o i{U @s$ddlZddlZddlZddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z dd l mZdd l mZdd lmZdd lmZdd lmZddlmmmmZddlmZddlmZddl m!Z!ddl"m#Z#ddl$m%Z&e!e'Z(da)dZ*dZ+ddZ,ddZ-dee.de/fddZ0de.de/fdd Z1d!d"Z2d#d$Z3d%ee4e.e.fde5e.ee.e6e.fffd&d'Z7d(d)Z8d*d+Z9d,d-Z:d.d/Z;d0d1Zd6d7Z?d8e.ddfd9d:Z@d;ee6e.e.fddfdd?d@d?dAdBdCdDdEZBdHdFdGZCdS)IN)Iterable)Union_get_asm_contextcall_waf_callback) get_blocked)EXPLOIT_PREVENTION) WAF_ACTIONS)patch)unpatch)_report_rasp_skipped) try_unwrap)try_wrap_function_wrapper)core)BlockingException) get_logger)ModuleWatchdog)configFzrasp_os.system rasp_PopencCstddd}tr dStddttddttddttd dttd d ttd d ttddt tddt tddt t t dttddadS)N subprocesscSs.tttttttt ddS)Nz)Patching common modules: subprocess_patch) subprocess_patchr add_str_callback _RASP_SYSTEMwrapped_system_5542593D237084A7add_lst_callback _RASP_POPENpopen_FD233052260D8B4Dlogdebug)moduler!Y/home/ubuntu/.local/lib/python3.10/site-packages/ddtrace/appsec/_common_module_patches.py_$s  zpatch_common_modules.._urllib3.connectionpool HTTPConnectionPool._make_requestzHTTPConnectionPool.urlopenurllib3._request_methodsRequestMethods.requesturllib3.requestbuiltinsopenpathlib Path.openurllib.requestOpenerDirector.open http.clientHTTPConnection.requestHTTPConnection.getresponsezasm.block.dbapi.executez4Patching common modules: builtins and urllib.requestT)rafter_module_imported _is_patchedrwrapped_urllib3_make_requestwrapped_urllib3_urlopen wrapped_request_D8CB81E472AF98A2wrapped_open_CFDDB7ABBA9081B6wrapped_path_open_rasp_lfiwrapped_open_ED4CF71136E15EBFwrapped_requestwrapped_responsepatch_stripe_for_appsecronexecute_4C9BAC8E228EB347rr)r#r!r!r"patch_common_modules!s&           r?cCstsdStddtddtddtddtdd td d td d td dtddtddttttttt ddadS)Nr$r%r&r'r(r)r*r+r,r-r.r/r0r1_ioz BytesIO.readz StringIO.readzAUnpatching common modules subprocess, builtins and urllib.requestF) r3runpatch_stripe_for_appsecrr del_str_callbackrdel_lst_callbackrrrr!r!r!r"unpatch_common_modulesBs$             rDactionsreturncCstdd|DS)Ncss |] }|tjtjfvVqdSN)r BLOCK_ACTIONREDIRECT_ACTION).0actionr!r!r" ]sz_must_block..)any)rEr!r!r" _must_block\srN capabilitycCsRtjr'tjr'ddlm}|sdSddlm}|jduo&t|jd|ddSdS)z(Check if the RASP capability is enabled.rin_asm_contextF)AppSecSpanProcessorNrasp__enabled) asm_config _asm_enabled _ep_enabled#ddtrace.appsec._asm_request_contextrQddtrace.appsec._processorrR _instancegetattr)rOrQrRr!r!r"_get_rasp_capability`s    r\c Cs,tdrnzddlm}ddlm}Wnty"||i|YSw|r)|dn|dd}zt|}Wn tyAd}Ynw|rn|rg|t j j |idt j j d }|rft |jrfttt jt j j |ntt j j d z||i|WSty} z| jjj} | | jd| | j| jd} ~ ww) z( wrapper for open file function lfirrrPfileNr7 crop_trace rule_typeF)r\rXrrQ ImportErrorgetosfspath Exceptionr ADDRESSLFITYPErNrErrBLOCKINGr __traceback__tb_framef_backwith_traceback __class__f_lastif_lineno) original_open_callableinstanceargskwargsrrQ filename_argfilenamereseprevious_framer!r!r"r7psF     r7c Cstdrbzddlm}ddlm}Wnty"||i|YSwzt|}Wn ty5d}Ynw|rb|r[|tj j |idtj j d}|rZt |j rZtttjtj j |nttj j dz||i|WSty}z|jjj} ||jd | | j| jd }~ww) z0 wrapper for pathlib.Path.open() method r]rrrPr_r8r`FN)r\rXrrQrcrerfrgr rhrirjrNrErrrkr rlrmrnrorprqrr) original_method_callablertrurvrrQrxryrzr{r!r!r"r8sD     r8lstcCsRi}|D]"\}}||vr"||}t|tr||g||<q||q|||<q|SrG) isinstancestrappend)r}ryabvr!r!r"_build_headerss    rc CsNtd}t}tdr|dur|durtdd}t|dkr$|dn|dd}t|dkr4|dn|dd}t|d krD|d n|d i} tjj|d |d | i} | d dp_| dd} |ry| dkryz t || d<Wn t yxYnwt | dtj