Skip to content

Prepare AI Guard tag probability coverage#6645

Open
smola wants to merge 3 commits intomainfrom
smola/APPSEC-61900
Open

Prepare AI Guard tag probability coverage#6645
smola wants to merge 3 commits intomainfrom
smola/APPSEC-61900

Conversation

@smola
Copy link
Copy Markdown
Member

@smola smola commented Mar 30, 2026

Add a system test for tag probabilities in AI Guard responses and meta-structs.

APPSEC-61900

Motivation

Changes

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed and the CI green, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • Anything but tests/ or manifests/ is modified ? I have the approval from R&P team
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added, removed or renamed?

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 30, 2026

CODEOWNERS have been resolved as:

docs/understand/scenarios/ai_guard.md                                   @DataDog/k9-ai-guard @DataDog/system-tests-core
docs/understand/weblogs/end-to-end_weblog.md                            @DataDog/system-tests-core
manifests/cpp_httpd.yml                                                 @DataDog/dd-trace-cpp
manifests/cpp_nginx.yml                                                 @DataDog/dd-trace-cpp
manifests/dotnet.yml                                                    @DataDog/apm-dotnet @DataDog/asm-dotnet
manifests/golang.yml                                                    @DataDog/dd-trace-go-guild
manifests/java.yml                                                      @DataDog/asm-java @DataDog/apm-java
manifests/nodejs.yml                                                    @DataDog/dd-trace-js
manifests/php.yml                                                       @DataDog/apm-php @DataDog/asm-php
manifests/python.yml                                                    @DataDog/apm-python @DataDog/asm-python
manifests/ruby.yml                                                      @DataDog/ruby-guild @DataDog/asm-ruby
tests/ai_guard/test_ai_guard_sdk.py                                     @DataDog/k9-ai-guard @DataDog/system-tests-core
utils/build/docker/python/flask/app.py                                  @DataDog/apm-python @DataDog/asm-python @DataDog/system-tests-core
utils/build/docker/ruby/rails52/app/controllers/ai_guard_controller.rb  @DataDog/ruby-guild @DataDog/asm-ruby @DataDog/system-tests-core
utils/build/docker/ruby/rails61/app/controllers/ai_guard_controller.rb  @DataDog/ruby-guild @DataDog/asm-ruby @DataDog/system-tests-core
utils/build/docker/ruby/rails72/app/controllers/ai_guard_controller.rb  @DataDog/ruby-guild @DataDog/asm-ruby @DataDog/system-tests-core
utils/build/docker/ruby/rails80/app/controllers/ai_guard_controller.rb  @DataDog/ruby-guild @DataDog/asm-ruby @DataDog/system-tests-core

@smola smola force-pushed the smola/APPSEC-61900 branch from 891dfe4 to ce29c0f Compare March 30, 2026 12:30
@smola
Prepare AI Guard tag probability coverage
fadbd2b 
Add a system test for tag probabilities in AI Guard responses and meta-structs.

APPSEC-61900
@smola smola force-pushed the smola/APPSEC-61900 branch from ce29c0f to fadbd2b Compare March 30, 2026 13:09
@smola smola mentioned this pull request Mar 30, 2026
Open
@datadog-prod-us1-5
Copy link
Copy Markdown

datadog-prod-us1-5 bot commented Mar 30, 2026
edited
Loading

⚠️ Tests

Fix all issues with BitsAI or with Cursor

⚠️ Warnings

🧪 18 Tests failed

tests.appsec.test_blocking_addresses.Test_Blocking_client_ip.test_blocking_before[envoy] from system_tests_suite   View in Datadog   (Fix with Cursor) 
ValueError: No appsec event validate this condition

self = <tests.appsec.test_blocking_addresses.Test_Blocking_client_ip object at 0x7fb124331790>

    def test_blocking_before(self):
        """Test that blocked requests are blocked before being processed"""
        # second request should block and must not set the tag in span
        assert self.block_req2.status_code == 403
>       interfaces.library.assert_waf_attack(self.block_req2, rule="blk-001-001")

...
tests.appsec.test_blocking_addresses.Test_Blocking_client_ip.test_blocking[envoy] from system_tests_suite   View in Datadog   (Fix with Cursor) 
ValueError: No appsec event validate this condition

self = <tests.appsec.test_blocking_addresses.Test_Blocking_client_ip object at 0x7fb124331820>

    def test_blocking(self):
        """Can block the request forwarded for the ip"""
    
        assert self.rm_req_block.status_code == 403
>       interfaces.library.assert_waf_attack(self.rm_req_block, rule="blk-001-001")

...
tests.appsec.test_blocking_addresses.Test_Blocking_client_ip_with_forwarded.test_blocking_before[envoy] from system_tests_suite   View in Datadog   (Fix with Cursor) 
ValueError: No appsec event validate this condition

self = <tests.appsec.test_blocking_addresses.Test_Blocking_client_ip_with_forwarded object at 0x7fb124331c10>

    def test_blocking_before(self):
        """Test that blocked requests are blocked before being processed"""
        # second request should block and must not set the tag in span
        assert self.block_req2.status_code == 403
>       interfaces.library.assert_waf_attack(self.block_req2, rule="blk-001-001")

...
View all

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 38528ad | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

@smola smola marked this pull request as ready for review March 31, 2026 14:38
@smola smola requested review from a team as code owners March 31, 2026 14:38
@smola smola requested review from brettlangdon, dubloom, jandro996, manuel-alvarez-alvarez and rachelyangdog and removed request for a team March 31, 2026 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@cbeauchesne cbeauchesne cbeauchesne approved these changes

@obordeau obordeau obordeau approved these changes

@brettlangdon brettlangdon Awaiting requested review from brettlangdon brettlangdon is a code owner automatically assigned from DataDog/apm-python

@rachelyangdog rachelyangdog Awaiting requested review from rachelyangdog rachelyangdog is a code owner automatically assigned from DataDog/apm-python

@jandro996 jandro996 Awaiting requested review from jandro996 jandro996 is a code owner automatically assigned from DataDog/asm-java

@dubloom dubloom Awaiting requested review from dubloom dubloom is a code owner automatically assigned from DataDog/dd-trace-cpp

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@smola @manuel-alvarez-alvarez @cbeauchesne @obordeau