o Á¿ip ã @sdZddlmZddlmZddlmZddlmZddlmZde eded ed ed e d ef d d„Z ded ed ed e d ef dd„Z ded ed ed e d ef dd„Z ded ed ed e d ef dd„Zded ed ed e d ef dd„Zded ed ed e d ef dd„ZdS)aModule for IAST sanitizers that apply security marks to function return values. Sanitizers are functions that clean/escape their inputs to prevent security issues. If a sanitizer returns a value, we mark that value as secure for specific vulnerability types. é)ÚAny)ÚCallable)ÚSequence)ÚVulnerabilityType©Úadd_secure_markÚvulnerability_typesÚwrappedÚinstanceÚargsÚkwargsÚreturncCs||i|¤Ž}t||ƒ|S)ziCreate a sanitizer function wrapper that marks return values as secure for a specific vulnerability type.r)rr r r r Úresult©rú`/home/ubuntu/.local/lib/python3.10/site-packages/ddtrace/appsec/_iast/secure_marks/sanitizers.pyÚcreate_sanitizers rcCóttjg||||ƒS)aRSanitizer for werkzeug.utils.secure_filename that marks filenames as safe from path traversal. Args: wrapped: The original secure_filename function instance: The instance (None for module functions) args: Positional arguments kwargs: Keyword arguments Returns: The sanitized filename )rrÚPATH_TRAVERSAL©r r r r rrrÚpath_traversal_sanitizeró rcCr)a0Sanitizer for HTML escaping functions that mark output as safe from XSS. Args: wrapped: The original quote function instance: The instance (None for module functions) args: Positional arguments kwargs: Keyword arguments Returns: The sanitized string )rrÚXSSrrrrÚ xss_sanitizer*rrcCr)a8Sanitizer for SQL quoting functions that mark output as safe from SQL injection. Args: wrapped: The original quote function instance: The instance (None for module functions) args: Positional arguments kwargs: Keyword arguments Returns: The quoted SQL value )rrÚ SQL_INJECTIONrrrrÚsqli_sanitizer9rrcCr)aJSanitizer for shell command quoting functions that mark output as safe from command injection. Args: wrapped: The original quote function instance: The instance (None for module functions) args: Positional arguments kwargs: Keyword arguments Returns: The quoted shell command )rrÚCOMMAND_INJECTIONrrrrÚcmdi_sanitizerHrrcCr)N)rrÚHEADER_INJECTIONrrrrÚheader_injection_sanitizerWsrN)Ú__doc__ÚtypingrrrÚ$ddtrace.appsec._iast._taint_trackingrÚ&ddtrace.appsec._iast.secure_marks.baserÚlistÚdictrrrrrrrrrrÚs0     ÿÿÿÿÿ þ "