Skip to content

fix(iast): gevent flaky timeouts #14062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 73 commits into from
Jul 31, 2025
Merged

fix(iast): gevent flaky timeouts #14062

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
73 commits
Select commit Hold shift + click to select a range
afd4f4d
chore(iast): fix iast gevent error with iast
avara1986 Jul 18, 2025
a77397c
chore(iast): fix iast gevent error with iast
avara1986 Jul 18, 2025
65ea7b3
chore(iast): fix iast gevent error with iast
avara1986 Jul 18, 2025
9dedc71
chore(iast): fix iast gevent error with iast
avara1986 Jul 18, 2025
1294965
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 18, 2025
2e99266
chore(iast): fix iast gevent error with iast
avara1986 Jul 18, 2025
b005433
chore(iast): fix iast gevent error with iast
avara1986 Jul 18, 2025
2a3203f
chore(iast): fix iast gevent error with iast
avara1986 Jul 18, 2025
b49d072
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 21, 2025
69dff2d
feat(iast): add fork tests
avara1986 Jul 21, 2025
b91d210
feat(iast): add fork tests
avara1986 Jul 21, 2025
9aac1fa
feat(iast): add fork tests
avara1986 Jul 21, 2025
314c930
feat(iast): add fork tests
avara1986 Jul 21, 2025
c6990a3
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 22, 2025
230327c
feat(iast): add fork tests
avara1986 Jul 22, 2025
5007524
feat(iast): add fork tests
avara1986 Jul 22, 2025
2ab79bd
feat(iast): add fork tests
avara1986 Jul 22, 2025
be12d06
chore: docstrings
avara1986 Jul 22, 2025
b095476
feat(iast): fix lazy imports
avara1986 Jul 23, 2025
1049c9a
chore: fix codestyle
avara1986 Jul 23, 2025
0bf9377
chore: fix imports
avara1986 Jul 23, 2025
2b41ea5
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 23, 2025
aa98411
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 23, 2025
fa5d673
feat(iast): fix python 3.9 and deprecated patch all tests
avara1986 Jul 23, 2025
07a6055
feat(iast): fix python 3.9 and deprecated patch all tests
avara1986 Jul 23, 2025
e7f9124
disable itr on sensitive jobs
gnufede Jul 23, 2025
647cd70
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 23, 2025
7fdfff2
chore: fix imports
avara1986 Jul 23, 2025
4fb68bf
chore: fix imports
avara1986 Jul 23, 2025
d89f6b7
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 24, 2025
df3db0d
chore: docstrings
avara1986 Jul 24, 2025
f8fcf6e
add release notes
avara1986 Jul 24, 2025
04a6838
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 24, 2025
5507ea0
trying IAST_STANDALONE APPSEC-58276
avara1986 Jul 24, 2025
40d947e
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 24, 2025
4feadb9
Update .gitignore
avara1986 Jul 24, 2025
944a5da
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 28, 2025
0382a7f
force unload importlib if iast is enabled
avara1986 Jul 28, 2025
704b7a1
update sitecustomize
avara1986 Jul 28, 2025
dc2b492
disable taint sinks for gevent
avara1986 Jul 28, 2025
dce0fe8
restore patch
avara1986 Jul 28, 2025
87b0a5f
remove decorator
avara1986 Jul 28, 2025
b2aea86
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 28, 2025
b7e8fc7
move patch_iast to product file
avara1986 Jul 28, 2025
c546f40
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 28, 2025
c1a4409
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 28, 2025
dda4fd8
enable partial sink points
avara1986 Jul 28, 2025
b417791
revert, enable insecure_cookie_patch
avara1986 Jul 28, 2025
ed95f4b
revert, enable cmdi, disable insecure_cookie_patch
avara1986 Jul 28, 2025
913e660
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 28, 2025
3f35e39
enable header injection
avara1986 Jul 28, 2025
5f82b3e
enable unvalidated redirect
avara1986 Jul 28, 2025
b998458
enable code_injection, disable unvalidated redirect
avara1986 Jul 28, 2025
98d20d1
enable code_injection, disable unvalidated redirect
avara1986 Jul 28, 2025
b208e8d
enable xss, sink point sigleton
avara1986 Jul 28, 2025
c5f39c9
enable json, add env var
avara1986 Jul 29, 2025
4338e88
disable json
avara1986 Jul 29, 2025
1f38bf6
disable xss
avara1986 Jul 29, 2025
4024c16
disable code injection
avara1986 Jul 29, 2025
c3a5130
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 29, 2025
d35feca
add tests for _DD_IAST_SINK_POINTS_IN_GEVENT_ENABLED
avara1986 Jul 29, 2025
c44c146
enable xss, lazy patch flask
avara1986 Jul 29, 2025
b5feb44
fix imports
avara1986 Jul 29, 2025
c37933b
enable all
avara1986 Jul 29, 2025
0e4e27d
reorganize code
avara1986 Jul 29, 2025
b77ce10
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 29, 2025
3fc5dbf
update tests
avara1986 Jul 29, 2025
59a4288
small refactor in del module
avara1986 Jul 30, 2025
dd29243
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 30, 2025
454a7bd
docstrings
avara1986 Jul 30, 2025
ce357e9
Merge branch 'main' into avara1986/APPSEC-58276_iast_standalone
avara1986 Jul 31, 2025
f1b8425
chore(ci): update system tests commit
avara1986 Jul 31, 2025
2f56e75
chore(ci): update system tests commit
avara1986 Jul 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/system-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ jobs:
persist-credentials: false
repository: 'DataDog/system-tests'
# Automatically managed, use scripts/update-system-tests-version to update
ref: '5b6c0261d7b1cb178dcbb0688636f975e494e8db'
ref: '5e959ecd8479ae77bbf9888304a0bdc3eeaaef7e'

