DataDog · eliottness · Dec 13, 2024 · Dec 18, 2024 · Dec 18, 2024 · Dec 18, 2024
@@ -20,7 +20,7 @@ tests/:
         Test_API_Security_Sampling_Different_Paths: missing_feature
         Test_API_Security_Sampling_Different_Status: missing_feature
         Test_API_Security_Sampling_Rate:
-          '*': v1.60.0-dev
+          '*': v1.60.0
           net-http: irrelevant (net-http doesn't handle path params)
         Test_API_Security_Sampling_With_Delay: missing_feature
       test_schemas.py:
@@ -30,7 +30,7 @@ tests/:
         Test_Schema_Request_Headers: v1.60.0
         Test_Schema_Request_Json_Body: v1.60.0
         Test_Schema_Request_Path_Parameters:
-          '*': v1.60.0-dev
+          '*': v1.60.0
           net-http: irrelevant (net-http cannot list path params)
         Test_Schema_Request_Query_Parameters: v1.60.0
         Test_Schema_Response_Body: missing_feature
@@ -167,8 +167,8 @@ tests/:
         Test_Sqli_BodyJson: v1.66.0
         Test_Sqli_BodyUrlEncoded: v1.66.0
         Test_Sqli_BodyXml: v1.66.0
-        Test_Sqli_Capability: v1.69.0-dev
-        Test_Sqli_Mandatory_SpanTags: v1.69.0-dev
+        Test_Sqli_Capability: v1.69.0
+        Test_Sqli_Mandatory_SpanTags: v1.69.0
         Test_Sqli_Optional_SpanTags: missing_feature
         Test_Sqli_Rules_Version: missing_feature
         Test_Sqli_StackTrace: v1.66.0
@@ -179,8 +179,8 @@ tests/:
         Test_Ssrf_BodyJson: v1.65.1
         Test_Ssrf_BodyUrlEncoded: v1.65.1
         Test_Ssrf_BodyXml: v1.65.1
-        Test_Ssrf_Capability: v1.69.0-dev
-        Test_Ssrf_Mandatory_SpanTags: v1.69.0-dev
+        Test_Ssrf_Capability: v1.69.0
+        Test_Ssrf_Mandatory_SpanTags: v1.69.0
         Test_Ssrf_Optional_SpanTags: missing_feature
         Test_Ssrf_Rules_Version: missing_feature
         Test_Ssrf_StackTrace: v1.65.1
@@ -301,7 +301,7 @@ tests/:
         echo: v1.36.0
         gin: v1.37.0
     test_asm_standalone.py:
-      Test_AppSecStandalone_UpstreamPropagation: missing_feature
+      Test_AppSecStandalone_UpstreamPropagation: v1.72.0-dev
       Test_IastStandalone_UpstreamPropagation: missing_feature
       Test_SCAStandalone_Telemetry: missing_feature
     test_automated_login_events.py:
@@ -350,13 +350,13 @@ tests/:
       Test_UserLoginFailureEvent: v1.47.0
       Test_UserLoginSuccessEvent: v1.47.0
     test_fingerprinting.py:
-      Test_Fingerprinting_Endpoint: v1.69.0-dev
-      Test_Fingerprinting_Endpoint_Capability: v1.69.0-dev
-      Test_Fingerprinting_Header_And_Network: v1.69.0-dev
-      Test_Fingerprinting_Header_Capability: v1.69.0-dev
-      Test_Fingerprinting_Network_Capability: v1.69.0-dev
-      Test_Fingerprinting_Session: v1.69.0-dev
-      Test_Fingerprinting_Session_Capability: v1.69.0-dev
+      Test_Fingerprinting_Endpoint: v1.69.0
+      Test_Fingerprinting_Endpoint_Capability: v1.69.0
+      Test_Fingerprinting_Header_And_Network: v1.69.0
+      Test_Fingerprinting_Header_Capability: v1.69.0
+      Test_Fingerprinting_Network_Capability: v1.69.0
+      Test_Fingerprinting_Session: v1.69.0
+      Test_Fingerprinting_Session_Capability: v1.69.0
     test_identify.py:
       Test_Basic: v1.37.0
     test_ip_blocking_full_denylist.py:
@@ -371,7 +371,7 @@ tests/:
       Test_SecurityEvents_Iast_Metastruct_Disabled: irrelevant (no fallback will be implemented)
       Test_SecurityEvents_Iast_Metastruct_Enabled: missing_feature
     test_remote_config_rule_changes.py:
-      Test_BlockingActionChangesWithRemoteConfig: v1.69.0-dev
+      Test_BlockingActionChangesWithRemoteConfig: v1.69.0
       Test_UpdateRuleFileWithRemoteConfig: bug (APPSEC-55377)
     test_reports.py:
       Test_ExtraTagsFromRule:
@@ -392,12 +392,12 @@ tests/:
     test_request_blocking.py:
       Test_AppSecRequestBlocking: v1.50.0-rc.1
     test_runtime_activation.py:
-      Test_RuntimeActivation: v1.69.0-dev
-      Test_RuntimeDeactivation: v1.69.0-dev
+      Test_RuntimeActivation: v1.69.0
+      Test_RuntimeDeactivation: v1.69.0
     test_shell_execution.py:
       Test_ShellExecution: missing_feature
     test_suspicious_attacker_blocking.py:
-      Test_Suspicious_Attacker_Blocking: v1.69.0-dev
+      Test_Suspicious_Attacker_Blocking: v1.69.0
     test_traces.py:
       Test_AppSecEventSpanTags:
         '*': v1.36.0
@@ -409,7 +409,7 @@ tests/:
       Test_CollectRespondHeaders:
         '*': v1.36.2
         gin: v1.37.0
-      Test_ExternalWafRequestsIdentification: v1.63.0-dev
+      Test_ExternalWafRequestsIdentification: v1.63.0
       Test_RetainTraces:
         '*': v1.36.0
         gin: v1.37.0
@@ -505,13 +505,13 @@ tests/:
       Test_Config_Dogstatsd: missing_feature
       Test_Config_RateLimit: v1.67.0
       Test_Config_Tags: v1.70.1
-      Test_Config_TraceAgentURL: v1.70.0-dev
+      Test_Config_TraceAgentURL: v1.70.0
       Test_Config_TraceEnabled: v1.67.0
-      Test_Config_TraceLogDirectory: v1.70.0-dev
+      Test_Config_TraceLogDirectory: v1.70.0
       Test_Config_UnifiedServiceTagging: bug (APMAPI-746)
     test_crashtracking.py: missing_feature
     test_dynamic_configuration.py:
-      TestDynamicConfigSamplingRules: v1.64.0-dev
+      TestDynamicConfigSamplingRules: v1.64.0
       TestDynamicConfigTracingEnabled: v1.61.0
       TestDynamicConfigV1: v1.59.0
       TestDynamicConfigV1_ServiceTargets: v1.59.0
@@ -544,10 +544,10 @@ tests/:
     test_trace_sampling.py:
       Test_Trace_Sampling_Basic: v1.37.0 # TODO what is the earliest version?
       Test_Trace_Sampling_Globs: v1.60.0
-      Test_Trace_Sampling_Globs_Feb2024_Revision: v1.64.0-dev
+      Test_Trace_Sampling_Globs_Feb2024_Revision: v1.64.0
       Test_Trace_Sampling_Resource: v1.60.0
       Test_Trace_Sampling_Tags: v1.60.0
-      Test_Trace_Sampling_Tags_Feb2024_Revision: v1.64.0-dev
+      Test_Trace_Sampling_Tags_Feb2024_Revision: v1.64.0
     test_tracer.py:
       Test_TracerSCITagging: v1.48.0
     test_tracer_flare.py:
@@ -603,7 +603,7 @@ tests/:
   test_library_conf.py:
     Test_HeaderTags: v1.53.0
     Test_HeaderTags_Colon_Leading: v1.53.0
-    Test_HeaderTags_Colon_Trailing: v1.70.0-dev
+    Test_HeaderTags_Colon_Trailing: v1.70.0
     Test_HeaderTags_DynamicConfig: missing_feature
     Test_HeaderTags_Long: v1.53.0
     Test_HeaderTags_Short: v1.53.0

