Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(iast): ssrf vulnerability redacts the url query parameters correctly [backport 2.16] #11590

Open
wants to merge 1 commit into
base: 2.16
Choose a base branch
from

Conversation

github-actions[bot]
Copy link
Contributor

Backport 2a58b90 from #11563 to 2.16.

Code Security: Ensure IAST SSRF vulnerability redacts the url query parameters correctly.

Checklist

  • PR author has checked that all the criteria below are met
  • The PR description includes an overview of the change
  • The PR description articulates the motivation for the change
  • The change includes tests OR the PR description describes a testing strategy
  • The PR description notes risks associated with the change, if any
  • Newly-added code is easy to change
  • The change follows the library release note guidelines
  • The change includes or references documentation updates if necessary
  • Backport labels are set (if applicable)

Reviewer Checklist

  • Reviewer has checked that all the criteria below are met
  • Title is accurate
  • All changes are related to the pull request's stated goal
  • Avoids breaking API changes
  • Testing strategy adequately addresses listed risks
  • Newly-added code is easy to change
  • Release note makes sense to a user of the library
  • If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
  • Backport labels are set in a manner that is consistent with the release branch maintenance policy

…tly (#11563)

Code Security: Ensure IAST SSRF vulnerability redacts the url query
parameters correctly.

## Checklist
- [x] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

(cherry picked from commit 2a58b90)
@github-actions github-actions bot requested a review from a team as a code owner November 29, 2024 12:09
@github-actions github-actions bot added the ASM Application Security Monitoring label Nov 29, 2024
@github-actions github-actions bot requested a review from a team as a code owner November 29, 2024 12:09
@pr-commenter
Copy link

pr-commenter bot commented Nov 29, 2024

Benchmarks

Benchmark execution time: 2024-11-29 12:50:23

Comparing candidate commit d1e5edd in PR branch backport-11563-to-2.16 with baseline commit 25617b3 in branch 2.16.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 356 metrics, 2 unstable metrics.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ASM Application Security Monitoring
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant