Skip to content

python_lambda: RASP Scenario #5505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

python_lambda: RASP Scenario #5505

wants to merge 1 commit into from

Conversation

@florentinl
Copy link
Contributor

@florentinl florentinl commented Oct 15, 2025
edited
Loading

Motivation

Add scenario for lambda libraries and RASP and support for the only lambda library: Python.

Changes

  • Add RASP scenario that inherits for LambdaScenario instead of EndToEndScenario.
  • Implement missing routes in python_lambda weblogs
  • forward missing routes in lambda-proxy

Notes

Was enabled with DataDog/dd-trace-py#14827

Reviewer checklist

  • If PR title starts with [<language>], double-check that only <language> is impacted by the change
  • No system-tests internal is modified. Otherwise, I have the approval from R&P team
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added (or removed)?

@github-actions
Copy link
Contributor

github-actions bot commented Oct 15, 2025
edited
Loading

CODEOWNERS have been resolved as:

.github/workflows/run-end-to-end.yml                                    @DataDog/system-tests-core
manifests/python_lambda.yml                                             @DataDog/system-tests-core
tests/appsec/rasp/test_api10.py                                         @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/rasp/test_cmdi.py                                          @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/rasp/test_lfi.py                                           @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/rasp/test_shi.py                                           @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/rasp/test_sqli.py                                          @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/rasp/test_ssrf.py                                          @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/test_extended_request_body_collection.py                   @DataDog/asm-libraries @DataDog/system-tests-core
tests/appsec/test_only_python.py                                        @DataDog/asm-libraries @DataDog/system-tests-core
utils/_context/_scenarios/__init__.py                                   @DataDog/system-tests-core
utils/_context/_scenarios/appsec_rasp.py                                @DataDog/system-tests-core
utils/build/docker/lambda_proxy/main.py                                 @DataDog/system-tests-core
utils/build/docker/python_lambda/function/handler.py                    @DataDog/apm-python @DataDog/asm-python @DataDog/system-tests-core
utils/build/docker/python_lambda/function/requirements.txt              @DataDog/apm-python @DataDog/asm-python @DataDog/system-tests-core
utils/scripts/ci_orchestrators/workflow_data.py                         @DataDog/system-tests-core

@florentinl florentinl force-pushed the florentin.labelle/APPSEC-59590/enable-rasp-for-lambda branch from 5152439 to dba7c12 Compare October 15, 2025 07:52
@florentinl florentinl changed the title [python_lambda]: rasp support python_lambda: rasp support Oct 15, 2025
@florentinl florentinl changed the title python_lambda: rasp support python_lambda: RASP Scenario Oct 15, 2025
@florentinl florentinl mentioned this pull request Oct 15, 2025
Merged
@florentinl florentinl force-pushed the florentin.labelle/APPSEC-59590/enable-rasp-for-lambda branch 3 times, most recently from 5022549 to 5931f0a Compare October 16, 2025 11:56
florentinl added a commit to DataDog/dd-trace-py that referenced this pull request Oct 17, 2025
@florentinl
feat(appsec): enable Exploit Prevention in Lambda (#14827)
5f952a1 
## Description

Stop explicitely disabling Exploit Prevention in AWS Lambda

## Testing

system-tests for lambda are passing using local builds with
DataDog/system-tests#5505 and will be enabled
after this PR is merged.

## Risks

None

## Additional Notes

<!-- Any other information that would be helpful for reviewers -->
@florentinl florentinl force-pushed the florentin.labelle/APPSEC-59590/enable-rasp-for-lambda branch 2 times, most recently from bf111cf to 323e93f Compare October 29, 2025 08:38
@florentinl florentinl force-pushed the florentin.labelle/APPSEC-59590/enable-rasp-for-lambda branch from 323e93f to 7835946 Compare October 29, 2025 08:55
@florentinl florentinl marked this pull request as ready for review October 29, 2025 12:00
@florentinl florentinl requested review from a team as code owners October 29, 2025 12:00
@florentinl florentinl requested review from dd-oleksii and juanjux and removed request for a team October 29, 2025 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@christophe-papazian christophe-papazian christophe-papazian approved these changes

@juanjux juanjux Awaiting requested review from juanjux juanjux is a code owner automatically assigned from DataDog/apm-python

@dd-oleksii dd-oleksii Awaiting requested review from dd-oleksii dd-oleksii is a code owner automatically assigned from DataDog/apm-python

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@florentinl @christophe-papazian