- name: Checkout dd-trace-py
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down Expand Up @@ -96,7 +96,7 @@ jobs:
persist-credentials: false
repository: 'DataDog/system-tests'
# Automatically managed, use scripts/update-system-tests-version to update
ref: '5b6c0261d7b1cb178dcbb0688636f975e494e8db'
ref: '5e959ecd8479ae77bbf9888304a0bdc3eeaaef7e'

- name: Build runner
uses: ./.github/actions/install_runner
Expand Down Expand Up @@ -277,7 +277,7 @@ jobs:
persist-credentials: false
repository: 'DataDog/system-tests'
# Automatically managed, use scripts/update-system-tests-version to update
ref: '5b6c0261d7b1cb178dcbb0688636f975e494e8db'
ref: '5e959ecd8479ae77bbf9888304a0bdc3eeaaef7e'
- name: Checkout dd-trace-py
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
Expand Down
11 changes: 6 additions & 5 deletions .riot/requirements/109d1ad.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@
# This file is autogenerated by pip-compile with Python 3.10
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/109d1ad.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/109d1ad.in
#
astunparse==1.6.3
attrs==25.3.0
certifi==2025.6.15
backports-asyncio-runner==1.2.0
certifi==2025.7.14
cffi==1.17.1
charset-normalizer==3.4.2
coverage[toml]==7.9.1
coverage[toml]==7.9.2
cryptography==45.0.5
exceptiongroup==1.3.0
grpcio==1.73.1
Expand All @@ -24,14 +25,14 @@ pycparser==2.22
pycryptodome==3.23.0
pygments==2.19.2
pytest==8.4.1
pytest-asyncio==1.0.0
pytest-asyncio==1.1.0
pytest-cov==6.2.1
pytest-mock==3.14.1
requests==2.32.4
simplejson==3.20.1
six==1.17.0
sortedcontainers==2.4.0
tomli==2.2.1
typing-extensions==4.14.0
typing-extensions==4.14.1
urllib3==2.5.0
wheel==0.45.1
17 changes: 12 additions & 5 deletions .riot/requirements/1f4ed67.txt → .riot/requirements/10cc08e.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,20 @@
# This file is autogenerated by pip-compile with Python 3.9
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/1f4ed67.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/10cc08e.in
#
attrs==25.3.0
blinker==1.9.0
certifi==2025.6.15
certifi==2025.7.14
charset-normalizer==3.4.2
click==8.1.8
coverage[toml]==7.9.1
coverage[toml]==7.9.2
exceptiongroup==1.3.0
flask==2.3.3
gevent==25.5.1
greenlet==3.2.3
gunicorn==23.0.0
hypothesis==6.135.24
hypothesis==6.135.32
idna==3.10
importlib-metadata==8.7.0
iniconfig==2.1.0
Expand All @@ -33,7 +35,12 @@ pytest-randomly==3.16.0
requests==2.32.4
sortedcontainers==2.4.0
tomli==2.2.1
typing-extensions==4.14.0
typing-extensions==4.14.1
urllib3==2.5.0
werkzeug==3.1.3
zipp==3.23.0
zope-event==5.1
zope-interface==7.2

