Skip to content

Commit

Permalink
chore(iast): fix grpc iast flaky tests (#12404)
Browse files Browse the repository at this point in the history 
## Description

Fix gRPC IAST flaky tests. The problem was that the failing ones were
run under `run_in_subprocess` so they were not getting the IAST context
fixture. However, the base class doesn't need client tests to run in a
subprocess anymore and removing that fixes the tests.

Also: remove setting the `DD_IAST_ENABLED` and the `_iast_enabled`
config from all tests since the fixture makes it unnecessary.

## Checklist
- [X] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met 
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

---------

Signed-off-by: Juanjo Alvarez <[email protected]>
  • Loading branch information
@juanjux
juanjux authored Feb 19, 2025
1 parent 3e4124c commit 4926d85
Showing 1 changed file with 50 additions and 68 deletions.
118 changes: 50 additions & 68 deletions tests/appsec/iast/test_grpc_iast.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,8 @@
from tests.contrib.grpc.common import GrpcBaseTestCase
from tests.contrib.grpc.hello_pb2 import HelloRequest
from tests.contrib.grpc.hello_pb2_grpc import HelloStub
from tests.utils import TracerTestCase
from tests.utils import flaky
from tests.utils import override_config
from tests.utils import override_env
from tests.utils import override_global_config

from .conftest import iast_context

Expand All @@ -38,28 +35,22 @@ def _check_test_range(value):


class GrpcTestIASTCase(GrpcBaseTestCase):
@flaky(1735812000, reason="IAST context refactor breaks grpc. APPSEC-55239")
@TracerTestCase.run_in_subprocess(env_overrides=dict(DD_IAST_ENABLED="1"))
def test_taint_iast_single(self):
with override_env({"DD_IAST_ENABLED": "True"}):
with self.override_config("grpc", dict(service_name="myclientsvc")):
with self.override_config("grpc_server", dict(service_name="myserversvc")):
channel1 = grpc.insecure_channel("localhost:%d" % (_GRPC_PORT))
stub1 = HelloStub(channel1)
res = stub1.SayHello(HelloRequest(name="test"))
assert hasattr(res, "message")
_check_test_range(res.message)

def test_taint_iast_single_server(self):
with override_global_config(dict(_iast_enabled=True)):
with grpc.insecure_channel("localhost:%d" % (_GRPC_PORT)) as channel1:
with self.override_config("grpc", dict(service_name="myclientsvc")):
with self.override_config("grpc_server", dict(service_name="myserversvc")):
channel1 = grpc.insecure_channel("localhost:%d" % (_GRPC_PORT))
stub1 = HelloStub(channel1)
res = stub1.SayHello(HelloRequest(name="test"))
assert hasattr(res, "message")
_check_test_range(res.message)

@flaky(1735812000, reason="IAST context refactor breaks grpc. APPSEC-55239")
@TracerTestCase.run_in_subprocess(env_overrides=dict(DD_IAST_ENABLED="1"))
def test_taint_iast_single_server(self):
with grpc.insecure_channel("localhost:%d" % (_GRPC_PORT)) as channel1:
stub1 = HelloStub(channel1)
res = stub1.SayHello(HelloRequest(name="test"))
assert hasattr(res, "message")
_check_test_range(res.message)

def test_taint_iast_twice(self):
with self.override_config("grpc", dict(service_name="myclientsvc")):
with self.override_config("grpc_server", dict(service_name="myserversvc")):
Expand All @@ -77,76 +68,67 @@ def test_taint_iast_twice_server(self):
def callback(response):
callback_called.set()

with override_global_config(dict(_iast_enabled=True)):
with grpc.insecure_channel("localhost:%d" % (_GRPC_PORT)) as channel1:
with grpc.insecure_channel("localhost:%d" % (_GRPC_PORT)) as channel1:
stub1 = HelloStub(channel1)
responses_iterator = stub1.SayHelloTwice(HelloRequest(name="test"))
responses_iterator.add_done_callback(callback)
for res in responses_iterator:
assert hasattr(res, "message")
_check_test_range(res.message)

callback_called.wait(timeout=1)

def test_taint_iast_repeatedly(self):
with self.override_config("grpc", dict(service_name="myclientsvc")):
with self.override_config("grpc_server", dict(service_name="myserversvc")):
channel1 = grpc.insecure_channel("localhost:%d" % (_GRPC_PORT))
stub1 = HelloStub(channel1)
responses_iterator = stub1.SayHelloTwice(HelloRequest(name="test"))
responses_iterator.add_done_callback(callback)
requests_iterator = iter(
HelloRequest(name=name) for name in ["first", "second", "third", "fourth", "fifth"]
)
responses_iterator = stub1.SayHelloRepeatedly(requests_iterator)
for res in responses_iterator:
assert hasattr(res, "message")
_check_test_range(res.message)

callback_called.wait(timeout=1)

