From ba1abbacee88e799f38a7354e45d04d2f0a04ee4 Mon Sep 17 00:00:00 2001 From: Alberto Vara Date: Mon, 20 Jan 2025 11:54:18 +0100 Subject: [PATCH 1/5] chore: enable iast_aggregated_leak_testing --- hatch.toml | 10 +++++----- scripts/iast/mod_leak_functions.py | 2 ++ tests/appsec/suitespec.yml | 8 ++++++++ 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/hatch.toml b/hatch.toml index 7269db2d497..24d498d76af 100644 --- a/hatch.toml +++ b/hatch.toml @@ -444,8 +444,8 @@ fastapi = ["~=0.114.2"] ## ASM Appsec Aggregated Leak Testing -[envs.appsec_aggregated_leak_testing] -template = "appsec_aggregated_leak_testing" +[envs.iast_aggregated_leak_testing] +template = "iast_aggregated_leak_testing" dependencies = [ "pytest", "pytest-cov", @@ -457,18 +457,18 @@ dependencies = [ "pydantic-settings", ] -[envs.appsec_aggregated_leak_testing.env-vars] +[envs.iast_aggregated_leak_testing.env-vars] CMAKE_BUILD_PARALLEL_LEVEL = "12" DD_IAST_ENABLED = "true" -[envs.appsec_aggregated_leak_testing.scripts] +[envs.iast_aggregated_leak_testing.scripts] test = [ "uname -a", "pip freeze", "python -m pytest tests/appsec/iast_aggregated_memcheck/test_aggregated_memleaks.py", ] -[[envs.appsec_aggregated_leak_testing.matrix]] +[[envs.iast_aggregated_leak_testing.matrix]] python = ["3.10", "3.11", "3.12", "3.13"] diff --git a/scripts/iast/mod_leak_functions.py b/scripts/iast/mod_leak_functions.py index bf96d93c497..30b6c7d1223 100644 --- a/scripts/iast/mod_leak_functions.py +++ b/scripts/iast/mod_leak_functions.py @@ -258,6 +258,8 @@ def sink_points(string_tainted): except Exception: pass + _ = eval('"aa" + ' + string_tainted) + # Weak Randomness vulnerability _ = random.randint(1, 10) diff --git a/tests/appsec/suitespec.yml b/tests/appsec/suitespec.yml index f075ba2da4a..76034c3e0ed 100644 --- a/tests/appsec/suitespec.yml +++ b/tests/appsec/suitespec.yml @@ -73,6 +73,14 @@ suites: - '@remoteconfig' retry: 2 runner: hatch + iast_aggregated_leak_testing: + parallelism: 4 + paths: + - '@appsec_iast' + - tests/appsec/iast_aggregated_memcheck/* + retry: 2 + runner: hatch + timeout: 50m appsec_iast_packages: parallelism: 4 paths: From fdb8663390bf137a8abf69da21ca121afaa7c36f Mon Sep 17 00:00:00 2001 From: Alberto Vara Date: Mon, 20 Jan 2025 12:20:02 +0100 Subject: [PATCH 2/5] chore: enable iast_aggregated_leak_testing --- scripts/iast/mod_leak_functions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/iast/mod_leak_functions.py b/scripts/iast/mod_leak_functions.py index 30b6c7d1223..75df911bce9 100644 --- a/scripts/iast/mod_leak_functions.py +++ b/scripts/iast/mod_leak_functions.py @@ -258,7 +258,7 @@ def sink_points(string_tainted): except Exception: pass - _ = eval('"aa" + ' + string_tainted) + _ = eval('"aa" + "' + string_tainted + '"') # Weak Randomness vulnerability _ = random.randint(1, 10) From b0e80e0a253bf020bfa7d4c9457d35723a05f518 Mon Sep 17 00:00:00 2001 From: Alberto Vara Date: Mon, 20 Jan 2025 13:20:53 +0100 Subject: [PATCH 3/5] chore: enable iast_aggregated_leak_testing --- scripts/iast/mod_leak_functions.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/iast/mod_leak_functions.py b/scripts/iast/mod_leak_functions.py index 75df911bce9..bf96d93c497 100644 --- a/scripts/iast/mod_leak_functions.py +++ b/scripts/iast/mod_leak_functions.py @@ -258,8 +258,6 @@ def sink_points(string_tainted): except Exception: pass - _ = eval('"aa" + "' + string_tainted + '"') - # Weak Randomness vulnerability _ = random.randint(1, 10) From 4daa330e49f78e067da7f97ecd9148cbd4f9ae36 Mon Sep 17 00:00:00 2001 From: Alberto Vara Date: Mon, 20 Jan 2025 13:46:51 +0100 Subject: [PATCH 4/5] chore: enable iast_aggregated_leak_testing --- hatch.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/hatch.toml b/hatch.toml index 24d498d76af..d7d77a92c53 100644 --- a/hatch.toml +++ b/hatch.toml @@ -460,6 +460,7 @@ dependencies = [ [envs.iast_aggregated_leak_testing.env-vars] CMAKE_BUILD_PARALLEL_LEVEL = "12" DD_IAST_ENABLED = "true" +_DD_IAST_PATCH_MODULES = "scripts.iast" [envs.iast_aggregated_leak_testing.scripts] test = [ From 6293f0357290afb2213d816acbcabe59d81736c7 Mon Sep 17 00:00:00 2001 From: Alberto Vara Date: Mon, 20 Jan 2025 15:43:33 +0100 Subject: [PATCH 5/5] chore: enable iast_aggregated_leak_testing --- hatch.toml | 2 +- tests/appsec/suitespec.yml | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/hatch.toml b/hatch.toml index d7d77a92c53..b30d4128616 100644 --- a/hatch.toml +++ b/hatch.toml @@ -470,7 +470,7 @@ test = [ ] [[envs.iast_aggregated_leak_testing.matrix]] -python = ["3.10", "3.11", "3.12", "3.13"] +python = ["3.10", "3.11", "3.12"] diff --git a/tests/appsec/suitespec.yml b/tests/appsec/suitespec.yml index 76034c3e0ed..d40ba785f63 100644 --- a/tests/appsec/suitespec.yml +++ b/tests/appsec/suitespec.yml @@ -74,11 +74,10 @@ suites: retry: 2 runner: hatch iast_aggregated_leak_testing: - parallelism: 4 + parallelism: 3 paths: - '@appsec_iast' - tests/appsec/iast_aggregated_memcheck/* - retry: 2 runner: hatch timeout: 50m appsec_iast_packages: @@ -86,7 +85,6 @@ suites: paths: - '@appsec_iast' - tests/appsec/iast_packages/* - retry: 2 runner: hatch timeout: 50m appsec_integrations_pygoat: