feat: add os.path.join aspect

[juanjux]

Description

1. Adds a new propagation aspect for os.path.join().
2. Adds a new way to define replacement aspects for module funcions in AstVisitor. This is a placeholder until we add a new decorator-based way on a further PR.

Checklist

• Change(s) are motivated and described in the PR description
• Testing strategy is described if automated tests are not included in the PR
• Risks are described (performance impact, potential for breakage, maintainability)
• Change is maintainable (easy to change, telemetry, documentation)
• Library release note guidelines are followed or label changelog/no-changelog is set
• Documentation is included (in-code, generated user docs, public corp docs)
• Backport labels are set (if applicable)
• If this PR changes the public interface, I've notified @DataDog/apm-tees.
• If change touches code that signs or publishes builds or packages, or handles credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.

Reviewer Checklist

• Title is accurate
• All changes are related to the pull request's stated goal
• Description motivates each change
• Avoids breaking API changes
• Testing strategy adequately addresses listed risks
• Change is maintainable (easy to change, telemetry, documentation)
• Release note makes sense to a user of the library
• Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
• Backport labels are set in a manner that is consistent with the release branch maintenance policy

[datadog-dd-trace-py-rkomorn]

Datadog Report

Branch report: juanjux/APPSEC-11370-ospathjoin-aspect
Commit report: 78b151d
Test service: dd-trace-py

✅ 0 Failed, 108609 Passed, 3174 Skipped, 7m 21.33s Total duration (35m 41.35s time saved)

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-04-25 10:37:34

Comparing candidate commit 350b59e in PR branch juanjux/APPSEC-11370-ospathjoin-aspect with baseline commit 5478ea5 in branch main.

Found 18 performance improvements and 12 performance regressions! Performance is the same for 171 metrics, 9 unstable metrics.

scenario:coreapiscenario-context_with_data_listeners_and_all_listeners

• 🟩 max_rss_usage [-618.228KB; -541.350KB] or [-2.892%; -2.532%]

scenario:coreapiscenario-context_with_data_no_listeners

• 🟩 max_rss_usage [-671.245KB; -597.286KB] or [-3.152%; -2.804%]

scenario:coreapiscenario-core_dispatch_listeners

• 🟩 max_rss_usage [-701.328KB; -628.643KB] or [-3.291%; -2.950%]

scenario:coreapiscenario-core_dispatch_listeners_and_all_listeners

• 🟩 max_rss_usage [-686.749KB; -601.852KB] or [-3.222%; -2.824%]

scenario:coreapiscenario-core_dispatch_only_all_listeners

• 🟩 max_rss_usage [-686.424KB; -611.599KB] or [-3.221%; -2.870%]

scenario:coreapiscenario-core_dispatch_with_results_listeners_and_all_listeners

• 🟥 max_rss_usage [+678.561KB; +758.315KB] or [+3.284%; +3.670%]

scenario:coreapiscenario-core_dispatch_with_results_no_listeners

• 🟩 max_rss_usage [-682.862KB; -610.655KB] or [-3.206%; -2.867%]

scenario:coreapiscenario-core_dispatch_with_results_only_all_listeners

• 🟩 max_rss_usage [-643.291KB; -576.088KB] or [-3.010%; -2.695%]

scenario:coreapiscenario-get_item_exists

• 🟩 max_rss_usage [-694.782KB; -618.396KB] or [-3.259%; -2.900%]

scenario:coreapiscenario-get_item_missing

• 🟩 max_rss_usage [-670.068KB; -590.681KB] or [-3.146%; -2.774%]

scenario:coreapiscenario-set_item

• 🟩 max_rss_usage [-679.162KB; -597.970KB] or [-3.192%; -2.810%]

scenario:flasksimple-appsec-telemetry

• 🟩 execution_time [-244.954µs; -187.764µs] or [-3.765%; -2.886%]

scenario:flasksimple-tracer

• 🟥 execution_time [+243.695µs; +293.023µs] or [+3.878%; +4.663%]