# The following packages are considered to be unsafe in a requirements file:
setuptools==80.9.0
11 changes: 9 additions & 2 deletions .riot/requirements/19babc6.txt → .riot/requirements/116d4eb.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,17 @@
# This file is autogenerated by pip-compile with Python 3.8
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/19babc6.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/116d4eb.in
#
attrs==25.3.0
certifi==2025.6.15
certifi==2025.7.14
charset-normalizer==3.4.2
click==8.1.8
coverage[toml]==7.6.1
exceptiongroup==1.3.0
flask==1.1.2
gevent==24.2.1
greenlet==3.1.1
gunicorn==23.0.0
hypothesis==6.113.0
idna==3.10
Expand All @@ -35,3 +37,8 @@ typing-extensions==4.13.2
urllib3==2.2.3
werkzeug==2.0.3
zipp==3.20.2
zope-event==5.0
zope-interface==7.2

# The following packages are considered to be unsafe in a requirements file:
setuptools==75.3.2
15 changes: 11 additions & 4 deletions .riot/requirements/1c15175.txt → .riot/requirements/1390092.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
# This file is autogenerated by pip-compile with Python 3.13
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/1c15175.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/1390092.in
#
attrs==25.3.0
blinker==1.9.0
certifi==2025.6.15
certifi==2025.7.14
charset-normalizer==3.4.2
click==8.2.1
coverage[toml]==7.9.1
coverage[toml]==7.9.2
flask==2.3.3
gevent==25.5.1
greenlet==3.2.3
gunicorn==23.0.0
hypothesis==6.135.24
hypothesis==6.135.32
idna==3.10
iniconfig==2.1.0
itsdangerous==2.2.0
Expand All @@ -32,3 +34,8 @@ requests==2.32.4
sortedcontainers==2.4.0
urllib3==2.5.0
werkzeug==3.1.3
zope-event==5.1
zope-interface==7.2

# The following packages are considered to be unsafe in a requirements file:
setuptools==80.9.0
8 changes: 4 additions & 4 deletions .riot/requirements/1421f4d.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
# This file is autogenerated by pip-compile with Python 3.13
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/1421f4d.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/1421f4d.in
#
astunparse==1.6.3
attrs==25.3.0
certifi==2025.6.15
certifi==2025.7.14
cffi==1.17.1
charset-normalizer==3.4.2
coverage[toml]==7.9.1
coverage[toml]==7.9.2
cryptography==45.0.5
grpcio==1.73.1
hypothesis==6.45.0
Expand All @@ -23,7 +23,7 @@ pycparser==2.22
pycryptodome==3.23.0
pygments==2.19.2
pytest==8.4.1
pytest-asyncio==1.0.0
pytest-asyncio==1.1.0
pytest-cov==6.2.1
pytest-mock==3.14.1
requests==2.32.4
Expand Down
15 changes: 11 additions & 4 deletions .riot/requirements/a669651.txt → .riot/requirements/17140b3.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
# This file is autogenerated by pip-compile with Python 3.12
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/a669651.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/17140b3.in
#
attrs==25.3.0
blinker==1.9.0
certifi==2025.6.15
certifi==2025.7.14
charset-normalizer==3.4.2
click==8.2.1
coverage[toml]==7.9.1
coverage[toml]==7.9.2
flask==2.3.3
gevent==25.5.1
greenlet==3.2.3
gunicorn==23.0.0
hypothesis==6.135.24
hypothesis==6.135.32
idna==3.10
iniconfig==2.1.0
itsdangerous==2.2.0
Expand All @@ -32,3 +34,8 @@ requests==2.32.4
sortedcontainers==2.4.0
urllib3==2.5.0
werkzeug==3.1.3
zope-event==5.1
zope-interface==7.2

# The following packages are considered to be unsafe in a requirements file:
setuptools==80.9.0
15 changes: 11 additions & 4 deletions .riot/requirements/16d69d5.txt → .riot/requirements/172eb93.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
# This file is autogenerated by pip-compile with Python 3.11
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/16d69d5.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/172eb93.in
#
attrs==25.3.0
blinker==1.9.0
certifi==2025.6.15
certifi==2025.7.14
charset-normalizer==3.4.2
click==8.2.1
coverage[toml]==7.9.1
coverage[toml]==7.9.2
flask==2.3.3
gevent==25.5.1
greenlet==3.2.3
gunicorn==23.0.0
hypothesis==6.135.24
hypothesis==6.135.32
idna==3.10
iniconfig==2.1.0
itsdangerous==2.2.0
Expand All @@ -32,3 +34,8 @@ requests==2.32.4
sortedcontainers==2.4.0
urllib3==2.5.0
werkzeug==3.1.3
zope-event==5.1
zope-interface==7.2

