Activate ruff rules on SSI/auto-injection

[cbeauchesne]

Motivation

Changes

Workflow

1. ⚠️ Create your PR as draft ⚠️
2. Work on you PR until the CI passes
3. Mark it as ready for review
   • Test logic is modified? -> Get a review from RFC owner.
   • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed and the CI green, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

• Anything but tests/ or manifests/ is modified ? I have the approval from R&P team
• A docker base image is modified?
  • the relevant build-XXX-image label is present
• A scenario is added, removed or renamed?
  • Get a review from R&P team

[github-actions]

CODEOWNERS have been resolved as:

lib-injection/build/docker/python/dd-lib-python-init-test-django-27/django_app.py  @DataDog/system-tests-core
lib-injection/build/docker/python/dd-lib-python-init-test-django-gunicorn-alpine/django_app.py  @DataDog/system-tests-core
lib-injection/build/docker/python/dd-lib-python-init-test-django-gunicorn/django_app.py  @DataDog/system-tests-core
lib-injection/build/docker/python/dd-lib-python-init-test-django-preinstalled/django_app.py  @DataDog/system-tests-core
lib-injection/build/docker/python/dd-lib-python-init-test-django-unsupported-package-force/django_app.py  @DataDog/system-tests-core
lib-injection/build/docker/python/dd-lib-python-init-test-django-uvicorn/django_app.py  @DataDog/system-tests-core
lib-injection/build/docker/python/dd-lib-python-init-test-django/django_app.py  @DataDog/system-tests-core
lib-injection/build/docker/python/dd-lib-python-init-test-protobuf-old/django_app.py  @DataDog/system-tests-core
pyproject.toml                                                          @DataDog/system-tests-core
requirements.txt                                                        @DataDog/system-tests-core
tests/auto_inject/test_auto_inject_chaos.py                             @DataDog/system-tests-core
tests/auto_inject/test_blocklist_auto_inject.py                         @DataDog/system-tests-core
tests/auto_inject/utils.py                                              @DataDog/system-tests-core
utils/_context/_scenarios/__init__.py                                   @DataDog/system-tests-core
utils/_context/_scenarios/auto_injection.py                             @DataDog/system-tests-core
utils/_context/_scenarios/docker_ssi.py                                 @DataDog/system-tests-core
utils/docker_ssi/docker_ssi_definitions.py                              @DataDog/system-tests-core
utils/docker_ssi/docker_ssi_matrix_utils.py                             @DataDog/system-tests-core
utils/scripts/ssi_wizards/aws_onboarding_wizard_utils.py                @DataDog/system-tests-core

[datadog-official]

✨ Fix all issues with BitsAI or with Cursor

⚠️ Warnings

🧪 1 Test failed

tests.appsec.iast.sink.test_unvalidated_redirect.TestUnvalidatedHeader_ExtendedLocation.test_extended_location_data[uwsgi-poc] from system_tests_suite     (Fix with Cursor)

AssertionError: Expected a single vulnerability with the matching criteria
assert 2 == 1
 +  where 2 = len([{'evidence': {'valueParts': [{'source': 0, 'value': 'http://dummy.location.com'}]}, 'hash': 1185812129, 'location': {...ated_redirect_insecure_header', 'path': 'app.py', 'spanId': 8530959384864462718, ...}, 'type': 'UNVALIDATED_REDIRECT'}])

self = <tests.appsec.iast.sink.test_unvalidated_redirect.TestUnvalidatedHeader_ExtendedLocation object at 0x7f7b512ef020>

    def test_extended_location_data(self):
>       validate_extended_location_data(self.r, self.vulnerability_type)

tests/appsec/iast/sink/test_unvalidated_redirect.py:126: 
...

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 6781018 | Docs | Datadog PR Page | Give us feedback!}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 67810182de

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep Python 2.7 django app annotation-free

This module now adds runtime type annotations (for example def handle_sigterm(signo: int, ...)) even though lib-injection/build/docker/python/dd-lib-python-init-test-django-27/Dockerfile runs it with FROM python:2.7. Python 2.7 cannot parse function annotations, so the Django settings module will fail to import and this auto-injection variant will fail to start before any tests execute.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Replace PEP 604 unions in Python 3.9 weblog apps

The new annotation types.FrameType | None requires Python 3.10+, but this file (and dd-lib-python-init-test-protobuf-old/django_app.py) is executed in images based on Python 3.9 (.../dd-lib-python-init-test-django-preinstalled/Dockerfile and .../dd-lib-python-init-test-protobuf-old/Dockerfile). On those variants this introduces a syntax error at import time, so the weblog process cannot boot.

Useful? React with 👍 / 👎.