scenario:httppropagationextract-full_t_id_datadog_headers

• 🟩 max_rss_usage [-803.557KB; -724.661KB] or [-3.765%; -3.396%]

scenario:httppropagationextract-tracecontext_headers

• 🟥 max_rss_usage [+705.262KB; +778.718KB] or [+3.426%; +3.783%]

scenario:httppropagationextract-wsgi_large_valid_headers_all

• 🟥 max_rss_usage [+599.450KB; +703.897KB] or [+2.902%; +3.408%]

scenario:httppropagationextract-wsgi_medium_valid_headers_all

• 🟥 max_rss_usage [+598.528KB; +701.133KB] or [+2.902%; +3.400%]

scenario:httppropagationextract-wsgi_valid_headers_all

• 🟩 max_rss_usage [-745.410KB; -488.715KB] or [-3.497%; -2.293%]

scenario:httppropagationinject-with_dd_origin

• 🟩 max_rss_usage [-719.531KB; -667.784KB] or [-3.382%; -3.139%]

scenario:httppropagationinject-with_priority_and_origin

• 🟩 max_rss_usage [-708.702KB; -659.772KB] or [-3.333%; -3.103%]

scenario:httppropagationinject-with_tags_max_size

• 🟩 max_rss_usage [-666.833KB; -598.012KB] or [-3.131%; -2.808%]

scenario:otelspan-start-finish

• 🟩 max_rss_usage [-780.760KB; -602.869KB] or [-3.468%; -2.678%]

scenario:samplingrules-very_low_match

• 🟩 max_rss_usage [-934.664KB; -530.476KB] or [-3.851%; -2.185%]

scenario:sethttpmeta-no-collectipvariant

• 🟥 max_rss_usage [+706.021KB; +781.237KB] or [+3.383%; +3.743%]

scenario:sethttpmeta-obfuscation-no-query

• 🟥 max_rss_usage [+743.572KB; +814.956KB] or [+3.567%; +3.909%]

scenario:sethttpmeta-obfuscation-send-querystring-disabled

• 🟥 max_rss_usage [+714.257KB; +796.758KB] or [+3.384%; +3.775%]

scenario:sethttpmeta-obfuscation-worst-case-implicit-query

• 🟥 max_rss_usage [+730.414KB; +813.778KB] or [+3.463%; +3.859%]

scenario:sethttpmeta-useragentvariant_not_exists_1

• 🟥 max_rss_usage [+703.312KB; +780.668KB] or [+3.369%; +3.740%]

scenario:tracer-large

• 🟥 max_rss_usage [+710.189KB; +787.309KB] or [+3.270%; +3.625%]

scenario:tracer-small

• 🟥 max_rss_usage [+696.685KB; +784.019KB] or [+3.379%; +3.803%]

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 0% with 125 lines in your changes are missing coverage. Please review.

Project coverage is 6.65%. Comparing base (704aac0) to head (78b151d).
Report is 13 commits behind head on main.

Files	Patch %	Lines
...ests/appsec/iast/aspects/test_ospathjoin_aspect.py	0.00%	84 Missing ⚠️
ddtrace/appsec/_iast/_ast/visitor.py	0.00%	24 Missing ⚠️
...ec/iast/aspects/test_ospathjoin_aspect_fixtures.py	0.00%	12 Missing ⚠️
...s/appsec/iast/fixtures/aspects/module_functions.py	0.00%	3 Missing ⚠️
ddtrace/appsec/_iast/_taint_tracking/__init__.py	0.00%	1 Missing ⚠️
ddtrace/appsec/_iast/_taint_tracking/aspects.py	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #9085       +/-   ##
===========================================
- Coverage   78.64%    6.65%   -72.00%     
===========================================
  Files        1254     1230       -24     
  Lines      117809   116575     -1234     
===========================================
- Hits        92653     7753    -84900     
- Misses      25156   108822    +83666     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.