Skip to content

refactor(appsec): extract rel_path and get_caller_frame_info to _patch_utils#17334

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 3 commits intomainfrom
avara1986/extract-caller-frame-info-to-patch-utils-v2
Apr 7, 2026
Merged

refactor(appsec): extract rel_path and get_caller_frame_info to _patch_utils#17334
gh-worker-dd-mergequeue-cf854d[bot] merged 3 commits intomainfrom
avara1986/extract-caller-frame-info-to-patch-utils-v2

Conversation

@avara1986
Copy link
Copy Markdown
Member

@avara1986 avara1986 commented Apr 6, 2026

Summary

  • Extract rel_path() and _compute_file_line() from VulnerabilityBase in _iast/taint_sinks/_base.py into shared functions (rel_path and get_caller_frame_info) in _patch_utils.py.
  • Migrate insecure_cookie.py to use the shared get_caller_frame_info() instead of cls._compute_file_line().
  • Update test_weak_hash.py mock target from get_info_frame to get_caller_frame_info.
  • Both IAST and SCA can now reuse these functions without depending on IAST internals.

Split out from #17156 to keep PRs incremental and reviewable.

Important: Before merging this PR, DataDog/datadog-lambda-python#761 must be merged first.

Test plan

  • Existing IAST vulnerability tests pass (they call VulnerabilityBase.report() which now delegates to get_caller_frame_info())
  • IAST cookie tests pass (insecure_cookie.py now uses shared function)
  • test_weak_hash.py edge case test passes with updated mock target

🤖 Generated with Claude Code

@avara1986 @claude
refactor(appsec): extract rel_path and get_caller_frame_info to _patc…
4cfe47a 
…h_utils

Move rel_path() and the frame-walking logic (_compute_file_line) from
VulnerabilityBase in _iast/taint_sinks/_base.py to shared functions in
_patch_utils.py so both IAST and SCA can reuse them without depending
on IAST internals.

Also migrates insecure_cookie.py and updates test_weak_hash.py mock
target accordingly.

Split out from #17156 to keep PRs incremental and reviewable.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@cit-pr-commenter-54b7da
Copy link
Copy Markdown

cit-pr-commenter-54b7da Bot commented Apr 6, 2026
edited
Loading

Codeowners resolved as

ddtrace/appsec/_iast/taint_sinks/_base.py                               @DataDog/asm-python
ddtrace/appsec/_iast/taint_sinks/insecure_cookie.py                     @DataDog/asm-python
ddtrace/appsec/_patch_utils.py                                          @DataDog/asm-python
tests/appsec/architectures/test_appsec_loading_modules.py               @DataDog/asm-python
tests/appsec/iast/taint_sinks/test_weak_hash.py                         @DataDog/asm-python

@avara1986 avara1986 added changelog/no-changelog A changelog entry is not required for this PR. ASM Application Security Monitoring labels Apr 6, 2026
@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Apr 6, 2026
edited
Loading

Performance SLOs

Comparing candidate avara1986/extract-caller-frame-info-to-patch-utils-v2 (65476a5) with baseline main (199f2fc)