# The following packages are considered to be unsafe in a requirements file:
setuptools==80.9.0
8 changes: 4 additions & 4 deletions .riot/requirements/19a745b.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
# This file is autogenerated by pip-compile with Python 3.12
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/19a745b.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/19a745b.in
#
astunparse==1.6.3
attrs==25.3.0
certifi==2025.6.15
certifi==2025.7.14
cffi==1.17.1
charset-normalizer==3.4.2
coverage[toml]==7.9.1
coverage[toml]==7.9.2
cryptography==45.0.5
grpcio==1.73.1
hypothesis==6.45.0
Expand All @@ -23,7 +23,7 @@ pycparser==2.22
pycryptodome==3.23.0
pygments==2.19.2
pytest==8.4.1
pytest-asyncio==1.0.0
pytest-asyncio==1.1.0
pytest-cov==6.2.1
pytest-mock==3.14.1
requests==2.32.4
Expand Down
17 changes: 12 additions & 5 deletions .riot/requirements/bb60b77.txt → .riot/requirements/1a5499d.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
# This file is autogenerated by pip-compile with Python 3.9
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/bb60b77.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/1a5499d.in
#
attrs==25.3.0
certifi==2025.6.15
certifi==2025.7.14
charset-normalizer==3.4.2
click==8.1.8
coverage[toml]==7.9.1
coverage[toml]==7.9.2
exceptiongroup==1.3.0
flask==1.1.2
gevent==25.5.1
greenlet==3.2.3
gunicorn==23.0.0
hypothesis==6.135.24
hypothesis==6.135.32
idna==3.10
importlib-metadata==8.7.0
iniconfig==2.1.0
Expand All @@ -32,7 +34,12 @@ pytest-randomly==3.16.0
requests==2.32.4
sortedcontainers==2.4.0
tomli==2.2.1
typing-extensions==4.14.0
typing-extensions==4.14.1
urllib3==2.5.0
werkzeug==2.0.3
zipp==3.23.0
zope-event==5.1
zope-interface==7.2

# The following packages are considered to be unsafe in a requirements file:
setuptools==80.9.0
11 changes: 9 additions & 2 deletions .riot/requirements/b0f4d8a.txt → .riot/requirements/1b60b14.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,18 @@
# This file is autogenerated by pip-compile with Python 3.8
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/b0f4d8a.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/1b60b14.in
#
attrs==25.3.0
blinker==1.8.2
certifi==2025.6.15
certifi==2025.7.14
charset-normalizer==3.4.2
click==8.1.8
coverage[toml]==7.6.1
exceptiongroup==1.3.0
flask==2.3.3
gevent==24.2.1
greenlet==3.1.1
gunicorn==23.0.0
hypothesis==6.113.0
idna==3.10
Expand All @@ -36,3 +38,8 @@ typing-extensions==4.13.2
urllib3==2.2.3
werkzeug==3.0.6
zipp==3.20.2
zope-event==5.0
zope-interface==7.2

# The following packages are considered to be unsafe in a requirements file:
setuptools==75.3.2
15 changes: 11 additions & 4 deletions .riot/requirements/d548d24.txt → .riot/requirements/1c1038e.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
# This file is autogenerated by pip-compile with Python 3.13
# by the following command:
#
# pip-compile --no-annotate .riot/requirements/d548d24.in
# pip-compile --allow-unsafe --no-annotate .riot/requirements/1c1038e.in
#
attrs==25.3.0
blinker==1.9.0
certifi==2025.6.15
certifi==2025.7.14
charset-normalizer==3.4.2
click==8.2.1
coverage[toml]==7.9.1
coverage[toml]==7.9.2
flask==3.1.1
gevent==25.5.1
greenlet==3.2.3
gunicorn==23.0.0
hypothesis==6.135.24
hypothesis==6.135.32
idna==3.10
iniconfig==2.1.0
itsdangerous==2.2.0
Expand All @@ -32,3 +34,8 @@ requests==2.32.4
sortedcontainers==2.4.0
urllib3==2.5.0
werkzeug==3.1.3
zope-event==5.1
zope-interface==7.2

# The following packages are considered to be unsafe in a requirements file:
setuptools==80.9.0
Loading
Loading