Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(iast): use allowlist for selecting modules to patch #11946

Merged
merged 24 commits into from
Jan 17, 2025
Merged

chore(iast): use allowlist for selecting modules to patch #11946

merged 24 commits into from
Jan 17, 2025

Conversation

juanjux
Copy link
Collaborator

@juanjux juanjux commented Jan 15, 2025
edited by christophe-papazian
Loading

Description

Switch from a denylist for patching IAST modules to an allowlist.

Signed-off-by: Juanjo Alvarez [email protected]## Checklist

  • PR author has checked that all the criteria below are met
  • The PR description includes an overview of the change
  • The PR description articulates the motivation for the change
  • The change includes tests OR the PR description describes a testing strategy
  • The PR description notes risks associated with the change, if any
  • Newly-added code is easy to change
  • The change follows the library release note guidelines
  • The change includes or references documentation updates if necessary
  • Backport labels are set (if applicable)

Reviewer Checklist

  • Reviewer has checked that all the criteria below are met
  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Newly-added code is easy to change
  • Release note makes sense to a user of the library
  • If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@juanjux
checkpoint
f3224ba 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
checkpoint
1fd1a95 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
erge remote-tracking branch 'origin/main' into juanjux/iast-denylist-…
4858510 
…by-default
@juanjux
Update packages
ce934a5 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux juanjux self-assigned this Jan 15, 2025
@juanjux juanjux added changelog/no-changelog A changelog entry is not required for this PR. ASM Application Security Monitoring labels Jan 15, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 15, 2025
edited
Loading

CODEOWNERS have been resolved as:

ddtrace/appsec/_iast/_ast/ast_patching.py                               @DataDog/asm-python
tests/appsec/iast/_ast/test_ast_patching.py                             @DataDog/asm-python
tests/appsec/iast_packages/test_packages.py                             @DataDog/asm-python

@juanjux
fmt
1dbaa7a 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
Merge branch 'main' into juanjux/iast-denylist-by-default
79ced04
@juanjux
mypy
9373277 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
mypy
137b665 
Signed-off-by: Juanjo Alvarez <[email protected]>
@datadog-dd-trace-py-rkomorn
Copy link

datadog-dd-trace-py-rkomorn bot commented Jan 15, 2025
edited
Loading

Datadog Report

Branch report: juanjux/iast-denylist-by-default
Commit report: 2ff8375
Test service: dd-trace-py

✅ 0 Failed, 507 Passed, 549 Skipped, 5m 0.91s Total duration (7m 16.41s time saved)

@pr-commenter
Copy link

pr-commenter bot commented Jan 15, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-01-16 16:27:25

Comparing candidate commit 70ef864 in PR branch juanjux/iast-denylist-by-default with baseline commit 4183671 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 394 metrics, 2 unstable metrics.

@juanjux juanjux marked this pull request as ready for review January 16, 2025 08:45
@juanjux juanjux requested review from a team as code owners January 16, 2025 08:45
@juanjux juanjux requested a review from erikayasuda January 16, 2025 08:45
gnufede
gnufede reviewed Jan 16, 2025
View reviewed changes
tests/conftest.py Outdated Show resolved Hide resolved
@juanjux
Restore allow/deny env vars every time a test is run
fef19ce 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
fmt
37194ea 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
Debug commit
3e23adc 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
fmt
3d8fc6c 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
fix
88176ab 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
add another test for vendored deps
721de81 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux
fix
70ef864 
Signed-off-by: Juanjo Alvarez <[email protected]>
@juanjux juanjux merged commit 26dc258 into main Jan 17, 2025
256 checks passed
@juanjux juanjux deleted the juanjux/iast-denylist-by-default branch January 17, 2025 08:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gnufede gnufede gnufede approved these changes

@christophe-papazian christophe-papazian christophe-papazian approved these changes

@erikayasuda erikayasuda Awaiting requested review from erikayasuda erikayasuda was automatically assigned from DataDog/apm-core-python

Assignees

@juanjux juanjux

Labels
ASM Application Security Monitoring changelog/no-changelog A changelog entry is not required for this PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@juanjux @gnufede @christophe-papazian