Merge branch 'main' into tyler.finethy/debugger-probe-budgets

Author: tylfin

Diff for: pyproject.toml

@@ -201,39 +201,31 @@ ignore = [
     "B007",      # 23 occurences    [ ] unused-loop-control-variable
     "DTZ005",    # 23 occurences    [ ] call-datetime-now-without-tzinfo
     "INP001",    # 22 occurences    [ ] implicit-namespace-package
-    "ARG001",    # 21 occurences    [ ] unused-function-argument
-    "UP031",     # 17 occurences    [ ] printf-string-formatting
     "ANN205",    # 16 occurences    [ ] missing-return-type-static-method
     "T201",      # 15 occurences    [*] print
     "FBT001",    # 12 occurences    [ ] boolean-type-hint-positional-argument
     "SLF001",    # 12 occurences    [ ] private-member-access
     "UP035",     # 12 occurences    [ ] deprecated-import
     "S105",      # 10 occurences    [ ] hardcoded-password-string
-    "B015",      # 10 occurences    [ ] useless-comparison
     "RET503",    # 9 occurences     [*] implicit-return
     "SIM115",    # 9 occurences     [ ] open-file-with-context-handler
-    "PGH004",    # 9 occurences     [ ] blanket-noqa
-    "RUF001",    # 9 occurences     [ ] ambiguous-unicode-character-string
     "RUF015",    # 9 occurences     [*] unnecessary-iterable-allocation-for-first-element
     "SIM108",    # 8 occurences     [*] if-else-block-instead-of-if-exp
     "PTH120",    # 8 occurences     [ ] os-path-dirname
-    "PGH003",    # 8 occurences     [ ] blanket-type-ignore
     "TRY301",    # 8 occurences     [ ] raise-within-try
     "ANN206",    # 7 occurences     [ ] missing-return-type-class-method
     "B011",      # 7 occurences     [*] assert-false
     "PT015",     # 7 occurences     [ ] pytest-assert-always-false
     "N815",      # 7 occurences     [ ] mixed-case-variable-in-class-scope
     "PT006",     # 6 occurences     [*] pytest-parametrize-names-wrong-type
     "N803",      # 6 occurences     [ ] invalid-argument-name
-    "E741",      # 6 occurences     [ ] ambiguous-variable-name
     "S113",      # 5 occurences     [ ] request-without-timeout
     "PT011",     # 5 occurences     [ ] pytest-raises-too-broad
     "E731",      # 5 occurences     [*] lambda-assignment
     "RUF005",    # 5 occurences     [ ] collection-literal-concatenation
     "PTH103",    # 4 occurences     [ ] os-makedirs
     "PLW2901",   # 4 occurences     [ ] redefined-loop-name
     "PTH112",    # 3 occurences     [ ] os-path-isdir
-    "ANN002",    # 2 occurences     [ ] missing-type-args
     "ASYNC230",  # 2 occurences     [ ] blocking-open-call-in-async-function
     "S605",      # 2 occurences     [ ] start-process-with-a-shell
     "PTH100",    # 2 occurences     [ ] os-path-abspath
@@ -253,6 +245,9 @@ ignore = [
     "RET505",    # superfluous-else-return: requires a slightly higher cognitive effort to understand the code
     "S108",      # hardcoded-temp-file: test code may contains weird things
 ]
+"tests/fuzzer/request_mutator.py" = [
+    "RUF001",    # ambiguous-unicode-character-string: the mutator contains weird strings on purpose
+]
 "utils/build/*"  = ["ALL"]
 "lib-injection/*" = ["ALL"]
 "utils/{k8s_lib_injection/*,_context/_scenarios/k8s_lib_injection.py}" = [

Diff for: tests/appsec/test_automated_login_events.py

@@ -877,11 +877,11 @@ def test_login_success_local(self):
             assert meta["usr.id"] == USER_HASH
 
             # deprecated
-            "appsec.events.users.login.success.username" not in meta
-            "appsec.events.users.login.success.email" not in meta
-            "usr.email" not in meta
-            "usr.username" not in meta
-            "usr.login" not in meta
+            # "appsec.events.users.login.success.username" not in meta
+            # "appsec.events.users.login.success.email" not in meta
+            # "usr.email" not in meta
+            # "usr.username" not in meta
+            # "usr.login" not in meta
 
             assert_priority(span, trace)
 
