Skip to content

Commit

Permalink
chore(iast): check the return value of astpatch_module [backport 2.17] (
Browse files Browse the repository at this point in the history
#11525)

Backport 6205242 from #11520 to 2.17.

## Description

Some testing code were not checking the return value of
`astpatch_module` as it should, making some package tests fail after a
previous PR that fixed the return value of `astpatch_module` when no
patching was done.

Also disable `google.*` from package tests since we have disabled
patching for those.

Signed-off-by: Juanjo Alvarez <[email protected]>

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Co-authored-by: Juanjo Alvarez Martinez <[email protected]>
  • Loading branch information
github-actions[bot] and juanjux authored Nov 26, 2024
1 parent 5d48816 commit ed7029f
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 21 deletions.
4 changes: 4 additions & 0 deletions ddtrace/appsec/_iast/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@ def ddtrace_iast_flask_patch():
log.debug("Unexpected exception while AST patching", exc_info=True)
return

if not patched_ast:
log.debug("Main flask module not patched, probably it was not needed")
return

compiled_code = compile(patched_ast, module_path, "exec")
exec(compiled_code, module.__dict__) # nosec B102
sys.modules[module_name] = compiled_code
Expand Down
3 changes: 3 additions & 0 deletions tests/appsec/iast_packages/inside_env_runner.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ def _iast_patched_module_and_patched_source(module_name):
module = importlib.import_module(module_name)
module_path, patched_module = astpatch_module(module)

if not patched_module:
assert False, "Module %s was not patched" % module_name

compiled_code = compile(patched_module, module_path, "exec")
exec(compiled_code, module.__dict__)
return module, patched_module
Expand Down
42 changes: 21 additions & 21 deletions tests/appsec/iast_packages/test_packages.py
Original file line number Diff line number Diff line change
Expand Up @@ -266,27 +266,27 @@ def uninstall(self, python_cmd):
),
PackageForTesting("flask", "2.3.3", "", "", "", test_e2e=False, import_module_to_validate="flask.app"),
PackageForTesting("fsspec", "2024.5.0", "", "/", ""),
PackageForTesting(
"google-auth",
"2.35.0",
"",
"",
"",
import_name="google.auth.crypt.rsa",
import_module_to_validate="google.auth.crypt.rsa",
expect_no_change=True,
),
PackageForTesting(
"google-api-core",
"2.22.0",
"",
"",
"",
import_name="google",
import_module_to_validate="google.auth.iam",
extras=[("google-cloud-storage", "2.18.2")],
test_e2e=True,
),
# PackageForTesting(
# "google-auth",
# "2.35.0",
# "",
# "",
# "",
# import_name="google.auth.crypt.rsa",
# import_module_to_validate="google.auth.crypt.rsa",
# expect_no_change=True,
# ),
# PackageForTesting(
# "google-api-core",
# "2.22.0",
# "",
# "",
# "",
# import_name="google",
# import_module_to_validate="google.auth.iam",
# extras=[("google-cloud-storage", "2.18.2")],
# test_e2e=True,
# ),
PackageForTesting(
"google-api-python-client",
"2.111.0",
Expand Down

0 comments on commit ed7029f

Please sign in to comment.