Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(iast): fix leak on slice aspect. Add cleanup code to the trycatch macro #10457

Merged
merged 5 commits into from
Aug 30, 2024
Merged

fix(iast): fix leak on slice aspect. Add cleanup code to the trycatch macro #10457

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
dd0cf95
Fix leak on slice aspect. Add cleanup code to the trycatch macro.
juanjux Aug 30, 2024
e8f4ce9
changelog
juanjux Aug 30, 2024
1631858
Merge branch 'main' into juanjux/august-leak-hunt
juanjux Aug 30, 2024
ca8bea7
Update slice-aspect-leak-95e264c4f1aa851c.yaml
juanjux Aug 30, 2024
8d548d9
Merge branch 'main' into juanjux/august-leak-hunt
juanjux Aug 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ddtrace/appsec/_iast/_taint_tracking/Aspects/AspectIndex.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ api_index_aspect(PyObject* self, PyObject* const* args, const Py_ssize_t nargs)
if (!is_text(candidate_text) or !is_some_number(idx)) {
return result_o;
}
TRY_CATCH_ASPECT("index_aspect", {
TRY_CATCH_ASPECT("index_aspect", , {
const auto ctx_map = Initializer::get_tainting_map();
if (not ctx_map or ctx_map->empty()) {
return result_o;
Expand Down
2 changes: 1 addition & 1 deletion ddtrace/appsec/_iast/_taint_tracking/Aspects/AspectModulo.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ api_modulo_aspect(StrType candidate_text, py::object candidate_tuple)
py::tuple parameters =
py::isinstance<py::tuple>(candidate_tuple) ? candidate_tuple : py::make_tuple(candidate_tuple);

TRY_CATCH_ASPECT("modulo_aspect", {
TRY_CATCH_ASPECT("modulo_aspect", , {
auto [ranges_orig, candidate_text_ranges] = are_all_text_all_ranges(candidate_text.ptr(), parameters);

if (ranges_orig.empty()) {
Expand Down
4 changes: 2 additions & 2 deletions ddtrace/appsec/_iast/_taint_tracking/Aspects/AspectOperatorAdd.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ api_add_aspect(PyObject* self, PyObject* const* args, Py_ssize_t nargs)
// PyNumber_Add actually works for any type!
result_o = PyNumber_Add(candidate_text, text_to_add);

TRY_CATCH_ASPECT("add_aspect", {
TRY_CATCH_ASPECT("add_aspect", , {
const auto tx_map = Initializer::get_tainting_map();
if (not tx_map or tx_map->empty()) {
return result_o;
Expand Down Expand Up @@ -119,7 +119,7 @@ api_add_inplace_aspect(PyObject* self, PyObject* const* args, Py_ssize_t nargs)

result_o = PyNumber_InPlaceAdd(candidate_text, text_to_add);

TRY_CATCH_ASPECT("add_inplace_aspect", {
TRY_CATCH_ASPECT("add_inplace_aspect", , {
const auto tx_map = Initializer::get_tainting_map();
if (not tx_map or tx_map->empty()) {
return result_o;
Expand Down
3 changes: 2 additions & 1 deletion ddtrace/appsec/_iast/_taint_tracking/Aspects/AspectSlice.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,12 +145,13 @@ api_slice_aspect(PyObject* self, PyObject* const* args, Py_ssize_t nargs)

PyObject* result_o = PyObject_GetItem(candidate_text, slice);

TRY_CATCH_ASPECT("slice_aspect", {
TRY_CATCH_ASPECT("slice_aspect", Py_XDECREF(slice), {
// If no result or the params are not None|Number or the result is the same as the candidate text, nothing
// to taint
if (result_o == nullptr or (!is_text(candidate_text)) or (start != Py_None and !PyLong_Check(start)) or
(stop != Py_None and !PyLong_Check(stop)) or (step != Py_None and !PyLong_Check(step)) or
(get_unique_id(result_o) == get_unique_id(candidate_text))) {
Py_XDECREF(slice);
return result_o;
}

Expand Down
10 changes: 5 additions & 5 deletions ddtrace/appsec/_iast/_taint_tracking/Aspects/AspectsOsPath.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ api_ospathjoin_aspect(StrType& first_part, const py::args& args)
return result_o;
}

TRY_CATCH_ASPECT("ospathjoin_aspect", {
TRY_CATCH_ASPECT("ospathjoin_aspect", , {
const auto separator = ospath.attr("sep").cast<std::string>();
const auto sepsize = separator.size();

Expand Down Expand Up @@ -105,7 +105,7 @@ api_ospathbasename_aspect(const StrType& path)
auto basename = ospath.attr("basename");
auto result_o = basename(path);

TRY_CATCH_ASPECT("ospathbasename_aspect", {
TRY_CATCH_ASPECT("ospathbasename_aspect", , {
const auto tx_map = Initializer::get_tainting_map();
if (not tx_map or tx_map->empty() or py::len(result_o) == 0) {
return result_o;
Expand Down Expand Up @@ -138,7 +138,7 @@ api_ospathdirname_aspect(const StrType& path)
auto dirname = ospath.attr("dirname");
auto result_o = dirname(path);

TRY_CATCH_ASPECT("ospathdirname_aspect", {
TRY_CATCH_ASPECT("ospathdirname_aspect", , {
const auto tx_map = Initializer::get_tainting_map();
if (not tx_map or tx_map->empty() or py::len(result_o) == 0) {
return result_o;
Expand Down Expand Up @@ -171,7 +171,7 @@ forward_to_set_ranges_on_splitted(const char* function_name, const StrType& path
auto function = ospath.attr(function_name);
auto result_o = function(path);

TRY_CATCH_ASPECT("forward_to_set_ranges_on_splitted", {
TRY_CATCH_ASPECT("forward_to_set_ranges_on_splitted", , {
const auto tx_map = Initializer::get_tainting_map();
if (not tx_map or tx_map->empty() or py::len(result_o) == 0) {
return result_o;
Expand Down Expand Up @@ -223,7 +223,7 @@ api_ospathnormcase_aspect(const StrType& path)
auto normcase = ospath.attr("normcase");
auto result_o = normcase(path);

TRY_CATCH_ASPECT("ospathnormcase_aspect", {
TRY_CATCH_ASPECT("ospathnormcase_aspect", , {
const auto tx_map = Initializer::get_tainting_map();
if (not tx_map or tx_map->empty()) {
return result_o;
Expand Down
4 changes: 3 additions & 1 deletion ddtrace/appsec/_iast/_taint_tracking/Aspects/Helpers.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,15 +200,17 @@ exception_wrapper(Func func, const char* aspect_name, Args... args) -> std::opti
}
*/

#define TRY_CATCH_ASPECT(NAME, ...) \
#define TRY_CATCH_ASPECT(NAME, CLEANUP, ...) \
try { \
__VA_ARGS__; \
} catch (const std::exception& e) { \
const std::string error_message = "IAST propagation error in " NAME ". " + std::string(e.what()); \
iast_taint_log_error(error_message); \
CLEANUP; \
return result_o; \
} catch (...) { \
const std::string error_message = "Unknown IAST propagation error in " NAME ". "; \
iast_taint_log_error(error_message); \
CLEANUP; \
return result_o; \
}
4 changes: 4 additions & 0 deletions releasenotes/notes/slice-aspect-leak-95e264c4f1aa851c.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
fixes:
- |
Fix a memory leak on the native slice aspect.
Loading