@@ -898,11 +898,11 @@ def test_login_success_basic(self):
             assert meta["usr.id"] == USER_HASH
 
             # deprecated
-            "appsec.events.users.login.success.username" not in meta
-            "appsec.events.users.login.success.email" not in meta
-            "usr.email" not in meta
-            "usr.username" not in meta
-            "usr.login" not in meta
+            # "appsec.events.users.login.success.username" not in meta
+            # "appsec.events.users.login.success.email" not in meta
+            # "usr.email" not in meta
+            # "usr.username" not in meta
+            # "usr.login" not in meta
 
             assert_priority(span, trace)
 

Diff for: tests/appsec/test_conf.py

@@ -72,7 +72,7 @@ def setup_obfuscation_parameter_key(self):
     def test_obfuscation_parameter_key(self):
         """Test DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP"""
 
-        def validate_appsec_span_tags(span, appsec_data):  # pylint: disable=unused-argument
+        def validate_appsec_span_tags(span, appsec_data):  # noqa: ARG001
             assert not nested_lookup(
                 self.SECRET, appsec_data, look_in_keys=True
             ), "The security events contain the secret value that should be obfuscated"
@@ -90,7 +90,7 @@ def setup_obfuscation_parameter_value(self):
     def test_obfuscation_parameter_value(self):
         """Test DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP"""
 
-        def validate_appsec_span_tags(span, appsec_data):  # pylint: disable=unused-argument
+        def validate_appsec_span_tags(span, appsec_data):  # noqa: ARG001
             assert not nested_lookup(
                 self.SECRET_WITH_HIDDEN_VALUE, appsec_data, look_in_keys=True
             ), "The security events contain the secret value that should be obfuscated"

Diff for: tests/appsec/test_remote_config_rule_changes.py

@@ -178,14 +178,14 @@ def test_update_rules(self):
         expected_rules_version_tag = "_dd.appsec.event_rules.version"
         expected_version_regex = r"[0-9]+\.[0-9]+\.[0-9]+"
 
-        def validate_waf_rule_version_tag(span, appsec_data):
+        def validate_waf_rule_version_tag(span, appsec_data):  # noqa: ARG001
             """Validate the mandatory event_rules.version tag is added to the request span having an attack"""
             meta = span["meta"]
             assert expected_rules_version_tag in meta, f"missing span meta tag `{expected_rules_version_tag}` in meta"
             assert re.match(expected_version_regex, meta[expected_rules_version_tag])
             return True
 
-        def validate_waf_rule_version_tag_by_rc(span, appsec_data):
+        def validate_waf_rule_version_tag_by_rc(span, appsec_data):  # noqa: ARG001
             """Validate the mandatory event_rules.version tag is added to the request span having an attack with expected rc version"""
             meta = span["meta"]
             assert expected_rules_version_tag in meta, f"missing span meta tag `{expected_rules_version_tag}` in meta"

Diff for: tests/appsec/test_reports.py

@@ -23,7 +23,7 @@ def check_http_code_legacy(event):
 
             return True
 
-        def check_http_code(span, appsec_data):
+        def check_http_code(span, appsec_data):  # noqa: ARG001
             status_code = span["meta"]["http.status_code"]
             assert status_code == "404", f"404 should have been reported, not {status_code}"
 
@@ -51,7 +51,7 @@ def _check_service_legacy(event):
 
             return True
 
-        def _check_service(span, appsec_data):
+        def _check_service(span, appsec_data):  # noqa: ARG001
             name = span.get("service")
             environment = span.get("meta", {}).get("env")
             assert name == "weblog", f"weblog should have been reported, not {name}"

Diff for: tests/appsec/test_traces.py

@@ -150,7 +150,7 @@ def test_appsec_obfuscator_key(self):
         # Note that this value must contain an attack pattern in order to be part of the security event data
         # that is expected to be obfuscated.
 
