour@business.com" -], -true); +]); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); @@ -29,11 +28,10 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => anon_03ac674216f3e15c761ee1a5e255f067 + [usr.id] => anon_b3ddafd7029d645b44fb990eea55b003 + [_dd.appsec.usr.id] => anon_b3ddafd7029d645b44fb990eea55b003 [_dd.appsec.events.users.signup.auto.mode] => anonymization + [appsec.events.users.signup.usr.login] => anon_428821350e9691491f616b754cd8315f + [_dd.appsec.usr.login] => anon_428821350e9691491f616b754cd8315f [appsec.events.users.signup.track] => true - [_dd.appsec.usr.id] => anon_03ac674216f3e15c761ee1a5e255f067 - [appsec.events.users.signup.usr.id] => anon_03ac674216f3e15c761ee1a5e255f067 - [_dd.appsec.usr.login] => anon_03ac674216f3e15c761ee1a5e255f067 - [appsec.events.users.signup.usr.login] => anon_03ac674216f3e15c761ee1a5e255f067 ) diff --git a/appsec/tests/extension/track_user_signup_event_automated_default_mode.phpt b/appsec/tests/extension/track_user_signup_event_automated_default_mode.phpt index 9bf1837936..03533f3552 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_default_mode.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_default_mode.phpt @@ -7,12 +7,12 @@ DD_APPSEC_ENABLED=1 --FILE-- %s - [usr.id] => 1234 + [usr.id] => automatedID + [_dd.appsec.usr.id] => automatedID [_dd.appsec.events.users.signup.auto.mode] => identification + [appsec.events.users.signup.usr.login] => login + [_dd.appsec.usr.login] => login [appsec.events.users.signup.track] => true - [_dd.appsec.usr.id] => 1234 - [appsec.events.users.signup.usr.id] => 1234 - [_dd.appsec.usr.login] => 5678 - [appsec.events.users.signup.usr.login] => 5678 ) diff --git a/appsec/tests/extension/track_user_signup_event_automated_disabled_config.phpt b/appsec/tests/extension/track_user_signup_event_automated_disabled_config.phpt index c8f259d3ca..fc1adb29f1 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_disabled_config.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_disabled_config.phpt @@ -9,18 +9,17 @@ DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING_ENABLED=0 --FILE-- "something", "metadata" => "some other metadata", "email" => "noneofyour@business.com" -], -true); +]); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); diff --git a/appsec/tests/extension/track_user_signup_event_automated_disabled_mode.phpt b/appsec/tests/extension/track_user_signup_event_automated_disabled_mode.phpt index 9492f2b63c..d7a5ca4e09 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_disabled_mode.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_disabled_mode.phpt @@ -8,18 +8,17 @@ DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=disabled --FILE-- "something", "metadata" => "some other metadata", "email" => "noneofyour@business.com" -], -true); +]); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); diff --git a/appsec/tests/extension/track_user_signup_event_automated_ident_mode.phpt b/appsec/tests/extension/track_user_signup_event_automated_ident_mode.phpt index 7026ca03c7..6e3f908b8b 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_ident_mode.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_ident_mode.phpt @@ -8,12 +8,12 @@ DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=ident --FILE-- 'some@email.com'], true); +track_user_signup_event_automated("login", "automatedID", ['email' => 'some@email.com']); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); @@ -23,11 +23,10 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => sensitiveId + [usr.id] => automatedID + [_dd.appsec.usr.id] => automatedID [_dd.appsec.events.users.signup.auto.mode] => identification - [appsec.events.users.signup.track] => true - [_dd.appsec.usr.id] => sensitiveId - [appsec.events.users.signup.usr.id] => sensitiveId - [_dd.appsec.usr.login] => login [appsec.events.users.signup.usr.login] => login + [_dd.appsec.usr.login] => login + [appsec.events.users.signup.track] => true ) diff --git a/appsec/tests/extension/track_user_signup_event_automated_ident_mode_compat.phpt b/appsec/tests/extension/track_user_signup_event_automated_ident_mode_compat.phpt index 363b9445ce..f6b8d9d322 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_ident_mode_compat.