@@ -302,6 +302,9 @@ func main() {
 		w.WriteHeader(http.StatusOK)
 	})
 
+	mux.HandleFunc("/requestdownstream", common.Requestdownstream)
+	mux.HandleFunc("/returnheaders", common.Returnheaders)
+
 	srv := &http.Server{
 		Addr:    ":7777",
 		Handler: mux,

@@ -268,6 +268,9 @@ func main() {
 	r.Any("/rasp/ssrf", echoHandleFunc(rasp.SSRF))
 	r.Any("/rasp/sqli", echoHandleFunc(rasp.SQLi))
 
+	r.Any("/requestdownstream", echoHandleFunc(common.Requestdownstream))
+	r.Any("/returnheaders", echoHandleFunc(common.Returnheaders))
+
 	common.InitDatadog()
 	go grpc.ListenAndServe()
 	go func() {

@@ -44,7 +44,7 @@ func main() {
 		log.Fatal(err)
 	}
 	defer profiler.Stop()
-	
+
 	r := gin.New()
 	r.Use(gintrace.Middleware("weblog"))
 
@@ -244,6 +244,9 @@ func main() {
 	r.Any("/rasp/ssrf", ginHandleFunc(rasp.SSRF))
 	r.Any("/rasp/sqli", ginHandleFunc(rasp.SQLi))
 