jd} |jd7_td| rt| jrtttjtj j|||i|S)Nfull_urlssrfuse_bodyFrmethodbodyheadersDOWN_REQ_METHODDOWN_REQ_HEADERS Content-Type content-typeapplication/json DOWN_REQ_BODYr9r`)rget_itemrr\lenrdr rhSSRFjsonloadsrgrrjSSRF_REQdownstream_requests discard_itemrNrErrrk) original_request_callablertrurvrenvrrrr addresses content_typeryr!r!r"r:s2        r:cCs|g||R}t}zBtdrC|jjdkrF|durI|}d|kr)dkrLnW|St|t|d}t|t j j dW|SW|SW|SW|SW|St yXY|Sw)Nr HTTPResponse,DOWN_RES_STATUSDOWN_RES_HEADERSrb) rr\rp__name__getcoderr getheadersrr rjSSRF_RESrg)original_response_callablertrurvresponserstatusrr!r!r"r;s0      r;cCsfz(|jr#|jdddkr&|j}|}t||_||_t|WSWdSWdSt y2YdSw)Nrr) lengthrrdreadioBytesIOfprrrg)rrrr!r!r"_parse_http_response_bodys   rc Cs tdrzddlm}ddlm}Wnty)ttjjd||i|YSw|r0|dn| dd}|j j dkr@| }t |toHt|}|r|rt}r||} tjd || d z?||i|} | j j d krd | jkrxd ksnt| jt| d} | rt| | d<|| tjjd| WWdSty} zB| j j dkrz| j} Wn tyd} Ynwz t| j}Wn tyd}Ynw| dus|dur|t| |dtjjdd} ~ ww1swYn |rttjjd||i|S)z' wrapper for open url function rrrshould_analyze_body_responseTfullurlNRequesturl_open_analysisrrrrrr DOWN_RES_BODYr HTTPErrorF)r\rXrrrcr r rjrrdrpr get_full_urlr~rboolrrcontext_with_datarrrrrrgcoderitems)rsrtrurvrrurl valid_urlctxrrrrz status_coderesponse_headersr!r!r"r9 sd   $       r9cCs"zt|WStyiYSwrG)dictrg)rr!r!r"_parse_headers_urllib3As   rcCstd}t}tdo|duo|du}|rtdd}t|dkr&|dn|dd}t|dkr6|dn|dd} tt|d krG|d n|d i} tjj |d |d | i} | d dpc| dd} |r}| dkr}z t | | d<Wn t y|Ynwt | dtjjd} |jd7_td| rt| jrtttjtjj |||i|}z4|r|jjdkrd|jkrdkrnW|St|j|jd} t | tjjdW|SW|SW|SW|St yY|Sw)NrrrFrrrrrrrrrrrr6r`BaseHTTPResponserrrr)rrrr\rrdrr rhrrrrgrrjrrrrNrErrrkrprrrrr)rrtrurvrrdo_rasprrrrrrryrr!r!r"r4HsX    $   *    r4c Csbt|dkr |dn|dd}tddurtd|z ||i|WtdStdw)Nrrr)rrdrrset_itemr)rsrtrurvrr!r!r"r5os  r5c Cstdrzddlm}ddlm}ddlm}Wnty/ttjj d||i|YSwt |dkr:|dn| dd }t |t oHt|}|r|r|} r|| } tjd || d TzJ||i|} | jjd krd | jkrxdksnt | jt| jd} | rz| | d<Wn tyYnw|| tjjd| WWd Styw1swYn |rttjj d||i|S)z_ wrapper for third party requests.request function https://requests.readthedocs.io rrrrrTrrNrrResponserrrrrF)r\rXrrrrcr r rjrrrdr~rrrrrprrrrrrgr) rrtrurvrrrrrrrrrr!r!r"r6ysH    $  r6commandcCstdrSzddlm}ddlm}Wnty#ttjjdYdSw|rJ|tj j|idtjjd}|rFt |j rHt t tjtjj|dSdSttjjd dSdS) z( wrapper for os.system function shirrrPTNrr`F)r\rXrrQrcr r rjSHIrhrNrErrrk)rrrQryr!r!r"rs*   rarg_listcCstdr[zddlm}ddlm}Wnty#ttjjdYdSw|rR|tj jt |t r2|n|gidtjjd}|rNt |j rPtttjtjj|dSdSttjjd dSdS) z- listener for subprocess.Popen class cmdirrrPTNrr`F)r\rXrrQrcr r rjCMDIrhr~listrNrErrrk)rrrQryr!r!r"rs*  rmariadbmysql postgresqlodbcsqlsqlitevertica)rrpostgrespymysqlpyodbcrrrcCstdrgzddlm}ddlm}Wn tyYdSw|ri|rkt|trmtt |diddd}|r^|t j j |t j j |id t jj d }|rZt|jr\ttt jt jj |dSdStt jj d dSdSdSdSdS) z listener for dbapi execute and executemany function parameters are ignored as they are properly handled by the dbapi without risk of injections sqlirrrPN _self_config_dbapi_span_name_prefixr_r>r`F)r\rXrrQrcr~r _DB_DIALECTSrdr[r rhSQLI SQLI_TYPErjrNrErrrkr )instrument_selfqueryrurvrrQdb_typeryr!r!r"r>s2   r>)rFN)DrrretypingrrrXrrrddtrace.appsec._constantsr r $ddtrace.appsec._contrib.stripe.patchr r<r rAddtrace.appsec._metricsr ddtrace.appsec._patch_utilsrr)ddtrace.contrib.internal.subprocess.patchcontribinternalrrddtrace.internalrddtrace.internal._exceptionsrddtrace.internal.loggerrddtrace.internal.modulerddtrace.internal.settings.asmrrUrrr3rrr?rDrrrNr\r7r8tuplerrrr:r;rr9rr4r5r6rrrr>r!r!r!r"sh                 !+2& 8' +