o i=@sddlZddlZddlmZddlmZddlZddlmZddlm Z ddlm Z ddlm Z ddlm Z dd lm Z dd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddl m!Z!de"ddfddZ#de$ddfddZ%de&e'fddZ(de'fd d!Z)Gd"d#d#e!Z*e*ZGd$d%d%e!Z+e+Z,dS)&N)machine)system)Optional) API_SECURITY)APPSEC)DEFAULT)EXPLOIT_PREVENTION)IAST)(IAST_TRUNCATION_MAX_VALUE_LENGTH_DEFAULT)LOGIN_EVENTS_MODE)TELEMETRY_INFORMATION_NAME) APPSEC_ENV) SpanTypes)AI_GUARD_ENABLED)AI_GUARD_ENDPOINT)AI_GUARD_MAX_CONTENT_SIZE)AI_GUARD_MAX_MESSAGES_LENGTH)AI_GUARD_TIMEOUT) in_aws_lambda)config)DDConfigrreturncCs|dkrtddS)Nrzvalue must be non negative ValueErrorrrQ/home/ubuntu/.local/lib/python3.10/site-packages/ddtrace/internal/settings/asm.py_validate_non_negative_intsrcCs|dks|dkr tddS)Nrdz*percentage value must be between 0 and 100rrrrr_validate_percentage!sr optionscsdtdtffdd }|S)Nstr_inrcs(D] }||r|SqdS)Nr) startswithlower)r"or!rrparse's z_parse_options..parse)str)r!r'rr&r_parse_options&sr)c Cstjtjt}ddddt}t}tdkr-|dkr-ddlm}|d kr-d }d d d d}| ||}tj |dddd|dd|S)z= Build the filename of the libddwaf library to load. sodylibdll)LinuxDarwinWindowsr/amd64r)maxsizelx86x64x86_64win32)r0i686r2z..appsec_ddwaflibddwaflibz libddwaf.) ospathdirname__file__rrr$sysr1getjoin)_DIRNAMEFILE_EXTENSIONARCHIr1TRANSLATE_ARCH ARCHITECTURErrrbuild_libddwaf_filename0s    rGcseZdZUejeeddZej Z eje e ej ddZedkr!dZejhZejhZejdejeejddZejeejdddZejeejdddZejeejddZejeej dddZ!ejeej"dddZ#eje ej$e%dZ&eje'ej(e)dZ*ejeej+ddZ,dZ-dZ.eje ej/e0j1e2e0j3e0j1e0j4gd Z5dZ6e e e7d <ejeej8ddZ9eje ej:ddZ;eje ejddZ?ejee@jAddZBejee@jCddZDejee@jEddZFejee@jGddZHeje'e@jIeJjIdZKdZLeMZNeOjPQeNZRejed eJjSed d ZTejedddZUeje ejVeJjWdZXeje ejYeJjZdZ[ejeej\ddZ]eje ej^ddZ_eje ej`ddZaeje'ejbddZceje'ejdddZeejeejfddZgejedddZheje dddZiejedddZjdZkejeeljmddZnejeeljoddZpeje'eljqderdZseje'eljtderdZuejeeljvdewdZxejeejoddZyejedddZzejedddZ{ejedddZ|ejedddZ}ejedddZ~ejedddZee7d <eje'd!d"dZe'e7d#<gd$Zeje ejd%dZdZdZd&ejko d'knoejd(pejd) Zee7d*<dZe e e7d+<fd,d-Zed.d/Zd0d1Zd;d3d4Zed2efd5d6Zed2efd7d8Zed2e fd9d:ZZS)< ASMConfigFdefaultN iast_enabledT)rJprivateg>@)rJparser"_auto_user_instrumentation_rc_modeDD_APPSEC_WAF_TIMEOUTz,Timeout in milliseconds for WAF computations)rJ help_typehelp _DD_APPSEC_DEDUPLICATION_ENABLEDz(?i)^.*(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|password|token|username|user_id|last.name|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)z(?i)bearer\s+[a-z0-9\._\-]+|token:[a-z0-9]{13}|password|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=-]+\.ey[I-L][\w=-]+(\.[\w.+\/=-]+)?|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*[a-z0-9\/\.+]{100,}DD_IAST_DEDUPLICATION_ENABLED'DD_IAST_SECURITY_CONTROLS_CONFIGURATION_DD_IAST_USE_ROOT_SPAN)rJ validator gR@DD_DJANGO_INCLUDE_USER_NAMEDD_DJANGO_INCLUDE_USER_EMAILDD_DJANGO_INCLUDE_USER_LOGINDD_DJANGO_INCLUDE_USER_REALNAME%DD_FASTAPI_ASYNC_BODY_TIMEOUT_SECONDSg?4DD_API_SECURITY_DOWNSTREAM_BODY_ANALYSIS_SAMPLE_RATEg?_dr_sample_rate4DD_API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS_dr_body_limit_per_request)4 _asm_enabled_asm_can_be_enabled_asm_static_rule_file%_asm_obfuscation_parameter_key_regexp'_asm_obfuscation_parameter_value_regexp_asm_processed_span_types_asm_http_span_types_apm_tracing_enabled_bypass_instrumentation_for_waf#_is_testing_instrumentation_for_waf _iast_enabled_iast_request_sampling _iast_debug_iast_propagation_debug_iast_telemetry_report_lvl_iast_security_controls_iast_is_testing_iast_use_root_span!_iast_truncation_max_value_length _ep_enabled_use_metastruct_for_triggers_use_metastruct_for_iast%_auto_user_instrumentation_local_moderO"_auto_user_instrumentation_enabled_user_model_login_field_user_model_email_field_user_model_name_field_api_security_enabled_api_security_sample_delay!