chore(iast): test code injection in ci

avara1986 · avara1986 · commit f57314026eab · 2025-02-04T08:55:27.000+01:00
diff --git a/hatch.toml b/hatch.toml
@@ -466,7 +466,8 @@ _DD_IAST_PATCH_MODULES = "scripts.iast"
 test = [
     "uname -a",
     "pip freeze",
-    "python -m pytest tests/appsec/iast_aggregated_memcheck/test_aggregated_memleaks.py",
+    # We use --no-cov due to a pytest-cov problem with eval https://github.com/pytest-dev/pytest-cov/issues/676
+    "python -m pytest --no-cov tests/appsec/iast_aggregated_memcheck/test_aggregated_memleaks.py",
 ]
 
 [[envs.iast_aggregated_leak_testing.matrix]]
diff --git a/scripts/iast/mod_leak_functions.py b/scripts/iast/mod_leak_functions.py
@@ -258,6 +258,7 @@ def sink_points(string_tainted):
     except Exception:
         pass
 
+    _ = eval(f"'a' + '{string_tainted}'")
     # Weak Randomness vulnerability
     _ = random.randint(1, 10)
 

Original file line number	Diff line number	Diff line change
`@@ -466,7 +466,8 @@ _DD_IAST_PATCH_MODULES = "scripts.iast"`
`466`	`466`	`test = [`
`467`	`467`	`"uname -a",`
`468`	`468`	`"pip freeze",`
`469`		`- "python -m pytest tests/appsec/iast_aggregated_memcheck/test_aggregated_memleaks.py",`
	`469`	`+ # We use --no-cov due to a pytest-cov problem with eval https://github.com/pytest-dev/pytest-cov/issues/676`
	`470`	`+ "python -m pytest --no-cov tests/appsec/iast_aggregated_memcheck/test_aggregated_memleaks.py",`
`470`	`471`	`]`
`471`	`472`
`472`	`473`	`[[envs.iast_aggregated_leak_testing.matrix]]`