Skip to content

Commit

Permalink
taint ImmutableMultiDict keys
Browse files Browse the repository at this point in the history
  • Loading branch information
@gnufede
gnufede committed Jan 9, 2025
1 parent 41fce6d commit 9e4efe3
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions ddtrace/appsec/_iast/_handlers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,13 @@ def _on_flask_patch(flask_version):
)
_set_metric_iast_instrumented_source(OriginType.PARAMETER)

try_wrap_function_wrapper(
"werkzeug.datastructures",
"ImmutableMultiDict.keys",
functools.partial(if_iast_taint_yield_iterator_for, OriginType.PARAMETER_NAME),
)
_set_metric_iast_instrumented_source(OriginType.PARAMETER_NAME)

try_wrap_function_wrapper(
"werkzeug.datastructures",
"EnvironHeaders.__getitem__",
Expand Down Expand Up @@ -310,6 +317,19 @@ def if_iast_taint_returned_object_for(origin, wrapped, instance, args, kwargs):
return value


def if_iast_taint_yield_iterator_for(origin, wrapped, instance, args, kwargs):
if _is_iast_enabled():
if not is_iast_request_enabled():
for val in wrapped(*args, **kwargs):
yield val
else:
for val in wrapped(*args, **kwargs):
yield taint_pyobject(pyobject=val, source_name=origin, source_value=val, source_origin=origin)
else:
for val in wrapped(*args, **kwargs):
yield val


def _on_iast_fastapi_patch():
# Cookies sources
try_wrap_function_wrapper(
Expand Down

0 comments on commit 9e4efe3

Please sign in to comment.