fix(iast): add more modules to the IAST patching denylist to improve …

…startup time (#11907) ## Description Adds a bunch of image handling, scientific/numerical computing, linting and other modules where propagation doesn't matter to the IAST denylist. ## Checklist - [X] PR author has checked that all the criteria below are met - The PR description includes an overview of the change - The PR description articulates the motivation for the change - The change includes tests OR the PR description describes a testing strategy - The PR description notes risks associated with the change, if any - Newly-added code is easy to change - The change follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) - The change includes or references documentation updates if necessary - Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) ## Reviewer Checklist - [x] Reviewer has checked that all the criteria below are met - Title is accurate - All changes are related to the pull request's stated goal - Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - Testing strategy adequately addresses listed risks - Newly-added code is easy to change - Release note makes sense to a user of the library - If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) --------- Signed-off-by: Juanjo Alvarez <[email protected]> (cherry picked from commit 30e3b76)
DataDog · Jan 13, 2025 · ec8c507 · ec8c507
1 parent 8d79908
commit ec8c507
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/ddtrace/appsec/_iast/_ast/ast_patching.py b/ddtrace/appsec/_iast/_ast/ast_patching.py
@@ -27,6 +27,46 @@
 # Prefixes for modules where IAST patching is allowed
 IAST_ALLOWLIST: Tuple[Text, ...] = ("tests.appsec.iast.",)
 IAST_DENYLIST: Tuple[Text, ...] = (
+    "altgraph.",
+    "dipy.",
+    "black.",
+    "mypy.",
+    "mypy_extensions.",
+    "autopep8.",
+    "pycodestyle.",
+    "pydicom.",
+    "pyinstaller.",
+    "pystray.",
+    "contourpy.",
+    "cx_logging.",
+    "dateutil.",
+    "pytz.",
+    "wcwidth.",
+    "win32ctypes.",
+    "xlib.",
+    "cycler.",
+    "cython.",
+    "dnspython.",
+    "elasticdeform." "numpy.",
+    "matplotlib.",
+    "skbase.",
+    "scipy.",
+    "networkx.",
+    "imageio.",
+    "fonttools.",
+    "nibabel.",
+    "nilearn.",
+    "gprof2dot.",
+    "h5py.",
+    "kiwisolver.",
+    "pandas.",
+    "pdf2image.",
+    "pefile.",
+    "pil.",
+    "threadpoolctl.",
+    "tifffile.",
+    "tqdm.",
+    "trx.",
     "flask.",
     "werkzeug.",
     "aiohttp._helpers.",
@@ -110,6 +150,7 @@
     "difflib.",
     "dill.info.",
     "dill.settings.",
+    "silk.",  # django-silk package
     "django.apps.config.",
     "django.apps.registry.",
     "django.conf.",

diff --git a/releasenotes/notes/denylist-extend-more-f0d96917c50d43cf.yaml b/releasenotes/notes/denylist-extend-more-f0d96917c50d43cf.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Add more modules to the IAST patching denylist to improve startup time