@flaky(1735812000, reason="IAST context refactor breaks grpc. APPSEC-55239")
@TracerTestCase.run_in_subprocess(env_overrides=dict(DD_IAST_ENABLED="1"))
def test_taint_iast_repeatedly(self):
with override_env({"DD_IAST_ENABLED": "True"}):
with self.override_config("grpc", dict(service_name="myclientsvc")):
with self.override_config("grpc_server", dict(service_name="myserversvc")):
channel1 = grpc.insecure_channel("localhost:%d" % (_GRPC_PORT))
stub1 = HelloStub(channel1)
requests_iterator = iter(
HelloRequest(name=name) for name in ["first", "second", "third", "fourth", "fifth"]
)
responses_iterator = stub1.SayHelloRepeatedly(requests_iterator)
for res in responses_iterator:
assert hasattr(res, "message")
_check_test_range(res.message)

def test_taint_iast_repeatedly_server(self):
# use an event to signal when the callbacks have been called from the response
callback_called = threading.Event()

def callback(response):
callback_called.set()

with override_global_config(dict(_iast_enabled=True)):
with grpc.insecure_channel("localhost:%d" % (_GRPC_PORT)) as channel1:
stub1 = HelloStub(channel1)
requests_iterator = iter(
HelloRequest(name=name) for name in ["first", "second", "third", "fourth", "fifth"]
)
responses_iterator = stub1.SayHelloRepeatedly(requests_iterator)
responses_iterator.add_done_callback(callback)
for res in responses_iterator:
assert hasattr(res, "message")
_check_test_range(res.message)
with grpc.insecure_channel("localhost:%d" % (_GRPC_PORT)) as channel1:
stub1 = HelloStub(channel1)
requests_iterator = iter(
HelloRequest(name=name) for name in ["first", "second", "third", "fourth", "fifth"]
)
responses_iterator = stub1.SayHelloRepeatedly(requests_iterator)
responses_iterator.add_done_callback(callback)
for res in responses_iterator:
assert hasattr(res, "message")
_check_test_range(res.message)

callback_called.wait(timeout=1)
callback_called.wait(timeout=1)

@flaky(1735812000, reason="IAST context refactor breaks grpc. APPSEC-55239")
@TracerTestCase.run_in_subprocess(env_overrides=dict(DD_IAST_ENABLED="1"))
def test_taint_iast_last(self):
with override_env({"DD_IAST_ENABLED": "True"}):
with self.override_config("grpc", dict(service_name="myclientsvc")):
with self.override_config("grpc_server", dict(service_name="myserversvc")):
channel1 = grpc.insecure_channel("localhost:%d" % (_GRPC_PORT))
stub1 = HelloStub(channel1)
requests_iterator = iter(HelloRequest(name=name) for name in ["first", "second"])
res = stub1.SayHelloLast(requests_iterator)
assert hasattr(res, "message")
_check_test_range(res.message)

def test_taint_iast_last_server(self):
with override_global_config(dict(_iast_enabled=True)):
with grpc.insecure_channel("localhost:%d" % (_GRPC_PORT)) as channel1:
with self.override_config("grpc", dict(service_name="myclientsvc")):
with self.override_config("grpc_server", dict(service_name="myserversvc")):
channel1 = grpc.insecure_channel("localhost:%d" % (_GRPC_PORT))
stub1 = HelloStub(channel1)
requests_iterator = iter(HelloRequest(name=name) for name in ["first", "second"])
res = stub1.SayHelloLast(requests_iterator)
assert hasattr(res, "message")
_check_test_range(res.message)

def test_taint_iast_last_server(self):
with grpc.insecure_channel("localhost:%d" % (_GRPC_PORT)) as channel1:
stub1 = HelloStub(channel1)
requests_iterator = iter(HelloRequest(name=name) for name in ["first", "second"])
res = stub1.SayHelloLast(requests_iterator)
assert hasattr(res, "message")
_check_test_range(res.message)

def test_taint_iast_patching_import_error(self):
with mock.patch.dict("sys.modules", {"google._upb._message": None}), override_env({"DD_IAST_ENABLED": "True"}):
from collections import UserDict
Expand Down

0 comments on commit 4926d85

Please sign in to comment.