chore(iast): avoid exception when no relevant frame is found (#13346)

smola · web-flow · commit 2e2cb67d5483 · 2025-05-07T15:31:04.000+02:00
Follow up to #13272: - Avoid an exception when no relevant frame is found, return a tuple of `None` objects instead. This was a regression in #13272.
diff --git a/ddtrace/appsec/_iast/_stacktrace.c b/ddtrace/appsec/_iast/_stacktrace.c
@@ -310,6 +310,9 @@ get_file_and_line(PyObject* Py_UNUSED(module), PyObject* Py_UNUSED(args))
 
 exit:
     FRAME_XDECREF(frame);
+    if (!result) {
+        result = PyTuple_Pack(4, Py_None, Py_None, Py_None, Py_None);
+    }
     in_stacktrace = 0;
     return result;
 }
diff --git a/ddtrace/appsec/_iast/taint_sinks/_base.py b/ddtrace/appsec/_iast/taint_sinks/_base.py
@@ -139,6 +139,8 @@ def _compute_file_line(cls) -> Tuple[Optional[str], Optional[int], Optional[str]
             return file_name, line_number, function_name, class_name
 
         file_name, line_number, function_name, class_name = frame_info
+        if not file_name:
+            return None, None, None, None
 
         file_name = cls._rel_path(file_name)
         if not file_name:
diff --git a/tests/appsec/iast/test_stacktrace.py b/tests/appsec/iast/test_stacktrace.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+
+import sys
+
+import pytest
+
+from ddtrace.appsec._iast._stacktrace import get_info_frame
+
+
+def test_stacktrace():
+    file, line, function, class_ = get_info_frame()
+    import traceback
+
+    traceback.print_stack()
+    assert file is not None
+    assert file.endswith("test_stacktrace.py")
+    assert line is not None
+    assert function == "test_stacktrace"
+    assert class_ is not None
+
+
+async def test_stacktrace_async():
+    async def _inner():
+        return get_info_frame()
+
+    file, line, function, class_ = await _inner()
+    assert file is not None
+    assert file.endswith("test_stacktrace.py")
+    assert line is not None
+    assert function == "_inner"
+    assert class_ is not None
+
+
+@pytest.mark.skipif(sys.version_info < (3, 9, 0), reason="Test compatible with Python 3.9+")
+async def test_stacktrace_async_no_relevant_frame():
+    """
+    In the absence of any non-ddtrace and non-stdlib frame in the stacktrace, no frame is returned.
+    (And no exception is raised).
+    """
+    import asyncio
+
+    file, line, function, class_ = await asyncio.to_thread(get_info_frame)
+    assert file is None
+    assert line is None
+    assert function is None
+    assert class_ is None

Original file line number	Diff line number	Diff line change
`@@ -310,6 +310,9 @@ get_file_and_line(PyObject* Py_UNUSED(module), PyObject* Py_UNUSED(args))`
`310`	`310`
`311`	`311`	`exit:`
`312`	`312`	`FRAME_XDECREF(frame);`
	`313`	`+ if (!result) {`
	`314`	`+ result = PyTuple_Pack(4, Py_None, Py_None, Py_None, Py_None);`
	`315`	`+ }`
`313`	`316`	`in_stacktrace = 0;`
`314`	`317`	`return result;`
`315`	`318`	`}`