Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(iast): ensure context is created for current span [backport 2.7] #8786

Merged
merged 8 commits into from
Apr 3, 2024
Merged

fix(iast): ensure context is created for current span [backport 2.7] #8786

merged 8 commits into from
Apr 3, 2024

Conversation

github-actions[bot]
Copy link

@github-actions github-actions bot commented Mar 26, 2024
edited by gnufede
Loading

Backport fedf88e from #8772 to 2.7.

IAST: Ensure context is created in the current span, as some tainting operations occur regardless of oce.acquire_request.

Note: The bug was introduce in this PR: #8452

Checklist

  • Change(s) are motivated and described in the PR description
  • Testing strategy is described if automated tests are not included in the PR
  • Risks are described (performance impact, potential for breakage, maintainability)
  • Change is maintainable (easy to change, telemetry, documentation)
  • Library release note guidelines are followed or label changelog/no-changelog is set
  • Documentation is included (in-code, generated user docs, public corp docs)
  • Backport labels are set (if applicable)
  • If this PR changes the public interface, I've notified @DataDog/apm-tees.
  • If change touches code that signs or publishes builds or packages, or handles credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.

Reviewer Checklist

  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Description motivates each change
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Change is maintainable (easy to change, telemetry, documentation)
  • Release note makes sense to a user of the library
  • Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@gnufede @github-actions
fix(iast): ensure context is created for current span (#8772)
8b07825 
IAST: Ensure context is created in the current span, as some tainting
operations occur regardless of `oce.acquire_request`.

Note: The bug was introduce in this PR:
#8452

## Checklist

- [x] Change(s) are motivated and described in the PR description
- [x] Testing strategy is described if automated tests are not included
in the PR
- [x] Risks are described (performance impact, potential for breakage,
maintainability)
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] [Library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
are followed or label `changelog/no-changelog` is set
- [x] Documentation is included (in-code, generated user docs, [public
corp docs](https://github.com/DataDog/documentation/))
- [x] Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))
- [x] If this PR changes the public interface, I've notified
`@DataDog/apm-tees`.
- [x] If change touches code that signs or publishes builds or packages,
or handles credentials of any kind, I've requested a review from
`@DataDog/security-design-and-guidance`.

## Reviewer Checklist

- [x] Title is accurate
- [x] All changes are related to the pull request's stated goal
- [x] Description motivates each change
- [x] Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- [x] Testing strategy adequately addresses listed risks
- [x] Change is maintainable (easy to change, telemetry, documentation)
- [x] Release note makes sense to a user of the library
- [x] Author has acknowledged and discussed the performance implications
of this PR as reported in the benchmarks PR comment
- [x] Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

(cherry picked from commit fedf88e)
@github-actions github-actions bot requested a review from a team as a code owner March 26, 2024 20:30
@github-actions github-actions bot added the ASM Application Security Monitoring label Mar 26, 2024
@github-actions github-actions bot requested a review from a team as a code owner March 26, 2024 20:30
@datadog-dd-trace-py-rkomorn
Copy link

datadog-dd-trace-py-rkomorn bot commented Mar 26, 2024
edited
Loading

Datadog Report

Branch report: backport-8772-to-2.7
Commit report: 099e9aa
Test service: dd-trace-py

✅ 0 Failed, 110459 Passed, 874 Skipped, 1h 52m 55.96s Total duration (6m 6.87s time saved)

@pr-commenter
Copy link

pr-commenter bot commented Mar 26, 2024
edited
Loading

Benchmarks

Benchmark execution time: 2024-04-03 18:42:51

Comparing candidate commit 21203f5 in PR branch backport-8772-to-2.7 with baseline commit bfd03f6 in branch 2.7.

Found 3 performance improvements and 2 performance regressions! Performance is the same for 196 metrics, 9 unstable metrics.

scenario:httppropagationextract-empty_headers

  • 🟩 max_rss_usage [-733.933KB; -519.034KB] or [-3.369%; -2.383%]

scenario:httppropagationextract-invalid_priority_header

  • 🟩 max_rss_usage [-1042.191KB; -848.113KB] or [-4.762%; -3.875%]

scenario:httppropagationextract-invalid_trace_id_header

  • 🟩 max_rss_usage [-981.712KB; -722.224KB] or [-4.488%; -3.302%]

scenario:httppropagationextract-large_header_no_matches

  • 🟥 max_rss_usage [+475.455KB; +640.295KB] or [+2.225%; +2.997%]

scenario:httppropagationextract-medium_header_no_matches

  • 🟥 max_rss_usage [+440.257KB; +624.294KB] or [+2.063%; +2.925%]

@gnufede gnufede closed this Mar 27, 2024
@gnufede gnufede reopened this Mar 27, 2024
@gnufede gnufede enabled auto-merge (squash) March 27, 2024 08:12
@gnufede gnufede merged commit a14ca92 into 2.7 Apr 3, 2024
97 checks passed
@gnufede gnufede deleted the backport-8772-to-2.7 branch April 3, 2024 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gnufede gnufede gnufede approved these changes

@duncanista duncanista Awaiting requested review from duncanista duncanista is a code owner automatically assigned from DataDog/apm-python

@erikayasuda erikayasuda Awaiting requested review from erikayasuda erikayasuda is a code owner automatically assigned from DataDog/apm-python

Assignees
No one assigned
Labels
ASM Application Security Monitoring
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@gnufede @emmettbutler