chore(iast): avoid exception when no relevant frame is found (#13346)

smola · smola · commit f8022c8a5b2c · 2025-05-12T08:23:49.000+02:00
Follow up to #13272: - Avoid an exception when no relevant frame is found, return a tuple of `None` objects instead. This was a regression in #13272. (cherry picked from commit 2e2cb67)
diff --git a/ddtrace/appsec/_iast/_stacktrace.c b/ddtrace/appsec/_iast/_stacktrace.c
@@ -227,6 +227,10 @@ get_file_and_line(PyObject* Py_UNUSED(module), PyObject* Py_UNUSED(args))
 
 exit:
     FRAME_XDECREF(frame);
+    if (!result) {
+        result = PyTuple_Pack(4, Py_None, Py_None, Py_None, Py_None);
+    }
+    in_stacktrace = 0;
     return result;
 }
 
diff --git a/ddtrace/appsec/_iast/taint_sinks/_base.py b/ddtrace/appsec/_iast/taint_sinks/_base.py
@@ -129,6 +129,8 @@ def report(cls, evidence_value: Text = "", dialect: Optional[Text] = None) -> No
                     return None
 
                 file_name, line_number = frame_info
+                if not file_name:
+                    return
 
                 file_name = cls._rel_path(file_name)
                 if not file_name:
diff --git a/tests/appsec/iast/test_stacktrace.py b/tests/appsec/iast/test_stacktrace.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+
+import sys
+
+import pytest
+
+from ddtrace.appsec._iast._stacktrace import get_info_frame
+
+
+def test_stacktrace():
+    file, line, function, class_ = get_info_frame()
+    import traceback
+
+    traceback.print_stack()
+    assert file is not None
+    assert file.endswith("test_stacktrace.py")
+    assert line is not None
+    assert function == "test_stacktrace"
+    assert class_ is not None
+
+
+async def test_stacktrace_async():
+    async def _inner():
+        return get_info_frame()
+
+    file, line, function, class_ = await _inner()
+    assert file is not None
+    assert file.endswith("test_stacktrace.py")
+    assert line is not None
+    assert function == "_inner"
+    assert class_ is not None
+
+
+@pytest.mark.skipif(sys.version_info < (3, 9, 0), reason="Test compatible with Python 3.9+")
+async def test_stacktrace_async_no_relevant_frame():
+    """
+    In the absence of any non-ddtrace and non-stdlib frame in the stacktrace, no frame is returned.
+    (And no exception is raised).
+    """
+    import asyncio
+
+    file, line, function, class_ = await asyncio.to_thread(get_info_frame)
+    assert file is None
+    assert line is None
+    assert function is None
+    assert class_ is None

Original file line number	Diff line number	Diff line change
`@@ -227,6 +227,10 @@ get_file_and_line(PyObject* Py_UNUSED(module), PyObject* Py_UNUSED(args))`
`227`	`227`
`228`	`228`	`exit:`
`229`	`229`	`FRAME_XDECREF(frame);`
	`230`	`+ if (!result) {`
	`231`	`+ result = PyTuple_Pack(4, Py_None, Py_None, Py_None, Py_None);`
	`232`	`+ }`
	`233`	`+ in_stacktrace = 0;`
`230`	`234`	`return result;`
`231`	`235`	`}`
`232`	`236`