chore(tracer): adding additional validation for jsonpath syntax for aws payload tagging

ddtrace/_trace/utils_botocore/aws_payload_tagging.py

@@ -121,6 +121,9 @@ def _validate_json_paths(self, paths: Optional[str]) -> bool:
         # otherwise validate that we have valid JSONPaths
         for path in paths.split(","):
             if path:
+                # Require JSONPath to start with "$"
+                if not path.startswith("$"):
+                    return False
                 try:
                     parse(path)
                 except Exception:

tests/contrib/botocore/test.py

@@ -3931,6 +3931,38 @@ def test_aws_payload_tagging_sqs(self):
             trace_in_message = "MessageAttributes" in response["Messages"][0]
             assert trace_in_message is False
 
+    @pytest.mark.snapshot(ignores=snapshot_ignores)
+    @mock_sqs
+    def test_aws_payload_tagging_sqs_invalid_config(self):
+        with self.override_config(
+            "botocore",
+            dict(payload_tagging_request="non_json_path", payload_tagging_response="$..Attr ibutes.PlatformCredential"),
+        ):
+            pin = Pin(service=self.TEST_SERVICE)
+            pin._tracer = self.tracer
+            pin.onto(self.sqs_client)
+            message_attributes = {
+                "one": {"DataType": "String", "StringValue": "one"},
+                "two": {"DataType": "String", "StringValue": "two"},
+                "three": {"DataType": "String", "StringValue": "three"},
+                "four": {"DataType": "String", "StringValue": "four"},
+                "five": {"DataType": "String", "StringValue": "five"},
+                "six": {"DataType": "String", "StringValue": "six"},
+                "seven": {"DataType": "String", "StringValue": "seven"},
+                "eight": {"DataType": "String", "StringValue": "eight"},
+                "nine": {"DataType": "String", "StringValue": "nine"},
+                "ten": {"DataType": "String", "StringValue": "ten"},
+            }
+            self.sqs_client.send_message(
+                QueueUrl=self.sqs_test_queue["QueueUrl"], MessageBody="world", MessageAttributes=message_attributes
+            )
+
+            self.sqs_client.receive_message(
+                QueueUrl=self.sqs_test_queue["QueueUrl"],
+                MessageAttributeNames=["_datadog"],
+                WaitTimeSeconds=2,
+            )
+
     @pytest.mark.snapshot(ignores=snapshot_ignores)
     @mock_sns
     @mock_sqs

tests/snapshots/tests.contrib.botocore.test.BotocoreTest.test_aws_payload_tagging_sqs_invalid_config.json

