Skip to content

Commit

Permalink
feat(Integrations: Wordpress): update appsec function calls
Browse files Browse the repository at this point in the history 
Signed-off-by: Alexandre Rulleau <alexandre.rulleau@datadoghq.com>
  • Loading branch information
@Leiyks
Leiyks committed Dec 19, 2024
1 parent 20f6c56 commit 8fc2dae
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 36 deletions.
44 changes: 31 additions & 13 deletions src/DDTrace/Integrations/WordPress/WordPressIntegration.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,11 @@ public function init(): int

\DDTrace\hook_method('WP', 'main', null, function ($This, $scope, $args) {
if (\property_exists($This, 'did_permalink') && $This->did_permalink === true) {
if (function_exists('\datadog\appsec\push_address') &&
if (
function_exists('\datadog\appsec\push_address') &&
\property_exists($This, 'query_vars') &&
function_exists('is_404') && is_404() === false) {
function_exists('is_404') && is_404() === false
) {
$parameters = $This->query_vars;
if (count($parameters) > 0) {
\datadog\appsec\push_address("server.request.path_params", $parameters);
Expand All @@ -69,11 +71,18 @@ function_exists('is_404') && is_404() === false) {
\DDTrace\hook_function(
'wp_authenticate',
null,
function ($par, $retval) {
function ($args, $retval) {
$userClass = '\WP_User';

$username = null;

if (isset($args[0])) {
$username = $args[0];
}

if (!($retval instanceof $userClass)) {
//Login failed
if (!function_exists('\datadog\appsec\track_user_login_failure_event')) {
if (!function_exists('\datadog\appsec\track_user_login_failure_event_automated')) {
return;
}
$errorClass = '\WP_Error';
Expand All @@ -82,14 +91,15 @@ function ($par, $retval) {
is_array($retval->errors) &&
isset($retval->errors['incorrect_password']);

$usernameUsed = isset($_POST['log']) ? $_POST['log'] : '';
\datadog\appsec\track_user_login_failure_event($usernameUsed, $exists, [], true);
\datadog\appsec\track_user_login_failure_event_automated($username, $username, $exists, []);
return;
}

//From this moment on, login is succesful
if (!function_exists('\datadog\appsec\track_user_login_success_event')) {
if (!function_exists('\datadog\appsec\track_user_login_success_event_automated')) {
return;
}

$data = \property_exists($retval, 'data') ? $retval->data : null;

$id = \property_exists($data, 'ID') ? $data->ID : null;
Expand All @@ -101,10 +111,11 @@ function ($par, $retval) {
if (\property_exists($data, 'display_name')) {
$metadata['name'] = $data->display_name;
}
\datadog\appsec\track_user_login_success_event(

\datadog\appsec\track_user_login_success_event_automated(
$username,
$id,
$metadata,
true
);
}
);
Expand All @@ -114,24 +125,31 @@ function ($par, $retval) {
'register_new_user',
null,
function ($args, $retval) {
if (!function_exists('\datadog\appsec\track_user_signup_event')) {
if (!function_exists('\datadog\appsec\track_user_signup_event_automated')) {
return;
}

$errorClass = '\WP_Error';
if ($retval instanceof $errorClass) {
return;
}

$metadata = [];
$login = null;

if (isset($args[0])) {
$metadata['username'] = $args[0];
$login = $args[0];
}

if (isset($args[1])) {
$metadata['email'] = $args[1];
}
\datadog\appsec\track_user_signup_event(

\datadog\appsec\track_user_signup_event_automated(
$login,
$retval,
$metadata,
true
$metadata
);
}
);
Expand Down
46 changes: 23 additions & 23 deletions tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
use DDTrace\Tests\Frameworks\Util\Request\GetSpec;
use datadog\appsec\AppsecStatus;

/**
/**
* @group appsec
*/
class AutomatedLoginEventsTestSuite extends AppsecTestCase
Expand All @@ -28,39 +28,39 @@ public function testUserLoginSuccessEvent()
$name = 'some name';
//Password is test
$this->connection()->exec(
'INSERT INTO '.$this->users_table.' VALUES ('.$id.',"test","$P$BDzpK1XXL9P2cYWggPMUbN87GQSiI80","test","'.$email.'","","2020-10-22 16:31:15","",0,"'.$name.'")'
'INSERT INTO ' . $this->users_table . ' VALUES (' . $id . ',"test","$P$BDzpK1XXL9P2cYWggPMUbN87GQSiI80","test","' . $email . '","","2020-10-22 16:31:15","",0,"' . $name . '")'
);

$spec = PostSpec::create('request', '/wp-login.php', [
'Content-Type: application/x-www-form-urlencoded'
], "log=$email&pwd=$password&wp-submit=Log In");

$this->call($spec, [ CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true ]);
$this->call($spec, [CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true]);

$events = AppsecStatus::getInstance()->getEvents(['track_user_login_success_event']);
$this->assertEquals(1, count($events));
$this->assertEquals($email, $events[0]['userLogin']);
$this->assertEquals($id, $events[0]['userId']);
$this->assertEquals($email, $events[0]['metadata']['email']);
$this->assertEquals($name, $events[0]['metadata']['name']);
$this->assertTrue($events[0]['automated']);
}

public function testUserLoginFailureEventWhenUserDoesNotExists()
{
$email = 'non-existing@email.com';
$password = 'some password';
$spec = PostSpec::create('request', '/wp-login.php', [
'Content-Type: application/x-www-form-urlencoded'
], "log=$email&pwd=$password&wp-submit=Log In");
'Content-Type: application/x-www-form-urlencoded'
], "log=$email&pwd=$password&wp-submit=Log In");

$this->call($spec, [ CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true ]);
$this->call($spec, [CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true]);

$events = AppsecStatus::getInstance()->getEvents(['track_user_login_failure_event']);
$this->assertEquals(1, count($events));
$this->assertEquals($email, $events[0]['userId']);
$this->assertEquals($email, $events[0]['userLogin']);
$this->assertFalse($events[0]['exists']);
$this->assertEmpty($events[0]['metadata']);
$this->assertTrue($events[0]['automated']);
}

public function testUserLoginFailureEventWhenUserDoesExists()
Expand All @@ -71,43 +71,43 @@ public function testUserLoginFailureEventWhenUserDoesExists()
$name = 'some name';
//Password is test
$this->connection()->exec(
'INSERT INTO '.$this->users_table.' VALUES ('.$id.',"test","$P$BDzpK1XXL9P2cYWggPMUbN87GQSiI80","test","'.$email.'","","2020-10-22 16:31:15","",0,"'.$name.'")'
'INSERT INTO ' . $this->users_table . ' VALUES (' . $id . ',"test","$P$BDzpK1XXL9P2cYWggPMUbN87GQSiI80","test","' . $email . '","","2020-10-22 16:31:15","",0,"' . $name . '")'
);

$spec = PostSpec::create('request', '/wp-login.php', [
'Content-Type: application/x-www-form-urlencoded'
], "log=$email&pwd=invalid&wp-submit=Log In");

$this->call($spec, [ CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true ]);
$this->call($spec, [CURLOPT_FOLLOWLOCATION => false, CURLOPT_COOKIESESSION => true]);

$events = AppsecStatus::getInstance()->getEvents(['track_user_login_failure_event']);
$this->assertEquals(1, count($events));
$this->assertEquals($email, $events[0]['userId']);
$this->assertEquals($email, $events[0]['userLogin']);
$this->assertTrue($events[0]['exists']);
$this->assertEmpty($events[0]['metadata']);
$this->assertTrue($events[0]['automated']);
}

public function testUserSignUp()
{
$email = 'test-user-signup@email.com';
$username = 'someusername';

$this->call(
PostSpec::create('request', '/wp-login.php?action=register', [
'Content-Type: application/x-www-form-urlencoded'
], "user_login=$username&user_email=$email&wp-submit=Register&redirect_to=")
);
$this->call(
PostSpec::create('request', '/wp-login.php?action=register', [
'Content-Type: application/x-www-form-urlencoded'
], "user_login=$username&user_email=$email&wp-submit=Register&redirect_to=")
);

$users = $this->connection()->query("SELECT * FROM ".$this->users_table." where user_email='".$email."'")->fetchAll();
$users = $this->connection()->query("SELECT * FROM " . $this->users_table . " where user_email='" . $email . "'")->fetchAll();

$this->assertEquals(1, count($users));
$this->assertEquals(1, count($users));

$signUpEvent = AppsecStatus::getInstance()->getEvents(['track_user_signup_event']);
$signUpEvent = AppsecStatus::getInstance()->getEvents(['track_user_signup_event']);

$this->assertTrue($signUpEvent[0]['automated']);
$this->assertEquals($users[0]['ID'], $signUpEvent[0]['userId']);
$this->assertEquals($users[0]['user_login'], $signUpEvent[0]['metadata']['username']);
$this->assertEquals($users[0]['user_email'], $signUpEvent[0]['metadata']['email']);
$this->assertEquals($users[0]['ID'], $signUpEvent[0]['userId']);
$this->assertEquals($users[0]['user_login'], $signUpEvent[0]['userLogin']);
$this->assertEquals($users[0]['user_login'], $signUpEvent[0]['metadata']['username']);
$this->assertEquals($users[0]['user_email'], $signUpEvent[0]['metadata']['email']);
}
}

0 comments on commit 8fc2dae

Please sign in to comment.