Merge branch 'main' into avara1986/APPSEC-56447-taint-fastapi-http-request-parameter-name

avara1986 · web-flow · commit 3f4261efb829 · 2025-01-22T09:14:42.000+01:00
diff --git a/hatch.toml b/hatch.toml
@@ -342,7 +342,7 @@ dependencies = [
 test = [
     "uname -a",
     "pip freeze",
-    "DD_CIVISIBILITY_ITR_ENABLED=0 DD_IAST_REQUEST_SAMPLING=100 _DD_APPSEC_DEDUPLICATION_ENABLED=false python -m pytest -vvv {args:tests/appsec/integrations/django_tests/}",
+    "DD_TRACE_AGENT_URL=\"http://testagent:9126\" DD_CIVISIBILITY_ITR_ENABLED=0 DD_IAST_REQUEST_SAMPLING=100 _DD_APPSEC_DEDUPLICATION_ENABLED=false python -m pytest -vvv {args:tests/appsec/integrations/django_tests/}",
 ]
 
 [[envs.appsec_integrations_django.matrix]]
@@ -374,7 +374,7 @@ dependencies = [
 test = [
     "uname -a",
     "pip freeze",
-    "DD_TRACE_AGENT_URL=http://localhost:9126 DD_CIVISIBILITY_ITR_ENABLED=0 DD_IAST_REQUEST_SAMPLING=100 _DD_APPSEC_DEDUPLICATION_ENABLED=false python -m pytest -vvv {args:tests/appsec/integrations/flask_tests/}",
+    "DD_TRACE_AGENT_URL=\"http://testagent:9126\" DD_CIVISIBILITY_ITR_ENABLED=0 DD_IAST_REQUEST_SAMPLING=100 _DD_APPSEC_DEDUPLICATION_ENABLED=false python -m pytest -vvv {args:tests/appsec/integrations/flask_tests/}",
 ]
 
 [[envs.appsec_integrations_flask.matrix]]
@@ -444,8 +444,8 @@ fastapi = ["~=0.114.2"]
 
 ## ASM Appsec Aggregated Leak Testing
 
-[envs.appsec_aggregated_leak_testing]
-template = "appsec_aggregated_leak_testing"
+[envs.iast_aggregated_leak_testing]
+template = "iast_aggregated_leak_testing"
 dependencies = [
     "pytest",
     "pytest-cov",
@@ -457,19 +457,20 @@ dependencies = [
     "pydantic-settings",
 ]
 
-[envs.appsec_aggregated_leak_testing.env-vars]
+[envs.iast_aggregated_leak_testing.env-vars]
 CMAKE_BUILD_PARALLEL_LEVEL = "12"
 DD_IAST_ENABLED = "true"
+_DD_IAST_PATCH_MODULES = "scripts.iast"
 
-[envs.appsec_aggregated_leak_testing.scripts]
+[envs.iast_aggregated_leak_testing.scripts]
 test = [
     "uname -a",
     "pip freeze",
     "python -m pytest tests/appsec/iast_aggregated_memcheck/test_aggregated_memleaks.py",
 ]
 
-[[envs.appsec_aggregated_leak_testing.matrix]]
-python = ["3.10", "3.11", "3.12", "3.13"]
+[[envs.iast_aggregated_leak_testing.matrix]]
+python = ["3.10", "3.11", "3.12"]
 
 
 
diff --git a/scripts/gen_gitlab_config.py b/scripts/gen_gitlab_config.py
@@ -50,7 +50,8 @@ def __str__(self) -> str:
         if wait_for:
             lines.append("  before_script:")
             lines.append(f"    - !reference [{base}, before_script]")
-            lines.append(f"    - riot -v run -s --pass-env wait -- {' '.join(wait_for)}")
+            if self.runner == "riot":
+                lines.append(f"    - riot -v run -s --pass-env wait -- {' '.join(wait_for)}")
 
         env = self.env
         if not env or "SUITE_NAME" not in env:
diff --git a/tests/appsec/integrations/flask_tests/test_flask_remoteconfig.py b/tests/appsec/integrations/flask_tests/test_flask_remoteconfig.py
@@ -187,7 +187,6 @@ def _request_403(client, debug_mode=False, max_retries=40, sleep_time=1):
     raise AssertionError("request_403 failed, max_retries=%d, sleep_time=%f" % (max_retries, sleep_time))
 
 
-@flaky(until=1706677200, reason="TODO(avara1986): We need to migrate testagent to gitlab")
 @pytest.mark.skipif(sys.version_info >= (3, 11), reason="Gunicorn is only supported up to 3.10")
 def test_load_testing_appsec_ip_blocking_gunicorn_rc_disabled():
     token = "test_load_testing_appsec_ip_blocking_gunicorn_rc_disabled_{}".format(str(uuid.uuid4()))
@@ -203,7 +202,6 @@ def test_load_testing_appsec_ip_blocking_gunicorn_rc_disabled():
         _unblock_ip(token)
 
 
-@flaky(until=1706677200, reason="TODO(avara1986): We need to migrate testagent to gitlab")
 @pytest.mark.skipif(sys.version_info >= (3, 11), reason="Gunicorn is only supported up to 3.10")
 def test_load_testing_appsec_ip_blocking_gunicorn_block():
     token = "test_load_testing_appsec_ip_blocking_gunicorn_block_{}".format(str(uuid.uuid4()))
@@ -221,7 +219,6 @@ def test_load_testing_appsec_ip_blocking_gunicorn_block():
         _request_200(gunicorn_client)
 
 
-@flaky(until=1706677200, reason="TODO(avara1986): We need to migrate testagent to gitlab")
 @pytest.mark.skipif(list(sys.version_info[:2]) != [3, 10], reason="Run this tests in python 3.10")
 def test_load_testing_appsec_ip_blocking_gunicorn_block_and_kill_child_worker():
     token = "test_load_testing_appsec_ip_blocking_gunicorn_block_and_kill_child_worker_{}".format(str(uuid.uuid4()))
diff --git a/tests/appsec/suitespec.yml b/tests/appsec/suitespec.yml
@@ -73,12 +73,18 @@ suites:
       - '@remoteconfig'
     retry: 2
     runner: hatch
+  iast_aggregated_leak_testing:
+    parallelism: 3
+    paths:
+      - '@appsec_iast'
+      - tests/appsec/iast_aggregated_memcheck/*
+    runner: hatch
+    timeout: 50m
   appsec_iast_packages:
     parallelism: 4
     paths:
       - '@appsec_iast'
       - tests/appsec/iast_packages/*
-    retry: 2
     runner: hatch
     timeout: 50m
   appsec_integrations_pygoat:
@@ -107,7 +113,9 @@ suites:
       - tests/appsec/integrations/flask_tests/*
     retry: 2
     runner: hatch
-    timeout: 30m
+    services:
+      - testagent
+    timeout: 40m
   appsec_integrations_django:
     parallelism: 6
     paths:
@@ -120,6 +128,8 @@ suites:
       - tests/appsec/integrations/django_tests/*
     retry: 2
     runner: hatch
+    services:
+      - testagent
     timeout: 30m
   appsec_threats_django:
     parallelism: 12