@@ -0,0 +1,156 @@
+[[
+  {
+    "name": "sqs.command",
+    "service": "aws.sqs",
+    "resource": "sqs.listqueues",
+    "trace_id": 0,
+    "span_id": 1,
+    "parent_id": 0,
+    "type": "http",
+    "error": 0,
+    "meta": {
+      "_dd.base_service": "tests.contrib.botocore",
+      "_dd.p.dm": "-0",
+      "_dd.p.tid": "686be1a100000000",
+      "aws.agent": "botocore",
+      "aws.operation": "ListQueues",
+      "aws.region": "us-east-1",
+      "aws.requestid": "0VVK8P7HYGMWNR72ZOMDKVN5YWBEMTQB06KZ8UIJFXZCTWB8EOE7",
+      "aws_service": "sqs",
+      "component": "botocore",
+      "http.status_code": "200",
+      "language": "python",
+      "region": "us-east-1",
+      "runtime-id": "7455813a717c4f2db67e4941325daca2",
+      "span.kind": "client"
+    },
+    "metrics": {
+      "_dd.measured": 1,
+      "_dd.top_level": 1,
+      "_dd.tracer_kr": 1.0,
+      "_sampling_priority_v1": 1,
+      "process_id": 46598,
+      "retry_attempts": 0
+    },
+    "duration": 13548000,
+    "start": 1751900577380009000
+  }],
+[
+  {
+    "name": "sqs.command",
+    "service": "aws.sqs",
+    "resource": "sqs.createqueue",
+    "trace_id": 1,
+    "span_id": 1,
+    "parent_id": 0,
+    "type": "http",
+    "error": 0,
+    "meta": {
+      "_dd.base_service": "tests.contrib.botocore",
+      "_dd.p.dm": "-0",
+      "_dd.p.tid": "686be1a100000000",
+      "aws.agent": "botocore",
+      "aws.operation": "CreateQueue",
+      "aws.region": "us-east-1",
+      "aws.requestid": "K4YVEQB22VBV7J7O70UXR6OJ2UJIOHP75492EF9JZ2TWGB8B7YRX",
+      "aws.sqs.queue_name": "Test",
+      "aws_service": "sqs",
+      "component": "botocore",
+      "http.status_code": "200",
+      "language": "python",
+      "queuename": "Test",
+      "region": "us-east-1",
+      "runtime-id": "7455813a717c4f2db67e4941325daca2",
+      "span.kind": "client"
+    },
+    "metrics": {
+      "_dd.measured": 1,
+      "_dd.top_level": 1,
+      "_dd.tracer_kr": 1.0,
+      "_sampling_priority_v1": 1,
+      "process_id": 46598,
+      "retry_attempts": 0
+    },
+    "duration": 5525000,
+    "start": 1751900577393879000
+  }],
+[
+  {
+    "name": "sqs.command",
+    "service": "test-botocore-tracing.sqs",
+    "resource": "sqs.sendmessage",
+    "trace_id": 2,
+    "span_id": 1,
+    "parent_id": 0,
+    "type": "http",
+    "error": 0,
+    "meta": {
+      "_dd.base_service": "tests.contrib.botocore",
+      "_dd.p.dm": "-0",
+      "_dd.p.tid": "686be1a100000000",
+      "aws.agent": "botocore",
+      "aws.operation": "SendMessage",
+      "aws.region": "us-east-1",
+      "aws.requestid": "IJFLTU6W4ECLHWB7LW92UT17VYSEKQ08GBSJD7N5U6TQ1AD9Q22Y",
+      "aws.sqs.queue_name": "Test",
+      "aws_account": "000000000000",
+      "aws_service": "sqs",
+      "component": "botocore",
+      "http.status_code": "200",
+      "language": "python",
+      "queuename": "Test",
+      "region": "us-east-1",
+      "runtime-id": "7455813a717c4f2db67e4941325daca2",
+      "span.kind": "client"
+    },
+    "metrics": {
+      "_dd.measured": 1,
+      "_dd.top_level": 1,
+      "_dd.tracer_kr": 1.0,
+      "_sampling_priority_v1": 1,
+      "process_id": 46598,
+      "retry_attempts": 0
+    },
+    "duration": 15291000,
+    "start": 1751900577404725000
+  }],
+[
+  {
+    "name": "sqs.command",
+    "service": "test-botocore-tracing.sqs",
+    "resource": "sqs.receivemessage",
+    "trace_id": 3,
+    "span_id": 1,
+    "parent_id": 0,
+    "type": "http",
+    "error": 0,
+    "meta": {
+      "_dd.base_service": "tests.contrib.botocore",
+      "_dd.p.dm": "-0",
+      "_dd.p.tid": "686be1a100000000",
+      "aws.agent": "botocore",
+      "aws.operation": "ReceiveMessage",
+      "aws.region": "us-east-1",
+      "aws.requestid": "KU9VQAAZ4ZJP5SEV02OTOAUX89HMHSP63ND7QTFBG7EMDCA28W0D",
+      "aws.sqs.queue_name": "Test",
+      "aws_account": "000000000000",
+      "aws_service": "sqs",
+      "component": "botocore",
+      "http.status_code": "200",
+      "language": "python",
+      "queuename": "Test",
+      "region": "us-east-1",
+      "runtime-id": "7455813a717c4f2db67e4941325daca2",
+      "span.kind": "client"
+    },
+    "metrics": {
+      "_dd.measured": 1,
+      "_dd.top_level": 1,
+      "_dd.tracer_kr": 1.0,
+      "_sampling_priority_v1": 1,
+      "process_id": 46598,
+      "retry_attempts": 0
+    },
+    "duration": 103000,
+    "start": 1751900577427944000
+  }]]