Skip to content

chore(iast): fix IAST imports when under pytest#12323

Merged
juanjux merged 17 commits into
mainfrom
juanjux/fix-iast-imports-in-pytests
Feb 14, 2025
Merged

chore(iast): fix IAST imports when under pytest#12323
juanjux merged 17 commits into
mainfrom
juanjux/fix-iast-imports-in-pytests

Conversation

@juanjux

@juanjux juanjux commented Feb 13, 2025
edited by gnufede
Loading

Copy link
Copy Markdown
Collaborator

Description

PR #12198 had the unintended consequence of not honoring DD_IAST_ENABLED if set after the _common_module_patches.py was evaluated. This make some tests (ssrf and probably others) to not run. This fixes the problem by moving is_iast_request_enabled and _IAST_CONTEXT to asm_config.

Checklist

  • PR author has checked that all the criteria below are met
  • The PR description includes an overview of the change
  • The PR description articulates the motivation for the change
  • The change includes tests OR the PR description describes a testing strategy
  • The PR description notes risks associated with the change, if any
  • Newly-added code is easy to change
  • The change follows the library release note guidelines
  • The change includes or references documentation updates if necessary
  • Backport labels are set (if applicable)

Reviewer Checklist

  • Reviewer has checked that all the criteria below are met
  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Newly-added code is easy to change
  • Release note makes sense to a user of the library
  • If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@juanjux
Fix IAST imports when under pytest
e15e81e 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux
fmt
3f241c1 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux
Add some tests
46d4c45 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux juanjux added the ASM Application Security Monitoring label Feb 13, 2025
@juanjux juanjux self-assigned this Feb 13, 2025
@juanjux juanjux requested a review from a team as a code owner February 13, 2025 16:41
@juanjux
fix
5cc5432 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@github-actions

github-actions Bot commented Feb 13, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

CODEOWNERS have been resolved as:

ddtrace/appsec/_asm_request_context.py                                  @DataDog/asm-python
ddtrace/appsec/_common_module_patches.py                                @DataDog/asm-python
ddtrace/appsec/_constants.py                                            @DataDog/asm-python
ddtrace/appsec/_iast/_handlers.py                                       @DataDog/asm-python
ddtrace/appsec/_iast/_iast_request_context.py                           @DataDog/asm-python
ddtrace/appsec/_iast/_patches/json_tainting.py                          @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/_taint_objects.py                  @DataDog/asm-python
ddtrace/appsec/_iast/reporter.py                                        @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/_base.py                               @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/code_injection.py                      @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/command_injection.py                   @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/header_injection.py                    @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/insecure_cookie.py                     @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/path_traversal.py                      @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/ssrf.py                                @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/xss.py                                 @DataDog/asm-python
ddtrace/settings/asm.py                                                 @DataDog/asm-python

@juanjux juanjux added the changelog/no-changelog A changelog entry is not required for this PR. label Feb 13, 2025
@juanjux juanjux mentioned this pull request Feb 13, 2025
Merged
2 tasks
@pr-commenter

pr-commenter Bot commented Feb 13, 2025
edited
Loading

Copy link
Copy Markdown

Benchmarks

Benchmark execution time: 2025-02-14 13:58:51

Comparing candidate commit 03b0465 in PR branch juanjux/fix-iast-imports-in-pytests with baseline commit 05c9824 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 394 metrics, 2 unstable metrics.

@juanjux

juanjux commented Feb 14, 2025

Copy link
Copy Markdown
Collaborator Author

Moving to draft, will be rewritten with a less clumsy implementation.

@juanjux juanjux marked this pull request as draft February 14, 2025 11:41
@juanjux
Rework the PR
7bbe37b 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux
Merge branch 'main' into juanjux/fix-iast-imports-in-pytests
445eb48
datadog-datadog-prod-us1[bot]
datadog-datadog-prod-us1 Bot reviewed Feb 14, 2025
View reviewed changes
Comment thread ddtrace/appsec/_iast/taint_sinks/insecure_cookie.py
@juanjux juanjux marked this pull request as ready for review February 14, 2025 12:12
@juanjux
fix
63bce4f 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux
remove unneded change
c1f4b5b 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux
remove unneded change
d2588e8 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux juanjux enabled auto-merge (squash) February 14, 2025 12:38
avara1986
avara1986 reviewed Feb 14, 2025
View reviewed changes
Comment thread ddtrace/settings/asm.py Outdated
@juanjux
restore iast_context as a constant
c2a5965 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux
another move
7e701ef 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux
another move
35911ac 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux
fmt
03b0465 
Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@juanjux juanjux merged commit 3940332 into main Feb 14, 2025
@juanjux juanjux deleted the juanjux/fix-iast-imports-in-pytests branch February 14, 2025 14:50
gnufede pushed a commit that referenced this pull request Feb 19, 2025
@juanjux @gnufede
chore(iast): fix IAST imports when under pytest (#12323)
57d4517 
## Description

PR #12198 had the unintended consequence of not honoring
`DD_IAST_ENABLED` if set after the `_common_module_patches.py` was
evaluated. This make some tests (`ssrf` and probably others) to not run.
This fixes the problem by moving `is_iast_request_enabled` and
`_IAST_CONTEXT` to `asm_config`.


## Checklist
- [X] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
RamyElkest pushed a commit that referenced this pull request Feb 20, 2025
@juanjux @RamyElkest
chore(iast): fix IAST imports when under pytest (#12323)
04bf12d 
## Description

PR #12198 had the unintended consequence of not honoring
`DD_IAST_ENABLED` if set after the `_common_module_patches.py` was
evaluated. This make some tests (`ssrf` and probably others) to not run.
This fixes the problem by moving `is_iast_request_enabled` and
`_IAST_CONTEXT` to `asm_config`.


## Checklist
- [X] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
@github-actions

github-actions Bot commented Mar 17, 2025

Copy link
Copy Markdown
Contributor

The backport to 2.21 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.21 2.21
# Navigate to the new working tree
cd .worktrees/backport-2.21
# Create a new branch
git switch --create backport-12323-to-2.21
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 3940332864e5f5f67f01c16bbfb152836d2a67f1
# Push it to GitHub
git push --set-upstream origin backport-12323-to-2.21
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.21

Then, create a pull request where the base branch is 2.21 and the compare/head branch is backport-12323-to-2.21.

avara1986 pushed a commit that referenced this pull request Mar 17, 2025
@juanjux @avara1986
chore(iast): fix IAST imports when under pytest (#12323)
81bd270 
PR #12198 had the unintended consequence of not honoring
`DD_IAST_ENABLED` if set after the `_common_module_patches.py` was
evaluated. This make some tests (`ssrf` and probably others) to not run.
This fixes the problem by moving `is_iast_request_enabled` and
`_IAST_CONTEXT` to `asm_config`.

- [X] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

- [x] Reviewer has checked that all the criteria below are met
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Signed-off-by: Juanjo Alvarez <juanjo.alvarezmartinez@datadoghq.com>
(cherry picked from commit 3940332)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@gnufede gnufede gnufede approved these changes

@avara1986 avara1986 avara1986 approved these changes

Assignees

@juanjux juanjux

Labels

ASM Application Security Monitoring changelog/no-changelog A changelog entry is not required for this PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@juanjux @gnufede @avara1986