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_ident_mode_compat.phpt @@ -8,12 +8,12 @@ DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING=extended --FILE-- 'some@email.com'], true); +track_user_signup_event_automated("login", "automatedID", ['email' => 'some@email.com']); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); @@ -23,11 +23,10 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => sensitiveId + [usr.id] => automatedID + [_dd.appsec.usr.id] => automatedID [_dd.appsec.events.users.signup.auto.mode] => identification - [appsec.events.users.signup.track] => true - [_dd.appsec.usr.id] => sensitiveId - [appsec.events.users.signup.usr.id] => sensitiveId - [_dd.appsec.usr.login] => login [appsec.events.users.signup.usr.login] => login + [_dd.appsec.usr.login] => login + [appsec.events.users.signup.track] => true ) diff --git a/appsec/tests/extension/track_user_signup_event_automated_ident_mode_full_name.phpt b/appsec/tests/extension/track_user_signup_event_automated_ident_mode_full_name.phpt index 1494caee53..2122db46bb 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_ident_mode_full_name.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_ident_mode_full_name.phpt @@ -8,12 +8,12 @@ DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=identification --FILE-- 'some@email.com'], true); +track_user_signup_event_automated("login", "automatedID", ['email' => 'some@email.com']); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); @@ -23,11 +23,10 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => sensitiveId + [usr.id] => automatedID + [_dd.appsec.usr.id] => automatedID [_dd.appsec.events.users.signup.auto.mode] => identification - [appsec.events.users.signup.track] => true - [_dd.appsec.usr.id] => sensitiveId - [appsec.events.users.signup.usr.id] => sensitiveId - [_dd.appsec.usr.login] => login [appsec.events.users.signup.usr.login] => login + [_dd.appsec.usr.login] => login + [appsec.events.users.signup.track] => true ) diff --git a/appsec/tests/extension/track_user_signup_event_automated_invalid_mode.phpt b/appsec/tests/extension/track_user_signup_event_automated_invalid_mode.phpt index c03d6b0e7d..f80e4557fa 100644 --- a/appsec/tests/extension/track_user_signup_event_automated_invalid_mode.phpt +++ b/appsec/tests/extension/track_user_signup_event_automated_invalid_mode.phpt @@ -8,18 +8,17 @@ DD_APPSEC_AUTO_USER_INSTRUMENTATION_MODE=invalid --FILE-- "something", "metadata" => "some other metadata", "email" => "noneofyour@business.com" -], -true); +]); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); diff --git a/appsec/tests/extension/track_user_signup_event_automated_no_root_span.phpt b/appsec/tests/extension/track_user_signup_event_automated_no_root_span.phpt new file mode 100644 index 0000000000..356a698bc5 --- /dev/null +++ b/appsec/tests/extension/track_user_signup_event_automated_no_root_span.phpt @@ -0,0 +1,29 @@ +--TEST-- +Track an automated user login success event when no root span is available and verify the logs +--INI-- +extension=ddtrace.so +datadog.appsec.log_file=/tmp/php_appsec_test.log +datadog.appsec.log_level=debug +--ENV-- +DD_TRACE_GENERATE_ROOT_SPAN=0 +DD_APPSEC_ENABLED=1 +--FILE-- + "something", + "metadata" => "some other metadata", + "email" => "noneofyour@business.com" +]); + + +require __DIR__ . '/inc/logging.php'; +match_log("/No root span available on request init/"); +?