Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(iast): bytesio, stringio and read aspects #10686

Merged
merged 16 commits into from
Sep 24, 2024
Merged

chore(iast): bytesio, stringio and read aspects #10686

merged 16 commits into from
Sep 24, 2024

Conversation

gnufede
Copy link
Member

@gnufede gnufede commented Sep 17, 2024
edited
Loading

Code Security: Basic propagation through StringIO/BytesIO objects, and read() calls to them.

Checklist

  • PR author has checked that all the criteria below are met
  • The PR description includes an overview of the change
  • The PR description articulates the motivation for the change
  • The change includes tests OR the PR description describes a testing strategy
  • The PR description notes risks associated with the change, if any
  • Newly-added code is easy to change
  • The change follows the library release note guidelines
  • The change includes or references documentation updates if necessary
  • Backport labels are set (if applicable)

Reviewer Checklist

  • Reviewer has checked that all the criteria below are met
  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Newly-added code is easy to change
  • Release note makes sense to a user of the library
  • If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@gnufede gnufede added changelog/no-changelog A changelog entry is not required for this PR. ASM Application Security Monitoring labels Sep 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 17, 2024
edited
Loading

CODEOWNERS have been resolved as:

tests/appsec/iast/fixtures/ast/io/function_bytesio.py                   @DataDog/asm-python
tests/appsec/iast/fixtures/ast/io/function_stringio.py                  @DataDog/asm-python
tests/appsec/iast/fixtures/ast/io/module_bytesio.py                     @DataDog/asm-python
tests/appsec/iast/fixtures/ast/io/module_read.py                        @DataDog/asm-python
tests/appsec/iast/fixtures/ast/io/module_stringio.py                    @DataDog/asm-python
benchmarks/appsec_iast_aspects/config.yaml                              @DataDog/asm-python
benchmarks/bm/iast_fixtures/str_methods.py                              @DataDog/asm-python
ddtrace/appsec/_common_module_patches.py                                @DataDog/asm-python
ddtrace/appsec/_constants.py                                            @DataDog/asm-python
ddtrace/appsec/_iast/_ast/ast_patching.py                               @DataDog/asm-python
ddtrace/appsec/_iast/_ast/visitor.py                                    @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/Utils/StringUtils.cpp              @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/Utils/StringUtils.h                @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/__init__.py                        @DataDog/asm-python
ddtrace/appsec/_iast/_taint_tracking/aspects.py                         @DataDog/asm-python
tests/appsec/app.py                                                     @DataDog/asm-python
tests/appsec/iast/_ast/test_ast_patching.py                             @DataDog/asm-python
tests/appsec/iast/fixtures/propagation_path.py                          @DataDog/asm-python
tests/appsec/iast_memcheck/test_iast_mem_check.py                       @DataDog/asm-python
tests/appsec/integrations/test_flask_iast_patching.py                   @DataDog/asm-python

@datadog-dd-trace-py-rkomorn
Copy link

datadog-dd-trace-py-rkomorn bot commented Sep 17, 2024
edited
Loading

Datadog Report

Branch report: gnufede/iast-taint-bytesio
Commit report: d3fa59e
Test service: dd-trace-py

✅ 0 Failed, 1912 Passed, 217 Skipped, 864.57ms Total duration (18.46s time saved)

@pr-commenter
Copy link

pr-commenter bot commented Sep 17, 2024
edited
Loading

Benchmarks

Benchmark execution time: 2024-09-24 09:45:45

Comparing candidate commit 224ed21 in PR branch gnufede/iast-taint-bytesio with baseline commit e237d91 in branch main.

Some scenarios are present only in baseline or only in candidate runs. If you didn't create or remove some scenarios in your branch, this maybe a sign of crashed benchmarks 💥💥💥
Check Gitlab CI job log to find if any benchmark has crashed.

Scenarios present only in candidate:

  • iast_aspects-aspect_no_iast_do_io_stringio_read
  • iast_aspects-aspect_iast_do_io_stringio_read
  • iast_aspects-aspect_no_iast_do_io_bytesio_read
  • iast_aspects-aspect_iast_do_io_bytesio_read

Found 0 performance improvements and 0 performance regressions! Performance is the same for 365 metrics, 51 unstable metrics.

@gnufede gnufede changed the title chore(iast): BytesIO and StringIO aspects chore(iast): bytesio, stringio and read aspects Sep 19, 2024
@gnufede gnufede marked this pull request as ready for review September 24, 2024 09:03
@gnufede gnufede requested a review from a team as a code owner September 24, 2024 09:03
@gnufede gnufede enabled auto-merge (squash) September 24, 2024 09:39
@gnufede gnufede merged commit 4feddce into main Sep 24, 2024
560 of 561 checks passed
@gnufede gnufede deleted the gnufede/iast-taint-bytesio branch September 24, 2024 09:51
mabdinur pushed a commit that referenced this pull request Sep 25, 2024
@gnufede @mabdinur
chore(iast): bytesio, stringio and read aspects (#10686)
74c2514 
Code Security: Basic propagation through StringIO/BytesIO objects, and
`read()` calls to them.

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@juanjux juanjux juanjux approved these changes

Assignees
No one assigned
Labels
ASM Application Security Monitoring changelog/no-changelog A changelog entry is not required for this PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gnufede @juanjux