📈 Performance Regressions (2 suites)
📈 iastaspectsospath - 24/24

✅ ospathbasename_aspect

Time: ✅ 516.147µs (SLO: <700.000µs 📉 -26.3%) vs baseline: 📈 +23.3%

Memory: ✅ 43.798MB (SLO: <46.000MB -4.8%) vs baseline: +4.5%

✅ ospathbasename_noaspect

Time: ✅ 429.315µs (SLO: <700.000µs 📉 -38.7%) vs baseline: +1.1%

Memory: ✅ 43.694MB (SLO: <46.000MB -5.0%) vs baseline: +4.3%

✅ ospathjoin_aspect

Time: ✅ 622.887µs (SLO: <700.000µs 📉 -11.0%) vs baseline: ~same

Memory: ✅ 43.900MB (SLO: <46.000MB -4.6%) vs baseline: +4.7%

✅ ospathjoin_noaspect

Time: ✅ 632.972µs (SLO: <700.000µs -9.6%) vs baseline: +0.5%

Memory: ✅ 43.725MB (SLO: <46.000MB -4.9%) vs baseline: +4.3%

✅ ospathnormcase_aspect

Time: ✅ 351.748µs (SLO: <700.000µs 📉 -49.8%) vs baseline: +1.8%

Memory: ✅ 43.869MB (SLO: <46.000MB -4.6%) vs baseline: +4.9%

✅ ospathnormcase_noaspect

Time: ✅ 360.452µs (SLO: <700.000µs 📉 -48.5%) vs baseline: +2.1%

Memory: ✅ 43.715MB (SLO: <46.000MB -5.0%) vs baseline: +4.3%

✅ ospathsplit_aspect

Time: ✅ 485.642µs (SLO: <700.000µs 📉 -30.6%) vs baseline: -0.5%

Memory: ✅ 43.823MB (SLO: <46.000MB -4.7%) vs baseline: +4.4%

✅ ospathsplit_noaspect

Time: ✅ 496.587µs (SLO: <700.000µs 📉 -29.1%) vs baseline: +0.8%

Memory: ✅ 43.620MB (SLO: <46.000MB -5.2%) vs baseline: +4.1%

✅ ospathsplitdrive_aspect

Time: ✅ 373.361µs (SLO: <700.000µs 📉 -46.7%) vs baseline: +0.6%

Memory: ✅ 43.871MB (SLO: <46.000MB -4.6%) vs baseline: +4.4%

✅ ospathsplitdrive_noaspect

Time: ✅ 73.070µs (SLO: <700.000µs 📉 -89.6%) vs baseline: -0.6%

Memory: ✅ 43.658MB (SLO: <46.000MB -5.1%) vs baseline: +4.1%

✅ ospathsplitext_aspect

Time: ✅ 455.808µs (SLO: <700.000µs 📉 -34.9%) vs baseline: ~same

Memory: ✅ 43.785MB (SLO: <46.000MB -4.8%) vs baseline: +4.5%

✅ ospathsplitext_noaspect

Time: ✅ 463.500µs (SLO: <700.000µs 📉 -33.8%) vs baseline: +1.3%

Memory: ✅ 43.682MB (SLO: <46.000MB -5.0%) vs baseline: +4.2%

📈 iastaspectssplit - 12/12

✅ rsplit_aspect

Time: ✅ 166.972µs (SLO: <250.000µs 📉 -33.2%) vs baseline: 📈 +11.9%

Memory: ✅ 43.801MB (SLO: <46.000MB -4.8%) vs baseline: +4.5%

✅ rsplit_noaspect

Time: ✅ 160.991µs (SLO: <250.000µs 📉 -35.6%) vs baseline: +2.8%

Memory: ✅ 43.866MB (SLO: <46.000MB -4.6%) vs baseline: +4.5%

✅ split_aspect

Time: ✅ 152.128µs (SLO: <250.000µs 📉 -39.1%) vs baseline: +2.2%

Memory: ✅ 43.820MB (SLO: <46.000MB -4.7%) vs baseline: +4.5%

✅ split_noaspect

Time: ✅ 156.970µs (SLO: <250.000µs 📉 -37.2%) vs baseline: +2.0%

Memory: ✅ 43.897MB (SLO: <46.000MB -4.6%) vs baseline: +4.5%

✅ splitlines_aspect

Time: ✅ 150.226µs (SLO: <250.000µs 📉 -39.9%) vs baseline: +2.7%

Memory: ✅ 43.849MB (SLO: <46.000MB -4.7%) vs baseline: +5.1%

✅ splitlines_noaspect

Time: ✅ 156.674µs (SLO: <250.000µs 📉 -37.3%) vs baseline: +4.6%

Memory: ✅ 43.840MB (SLO: <46.000MB -4.7%) vs baseline: +4.5%

✅ All Tests Passing (1 suite)
iastpropagation - 8/8

✅ no-propagation

Time: ✅ 47.854µs (SLO: <60.000µs 📉 -20.2%) vs baseline: -1.4%

Memory: ✅ 40.147MB (SLO: <42.000MB -4.4%) vs baseline: +5.1%

✅ propagation_enabled

Time: ✅ 135.389µs (SLO: <190.000µs 📉 -28.7%) vs baseline: +0.7%

Memory: ✅ 40.246MB (SLO: <42.000MB -4.2%) vs baseline: +5.2%

✅ propagation_enabled_100

Time: ✅ 1.570ms (SLO: <2.300ms 📉 -31.8%) vs baseline: +1.4%

Memory: ✅ 40.108MB (SLO: <42.000MB -4.5%) vs baseline: +5.0%

✅ propagation_enabled_1000

Time: ✅ 29.362ms (SLO: <34.550ms 📉 -15.0%) vs baseline: +1.0%

Memory: ✅ 40.187MB (SLO: <42.000MB -4.3%) vs baseline: +5.1%

ℹ️ Scenarios Missing SLO Configuration (20 scenarios)

The following scenarios exist in candidate data but have no SLO thresholds configured:

  • iast_aspects-re_expand_aspect
  • iast_aspects-re_expand_noaspect
  • iast_aspects-re_findall_aspect
  • iast_aspects-re_findall_noaspect
  • iast_aspects-re_finditer_aspect
  • iast_aspects-re_finditer_noaspect
  • iast_aspects-re_fullmatch_aspect
  • iast_aspects-re_fullmatch_noaspect
  • iast_aspects-re_group_aspect
  • iast_aspects-re_group_noaspect
  • iast_aspects-re_groups_aspect
  • iast_aspects-re_groups_noaspect
  • iast_aspects-re_match_aspect
  • iast_aspects-re_match_noaspect
  • iast_aspects-re_search_aspect
  • iast_aspects-re_search_noaspect
  • iast_aspects-re_sub_aspect
  • iast_aspects-re_sub_noaspect
  • iast_aspects-re_subn_aspect
  • iast_aspects-re_subn_noaspect

@avara1986 avara1986 marked this pull request as ready for review April 7, 2026 07:22
@avara1986 avara1986 requested a review from a team as a code owner April 7, 2026 07:22
@avara1986
Copy link
Copy Markdown
Member Author

avara1986 commented Apr 7, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 Bot commented Apr 7, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-04-07 07:35:39 UTC ℹ️ Start processing command /merge

2026-04-07 07:35:44 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 57m (p90).

2026-04-07 08:21:13 UTC ℹ️ MergeQueue: This merge request was merged

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit 4b106fd into main Apr 7, 2026
593 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the avara1986/extract-caller-frame-info-to-patch-utils-v2 branch April 7, 2026 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@florentinl florentinl florentinl approved these changes

@christophe-papazian christophe-papazian Awaiting requested review from christophe-papazian

Assignees

No one assigned

Labels

ASM Application Security Monitoring changelog/no-changelog A changelog entry is not required for this PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@avara1986 @florentinl