feat(iast): report telemetry log error

DataDog · Sep 20, 2024 · 707ee82 · 707ee82
1 parent 0a30bcb
commit 707ee82
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 40 deletions.
diff --git a/ddtrace/appsec/_iast/_taint_tracking/Utils/GenericUtils.cpp b/ddtrace/appsec/_iast/_taint_tracking/Utils/GenericUtils.cpp
@@ -36,46 +36,42 @@ void
 iast_taint_log_error(const std::string& msg)
 {
     try {
-        if (!is_iast_debug_enabled()) {
-            return;
-        }
-        std::string frame_info;
-        // If we don't clear the error, stack() and other functions won't work, so we save it first for restoring
-        // it later if needed
-        PyObject *ptype, *pvalue, *ptraceback;
-        PyErr_Fetch(&ptype, &pvalue, &ptraceback);
-        const bool had_exception = (ptype != nullptr || pvalue != nullptr || ptraceback != nullptr);
-        PyErr_Clear();
-
-        try {
-            const py::list stack = safe_import("inspect", "stack")();
-
-            for (size_t i = 0; i < std::min(stack.size(), static_cast<size_t>(7)); ++i) {
-                py::object frame = stack[i];
-                py::object frame_info_obj = frame.attr("frame");
-                std::string filename = py::str(frame_info_obj.attr("f_code").attr("co_filename"));
-                const int lineno = py::int_(frame_info_obj.attr("f_lineno"));
-                frame_info += filename + ", " + std::to_string(lineno) + "\n";
+        if (is_iast_debug_enabled()) {
+            std::string frame_info;
+            // If we don't clear the error, stack() and other functions won't work, so we save it first for restoring
+            // it later if needed
+            PyObject *ptype, *pvalue, *ptraceback;
+            PyErr_Fetch(&ptype, &pvalue, &ptraceback);
+            const bool had_exception = (ptype != nullptr || pvalue != nullptr || ptraceback != nullptr);
+            PyErr_Clear();
+
+            try {
+                const py::list stack = safe_import("inspect", "stack")();
+
+                for (size_t i = 0; i < std::min(stack.size(), static_cast<size_t>(7)); ++i) {
+                    py::object frame = stack[i];
+                    py::object frame_info_obj = frame.attr("frame");
+                    std::string filename = py::str(frame_info_obj.attr("f_code").attr("co_filename"));
+                    const int lineno = py::int_(frame_info_obj.attr("f_lineno"));
+                    frame_info += filename + ", " + std::to_string(lineno) + "\n";
+                }
+            } catch (const py::error_already_set& e) {
+                cerr << "ddtrace: error in iast_taint_log_error trying to retrieve file and line: " << e.what() << "\n";
+                PyErr_Clear(); // Clear the error state
+                frame_info = "(unkown file)";
+            }
+            const auto log = get_python_logger();
+            log.attr("debug")("[IAST] Propagation error. " + msg + ": " + frame_info);
+            // Restore the original exception state if needed
+            if (had_exception) {
+                PyErr_Restore(ptype, pvalue, ptraceback);
+            } else {
+                Py_XDECREF(ptype);
+                Py_XDECREF(pvalue);
+                Py_XDECREF(ptraceback);
             }
-        } catch (const py::error_already_set& e) {
-            cerr << "ddtrace: error in iast_taint_log_error trying to retrieve file and line: " << e.what() << "\n";
-            PyErr_Clear(); // Clear the error state
-            frame_info = "(unkown file)";
-        }
-
-        const auto log = get_python_logger();
-        log.attr("debug")(msg + ": " + frame_info);
-
-        safe_import("ddtrace.appsec._iast._metrics", "_set_iast_error_metric")(msg);
-
-        // Restore the original exception state if needed
-        if (had_exception) {
-            PyErr_Restore(ptype, pvalue, ptraceback);
-        } else {
-            Py_XDECREF(ptype);
-            Py_XDECREF(pvalue);
-            Py_XDECREF(ptraceback);
         }
+        safe_import("ddtrace.appsec._iast._metrics", "_set_iast_error_metric")("[IAST] Propagation error. " + msg);
 
     } catch (const py::error_already_set& e) {
         if (!e.trace().is_none()) {

diff --git a/tests/appsec/iast/aspects/test_join_aspect_fixtures.py b/tests/appsec/iast/aspects/test_join_aspect_fixtures.py
@@ -67,7 +67,13 @@ def test_string_join_tainted_joiner_generator(self):  # type: () -> None
 
         result = mod.do_join(string_input, it)
         # order it's not constant
-        assert result in ("b-joiner-c-joiner-a", "c-joiner-a-joiner-b", "a-joiner-b-joiner-c", "b-joiner-a-joiner-c")
+        assert result in (
+            "a-joiner-c-joiner-b",
+            "b-joiner-c-joiner-a",
+            "c-joiner-a-joiner-b",
+            "a-joiner-b-joiner-c",
+            "b-joiner-a-joiner-c",
+        )
         ranges = get_tainted_ranges(result)
         assert result[ranges[0].start : (ranges[0].start + ranges[0].length)] == "-joiner-"
         assert result[ranges[1].start : (ranges[1].start + ranges[1].length)] == "-joiner-"
@@ -81,7 +87,13 @@ def test_string_join_tainted_joiner_and_string_iterator(self):  # type: () -> No
 
         result = mod.do_join(string_input, it)
         # order it's not constant
-        assert result in ("b-joiner-c-joiner-a", "c-joiner-a-joiner-b", "a-joiner-b-joiner-c", "b-joiner-a-joiner-c")
+        assert result in (
+            "a-joiner-c-joiner-b",
+            "b-joiner-c-joiner-a",
+            "c-joiner-a-joiner-b",
+            "a-joiner-b-joiner-c",
+            "b-joiner-a-joiner-c",
+        )
         ranges = get_tainted_ranges(result)
         assert result[ranges[0].start : (ranges[0].start + ranges[0].length)] == "-joiner-"
         assert result[ranges[1].start : (ranges[1].start + ranges[1].length)] == "-joiner-"