+	r.Any("/requestdownstream", ginHandleFunc(common.Requestdownstream))
+	r.Any("/returnheaders", ginHandleFunc(common.Returnheaders))
+
 	srv := &http.Server{
 		Addr:    ":7777",
 		Handler: r,

@@ -14,19 +14,15 @@ import (
 )
 
 type DatadogInformations struct {
-	Language                string `json:"language"`
-	Version                 string `json:"version"`
+	Language string `json:"language"`
+	Version  string `json:"version"`
 }
 
 type HealtchCheck struct {
 	Status  string              `json:"status"`
 	Library DatadogInformations `json:"library"`
 }
 
-func init() {
-	// os.Setenv("DD_TRACE_DEBUG", "true")
-}
-
 func InitDatadog() {
 	span := tracer.StartSpan("init.service")
 	defer span.Finish()
@@ -90,7 +86,7 @@ func GetDatadogInformations() (DatadogInformations, error) {
 	}
 
 	return DatadogInformations{
-		Language:                "golang",
-		Version:                 string(tracerVersion),
+		Language: "golang",
+		Version:  string(tracerVersion),
 	}, nil
 }
@@ -0,0 +1,40 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2024 Datadog, Inc.
+
+package common
+
+import (
+	"encoding/json"
+	"io"
+	"log"
+	"net/http"
+	"strings"
+
+	httptrace "gopkg.in/DataDog/dd-trace-go.v1/contrib/net/http"
+)
+
+func Requestdownstream(w http.ResponseWriter, r *http.Request) {
+	client := httptrace.WrapClient(http.DefaultClient, httptrace.RTWithPropagation(true))
+	req, _ := http.NewRequest(http.MethodGet, "http://127.0.0.1:7777/returnheaders", nil)
+	req = req.WithContext(r.Context())
+	res, err := client.Do(req)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer res.Body.Close()
+	io.Copy(w, res.Body)
+}
+
+func Returnheaders(w http.ResponseWriter, r *http.Request) {
+	headerStrStrMap := make(map[string]string, len(r.Header))
+	for key, values := range r.Header {
+		headerStrStrMap[key] = strings.Join(values, ",")
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(headerStrStrMap); err != nil {
+		panic(err)
+	}
+}
@@ -552,6 +552,9 @@ func main() {
 		appsec.TrackUserLoginSuccessEvent(r.Context(), user, map[string]string{}, tracer.WithUserSessionID(cookie.Value))
 	})
 
+	mux.HandleFunc("/requestdownstream", common.Requestdownstream)
+	mux.HandleFunc("/returnheaders", common.Returnheaders)
+
 	mux.HandleFunc("/rasp/lfi", rasp.LFI)
 	mux.HandleFunc("/rasp/ssrf", rasp.SSRF)
 	mux.HandleFunc("/rasp/sqli", rasp.SQLi)

@@ -881,6 +881,7 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
 github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310 h1:BUAU3CGlLvorLI26FmByPp2eC2qla6E1Tw+scpcg/to=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
@@ -1952,6 +1953,7 @@ github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3 h1:+n/aFZefKZp7spd8D
 github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE=
 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible h1:aKW/4cBs+yK6gpqU3K/oIwk9Q/XICqd3zOX/UFuvqmk=
 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
+github.com/mitchellh/cli v1.0.0 h1:iGBIsUe3+HZ/AD/Vd7DErOt5sU9fa8Uj7A2s1aggv1Y=
 github.com/mitchellh/cli v1.1.0 h1:tEElEatulEHDeedTxwckzyYMA5c86fbmNIUL1hBIiTg=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
@@ -2133,6 +2135,7 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pkg/sftp v1.13.1 h1:I2qBYMChEhIjOgazfJmV3/mZM256btk6wkCDRmW7JYs=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
+github.com/posener/complete v1.1.1 h1:ccV59UEOTzVDnDUEFdT95ZzHVZ+5+158q8+SJb2QV5w=
 github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 h1:0XM1XL/OFFJjXsYXlG30spTkV/E9+gmd5GD1w2HE8xM=
@@ -2345,8 +2348,6 @@ github.com/valyala/fasthttp v1.51.0 h1:8b30A5JlZ6C7AS81RsWjYMQmrZG6feChmgAolCl1S
 github.com/valyala/fasthttp v1.51.0/go.mod h1:oI2XroL+lI7vdXyYoQk03bXBThfFl2cVdIA3Xl7cH8g=
 github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVSA8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
-github.com/vektah/gqlparser/v2 v2.5.16 h1:1gcmLTvs3JLKXckwCwlUagVn/IlV2bwqle0vJ0vy5p8=
-github.com/vektah/gqlparser/v2 v2.5.16/go.mod h1:1lz1OeCqgQbQepsGxPVywrjdBHW2T08PUS3pJqepRww=
 github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=