chore(iast): move inner funcions

DataDog · Dec 23, 2024 · 993f723 · 993f723
1 parent 56823cc
commit 993f723
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/ddtrace/appsec/_common_module_patches.py b/ddtrace/appsec/_common_module_patches.py
@@ -16,14 +16,7 @@
 from ddtrace.appsec._constants import WAF_ACTIONS
 from ddtrace.appsec._iast._iast_request_context import is_iast_request_enabled
 from ddtrace.appsec._iast._metrics import _set_metric_iast_instrumented_sink
-from ddtrace.appsec._iast._taint_tracking import OriginType
-from ddtrace.appsec._iast._taint_tracking import Source
-from ddtrace.appsec._iast._taint_tracking._taint_objects import get_tainted_ranges
-from ddtrace.appsec._iast._taint_tracking._taint_objects import taint_pyobject
 from ddtrace.appsec._iast.constants import VULN_PATH_TRAVERSAL
-from ddtrace.appsec._iast.taint_sinks.command_injection import _iast_report_cmdi
-from ddtrace.appsec._iast.taint_sinks.path_traversal import check_and_report_path_traversal
-from ddtrace.appsec._iast.taint_sinks.ssrf import _iast_report_ssrf
 from ddtrace.internal import core
 from ddtrace.internal._exceptions import BlockingException
 from ddtrace.internal._unpatched import _gc as gc
@@ -70,6 +63,11 @@ def wrapped_read_F3E51D71B4EC16EF(original_read_callable, instance, args, kwargs
     """
     result = original_read_callable(*args, **kwargs)
     if asm_config._iast_enabled and is_iast_request_enabled():
+        from ddtrace.appsec._iast._taint_tracking import OriginType
+        from ddtrace.appsec._iast._taint_tracking import Source
+        from ddtrace.appsec._iast._taint_tracking._taint_objects import get_tainted_ranges
+        from ddtrace.appsec._iast._taint_tracking._taint_objects import taint_pyobject
+
         ranges = get_tainted_ranges(instance)
         if len(ranges) > 0:
             source = ranges[0].source if ranges[0].source else Source(name="_io", value=result, origin=OriginType.EMPTY)
@@ -92,6 +90,8 @@ def wrapped_open_CFDDB7ABBA9081B6(original_open_callable, instance, args, kwargs
     """
     if asm_config._iast_enabled and is_iast_request_enabled():
         try:
+            from ddtrace.appsec._iast.taint_sinks.path_traversal import check_and_report_path_traversal
+
             check_and_report_path_traversal(*args, **kwargs)
         except ImportError:
             # open is used during module initialization
@@ -178,6 +178,8 @@ def wrapped_request_D8CB81E472AF98A2(original_request_callable, instance, args,
     https://requests.readthedocs.io
     """
     if asm_config._iast_enabled and is_iast_request_enabled():
+        from ddtrace.appsec._iast.taint_sinks.ssrf import _iast_report_ssrf
+
         _iast_report_ssrf(original_request_callable, *args, **kwargs)
 
     if (
@@ -216,6 +218,8 @@ def wrapped_system_5542593D237084A7(original_command_callable, instance, args, k
     command = args[0] if args else kwargs.get("command", None)
     if command is not None:
         if asm_config._iast_enabled and is_iast_request_enabled():
+            from ddtrace.appsec._iast.taint_sinks.command_injection import _iast_report_cmdi
+
             _iast_report_cmdi(command)
 
         if (