Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(iast): xss vulnerability for django applications #12116

Open
wants to merge 23 commits into
base: 3.x-staging
Choose a base branch
from
Open

feat(iast): xss vulnerability for django applications #12116

wants to merge 23 commits into from

Conversation

avara1986
Copy link
Member

@avara1986 avara1986 commented Jan 28, 2025
edited by gnufede
Loading

XSS vulnerability detection.

System tests (merge after this PR): DataDog/system-tests#3923

Checklist

  • PR author has checked that all the criteria below are met
  • The PR description includes an overview of the change
  • The PR description articulates the motivation for the change
  • The change includes tests OR the PR description describes a testing strategy
  • The PR description notes risks associated with the change, if any
  • Newly-added code is easy to change
  • The change follows the library release note guidelines
  • The change includes or references documentation updates if necessary
  • Backport labels are set (if applicable)

Reviewer Checklist

  • Reviewer has checked that all the criteria below are met
  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Newly-added code is easy to change
  • Release note makes sense to a user of the library
  • If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

@avara1986 avara1986 added the ASM Application Security Monitoring label Jan 28, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 28, 2025
edited
Loading

CODEOWNERS have been resolved as:

ddtrace/appsec/_iast/taint_sinks/xss.py                                 @DataDog/asm-python
releasenotes/notes/iast-feat-xss-django-6781a8b9a4092832.yaml           @DataDog/apm-python
tests/appsec/iast/taint_sinks/test_xss_redacted.py                      @DataDog/asm-python
tests/appsec/integrations/django_tests/django_app/templates/index.html  @DataDog/asm-python
tests/appsec/integrations/django_tests/django_app/templates/index_autoescape.html  @DataDog/asm-python
tests/appsec/integrations/django_tests/django_app/templates/index_safe.html  @DataDog/asm-python
ddtrace/appsec/_iast/_evidence_redaction/_sensitive_handler.py          @DataDog/asm-python
ddtrace/appsec/_iast/_patch_modules.py                                  @DataDog/asm-python
ddtrace/appsec/_iast/constants.py                                       @DataDog/asm-python
docker-compose.yml                                                      @DataDog/apm-core-python
tests/appsec/iast/taint_sinks/_taint_sinks_utils.py                     @DataDog/asm-python
tests/appsec/integrations/django_tests/conftest.py                      @DataDog/asm-python
tests/appsec/integrations/django_tests/django_app/settings.py           @DataDog/asm-python
tests/appsec/integrations/django_tests/django_app/urls.py               @DataDog/asm-python
tests/appsec/integrations/django_tests/django_app/views.py              @DataDog/asm-python
tests/appsec/integrations/django_tests/test_django_appsec_iast.py       @DataDog/asm-python
tests/appsec/integrations/pygoat_tests/test_pygoat.py                   @DataDog/asm-python

@pr-commenter
Copy link

pr-commenter bot commented Jan 28, 2025
edited
Loading

Benchmarks

Benchmark execution time: 2025-02-03 17:33:07

Comparing candidate commit d2596a7 in PR branch avara1986/APPSEC-10657-xss_django with baseline commit ea2a9a5 in branch 3.x-staging.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 394 metrics, 2 unstable metrics.

@avara1986 avara1986 changed the title feat(iast): XSS vulnerability for django applications feat(iast): xss vulnerability for django applications Jan 28, 2025
@datadog-dd-trace-py-rkomorn
Copy link

datadog-dd-trace-py-rkomorn bot commented Jan 29, 2025
edited
Loading

Datadog Report

Branch report: avara1986/APPSEC-10657-xss_django
Commit report: d2596a7
Test service: dd-trace-py

✅ 0 Failed, 130 Passed, 1468 Skipped, 4m 56.07s Total duration (35m 46.06s time saved)

@avara1986 avara1986 changed the base branch from main to 3.x-staging February 3, 2025 08:09
@avara1986 avara1986 force-pushed the avara1986/APPSEC-10657-xss_django branch from 0658301 to f942f32 Compare February 3, 2025 08:09
@avara1986 @gnufede
Update ddtrace/appsec/_iast/taint_sinks/xss.py
b7789e5 
Co-authored-by: Federico Mon <federico.mon@datadoghq.com>
@avara1986 avara1986 marked this pull request as ready for review February 3, 2025 09:23
@avara1986 avara1986 requested review from a team as code owners February 3, 2025 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emmettbutler emmettbutler emmettbutler approved these changes

@gnufede gnufede gnufede approved these changes

@tabgok tabgok Awaiting requested review from tabgok tabgok is a code owner automatically assigned from DataDog/apm-python

@mabdinur mabdinur Awaiting requested review from mabdinur mabdinur is a code owner automatically assigned from DataDog/apm-python

@erikayasuda erikayasuda Awaiting requested review from erikayasuda erikayasuda is a code owner automatically assigned from DataDog/apm-core-python

Assignees
No one assigned
Labels
ASM Application Security Monitoring
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@avara1986 @gnufede @emmettbutler