Merge remote-tracking branch 'origin/eric.navarro/update-contributing-docs' into eric.navarro/update-contributing-docs

Author: ericlaz

.riot/requirements/1854ba5.txt

@@ -2,20 +2,20 @@
 # This file is autogenerated by pip-compile with Python 3.11
 # by the following command:
 #
-#    pip-compile --no-annotate --resolver=backtracking .riot/requirements/1854ba5.in
+#    pip-compile --no-annotate .riot/requirements/1854ba5.in
 #
-attrs==22.2.0
-coverage[toml]==7.2.2
-dnspython==2.3.0
+attrs==23.1.0
+coverage[toml]==7.3.0
+dnspython==2.4.2
 hypothesis==6.45.0
 iniconfig==2.0.0
-mock==5.0.1
+mock==5.1.0
 mongoengine==0.27.0
 opentracing==2.4.0
-packaging==23.0
-pluggy==1.0.0
-pymongo==4.3.3
-pytest==7.2.2
-pytest-cov==4.0.0
-pytest-mock==3.10.0
+packaging==23.1
+pluggy==1.2.0
+pymongo==4.5.0
+pytest==7.4.0
+pytest-cov==4.1.0
+pytest-mock==3.11.1
 sortedcontainers==2.4.0

.riot/requirements/1922cee.txt

@@ -2,22 +2,22 @@
 # This file is autogenerated by pip-compile with Python 3.10
 # by the following command:
 #
-#    pip-compile --no-annotate --resolver=backtracking .riot/requirements/1fd1158.in
+#    pip-compile --no-annotate .riot/requirements/1fd1158.in
 #
-attrs==22.2.0
-coverage[toml]==7.2.2
-dnspython==2.3.0
-exceptiongroup==1.1.1
+attrs==23.1.0
+coverage[toml]==7.3.0
+dnspython==2.4.2
+exceptiongroup==1.1.3
 hypothesis==6.45.0
 iniconfig==2.0.0
-mock==5.0.1
+mock==5.1.0
 mongoengine==0.27.0
 opentracing==2.4.0
-packaging==23.0
-pluggy==1.0.0
-pymongo==4.3.3
-pytest==7.2.2
-pytest-cov==4.0.0
-pytest-mock==3.10.0
+packaging==23.1
+pluggy==1.2.0
+pymongo==4.5.0
+pytest==7.4.0
+pytest-cov==4.1.0
+pytest-mock==3.11.1
 sortedcontainers==2.4.0
 tomli==2.0.1

.riot/requirements/1b81325.txt

@@ -0,0 +1,23 @@
+#
+# This file is autogenerated by pip-compile with Python 3.9
+# by the following command:
+#
+#    pip-compile --no-annotate .riot/requirements/41bf6ef.in
+#
+attrs==23.1.0
+coverage[toml]==7.3.0
+dnspython==2.4.2
+exceptiongroup==1.1.3
+hypothesis==6.45.0
+iniconfig==2.0.0
+mock==5.1.0
+mongoengine==0.27.0
+opentracing==2.4.0
+packaging==23.1
+pluggy==1.2.0
+pymongo==4.5.0
+pytest==7.4.0
+pytest-cov==4.1.0
+pytest-mock==3.11.1
+sortedcontainers==2.4.0
+tomli==2.0.1

.riot/requirements/1fd1158.txt

@@ -0,0 +1,26 @@
+#
+# This file is autogenerated by pip-compile with Python 3.7
+# by the following command:
+#
+#    pip-compile --config=pyproject.toml --no-annotate --resolver=backtracking .riot/requirements/4bf8418.in
+#
+attrs==23.1.0
+coverage[toml]==7.2.7
+dnspython==2.3.0
+exceptiongroup==1.1.3
+hypothesis==6.45.0
+importlib-metadata==6.7.0
+iniconfig==2.0.0
+mock==5.1.0
+mongoengine==0.27.0
+opentracing==2.4.0
+packaging==23.1
+pluggy==1.2.0
+pymongo==4.5.0
+pytest==7.4.0
+pytest-cov==4.1.0
+pytest-mock==3.11.1
+sortedcontainers==2.4.0
+tomli==2.0.1
+typing-extensions==4.7.1
+zipp==3.15.0

.riot/requirements/41bf6ef.txt

@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with Python 3.10
 # by the following command:
 #
-#    pip-compile --no-annotate --resolver=backtracking .riot/requirements/c01e3b4.in
+#    pip-compile --no-annotate .riot/requirements/c01e3b4.in
 #
 attrs==22.2.0
 coverage[toml]==7.2.2

.riot/requirements/4bf8418.txt

@@ -0,0 +1,23 @@
+#
+# This file is autogenerated by pip-compile with Python 3.8
+# by the following command:
+#
+#    pip-compile --no-annotate .riot/requirements/f92d9dc.in
+#
+attrs==23.1.0
+coverage[toml]==7.3.0
+dnspython==2.4.2
+exceptiongroup==1.1.3
+hypothesis==6.45.0
+iniconfig==2.0.0
+mock==5.1.0
+mongoengine==0.27.0
+opentracing==2.4.0
+packaging==23.1
+pluggy==1.2.0
+pymongo==4.5.0
+pytest==7.4.0
+pytest-cov==4.1.0
+pytest-mock==3.11.1
+sortedcontainers==2.4.0
+tomli==2.0.1

.riot/requirements/a1e6119.txt

@@ -1,3 +1,6 @@
+from typing import List
+from typing import Union
+
 from ddtrace.appsec.iast import oce
 from ddtrace.appsec.iast.constants import EVIDENCE_CMDI
 from ddtrace.appsec.iast.constants import VULN_CMDI
@@ -16,3 +19,21 @@ def report(cls, evidence_value=None, sources=None):
 
             evidence_value, sources = taint_ranges_as_evidence_info(evidence_value)
         super(CommandInjection, cls).report(evidence_value=evidence_value, sources=sources)
+
+
+def _iast_report_cmdi(shell_args):
+    # type: (Union[str, List[str]]) -> None
+    report_cmdi = ""
+    from ddtrace.appsec.iast._taint_tracking import get_tainted_ranges
+    from ddtrace.appsec.iast._taint_tracking.aspects import join_aspect
+
+    if isinstance(shell_args, (list, tuple)):
+        for arg in shell_args:
+            if get_tainted_ranges(arg):
+                report_cmdi = join_aspect(" ", shell_args)
+                break
+    elif get_tainted_ranges(shell_args):
+        report_cmdi = shell_args
+
+    if report_cmdi:
+        CommandInjection.report(evidence_value=report_cmdi)

.riot/requirements/bddee76.txt

@@ -143,7 +143,26 @@ def _datadog_trace_operation(self, operation):
             span.set_tag(ANALYTICS_SAMPLE_RATE_KEY, sample_rate)
         return span
 
-    # Pymongo >= 3.12
+    if VERSION >= (4, 5, 0):
+
+        @contextlib.contextmanager
+        def checkout(self, *args, **kwargs):
+            with self.__wrapped__.checkout(*args, **kwargs) as s:
+                if not isinstance(s, TracedSocket):
+                    s = TracedSocket(s)
+                ddtrace.Pin.get_from(self).onto(s)
+                yield s
+
+    else:
+
+        @contextlib.contextmanager
+        def get_socket(self, *args, **kwargs):
+            with self.__wrapped__.get_socket(*args, **kwargs) as s:
+                if not isinstance(s, TracedSocket):
+                    s = TracedSocket(s)
+                ddtrace.Pin.get_from(self).onto(s)
+                yield s
+
     if VERSION >= (3, 12, 0):
 
         def run_operation(self, sock_info, operation, *args, **kwargs):
@@ -159,7 +178,6 @@ def run_operation(self, sock_info, operation, *args, **kwargs):
                         set_query_rowcount(docs=result.docs, span=span)
                 return result
 
-    # Pymongo >= 3.9, <3.12
     elif (3, 9, 0) <= VERSION < (3, 12, 0):
 
         def run_operation_with_response(self, sock_info, operation, *args, **kwargs):
@@ -175,7 +193,6 @@ def run_operation_with_response(self, sock_info, operation, *args, **kwargs):
                         set_query_rowcount(docs=result.docs, span=span)
                 return result
 
-    # Pymongo < 3.9
     else:
 
         def send_message_with_response(self, operation, *args, **kwargs):
@@ -200,14 +217,6 @@ def send_message_with_response(self, operation, *args, **kwargs):
                                     set_query_rowcount(docs=docs, span=span)
                 return result
 
-    @contextlib.contextmanager
-    def get_socket(self, *args, **kwargs):
-        with self.__wrapped__.get_socket(*args, **kwargs) as s:
-            if not isinstance(s, TracedSocket):
-                s = TracedSocket(s)
-            ddtrace.Pin.get_from(self).onto(s)
-            yield s
-
     @staticmethod
     def _is_query(op):
         # NOTE: _Query should always have a spec field

.riot/requirements/c01e3b4.txt

@@ -28,6 +28,9 @@
 # Original Client class
 _MongoClient = pymongo.MongoClient
 
+_VERSION = pymongo.version_tuple
+_CHECKOUT_FN_NAME = "get_socket" if _VERSION < (4, 5) else "checkout"
+
 
 def patch():
     patch_pymongo_module()
@@ -50,15 +53,15 @@ def patch_pymongo_module():
     # Whenever a pymongo command is invoked, the lib either:
     # - Creates a new socket & performs a TCP handshake
     # - Grabs a socket already initialized before
-    _w("pymongo.server", "Server.get_socket", traced_get_socket)
+    _w("pymongo.server", "Server.%s" % _CHECKOUT_FN_NAME, traced_get_socket)
 
 
 def unpatch_pymongo_module():
     if not getattr(pymongo, "_datadog_patch", False):
         return
     pymongo._datadog_patch = False
 
-    _u(pymongo.server.Server, "get_socket")
+    _u(pymongo.server.Server, _CHECKOUT_FN_NAME)
 
 
 @contextlib.contextmanager
@@ -70,7 +73,9 @@ def traced_get_socket(wrapped, instance, args, kwargs):
             return
 
     with pin.tracer.trace(
-        "pymongo.get_socket", service=trace_utils.int_service(pin, config.pymongo), span_type=SpanTypes.MONGODB
+        "pymongo.%s" % _CHECKOUT_FN_NAME,
+        service=trace_utils.int_service(pin, config.pymongo),
+        span_type=SpanTypes.MONGODB,
     ) as span:
         span.set_tag_str(COMPONENT, config.pymongo.integration_name)
         span.set_tag_str(db.SYSTEM, mongo.SERVICE)