feat(iast): implement the stacktrace leak vulnerability

[juanjux]

Description

Implement the stacktrace leak vulnerability detection.

STATUS: Waiting for DataDog/system-tests#3874 to be merged.

Signed-off-by: Juanjo Alvarez [email protected]

Checklist

• PR author has checked that all the criteria below are met
• The PR description includes an overview of the change
• The PR description articulates the motivation for the change
• The change includes tests OR the PR description describes a testing strategy
• The PR description notes risks associated with the change, if any
• Newly-added code is easy to change
• The change follows the library release note guidelines
• The change includes or references documentation updates if necessary
• Backport labels are set (if applicable)

Reviewer Checklist

• Reviewer has checked that all the criteria below are met
• Title is accurate
• All changes are related to the pull request's stated goal
• Avoids breaking API changes
• Testing strategy adequately addresses listed risks
• Newly-added code is easy to change
• Release note makes sense to a user of the library
• If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
• Backport labels are set in a manner that is consistent with the release branch maintenance policy

[github-actions]

CODEOWNERS have been resolved as:

ddtrace/appsec/_iast/taint_sinks/stacktrace_leak.py                     @DataDog/asm-python
releasenotes/notes/stacktrace-leak-d6840ab48b29af99.yaml                @DataDog/apm-python
tests/appsec/iast/fixtures/django_debug_page.html                       @DataDog/asm-python
tests/appsec/iast/fixtures/plain_stacktrace.txt                         @DataDog/asm-python
tests/appsec/iast/taint_sinks/test_stacktrace_leak.py                   @DataDog/asm-python
ddtrace/appsec/_iast/_handlers.py                                       @DataDog/asm-python
ddtrace/appsec/_iast/_iast_request_context.py                           @DataDog/asm-python
ddtrace/appsec/_iast/_listener.py                                       @DataDog/asm-python
ddtrace/appsec/_iast/constants.py                                       @DataDog/asm-python
ddtrace/contrib/internal/django/patch.py                                @DataDog/apm-core-python @DataDog/apm-idm-python
ddtrace/contrib/internal/flask/patch.py                                 @DataDog/apm-core-python @DataDog/apm-idm-python
hatch.toml                                                              @DataDog/python-guild
tests/appsec/integrations/django_tests/django_app/urls.py               @DataDog/asm-python
tests/appsec/integrations/django_tests/django_app/views.py              @DataDog/asm-python
tests/appsec/integrations/django_tests/test_django_appsec_iast.py       @DataDog/asm-python
tests/conftest.py                                                       @DataDog/apm-core-python
tests/contrib/fastapi/test_fastapi_appsec_iast.py                       @DataDog/asm-python
tests/contrib/flask/test_flask_appsec_iast.py                           @DataDog/asm-python

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-01-23 08:38:42

Comparing candidate commit 525c574 in PR branch juanjux/APPSEC-53593-stacktrace-leak with baseline commit 2f52abb in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 394 metrics, 2 unstable metrics.

[datadog-dd-trace-py-rkomorn]

Datadog Report

Branch report: juanjux/APPSEC-53593-stacktrace-leak
Commit report: 525c574
Test service: dd-trace-py

✅ 0 Failed, 130 Passed, 1468 Skipped, 4m 40.46s Total duration (35m 52.79s time saved)