o iy@sddlmZddlmZddlmZddlmZddlmZddlm Z ddlm Z ddl m Z dd l mZdd l mZdd lmZdd lmZdd lmZddlmZGdddeZdddddddZdadefddZdS))IAST)IAST_SPAN_TAGS)is_iast_request_enabled) iast_error)%iast_propagation_sink_point_debug_log)_set_metric_iast_executed_sink)"_set_metric_iast_instrumented_sink)increment_iast_span_metric)VulnerabilityType) get_ranges) VULN_SSRF)VulnerabilityBase) ArgumentError)get_argument_valuec@seZdZeZejZdS)SSRFN)__name__ __module__ __qualname__r vulnerability_typer r secure_markrrY/home/ubuntu/.local/lib/python3.10/site-packages/ddtrace/appsec/_iast/taint_sinks/ssrf.pyrs r)rurl)r)z requests.apizurllib.requesturllib3z http.clientzurllib3._request_methods webbrowserF func_namec sXtsttdat|d\}}|dur t|d|ddSz|r%|nd}tt||||}WntyEtd|d|YdSw|rt |t j rt rzIsz$_iast_report_ssrf..F)evidence_valuez3propagation::sink_point::Error in _iast_report_ssrf)#IS_REPORTED_INTRUMENTED_SINK_METRICrr _FUNC_TO_URL_ARGUMENTgetrrlistr isinstancer TEXT_TYPESrr has_quotais_tainted_pyobjectfindr allreportrrr rTELEMETRY_EXECUTED_SINK Exceptionr) r module_nameargskwargsarg_pos kwarg_namekw report_ssrfvalid_to_report taint_rangeserr$r_iast_report_ssrf#sL      r?N)ddtrace.appsec._constantsrr/ddtrace.appsec._iast._iast_request_context_baserddtrace.appsec._iast._logsrrddtrace.appsec._iast._metricsrr"ddtrace.appsec._iast._span_metricsr $ddtrace.appsec._iast._taint_trackingr r ddtrace.appsec._iast.constantsr &ddtrace.appsec._iast.taint_sinks._baser ddtrace.internal.utilsrrrr)r(strr?rrrrs0