-        def validate_appsec_span_tags(span, appsec_data):
+        def validate_appsec_span_tags(span, appsec_data):  # noqa: ARG001
             assert not nested_lookup(
                 self.SECRET_VALUE_WITH_SENSITIVE_KEY, appsec_data, look_in_keys=True
             ), "The security events contain the secret value that should be obfuscated"
@@ -199,7 +199,7 @@ def test_appsec_obfuscator_value(self):
         # The following payload will be sent as a raw encoded string via the request params
         # and matches an XSS attack. It contains an access token secret we shouldn't have in the event.
 
-        def validate_appsec_span_tags(span, appsec_data):
+        def validate_appsec_span_tags(span, appsec_data):  # noqa: ARG001
             assert not nested_lookup(
                 self.VALUE_WITH_SECRET, appsec_data, look_in_keys=True
             ), "The security events contain the secret value that should be obfuscated"
@@ -222,7 +222,7 @@ def test_appsec_obfuscator_key_with_custom_rules(self):
         # Note that this value must contain an attack pattern in order to be part of the security event data
         # that is expected to be obfuscated.
 
-        def validate_appsec_span_tags(span, appsec_data):  # pylint: disable=unused-argument
+        def validate_appsec_span_tags(span, appsec_data):  # noqa: ARG001
             assert not nested_lookup(
                 self.SECRET_VALUE_WITH_SENSITIVE_KEY, appsec_data, look_in_keys=True
             ), "The security events contain the secret value that should be obfuscated"
@@ -247,7 +247,7 @@ def test_appsec_obfuscator_cookies_with_custom_rules(self):
         # Note that this value must contain an attack pattern in order to be part of the security event data
         # that is expected to be obfuscated.
 
-        def validate_appsec_span_tags(span, appsec_data):  # pylint: disable=unused-argument
+        def validate_appsec_span_tags(span, appsec_data):  # noqa: ARG001
             assert not nested_lookup(
                 self.SECRET_VALUE_WITH_SENSITIVE_KEY_CUSTOM, appsec_data, look_in_keys=True
             ), "Sensitive cookie is not obfuscated"

Diff for: tests/appsec/waf/test_reports.py

@@ -26,7 +26,7 @@ def test_waf_monitoring(self):
 
         # Tags that are expected to be reported at least once at some point
 
-        def validate_waf_monitoring_span_tags(span, appsec_data):
+        def validate_waf_monitoring_span_tags(span, appsec_data):  # noqa: ARG001
             """Validate the mandatory waf monitoring span tags are added to the request span having an attack"""
 
             meta = span["meta"]
@@ -131,7 +131,7 @@ def test_waf_monitoring_optional(self):
         expected_bindings_duration_metric = "_dd.appsec.waf.duration_ext"
         expected_metrics_tags = [expected_waf_duration_metric, expected_bindings_duration_metric]
 
-        def validate_waf_span_tags(span, appsec_data):
+        def validate_waf_span_tags(span, appsec_data):  # noqa: ARG001
             metrics = span["metrics"]
             for m in expected_metrics_tags:
                 if m not in metrics:

Diff for: tests/appsec/waf/test_telemetry.py

@@ -5,31 +5,33 @@
 TELEMETRY_REQUEST_TYPE_DISTRIBUTIONS = "distributions"
 
 
-def _setup(self):
-    """Common setup for all tests in this module. They all depend on the same set
-    of requests, which must be run only once.
-    """
-    # Run only once, even across multiple class instances.
-    if hasattr(Test_TelemetryMetrics, "__common_setup_done"):
-        return
-    weblog.get("/", headers={"x-forwarded-for": "80.80.80.80"})
-    weblog.get("/", headers={"x-forwarded-for": "80.80.80.80", "user-agent": "Arachni/v1"})
-    weblog.get(
-        "/",
-        headers={"x-forwarded-for": "80.80.80.80", "user-agent": "dd-test-scanner-log-block"},
-        # Hack to prevent rid inhibiting the dd-test-scanner-log-block rule
-        rid_in_user_agent=False,
-    )
-    Test_TelemetryMetrics.__common_setup_done = True
-
-
 @rfc("https://docs.google.com/document/d/1qBDsS_ZKeov226CPx2DneolxaARd66hUJJ5Lh9wjhlE")
 @rfc("https://docs.google.com/document/d/1D4hkC0jwwUyeo0hEQgyKP54kM1LZU98GL8MaP60tQrA")
 @scenarios.appsec_waf_telemetry
 @features.waf_telemetry
 class Test_TelemetryMetrics:
     """Test instrumentation telemetry metrics, type of metrics generate-metrics"""
 
