Skip to content

Re-remove more iast .so files #653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 29, 2025
Merged

Re-remove more iast .so files #653

merged 3 commits into from
Aug 29, 2025
+2 −1

Conversation

@avara1986
Copy link
Member

@avara1986 avara1986 commented Aug 26, 2025
edited
Loading

APPSEC-58746

PR DataDog/dd-trace-py#12774 was merged to address this.

What does this PR do?

Re-removes the ddtrace/appsec/_iast/_ast/iastpatch*.so file from the python layers.

Motivation

A change was made by the appsec team to the python tracer which inadvertently caused an import attempt on ddtrace/appsec/_iast/_ast/iastpatch*.so. This import would fail when using our python layer. We remove this file because it is large and iast doesn't work in serverless anyway.

Testing Guidelines

There is another open PR in the python tracer DataDog/dd-trace-py#14420 which will add explicit testing to ensure none of our removed files get imported.

Additional Notes

Note that the mentioned PR is merged but not yet released! Do not merge this until that PR has been released!

Types of Changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog
  • This PR passes the integration tests (ask a Datadog member to run the tests)

@avara1986 avara1986 marked this pull request as ready for review August 27, 2025 06:58
@avara1986 avara1986 requested review from a team as code owners August 27, 2025 06:58
@purple4reina
Copy link
Contributor

Thank you so much for doing this! It looks like we can now decrease our expectations of unzip layer size in our tests. Would you mind changing the 23 to a 22 in this file as part of this PR?

datadog-lambda-python/scripts/check_layer_size.sh

Line 12 in 33fcbce

MAX_LAYER_UNCOMPRESSED_SIZE_KB=$(expr 23 \* 1024) # 23552 KB

@purple4reina
Copy link
Contributor

And once this PR is merged, you can make a similar change in our serverless-tools repo which runs check layer size tests in dd-trace-py. https://github.com/DataDog/serverless-tools/blob/8ffeeabffc821fe72b2d0848ac2abf09fbc94cf6/.gitlab/setup.sh#L72

@avara1986
Copy link
Member Author

avara1986 commented Aug 28, 2025
edited
Loading

And once this PR is merged, you can make a similar change in our serverless-tools repo which runs check layer size tests in dd-trace-py. https://github.com/DataDog/serverless-tools/blob/8ffeeabffc821fe72b2d0848ac2abf09fbc94cf6/.gitlab/setup.sh#L72

I updated this pull request and created a new one in serverless-tools https://github.com/DataDog/serverless-tools/pull/71

@avara1986 avara1986 merged commit 7184daf into main Aug 29, 2025
68 checks passed
@avara1986 avara1986 deleted the avara1986/APPSEC-58746-rm-so branch August 29, 2025 05:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@purple4reina purple4reina purple4reina approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@avara1986 @purple4reina