_api_security_parse_response_bodyr`rc _waf_timeout_iast_redaction_enabled_iast_redaction_name_pattern_iast_redaction_value_pattern_iast_max_concurrent_requests&_iast_max_vulnerabilities_per_requests_iast_lazy_taint_iast_deduplication_enabled_ep_stack_trace_enabled_ep_max_stack_traces_ep_max_stack_trace_depth_ep_stack_top_percent_iast_stack_trace_enabled_asm_config_keys_asm_deduplication_enabled_django_include_user_name_django_include_user_email_django_include_user_login_django_include_user_realnamezx^[+-]?((0b[01]+)|(0x[0-9A-Fa-f]+)|(\d+\.?\d*(?:[Ee][+-]?\d+)?|\.\d+(?:[Ee][+-]?\d+)?)|(X\'[0-9A-Fa-f]+\')|(B\'[01]+\'))$)r)rrwincygwin_iast_supported _rc_client_idcsttr|jtj|jtjdt_ d|_ |j s"d|_ |j sCd|_ d|_d|_ d|_d|_d|_tj|_d|_d|_dS|dS)NF)super__init__rriaddr SERVERLESSrj tracer_config_remote_config_enabledrrn_asm_libddwaf_availablerdrerrwr{r DISABLEDrz _load_modules_asm_rc_enabled_eval_asm_can_be_enabledself __class__rrrs&   zASMConfig.__init__cCsttjvrtjS|jSN)r r;environrENABLED_ORIGIN_ENV_asm_enabled_originrrrrasm_enabled_origin/s zASMConfig.asm_enabled_origincC |dSzhFor testing purposes, reset the configuration to its default values given current environment variables.Nrrrrrreset5 zASMConfig.resetrcCs`ttjvotj|_t|jo|jp|j|_ |jrtjp|j|_ ttjvr,|jr.dt_ dSdSdSNT) r r;rrrreboolrwrdrr _trace_resource_renaming_enabledrrrrr9s  z"ASMConfig._eval_asm_can_be_enabledcCs|jo|jo|jSr)rrdrrrrr_api_security_feature_active@sz&ASMConfig._api_security_feature_activecCs|jp |jp tjduo|j Sr)rdrnr _sca_enabledrkrrrr _apm_opt_outDszASMConfig._apm_opt_outcCs(|jr|jr|jdur|jS|jStjSr)rdr{rOrzr rrrrr_user_event_modeJs  zASMConfig._user_event_mode)rN)__name__ __module__ __qualname__rvarrr rdrENABLED_ORIGIN_DEFAULTrrr( RULE_FILErfrWEBrirjr_from_endpointr@r ENVrnENV_PROPAGATION_ENABLED_iast_propagation_enabledENV_SINK_POINTS_ENABLED_iast_sink_points_enabledfloatENV_REQUEST_SAMPLINGro ENV_DEBUGrpENV_PROPAGATION_DEBUGrqENV_TELEMETRY_REPORT_LVLr rrint'ENV_DD_IAST_TRUNCATION_MAX_VALUE_LENGTHr rvAPM_TRACING_ENVrkrxryAUTO_USER_INSTRUMENTATION_MODEr IDENTr)rANONrzrO__annotations__&AUTO_USER_INSTRUMENTATION_MODE_ENABLEDr{USER_MODEL_LOGIN_FIELDr|USER_MODEL_EMAIL_FIELDr}USER_MODEL_NAME_FIELDr~rENV_VAR_ENABLEDr SAMPLE_DELAYrPARSE_RESPONSE_BODYrENDPOINT_COLLECTION!_api_security_endpoint_collectionENDPOINT_COLLECTION_LIMITr'_api_security_endpoint_collection_limit_api_security_activerG _asm_libddwafr;r<existsr WAF_TIMEOUTrr OBFUSCATION_PARAMETER_KEY_REGEXP'APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXPrg"OBFUSCATION_PARAMETER_VALUE_REGEXP)APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXPrhREDACTION_ENABLEDrREDACTION_NAME_PATTERNrREDACTION_VALUE_PATTERNrDD_IAST_MAX_CONCURRENT_REQUESTSr#DD_IAST_VULNERABILITIES_PER_REQUESTr LAZY_TAINTrrrsrurtr EP_ENABLEDrwSTACK_TRACE_ENABLEDrMAX_STACK_TRACESrrMAX_STACK_TRACE_DEPTHrSTACK_TOP_PERCENTr rrrrrr_fast_api_async_body_timeoutr`rcrREDACTION_VALUE_NUMERAL_iast_redaction_numeral_patternrlrmr? version_infoplatformr#rrrpropertyrrrrrr __classcell__rrrrrHDs         6    rHc@sleZdZejeeddZejee ddZ eje e ddZ eje eddZeje eddZgdZdd Zd S) AIGuardConfigFrIrKii')_ai_guard_enabled_ai_guard_endpoint_ai_guard_max_content_size_ai_guard_max_messages_length_ai_guard_timeoutcCrrrrrrrrfrzAIGuardConfig.resetN)rrrrrrrrr(rrrrrrrrr_ai_guard_config_keysrrrrrrVs r)-r;os.pathrrrr?typingrddtrace.appsec._constantsrrrrr r r r ddtrace.constantsr ddtrace.extrddtrace.internal.constantsrrrrrddtrace.internal.serverlessr!ddtrace.internal.settings._configrrddtrace.internal.settings._corerrrrr listr(r)rGrHrai_guard_configrrrrsD