From 7f2e03a1d5dc1e271b1c6e63b01a22b5d49570f3 Mon Sep 17 00:00:00 2001 From: Alberto Vara Date: Tue, 16 Aug 2022 09:26:40 +0200 Subject: [PATCH] feat(asm): fix segmentation fault parsing JSON in Python2 (#4082) ## Description Fix Python 2 error reading WAF rules ## Checklist - [x] Title must conform to [conventional commit](https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional). - [x] Add additional sections for `feat` and `fix` pull requests. - [x] Ensure tests are passing for affected code. ## Reviewer Checklist - [ ] Title is accurate. - [ ] Description motivates each change. - [ ] No unnecessary changes were introduced in this PR. - [ ] PR cannot be broken up into smaller PRs. - [ ] Avoid breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes unless absolutely necessary. - [ ] Tests provided or description of manual testing performed is included in the code or PR. - [ ] Release note has been added for fixes and features, or else `changelog/no-changelog` label added. - [ ] All relevant GitHub issues are correctly linked. - [ ] Backports are identified and tagged with Mergifyio. - [ ] Add to milestone. (cherry picked from commit 399940a8cc721c8218ebb47c526c04006f0b99e8) --- ddtrace/appsec/_ddwaf.pyx | 1 + ...thon-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml | 4 ++++ tests/appsec/test_processor.py | 8 ++++++++ 3 files changed, 13 insertions(+) create mode 100644 releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml diff --git a/ddtrace/appsec/_ddwaf.pyx b/ddtrace/appsec/_ddwaf.pyx index 21cc048b3a0..3e1bc7b1eb1 100644 --- a/ddtrace/appsec/_ddwaf.pyx +++ b/ddtrace/appsec/_ddwaf.pyx @@ -56,6 +56,7 @@ def version(): cdef inline object _string_to_bytes(object string, const char **ptr, ssize_t *length): + ptr[0] = NULL if isinstance(string, six.binary_type): ptr[0] = PyBytes_AsString(string) length[0] = PyBytes_Size(string) diff --git a/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml b/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml new file mode 100644 index 00000000000..8b3d33b3ef0 --- /dev/null +++ b/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + ASM: fix Python 2 error reading WAF rules. \ No newline at end of file diff --git a/tests/appsec/test_processor.py b/tests/appsec/test_processor.py index 18eb9cc47b5..80d00f45861 100644 --- a/tests/appsec/test_processor.py +++ b/tests/appsec/test_processor.py @@ -3,7 +3,9 @@ import pytest +from ddtrace.appsec._ddwaf import DDWaf from ddtrace.appsec.processor import AppSecSpanProcessor +from ddtrace.appsec.processor import DEFAULT_RULES from ddtrace.appsec.processor import _transform_headers from ddtrace.constants import USER_KEEP from ddtrace.contrib.trace_utils import set_http_meta @@ -159,3 +161,9 @@ def test_appsec_span_rate_limit(tracer): assert span1.get_tag("_dd.appsec.json") is not None assert span2.get_tag("_dd.appsec.json") is not None assert span3.get_tag("_dd.appsec.json") is None + + +def test_ddwaf_not_raises_exception(): + with open(DEFAULT_RULES) as rules: + rules_json = json.loads(rules.read()) + DDWaf(rules_json)