Skip to content

Commit

Permalink
Merge pull request #4175 from DataDog/appsec-handle-non-int-status-code
Browse files Browse the repository at this point in the history
Fix handling of non integer response status code in AppSec
  • Loading branch information
y9v committed Nov 29, 2024
1 parent 41ee6eb commit 1000ca3
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 7 deletions.
7 changes: 3 additions & 4 deletions lib/datadog/appsec/response.rb
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ def block_response(env, options)
body << content(content_type)

Response.new(
status: options['status_code'] || 403,
status: options['status_code']&.to_i || 403,
headers: { 'Content-Type' => content_type },
body: body,
)
Expand All @@ -97,15 +97,14 @@ def redirect_response(env, options)
if options['location'] && !options['location'].empty?
content_type = content_type(env)

status = options['status_code'] >= 300 && options['status_code'] < 400 ? options['status_code'] : 303

headers = {
'Content-Type' => content_type,
'Location' => options['location']
}

status_code = options['status_code'].to_i
Response.new(
status: status,
status: (status_code >= 300 && status_code < 400 ? status_code : 303),
headers: headers,
body: [],
)
Expand Down
6 changes: 3 additions & 3 deletions spec/datadog/appsec/response_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
end

let(:type) { 'html' }
let(:status_code) { 100 }
let(:status_code) { '100' }

context 'status_code' do
subject(:status) { described_class.negotiate(env, actions).status }
Expand Down Expand Up @@ -92,15 +92,15 @@
end

let(:location) { 'foo' }
let(:status_code) { 303 }
let(:status_code) { '303' }

context 'status_code' do
subject(:status) { described_class.negotiate(env, actions).status }

it { is_expected.to eq 303 }

context 'when status code do not starts with 3' do
let(:status_code) { 202 }
let(:status_code) { '202' }

it { is_expected.to eq 303 }
end
Expand Down

0 comments on commit 1000ca3

Please sign in to comment.