+    __common_setup_done = False
+
+    def _setup(self):
+        """Common setup for all tests in this module. They all depend on the same set
+        of requests, which must be run only once.
+        """
+        # Run only once, even across multiple class instances.
+        if Test_TelemetryMetrics.__common_setup_done:
+            return
+
+        weblog.get("/", headers={"x-forwarded-for": "80.80.80.80"})
+        weblog.get("/", headers={"x-forwarded-for": "80.80.80.80", "user-agent": "Arachni/v1"})
+        weblog.get(
+            "/",
+            headers={"x-forwarded-for": "80.80.80.80", "user-agent": "dd-test-scanner-log-block"},
+            # Hack to prevent rid inhibiting the dd-test-scanner-log-block rule
+            rid_in_user_agent=False,
+        )
+        Test_TelemetryMetrics.__common_setup_done = True
+
     setup_headers_are_correct = _setup
 
     @bug(context.library < "[email protected]", reason="APMRP-360")

Diff for: tests/auto_inject/test_auto_inject_chaos.py

@@ -92,6 +92,8 @@ class TestAutoInjectChaos(BaseAutoInjectChaos):
             {"vm_branch": "amazon_linux2", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "centos_7_amd64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "redhat", "vm_cpu": "arm64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
+            {"vm_name": "Ubuntu_24_10_amd64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
+            {"vm_name": "Ubuntu_24_10_arm64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
         ]
     )
     def test_install_after_ld_preload(self, virtual_machine):
@@ -106,6 +108,8 @@ def test_install_after_ld_preload(self, virtual_machine):
             {"vm_branch": "amazon_linux2", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "centos_7_amd64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "redhat", "vm_cpu": "arm64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
+            {"vm_name": "Ubuntu_24_10_amd64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
+            {"vm_name": "Ubuntu_24_10_arm64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
         ]
     )
     def test_remove_ld_preload(self, virtual_machine):

Diff for: tests/auto_inject/test_auto_inject_install.py

@@ -13,6 +13,8 @@ class TestHostAutoInjectInstallScript(base.AutoInjectBaseTest):
             {"vm_branch": "amazon_linux2", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "centos_7_amd64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "redhat", "vm_cpu": "arm64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
+            {"vm_name": "Ubuntu_24_10_amd64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
+            {"vm_name": "Ubuntu_24_10_arm64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
         ]
     )
     def test_install(self, virtual_machine):
@@ -37,6 +39,7 @@ class TestSimpleInstallerAutoInjectManualProfiling(base.AutoInjectBaseTest):
             {"vm_name": "Ubuntu_24_amd64", "weblog-variant": "test-app-nodejs", "reason": "PROF-11264"},
             {"vm_name": "Ubuntu_24_arm64", "weblog-variant": "test-app-nodejs", "reason": "PROF-11264"},
             {"weblog_variant": "test-app-python-alpine", "reason": "PROF-11296"},
+            {"weblog_variant": "test-app-python", "reason": "INPLAT-479"},
         ]
     )
     def test_profiling(self, virtual_machine):
@@ -53,6 +56,8 @@ class TestHostAutoInjectInstallScriptProfiling(base.AutoInjectBaseTest):
             {"vm_cpu": "arm64", "weblog_variant": "test-app-dotnet", "reason": "PROF-10783"},
             {"vm_name": "Ubuntu_24_amd64", "weblog-variant": "test-app-nodejs", "reason": "PROF-11264"},
             {"vm_name": "Ubuntu_24_arm64", "weblog-variant": "test-app-nodejs", "reason": "PROF-11264"},
+            {"vm_name": "Ubuntu_24_10_amd64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
+            {"vm_name": "Ubuntu_24_10_arm64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
         ]
     )
     def test_profiling(self, virtual_machine):
@@ -158,6 +163,8 @@ class TestInstallerAutoInjectManual(base.AutoInjectBaseTest):
             {"vm_branch": "amazon_linux2", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "centos_7_amd64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "redhat", "vm_cpu": "arm64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
+            {"vm_name": "Ubuntu_24_10_amd64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
+            {"vm_name": "Ubuntu_24_10_arm64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
         ]
     )
     def test_install_uninstall(self, virtual_machine):
@@ -178,6 +185,8 @@ class TestSimpleInstallerAutoInjectManual(base.AutoInjectBaseTest):
             {"vm_branch": "amazon_linux2", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "centos_7_amd64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
             {"vm_branch": "redhat", "vm_cpu": "arm64", "weblog_variant": "test-app-ruby", "reason": "INPLAT-103"},
+            {"vm_name": "Ubuntu_24_10_amd64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
+            {"vm_name": "Ubuntu_24_10_arm64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
         ]
     )
     def test_install(self, virtual_machine):

