o ig@sUddlZddlmZddlmZddlmZeeZ dZ e e e fZe e efZeaeed<defdd Zd e defd d Zd e defd dZddddZddddZddZdS)N) _get_iast_env) get_logger)configiGLOBAL_VULNERABILITIES_LIMITreturncCst|jiS)z Initialize vulnerability maps for a new request. Creates a copy of the stored counts from the global map and a new empty map for tracking vulnerabilities in the current request. )rget endpoint_keycopycontextr i/home/ubuntu/.local/lib/python3.10/site-packages/ddtrace/appsec/_iast/sampling/vulnerability_detection.pyinit_request_vulnerability_mapssrvulnerability_typecCst}|sdS|jtjkrdS|jrt||_i|_d|_|j|d}|j|d}|d|j|<||kr8dS|jd7_dS)z_ Determine if a vulnerability should be processed based on the optimization algorithm. FrT) rvulnerability_budget asm_config&_iast_max_vulnerabilities_per_requestsis_first_vulnerabilityrvulnerability_copy_global_limitvulnerabilities_request_limitr)rr current_count stored_countr r r should_process_vulnerabilitys   rcCsLt}|sdS|j|d8<|j|dkr|j||jd8_dS)NFrrT)rrpopr)rr r r r rollback_quota=s rcCs|durt}|durtddS|jtjkr2t|ji}|j D]\}}|||<q$|t|j<t tt krFtj ddt tt ks8dSdS)z Update the global vulnerability map at the end of a request. Args: budget_used (bool): Whether the vulnerability detection budget was fully used N?No request context found when updating global vulnerability mapF)last)rlogdebugrrrrrrritemslen MAX_ENDPOINTSpopitem)r global_map_entry vuln_typecountr r r !update_global_vulnerability_limitIs      r'cCs@|durt}|durtddSi|_i|_d|_d|_dS)NrTr)rrrrrrrr r r r reset_request_vulnerabilitiescs  r(cCs tadSN) collections OrderedDictrr r r r _reset_global_limitos r,r))rN)r*ddtrace.appsec._iast._iast_envrddtrace.internal.loggerrddtrace.internal.settings.asmrr__name__rr"dictstrintRequestDictTypeGlobalDictTyper+r__annotations__rboolrrr'r(r,r r r r s