Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(asm): fix segmentation fault parsing JSON in Python2 (backport #4082) #4095

Closed
wants to merge 1 commit into from
Closed

feat(asm): fix segmentation fault parsing JSON in Python2 (backport #4082) #4095

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ddtrace/appsec/_ddwaf.pyx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ def version():


cdef inline object _string_to_bytes(object string, const char **ptr, ssize_t *length):
ptr[0] = NULL
if isinstance(string, six.binary_type):
ptr[0] = PyBytes_AsString(string)
length[0] = PyBytes_Size(string)
Expand Down
4 changes: 4 additions & 0 deletions releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
fixes:
- |
ASM: fix Python 2 error reading WAF rules.
41 changes: 41 additions & 0 deletions tests/appsec/test_processor.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,15 @@

import pytest

from ddtrace.appsec._ddwaf import DDWaf
from ddtrace.appsec.processor import AppSecSpanProcessor
<<<<<<< HEAD
=======
from ddtrace.appsec.processor import DEFAULT_RULES
from ddtrace.appsec.processor import _transform_headers
from ddtrace.constants import USER_KEEP
from ddtrace.contrib.trace_utils import set_http_meta
>>>>>>> 399940a8 (feat(asm): fix segmentation fault parsing JSON in Python2 (#4082))
from ddtrace.ext import SpanTypes
from ddtrace.ext import priority
from tests.utils import override_env
Expand Down Expand Up @@ -75,3 +83,36 @@ def test_appsec_span_tags_snapshot(tracer):
span.set_tag("http.status_code", "404")

assert "triggers" in json.loads(span.get_tag("_dd.appsec.json"))
<<<<<<< HEAD
=======


def test_appsec_span_rate_limit(tracer):
with override_env(dict(DD_APPSEC_TRACE_RATE_LIMIT="1")):
_enable_appsec(tracer)

# we have 2 spans going through with a rate limit of 1: this is because the first span will update the rate
# limiter last update timestamp. In other words, we need a first call to reset the rate limiter's clock
# DEV: aligning rate limiter clock with this span (this
# span will go through as it is linked to the init window)
with tracer.trace("test", span_type=SpanTypes.WEB) as span1:
set_http_meta(span1, {}, raw_uri="http://example.com/.git", status_code="404")

with tracer.trace("test", span_type=SpanTypes.WEB) as span2:
set_http_meta(span2, {}, raw_uri="http://example.com/.git", status_code="404")
span2.start_ns = span1.start_ns + 1

with tracer.trace("test", span_type=SpanTypes.WEB) as span3:
set_http_meta(span3, {}, raw_uri="http://example.com/.git", status_code="404")
span2.start_ns = span1.start_ns + 2

assert span1.get_tag("_dd.appsec.json") is not None
assert span2.get_tag("_dd.appsec.json") is not None
assert span3.get_tag("_dd.appsec.json") is None


def test_ddwaf_not_raises_exception():
with open(DEFAULT_RULES) as rules:
rules_json = json.loads(rules.read())
DDWaf(rules_json)
>>>>>>> 399940a8 (feat(asm): fix segmentation fault parsing JSON in Python2 (#4082))