Skip to content

fix(asm): make sure iast is not loaded by exploit prevention if disabled [backport 2.19]#12352

Merged
avara1986 merged 3 commits into2.19from
backport-12198-to-2.19
Feb 14, 2025
Merged

fix(asm): make sure iast is not loaded by exploit prevention if disabled [backport 2.19]#12352
avara1986 merged 3 commits into2.19from
backport-12198-to-2.19

Conversation

@avara1986
Copy link
Copy Markdown
Member

@avara1986 avara1986 commented Feb 14, 2025

backport #12198 to 2.19

Make sure, if iast is disabled, that we don't load any iast modules in the common module mechanism used both by iast and exploit prevention.

APPSEC-56659

Co-authored-by: Ramy Elkest 4thkest@gmail.com
(cherry picked from commit 362fa22)

Checklist

  • PR author has checked that all the criteria below are met
  • The PR description includes an overview of the change
  • The PR description articulates the motivation for the change
  • The change includes tests OR the PR description describes a testing strategy
  • The PR description notes risks associated with the change, if any
  • Newly-added code is easy to change
  • The change follows the library release note guidelines
  • The change includes or references documentation updates if necessary
  • Backport labels are set (if applicable)

Reviewer Checklist

  • Reviewer has checked that all the criteria below are met
  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Newly-added code is easy to change
  • Release note makes sense to a user of the library
  • If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@christophe-papazian @RamyElkest @avara1986
fix(asm): make sure iast is not loaded by exploit prevention if disab…
a8d2b8c 
…led (#12198)

Make sure, if iast is disabled, that we don't load any iast modules in
the common module mechanism used both by iast and exploit prevention.

APPSEC-56659

- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

- [x] Reviewer has checked that all the criteria below are met
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Co-authored-by: Ramy Elkest <4thkest@gmail.com>
(cherry picked from commit 362fa22)
@avara1986 avara1986 added the ASM Application Security Monitoring label Feb 14, 2025
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 14, 2025
edited
Loading

CODEOWNERS have been resolved as:

releasenotes/notes/no_IAST_unguarded_loading_in_common_module_patches-123cf6d3f8844823.yaml  @DataDog/apm-python
ddtrace/appsec/_common_module_patches.py                                @DataDog/asm-python
ddtrace/appsec/_iast/_iast_request_context.py                           @DataDog/asm-python
ddtrace/appsec/_iast/_patch.py                                          @DataDog/asm-python

@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Feb 14, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-02-14 15:45:29

Comparing candidate commit e7f20a4 in PR branch backport-12198-to-2.19 with baseline commit 8eee423 in branch 2.19.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 394 metrics, 2 unstable metrics.

@avara1986 avara1986 marked this pull request as ready for review February 14, 2025 17:01
@avara1986 avara1986 requested review from a team as code owners February 14, 2025 17:01
@avara1986 avara1986 requested review from lievan and nsrip-dd February 14, 2025 17:01
@avara1986 avara1986 merged commit 2662f8e into 2.19 Feb 14, 2025
@avara1986 avara1986 deleted the backport-12198-to-2.19 branch February 14, 2025 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gnufede gnufede gnufede approved these changes

@lievan lievan Awaiting requested review from lievan lievan is a code owner automatically assigned from DataDog/apm-python

@nsrip-dd nsrip-dd Awaiting requested review from nsrip-dd nsrip-dd is a code owner automatically assigned from DataDog/apm-python

Assignees

No one assigned

Labels

ASM Application Security Monitoring

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@avara1986 @gnufede @christophe-papazian