Merge branch '1.18' into backport-6792-to-1.18

DataDog · Aug 31, 2023 · 7da70de · 7da70de
2 parents 73b6c4b + 9c036b7
commit 7da70de
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/ddtrace/appsec/iast/_taint_utils.py b/ddtrace/appsec/iast/_taint_utils.py
@@ -1,8 +1,6 @@
 #!/usr/bin/env python3
 from collections import abc
 
-from ddtrace.appsec.iast._taint_tracking import is_pyobject_tainted
-from ddtrace.appsec.iast._taint_tracking import taint_pyobject
 from ddtrace.internal.logger import get_logger
 
 
@@ -32,6 +30,9 @@ def __init__(self, original_list, origins=(0, 0), override_pyobject_tainted=Fals
     def _taint(self, value):
         if value:
             if isinstance(value, (str, bytes, bytearray)):
+                from ddtrace.appsec.iast._taint_tracking import is_pyobject_tainted
+                from ddtrace.appsec.iast._taint_tracking import taint_pyobject
+
                 if not is_pyobject_tainted(value) or self._override_pyobject_tainted:
                     try:
                         # TODO: migrate this part to shift ranges instead of creating a new one
@@ -200,6 +201,9 @@ def _taint(self, value, key, origin=None):
             origin = self._origin_value
         if value:
             if isinstance(value, (str, bytes, bytearray)):
+                from ddtrace.appsec.iast._taint_tracking import is_pyobject_tainted
+                from ddtrace.appsec.iast._taint_tracking import taint_pyobject
+
                 if not is_pyobject_tainted(value) or self._override_pyobject_tainted:
                     try:
                         # TODO: migrate this part to shift ranges instead of creating a new one
@@ -375,6 +379,8 @@ def supported_dbapi_integration(integration_name):
 
 def check_tainted_args(args, kwargs, tracer, integration_name, method):
     if supported_dbapi_integration(integration_name) and method.__name__ == "execute":
+        from ddtrace.appsec.iast._taint_tracking import is_pyobject_tainted
+
         return len(args) and args[0] and is_pyobject_tainted(args[0])
 
     return False
diff --git a/releasenotes/notes/asm-avoid-subprocess-iast-import-d56d9bf2f37bdaa4.yaml b/releasenotes/notes/asm-avoid-subprocess-iast-import-d56d9bf2f37bdaa4.yaml
@@ -0,0 +1,3 @@
+fixes:
+  - |
+    ASM: avoid potentially unneeded import of the IAST native module if setup doesn't build extensions correctly.