DataDog · iunanua · Nov 6, 2024 · Nov 5, 2024 · Nov 5, 2024 · Nov 5, 2024
@@ -354,7 +354,7 @@ tests/:
       Test_Basic: v2.0.0
     test_asm_standalone.py:
       Test_AppSecStandalone_UpstreamPropagation: *ref_5_18_0
-      Test_IastStandalone_UpstreamPropagation: missing_feature
+      Test_IastStandalone_UpstreamPropagation: *ref_5_18_0
     test_automated_login_events.py:
       Test_Login_Events:
         '*': *ref_4_4_0

@@ -342,6 +342,8 @@ def all_endtoend_scenarios(test_object):
             "DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED": "true",
             "DD_IAST_ENABLED": "true",
             "DD_IAST_DETECTION_MODE": "FULL",
+            "DD_IAST_DEDUPLICATION_ENABLED": "false",
+            "DD_IAST_REQUEST_SAMPLING": "100",
         },
         doc="Source code vulnerability standalone mode (APM opt out)",
         scenario_groups=[ScenarioGroup.APPSEC],

@@ -5,11 +5,12 @@ import { Request, Response } from "express";
 const tracer = require('dd-trace').init({ debug: true, flushInterval: 5000 });
 
 const { promisify } = require('util')
-const app = require('express')();
-const axios = require('axios');
+const app = require('express')()
+const axios = require('axios')
 const passport = require('passport')
 const { Kafka } = require("kafkajs")
-const { spawnSync } = require('child_process');
+const { spawnSync } = require('child_process')
+const crypto = require('crypto')
 
 const multer = require('multer')
 const uploadToMemory = multer({ storage: multer.memoryStorage(), limits: { fileSize: 200000 } })
@@ -292,6 +293,16 @@ app.get('/returnheaders', (req: Request, res: Response) => {
   res.json({ ...req.headers })
 })
 
+app.get('/vulnerablerequestdownstream', async (req: Request, res: Response) => {
+  try {
+    crypto.createHash('md5').update('password').digest('hex')
+    const resFetch = await axios.get('http://127.0.0.1:7777/returnheaders')
+    return res.json(resFetch.data)
+  } catch (e) {
+    return res.status(500).send(e)
+  }
+})
+
 app.get('/set_cookie', (req: Request, res: Response) => {
   const name = req.query['name']
   const value = req.query['value']

@@ -10,6 +10,7 @@ const app = require('express')()
 const axios = require('axios')
 const fs = require('fs')
 const passport = require('passport')
+const crypto = require('crypto')
 
 const iast = require('./iast')
 const dsm = require('./dsm')
@@ -457,6 +458,16 @@ app.get('/requestdownstream', async (req, res) => {
   }
 })
 
+app.get('/vulnerablerequestdownstream', async (req, res) => {
+  try {
+    crypto.createHash('md5').update('password').digest('hex')
+    const resFetch = await axios.get('http://127.0.0.1:7777/returnheaders')
+    return res.json(resFetch.data)
+  } catch (e) {
+    return res.status(500).send(e)
+  }
+})
+
 app.get('/returnheaders', (req, res) => {
   res.json({ ...req.headers })
 })

@@ -0,0 +1,15 @@
+import { NextResponse } from 'next/server'
+import axios from 'axios'
+const crypto = require('crypto')
+
+export const dynamic = 'force-dynamic'
+
+export async function GET () {
+  try {
+    crypto.createHash('md5').update('password').digest('hex')
+    const resFetch = await axios.get('http://127.0.0.1:7777/returnheaders')
+    return NextResponse.json(resFetch.data)
+  } catch (e) {
+    return NextResponse.json({ message: e.toString(), status_code: 500 })
+  }
+}