Diff for: tests/auto_inject/test_blocklist_auto_inject.py

@@ -73,6 +73,8 @@ class TestAutoInjectBlockListInstallManualHost(_AutoInjectBlockListBaseTest):
             {"vm_branch": "amazon_linux2", "library": "ruby", "reason": "INPLAT-103"},
             {"vm_branch": "centos_7_amd64", "library": "ruby", "reason": "INPLAT-103"},
             {"vm_branch": "redhat", "vm_cpu": "arm64", "library": "ruby", "reason": "INPLAT-103"},
+            {"vm_name": "Ubuntu_24_10_amd64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
+            {"vm_name": "Ubuntu_24_10_arm64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
         ]
     )
     @irrelevant(
@@ -93,6 +95,8 @@ def test_builtIn_block_commands(self, virtual_machine):
             {"vm_branch": "amazon_linux2", "library": "ruby", "reason": "INPLAT-103"},
             {"vm_branch": "centos_7_amd64", "library": "ruby", "reason": "INPLAT-103"},
             {"vm_branch": "redhat", "vm_cpu": "arm64", "library": "ruby", "reason": "INPLAT-103"},
+            {"vm_name": "Ubuntu_24_10_amd64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
+            {"vm_name": "Ubuntu_24_10_arm64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
         ]
     )
     @irrelevant(
@@ -115,6 +119,8 @@ def test_builtIn_block_args(self, virtual_machine):
             {"vm_branch": "amazon_linux2", "library": "ruby", "reason": "INPLAT-103"},
             {"vm_branch": "centos_7_amd64", "library": "ruby", "reason": "INPLAT-103"},
             {"vm_branch": "redhat", "vm_cpu": "arm64", "library": "ruby", "reason": "INPLAT-103"},
+            {"vm_name": "Ubuntu_24_10_amd64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
+            {"vm_name": "Ubuntu_24_10_arm64", "weblog_variant": "test-app-python", "reason": "INPLAT-478"},
         ]
     )
     @irrelevant(

Diff for: tests/debugger/test_debugger_exception_replay.py

@@ -153,7 +153,7 @@ def skip_runtime(value, skip_condition, del_filename=None):
 
             return __scrub(value)
 
-        def __scrub_dotnet(key, value, parent):
+        def __scrub_dotnet(key, value, parent):  # noqa: ARG001
             if key == "Id":
                 return "<scrubbed>"
             elif key == "StackTrace" and isinstance(value, dict):
@@ -178,7 +178,7 @@ def __scrub_dotnet(key, value, parent):
                 return scrubbed
             return __scrub(value)
 
-        def __scrub_python(key, value, parent):
+        def __scrub_python(key, value, parent):  # noqa: ARG001
             if key == "@exception":
                 value["fields"] = "<scrubbed>"
                 return value
@@ -199,7 +199,7 @@ def __scrub_python(key, value, parent):
                 return scrubbed
             return __scrub(value)
 
-        def __scrub_none(key, value, parent):
+        def __scrub_none(key, value, parent):  # noqa: ARG001
             return __scrub(value)
 
         scrub_language = None