Skip to content

Commit 126cc4c

Browse files
manuel-alvarez-alvarezmanuel-alvarez-alvarez
committed
Ensure usr.exists tag is not overridden by auto instrumentation
1 parent 429031c commit 126cc4c

File tree

2 files changed

+39
-3
lines changed

2 files changed

+39
-3
lines changed

dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -279,9 +279,6 @@ private Flow<Void> onLoginEvent(
279279

280280
// update span tags
281281
segment.setTagTop("appsec.events." + eventName + ".track", true, true);
282-
if (exists != null) {
283-
segment.setTagTop("appsec.events." + eventName + ".usr.exists", exists, true);
284-
}
285282
if (metadata != null && !metadata.isEmpty()) {
286283
segment.setTagTop("appsec.events." + eventName, metadata, true);
287284
}
@@ -315,6 +312,10 @@ private Flow<Void> onLoginEvent(
315312
segment.setTagTop("_dd.appsec.user.collection_mode", mode.fullName());
316313
}
317314

315+
if (exists != null) {
316+
segment.setTagTop("appsec.events." + eventName + ".usr.exists", exists, true);
317+
}
318+
318319
// update user span tags
319320
segment.setTagTop("appsec.events." + eventName + ".usr.login", user, true);
320321

dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1285,6 +1285,41 @@ class GatewayBridgeSpecification extends DDSpecification {
12851285
0 * eventDispatcher.publishDataEvent
12861286
}
12871287
1288+
void "test onLoginFailure (automated login events should not overwrite SDK)"() {
1289+
setup:
1290+
final firstUser = 'user1'
1291+
final secondUser = 'user2'
1292+
eventDispatcher.getDataSubscribers(_) >> nonEmptyDsInfo
1293+
1294+
when:
1295+
loginEventCB.apply(ctx, SDK, 'users.login.failure', true, firstUser, null)
1296+
1297+
then:
1298+
1 * traceSegment.setTagTop('appsec.events.users.login.failure.usr.login', firstUser, true)
1299+
1 * traceSegment.setTagTop('_dd.appsec.events.users.login.failure.sdk', true, true)
1300+
1 * traceSegment.setTagTop('_dd.appsec.user.collection_mode', 'sdk')
1301+
1 * traceSegment.setTagTop('appsec.events.users.login.failure.usr.exists', true, true)
1302+
1303+
0 * traceSegment.setTagTop('_dd.appsec.usr.login', _)
1304+
0 * traceSegment.setTagTop('_dd.appsec.events.users.login.failure.auto.mode', _, _)
1305+
1306+
1 * eventDispatcher.publishDataEvent(nonEmptyDsInfo, ctx.data, _ as DataBundle, _ as GatewayContext) >> NoopFlow.INSTANCE
1307+
1308+
when:
1309+
loginEventCB.apply(ctx, IDENTIFICATION, 'users.login.failure', false, secondUser, null)
1310+
1311+
then:
1312+
0 * traceSegment.setTagTop('appsec.events.users.login.failure.usr.login', _, _)
1313+
0 * traceSegment.setTagTop('_dd.appsec.events.users.login.failure.sdk', _, _)
1314+
0 * traceSegment.setTagTop('_dd.appsec.user.collection_mode', _)
1315+
0 * traceSegment.setTagTop('appsec.events.users.login.failure.usr.exists', _, _)
1316+
1317+
1 * traceSegment.setTagTop('_dd.appsec.usr.login', secondUser)
1318+
1 * traceSegment.setTagTop('_dd.appsec.events.users.login.failure.auto.mode', IDENTIFICATION.fullName(), true)
1319+
1320+
0 * eventDispatcher.publishDataEvent
1321+
}
1322+
12881323
void 'test configuration updates should reset cached subscriptions'() {
12891324
when:
12901325
requestSessionCB.apply(ctx, UUID.randomUUID().toString())

0 commit comments

Comments
 (0)