o i$ @sddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z ddl m Z dd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZeeZGdddeZdefddZ da!ddZ"ddZ#ddZ$defddZ%dS) )Text)IAST)IAST_SPAN_TAGS)is_iast_request_enabled)%iast_propagation_sink_point_debug_log)_set_metric_iast_executed_sink)"_set_metric_iast_instrumented_sink)WrapFunctonsForIAST)increment_iast_span_metric)VulnerabilityType)VULN_XSS)VulnerabilityBase) get_logger)ModuleWatchdog)configc@seZdZeZejZdS)XSSN)__name__ __module__ __qualname__r vulnerability_typer r secure_markrrX/home/ubuntu/.local/lib/python3.10/site-packages/ddtrace/appsec/_iast/taint_sinks/xss.pyrs rreturncCsdS)Nrrrrr get_versionsrFcCstrtjsdStjs dSdat}|ddt|ddt|ddt|ddt|t t t dd d }dS) NTzdjango.utils.safestring mark_safezdjango.template.defaultfilterszjinja2.filters do_mark_safeflaskrender_template_stringc Ss@zddlm}ddlm}||d<WdSttfyYdSw)Nr)FILTERS)rsafe)jinja2.filtersr r ImportErrorKeyError)moduler rrrr_Ks  zpatch.._) _IS_PATCHED asm_config_iast_is_testing _iast_enabledr wrap_function_iast_django_xss_iast_jinja2_xsspatchrr rafter_module_imported) iast_funcsr&rrrr."s< r.cC*|rt|dkrt|d||i|SNrlen_iast_report_xsswrappedinstanceargskwargsrrrr,V r,cCr1r2r4r7rrrr-\r<r- code_stringc Csz*tr(t|tjrtrt|rtj|dtt j tj t tj WdSWdSt yD}ztd|WYd}~dSd}~ww)N)evidence_valuez4propagation::sink_point::Error in _iast_report_xss. )r isinstancer TEXT_TYPESr has_quotais_tainted_pyobjectreportr rTELEMETRY_EXECUTED_SINKrr Exceptionr)r=errrr6bs r6N)&typingrddtrace.appsec._constantsrr/ddtrace.appsec._iast._iast_request_context_baserddtrace.appsec._iast._logsrddtrace.appsec._iast._metricsrr#ddtrace.appsec._iast._patch_modulesr "ddtrace.appsec._iast._span_metricsr $ddtrace.appsec._iast._taint_trackingr ddtrace.appsec._iast.constantsr &ddtrace.appsec._iast.taint_sinks._baser ddtrace.internal.loggerrddtrace.internal.modulerddtrace.internal.settings.asmrr(rlogrrr'r.r,r-r6rrrrs.              4