From 44043c2d050dd0aea48b57a74ddd6804a68367cf Mon Sep 17 00:00:00 2001 From: Juanjo Alvarez Martinez Date: Fri, 20 Sep 2024 15:34:42 +0200 Subject: [PATCH 1/2] fix(iast): backport fix from 10706 to 2.11 (#10737) ## Description Partial backport of the `Initializer` `atexit` fix from https://github.com/DataDog/dd-trace-py/pull/10706. ## Checklist - [X] PR author has checked that all the criteria below are met - The PR description includes an overview of the change - The PR description articulates the motivation for the change - The change includes tests OR the PR description describes a testing strategy - The PR description notes risks associated with the change, if any - Newly-added code is easy to change - The change follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) - The change includes or references documentation updates if necessary - Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) ## Reviewer Checklist - [x] Reviewer has checked that all the criteria below are met - Title is accurate - All changes are related to the pull request's stated goal - Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - Testing strategy adequately addresses listed risks - Newly-added code is easy to change - Release note makes sense to a user of the library - If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) --------- Signed-off-by: Juanjo Alvarez --- ddtrace/appsec/_iast/_taint_tracking/_native.cpp | 6 ++++++ releasenotes/notes/initializer-atexit-4c10671e585ac3e7.yaml | 5 +++++ 2 files changed, 11 insertions(+) create mode 100644 releasenotes/notes/initializer-atexit-4c10671e585ac3e7.yaml diff --git a/ddtrace/appsec/_iast/_taint_tracking/_native.cpp b/ddtrace/appsec/_iast/_taint_tracking/_native.cpp index e0a64332431..f6ebe354c6b 100644 --- a/ddtrace/appsec/_iast/_taint_tracking/_native.cpp +++ b/ddtrace/appsec/_iast/_taint_tracking/_native.cpp @@ -72,6 +72,12 @@ PYBIND11_MODULE(_native, m) } initializer = make_unique(); + // Create an atexit callback to clean up the Initializer before the interpreter finishes + auto atexit_register = py::module_::import("atexit").attr("register"); + atexit_register(py::cpp_function([]() { + initializer->reset_context(); + initializer.reset(); + })); initializer->create_context(); m.doc() = "Native Python module"; diff --git a/releasenotes/notes/initializer-atexit-4c10671e585ac3e7.yaml b/releasenotes/notes/initializer-atexit-4c10671e585ac3e7.yaml new file mode 100644 index 00000000000..6bdaf4457fb --- /dev/null +++ b/releasenotes/notes/initializer-atexit-4c10671e585ac3e7.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Code Security: ensure the ``Initializer`` object is always reset and freed before the Python runtime. + From 9251b07dbdb69f975f816ccdab39babb779b0240 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 20 Sep 2024 14:09:29 +0000 Subject: [PATCH 2/2] chore(llmobs): add language tag to span events [backport 2.11] (#10702) Backport b488c99d2b8a76e637ef46079e20e7a21e0748a1 from #10681 to 2.11. Adds a `language:python` tag to all LLMObs span events, to be used for internal analysis. No changelog needed since this isn't a user-facing functional change or fix (it will just show as an extra tag in the UI). [MLOB-1543] ## Checklist - [x] PR author has checked that all the criteria below are met - The PR description includes an overview of the change - The PR description articulates the motivation for the change - The change includes tests OR the PR description describes a testing strategy - The PR description notes risks associated with the change, if any - Newly-added code is easy to change - The change follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) - The change includes or references documentation updates if necessary - Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) ## Reviewer Checklist - [x] Reviewer has checked that all the criteria below are met - Title is accurate - All changes are related to the pull request's stated goal - Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - Testing strategy adequately addresses listed risks - Newly-added code is easy to change - Release note makes sense to a user of the library - If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) [MLOB-1543]: https://datadoghq.atlassian.net/browse/MLOB-1543?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ Co-authored-by: Sam Brenner <106700075+sabrenner@users.noreply.github.com> --- ddtrace/llmobs/_trace_processor.py | 1 + tests/llmobs/_utils.py | 1 + 2 files changed, 2 insertions(+) diff --git a/ddtrace/llmobs/_trace_processor.py b/ddtrace/llmobs/_trace_processor.py index ea86841657e..41cd7406535 100644 --- a/ddtrace/llmobs/_trace_processor.py +++ b/ddtrace/llmobs/_trace_processor.py @@ -129,6 +129,7 @@ def _llmobs_tags(span: Span, ml_app: str, session_id: Optional[str] = None) -> L "source": "integration", "ml_app": ml_app, "ddtrace.version": ddtrace.__version__, + "language": "python", "error": span.error, } err_type = span.get_tag(ERROR_TYPE) diff --git a/tests/llmobs/_utils.py b/tests/llmobs/_utils.py index c9a829efecf..8dc17a02c66 100644 --- a/tests/llmobs/_utils.py +++ b/tests/llmobs/_utils.py @@ -27,6 +27,7 @@ def _expected_llmobs_tags(span, error=None, tags=None, session_id=None): "source:integration", "ml_app:{}".format(tags.get("ml_app", "unnamed-ml-app")), "ddtrace.version:{}".format(ddtrace.__version__), + "language:python", ] if error: expected_tags.append("error:1")