From 29a7c71be7f5b07837eb5148b6785f68420e2fb9 Mon Sep 17 00:00:00 2001
From: Alberto Vara <alberto.vara@datadoghq.com>
Date: Tue, 16 Aug 2022 09:26:40 +0200
Subject: [PATCH] feat(asm): fix segmentation fault parsing JSON in Python2
 (#4082)

## Description
Fix Python 2 error reading WAF rules

## Checklist
- [x] Title must conform to [conventional commit](https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional).
- [x] Add additional sections for `feat` and `fix` pull requests.
- [x] Ensure tests are passing for affected code.

## Reviewer Checklist
- [ ] Title is accurate.
- [ ] Description motivates each change.
- [ ] No unnecessary changes were introduced in this PR.
- [ ] PR cannot be broken up into smaller PRs.
- [ ] Avoid breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes unless absolutely necessary.
- [ ] Tests provided or description of manual testing performed is included in the code or PR.
- [ ] Release note has been added for fixes and features, or else `changelog/no-changelog` label added.
- [ ] All relevant GitHub issues are correctly linked.
- [ ] Backports are identified and tagged with Mergifyio.
- [ ] Add to milestone.

(cherry picked from commit 399940a8cc721c8218ebb47c526c04006f0b99e8)

# Conflicts:
#	tests/appsec/test_processor.py
---
 ddtrace/appsec/_ddwaf.pyx                     |  1 +
 ...-reading-ddwaf-rules-d3653031f2ba84ba.yaml |  4 ++
 tests/appsec/test_processor.py                | 41 +++++++++++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml

diff --git a/ddtrace/appsec/_ddwaf.pyx b/ddtrace/appsec/_ddwaf.pyx
index 17d99026fb0..35c5a2f31ea 100644
--- a/ddtrace/appsec/_ddwaf.pyx
+++ b/ddtrace/appsec/_ddwaf.pyx
@@ -56,6 +56,7 @@ def version():
 
 
 cdef inline object _string_to_bytes(object string, const char **ptr, ssize_t *length):
+    ptr[0] = NULL
     if isinstance(string, six.binary_type):
         ptr[0] = PyBytes_AsString(string)
         length[0] = PyBytes_Size(string)
diff --git a/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml b/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml
new file mode 100644
index 00000000000..8b3d33b3ef0
--- /dev/null
+++ b/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    ASM: fix Python 2 error reading WAF rules.
\ No newline at end of file
diff --git a/tests/appsec/test_processor.py b/tests/appsec/test_processor.py
index f7eef041591..ed243b0a235 100644
--- a/tests/appsec/test_processor.py
+++ b/tests/appsec/test_processor.py
@@ -3,7 +3,15 @@
 
 import pytest
 
+from ddtrace.appsec._ddwaf import DDWaf
 from ddtrace.appsec.processor import AppSecSpanProcessor
+<<<<<<< HEAD
+=======
+from ddtrace.appsec.processor import DEFAULT_RULES
+from ddtrace.appsec.processor import _transform_headers
+from ddtrace.constants import USER_KEEP
+from ddtrace.contrib.trace_utils import set_http_meta
+>>>>>>> 399940a8 (feat(asm): fix segmentation fault parsing JSON in Python2 (#4082))
 from ddtrace.ext import SpanTypes
 from ddtrace.ext import priority
 from tests.utils import override_env
@@ -75,3 +83,36 @@ def test_appsec_span_tags_snapshot(tracer):
         span.set_tag("http.status_code", "404")
 
     assert "triggers" in json.loads(span.get_tag("_dd.appsec.json"))
+<<<<<<< HEAD
+=======
+
+
+def test_appsec_span_rate_limit(tracer):
+    with override_env(dict(DD_APPSEC_TRACE_RATE_LIMIT="1")):
+        _enable_appsec(tracer)
+
+        # we have 2 spans going through with a rate limit of 1: this is because the first span will update the rate
+        # limiter last update timestamp. In other words, we need a first call to reset the rate limiter's clock
+        # DEV: aligning rate limiter clock with this span (this
+        #      span will go through as it is linked to the init window)
+        with tracer.trace("test", span_type=SpanTypes.WEB) as span1:
+            set_http_meta(span1, {}, raw_uri="http://example.com/.git", status_code="404")
+
+        with tracer.trace("test", span_type=SpanTypes.WEB) as span2:
+            set_http_meta(span2, {}, raw_uri="http://example.com/.git", status_code="404")
+            span2.start_ns = span1.start_ns + 1
+
+        with tracer.trace("test", span_type=SpanTypes.WEB) as span3:
+            set_http_meta(span3, {}, raw_uri="http://example.com/.git", status_code="404")
+            span2.start_ns = span1.start_ns + 2
+
+        assert span1.get_tag("_dd.appsec.json") is not None
+        assert span2.get_tag("_dd.appsec.json") is not None
+        assert span3.get_tag("_dd.appsec.json") is None
+
+
+def test_ddwaf_not_raises_exception():
+    with open(DEFAULT_RULES) as rules:
+        rules_json = json.loads(rules.read())
+        DDWaf(rules_json)
+>>>>>>> 399940a8 (feat(asm): fix segmentation fault parsing JSON in Python2 (#4082))