Update e2e tests to check if user is part of attack payload

Author: slack-watcher

end2end/spring_boot_mysql.py

@@ -16,8 +16,8 @@
 
 event_handler = EventHandler()
 event_handler.reset()
-test_safe_vs_unsafe_payloads(payloads, urls) # Test MySQL driver
-test_safe_vs_unsafe_payloads(payloads, urls, "/mariadb") # Also test MariaDB driver
+test_safe_vs_unsafe_payloads(payloads, urls, user_id="123") # Test MySQL driver
+test_safe_vs_unsafe_payloads(payloads, urls, "/mariadb", user_id="456") # Also test MariaDB driver
 
 # Test blocklists :
 test_ip_blocking("http://localhost:8082/")

end2end/spring_boot_mysql/test_two_sql_attacks.py

@@ -19,4 +19,5 @@ def test_two_sql_attacks(event_handler):
     assert_eq(val1=attack1["source"], val2=attack2["source"], equals="body")
     # Different :
     assert_eq(attack1["operation"], equals="(MySQL Connector/J) java.sql.Connection.prepareStatement")
-    assert_eq(attack2["operation"], equals="(MariaDB Connector/J) java.sql.Connection.prepareStatement")
+    assert_eq(attack2["operation"], equals="(MariaDB Connector/J) java.sql.Connection.prepareStatement")
+    assert_eq(attack1["user"]["id"], attack2["user"]["id"], "123")

end2end/utils/make_requests.py

@@ -2,8 +2,11 @@
 import urllib.parse
 
 # Function to make a POST request
-def make_post_request(url, data, status_code):
-    response = requests.post(url, json=data)
+def make_post_request(url, data, status_code, user_id=None):
+    headers = {}
+    if user_id is not None:
+        headers['user'] = user_id
+    response = requests.post(url, json=data, headers=headers)
 
     # Assert that the status code is 200
     assert response.status_code == status_code, f"Expected status code {status_code} but got {response.status_code}"

end2end/utils/test_safe_vs_unsafe_payloads.py

@@ -1,14 +1,14 @@
 from .make_requests import  make_post_request, make_path_var_request
 
-def test_safe_vs_unsafe_payloads(payloads, urls, route=""):
+def test_safe_vs_unsafe_payloads(payloads, urls, route="", user_id=None):
     print("Safe req to : (1) " + urls["enabled"])
-    make_post_request(urls["enabled"]  + route, payloads["safe"], status_code=200)
+    make_post_request(urls["enabled"]  + route, payloads["safe"], status_code=200, user_id=user_id)
     print("Safe req to : (0) " + urls["disabled"])
-    make_post_request(urls["disabled"] + route, payloads["safe"], status_code=200)
+    make_post_request(urls["disabled"] + route, payloads["safe"], status_code=200, user_id=user_id)
     print("Unsafe req to : (1) " + urls["enabled"])
-    make_post_request(urls["enabled"] + route, payloads["unsafe"], status_code=500)
+    make_post_request(urls["enabled"] + route, payloads["unsafe"], status_code=500, user_id=user_id)
     print("Unsafe req to : (0) " + urls["disabled"])
-    make_post_request(urls["disabled"] + route, payloads["unsafe"], status_code=200)
+    make_post_request(urls["disabled"] + route, payloads["unsafe"], status_code=200, user_id=user_id)
 
 def test_payloads_path_variables(payloads, urls, route=""):
     print("Safe req to : (1) " + urls["enabled"])