> +--EXPECTF-- +found message in log matching /No root span available on request init/ diff --git a/appsec/tests/extension/track_user_signup_event_empty_login.phpt b/appsec/tests/extension/track_user_signup_event_empty_login.phpt new file mode 100644 index 0000000000..dd9057c481 --- /dev/null +++ b/appsec/tests/extension/track_user_signup_event_empty_login.phpt @@ -0,0 +1,27 @@ +--TEST-- +Track an automated user login success event with an empty user login and verify the logs +--INI-- +extension=ddtrace.so +datadog.appsec.log_file=/tmp/php_appsec_test.log +datadog.appsec.log_level=debug +--ENV-- +DD_APPSEC_ENABLED=1 +--FILE-- + "something", + "metadata" => "some other metadata", + "email" => "noneofyour@business.com" +]); + +require __DIR__ . '/inc/logging.php'; +match_log("/Unexpected empty user login/"); +?> +--EXPECTF-- +found message in log matching /Unexpected empty user login/ diff --git a/appsec/tests/extension/track_user_signup_event_empty_user.phpt b/appsec/tests/extension/track_user_signup_event_empty_user.phpt index 022403f285..23bd0a60ec 100644 --- a/appsec/tests/extension/track_user_signup_event_empty_user.phpt +++ b/appsec/tests/extension/track_user_signup_event_empty_user.phpt @@ -8,18 +8,17 @@ datadog.appsec.log_level=debug DD_APPSEC_ENABLED=1 --FILE-- "something", "metadata" => "some other metadata", "email" => "noneofyour@business.com" -], false); +]); require __DIR__ . '/inc/logging.php'; match_log("/Unexpected empty user id/"); diff --git a/appsec/tests/extension/track_user_signup_event_no_root_span.phpt b/appsec/tests/extension/track_user_signup_event_no_root_span.phpt index 330ac91c9a..bd8e63c724 100644 --- a/appsec/tests/extension/track_user_signup_event_no_root_span.phpt +++ b/appsec/tests/extension/track_user_signup_event_no_root_span.phpt @@ -9,18 +9,17 @@ DD_TRACE_GENERATE_ROOT_SPAN=0 DD_APPSEC_ENABLED=1 --FILE-- "something", "metadata" => "some other metadata", "email" => "noneofyour@business.com" -], false); +]); require __DIR__ . '/inc/logging.php'; diff --git a/appsec/tests/extension/track_user_signup_event_sdk_takes_priority.phpt b/appsec/tests/extension/track_user_signup_event_sdk_takes_priority.phpt index 7099a6dc79..cc7c3a7099 100644 --- a/appsec/tests/extension/track_user_signup_event_sdk_takes_priority.phpt +++ b/appsec/tests/extension/track_user_signup_event_sdk_takes_priority.phpt @@ -8,12 +8,13 @@ DD_APPSEC_ENABLED=1 "something-from-sdk"], false); //Sdk -track_user_signup_event("1234", "5678", ["value" => "something-from-automated"], true); //Automated +track_user_signup_event("sdkID", ["value" => "something-from-sdk"]); +track_user_signup_event_automated("login", "automatedID", ["value" => "something-from-automated"]); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); @@ -23,13 +24,12 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => Admin + [usr.id] => sdkID [_dd.appsec.events.users.signup.sdk] => true [appsec.events.users.signup.value] => something-from-sdk [appsec.events.users.signup.track] => true + [_dd.appsec.usr.id] => automatedID [_dd.appsec.events.users.signup.auto.mode] => identification - [_dd.appsec.usr.id] => Admin - [appsec.events.users.signup.usr.id] => Admin - [_dd.appsec.usr.login] => login [appsec.events.users.signup.usr.login] => login + [_dd.appsec.usr.login] => login ) diff --git a/appsec/tests/extension/track_user_signup_event_sdk_takes_priority_02.phpt b/appsec/tests/extension/track_user_signup_event_sdk_takes_priority_02.phpt index caa8cbf4af..ee6366faa1 100644 --- a/appsec/tests/extension/track_user_signup_event_sdk_takes_priority_02.phpt +++ b/appsec/tests/extension/track_user_signup_event_sdk_takes_priority_02.phpt @@ -8,12 +8,13 @@ DD_APPSEC_ENABLED=1 "something-from-automated"], true); //Automated -track_user_signup_event("Admin", "login", ["value" => "something-from-sdk"], false); //Sdk +track_user_signup_event_automated("login", "automatedID", ["value" => "something-from-automated"]); +track_user_signup_event("sdkID", ["value" => "something-from-sdk"]); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); @@ -23,13 +24,12 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => Admin + [usr.id] => sdkID + [_dd.appsec.usr.id] => automatedID [_dd.appsec.events.users.signup.auto.mode] => identification + [appsec.events.users.signup.usr.login] => login + [_dd.appsec.usr.login] => login [appsec.events.users.signup.track] => true [_dd.appsec.events.users.signup.sdk] => true [appsec.events.users.signup.value] => something-from-sdk - [_dd.appsec.usr.id] => Admin - [appsec.events.users.signup.usr.id] => Admin - [_dd.appsec.usr.login] => login - [appsec.events.users.signup.usr.login] => login ) diff --git a/appsec/tests/extension/track_user_signup_event_sdk_takes_priority_03.phpt b/appsec/tests/extension/track_user_signup_event_sdk_takes_priority_03.phpt index 6a09b1a34a..45245a10e3 100644 --- a/appsec/tests/extension/track_user_signup_event_sdk_takes_priority_03.phpt +++ b/appsec/tests/extension/track_user_signup_event_sdk_takes_priority_03.phpt @@ -8,14 +8,15 @@ DD_APPSEC_ENABLED=1 "something-from-automated"], true); //Automated -track_user_signup_event("Admin", "login", ["value" => "something-from-sdk"], false); //Sdk -track_user_signup_event("OtherUser", "Otherlogin", ["value" => "something-from-sdk-2"], false); //Sdk -track_user_signup_event("456", "789", ["value" => "something-from-automated-2"], true); //Automated +track_user_signup_event_automated("login", "automatedID", ["value" => "something-from-automated"]); +track_user_signup_event("sdkID", ["value" => "something-from-sdk"]); +track_user_signup_event("OtherSdkID", ["value" => "something-from-sdk-2"]); +track_user_signup_event_automated("OtherLogin", "OtherAutomatedID", ["value" => "something-from-automated-2"]); echo "root_span_get_meta():\n"; print_r(root_span_get_meta()); @@ -25,13 +26,12 @@ root_span_get_meta(): Array ( [runtime-id] => %s - [usr.id] => OtherUser + [usr.id] => OtherSdkID + [_dd.appsec.usr.id] => OtherAutomatedID [_dd.appsec.events.users.signup.auto.mode] => identification + [appsec.events.users.signup.usr.login] => OtherLogin + [_dd.appsec.usr.login] => OtherLogin [appsec.events.users.signup.track] => true [_dd.appsec.events.users.signup.sdk] => true [appsec.events.users.signup.value] => something-from-sdk-2 - [_dd.appsec.usr.id] => OtherUser - [appsec.events.users.signup.usr.id] => OtherUser - [_dd.appsec.usr.login] => OtherLogin - [appsec.events.users.signup.usr.login] => OtherLogin ) diff --git a/tests/Appsec/Mock.php b/tests/Appsec/Mock.php index 7ba0c62b2f..a6cd2bb05d 100644 --- a/tests/Appsec/Mock.php +++ b/tests/Appsec/Mock.php @@ -136,26 +136,43 @@ function track_user_login_failure_event($userId, $userLogin, $exists, $metadata, } } -if (!function_exists('datadog\appsec\track_user_signup_event')) { +if (!function_exists('datadog\appsec\track_user_signup_event_automated')) { /** * This function is exposed by appsec but here we are mocking it for tests */ - function track_user_signup_event($userId, $userLogin, $metadata, $automated) + function track_user_signup_event($userLogin, $userId, $metadata) { if (!appsecMockEnabled()) { return; } $event = [ - 'userId' => $userId, 'userLogin' => $userLogin, + 'userId' => $userId, 'metadata' => $metadata, - 'automated' => $automated ]; AppsecStatus::getInstance()->addEvent($event, 'track_user_signup_event'); } } +if (!function_exists('datadog\appsec\track_user_signup_event')) { + /** + * This function is exposed by appsec but here we are mocking it for tests + */ + function track_user_signup_event($userId, $metadata) + + { + if (!appsecMockEnabled()) { + return; + } + $event = [ + 'userId' => $userId, + 'metadata' => $metadata, + ]; + AppsecStatus::getInstance()->addEvent($event, 'track_user_signup_event'); + } +} + if (!function_exists('datadog\appsec\push_address')) { /** * This function is exposed by appsec but here we are mocking it for tests