o i)"@s6UdZddlZddlmZddlmZddlmZddlmZddlm Z ddl m Z dd l m Z dd l mZdd l mZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZeeZeZ ede!d<GdddZ"GdddZ#ddZ$d dee#fddZ%de#de fddZ&dS)!aIAST module patching implementation. This module provides the core functionality for patching Python functions to enable IAST analysis. It implements the wrapper classes and utilities needed to: 1. Wrap security-sensitive functions using wrapt 2. Manage module patching state 3. Handle forced patching when needed 4. Support testing scenarios with unpatching capabilities The module uses wrapt's function wrapping capabilities to intercept calls to security-sensitive functions and enable taint tracking and vulnerability detection. N)Callable)Optional)Text)FunctionWrapper)$iast_instrumentation_wrapt_debug_log)SecurityControl)get_security_controls_from_env) SC_SANITIZER) SC_VALIDATOR)create_sanitizer)create_validator) try_unwrap)try_wrap_function_wrapper) wrap_object) get_logger)config IASTFunctionMODULES_TO_UNPATCHc@s\eZdZdZdZdZdZdZdddZe de de de fd d Z d d Z d dZddZdS)raRepresents a function to be patched for IAST analysis. This class encapsulates the information needed to patch a specific function in a module for IAST analysis. It handles both forced and lazy patching scenarios. Attributes: name (str): The name of the module to patch function (str): The name of the function to wrap hook (callable): The wrapper function to apply force (bool): Whether to force immediate patching or wait for module import FcCs||_||_||_||_dS)aHInitialize an IASTFunction instance. Args: name (str): The name of the module to patch function (str): The name of the function to wrap hook (callable): The wrapper function to apply force (bool, optional): Whether to force immediate patching. Defaults to False. Nnamefunctionhookforce)selfrrrrrW/home/ubuntu/.local/lib/python3.10/site-packages/ddtrace/appsec/_iast/_patch_modules.py__init__:s  zIASTFunction.__init__modulerwrapperc CsFz t||t|fWdSttfy"td|d|dYdSw)alForce immediate wrapping of a module's function. This method attempts to immediately wrap a function in a module, regardless of whether the module has been imported yet. Args: module (str): The module name name (str): The function name to wrap wrapper (callable): The wrapper function to apply zModule .z not existsN)rr ImportErrorAttributeErrorr)rrrrrr force_wrapperHs  zIASTFunction.force_wrappercCs8|jdur||j|j|jdSt|j|j|jdS)a#Apply the patch to the target module and function. This method handles both forced and lazy patching scenarios. If force is True, it attempts immediate patching. Otherwise, it sets up lazy patching. Returns: bool: True if patching was attempted T)rr#rrrrrrrrpatchYs zIASTFunction.patchcCst|j|jdS)zRemove the patch from the target module and function. This method attempts to remove any existing wrapper from the target function. N)r rrr$rrrunpatchhszIASTFunction.unpatchc Cs&d|jd|jd|jd|jd S)zsz+_apply_security_control..) control_typer functoolspartialr vulnerability_typesr r parametersr;rFr8 module_path method_namer<)rArH wrapper_funcrrrrDs$  rD)N)'r,rNtypingrrrwraptrddtrace.appsec._iast._logsr!ddtrace.appsec._iast.secure_marksrr/ddtrace.appsec._iast.secure_marks.configurationr r ,ddtrace.appsec._iast.secure_marks.sanitizersr ,ddtrace.appsec._iast.secure_marks.validatorsr ddtrace.appsec._patch_utilsr rrddtrace.internal.loggerrddtrace.internal.settings.asmrr2r)r;r0r__annotations__rr.rBrIrDrrrrs2                L<