From b10c8df2f89af391984c37967add3c329dcdbe21 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Tue, 16 Aug 2022 11:57:06 -0400 Subject: [PATCH] feat(asm): fix segmentation fault parsing JSON in Python2 (backport #4082) (#4094) (#4101) * feat(asm): fix segmentation fault parsing JSON in Python2 (#4082) ## Description Fix Python 2 error reading WAF rules ## Checklist - [x] Title must conform to [conventional commit](https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional). - [x] Add additional sections for `feat` and `fix` pull requests. - [x] Ensure tests are passing for affected code. ## Reviewer Checklist - [ ] Title is accurate. - [ ] Description motivates each change. - [ ] No unnecessary changes were introduced in this PR. - [ ] PR cannot be broken up into smaller PRs. - [ ] Avoid breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes unless absolutely necessary. - [ ] Tests provided or description of manual testing performed is included in the code or PR. - [ ] Release note has been added for fixes and features, or else `changelog/no-changelog` label added. - [ ] All relevant GitHub issues are correctly linked. - [ ] Backports are identified and tagged with Mergifyio. - [ ] Add to milestone. (cherry picked from commit 399940a8cc721c8218ebb47c526c04006f0b99e8) # Conflicts: # tests/appsec/test_processor.py * feat: resolve cherrypick conflicts * feat: resolve cherrypick conflicts Co-authored-by: Alberto Vara (cherry picked from commit a75815d8996ef0766d0f105acc6fbe5cc85f51ed) Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- ddtrace/appsec/_ddwaf.pyx | 1 + ...thon-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml | 4 ++++ tests/appsec/test_processor.py | 8 ++++++++ 3 files changed, 13 insertions(+) create mode 100644 releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml diff --git a/ddtrace/appsec/_ddwaf.pyx b/ddtrace/appsec/_ddwaf.pyx index 17d99026fb0..35c5a2f31ea 100644 --- a/ddtrace/appsec/_ddwaf.pyx +++ b/ddtrace/appsec/_ddwaf.pyx @@ -56,6 +56,7 @@ def version(): cdef inline object _string_to_bytes(object string, const char **ptr, ssize_t *length): + ptr[0] = NULL if isinstance(string, six.binary_type): ptr[0] = PyBytes_AsString(string) length[0] = PyBytes_Size(string) diff --git a/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml b/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml new file mode 100644 index 00000000000..8b3d33b3ef0 --- /dev/null +++ b/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + ASM: fix Python 2 error reading WAF rules. \ No newline at end of file diff --git a/tests/appsec/test_processor.py b/tests/appsec/test_processor.py index f7eef041591..a3d512fe0c9 100644 --- a/tests/appsec/test_processor.py +++ b/tests/appsec/test_processor.py @@ -3,7 +3,9 @@ import pytest +from ddtrace.appsec._ddwaf import DDWaf from ddtrace.appsec.processor import AppSecSpanProcessor +from ddtrace.appsec.processor import DEFAULT_RULES from ddtrace.ext import SpanTypes from ddtrace.ext import priority from tests.utils import override_env @@ -75,3 +77,9 @@ def test_appsec_span_tags_snapshot(tracer): span.set_tag("http.status_code", "404") assert "triggers" in json.loads(span.get_tag("_dd.appsec.json")) + + +def test_ddwaf_not_raises_exception(): + with open(DEFAULT_RULES) as rules: + rules_json = json.loads(rules.read()) + DDWaf(rules_json)