chore(asm): update security rules

[christophe-papazian]

• update static security rule file to 1.14.2
• update relevant tests for fingerprinting changes: fingerprints are now always available with appsec enabled.

Checklist

• PR author has checked that all the criteria below are met
• The PR description includes an overview of the change
• The PR description articulates the motivation for the change
• The change includes tests OR the PR description describes a testing strategy
• The PR description notes risks associated with the change, if any
• Newly-added code is easy to change
• The change follows the library release note guidelines
• The change includes or references documentation updates if necessary
• Backport labels are set (if applicable)

Reviewer Checklist

• Reviewer has checked that all the criteria below are met
• Title is accurate
• All changes are related to the pull request's stated goal
• Avoids breaking API changes
• Testing strategy adequately addresses listed risks
• Newly-added code is easy to change
• Release note makes sense to a user of the library
• If necessary, author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment
• Backport labels are set in a manner that is consistent with the release branch maintenance policy

[github-actions]

CODEOWNERS have been resolved as:

ddtrace/appsec/rules.json                                               @DataDog/asm-python
tests/appsec/contrib_appsec/utils.py                                    @DataDog/asm-python
tests/contrib/django/test_django_appsec_snapshots.py                    @DataDog/asm-python
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_body_no_collection_snapshot.json  @DataDog/asm-python
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_cookies_no_collection_snapshot.json  @DataDog/asm-python
tests/snapshots/tests.appsec.appsec.test_processor.test_appsec_span_tags_snapshot.json  @DataDog/asm-python
tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled.json  @DataDog/asm-python
tests/snapshots/tests.contrib.django.test_django_appsec_snapshots.test_appsec_enabled_attack.json  @DataDog/asm-python

[github-actions]

Bootstrap import analysis

Comparison of import times between this PR and base.

Summary

The average import time from this PR is: 232 ± 5 ms.

The average import time from base is: 242 ± 6 ms.

The import time difference between this PR and base is: -10.2 ± 0.2 ms.

Import time breakdown

The following import paths have shrunk:

ddtrace.auto 5.204 ms (2.24%)

ddtrace.bootstrap.sitecustomize 2.989 ms (1.29%)

ddtrace.bootstrap.preload 2.843 ms (1.22%)

ddtrace.internal.products 2.128 ms (0.92%)

ddtrace.internal.remoteconfig.client 0.790 ms (0.34%)

importlib.metadata 0.216 ms (0.09%)

importlib.abc 0.181 ms (0.08%)

csv 0.035 ms (0.01%)

_csv 0.035 ms (0.01%)

multiprocessing 0.063 ms (0.03%)

multiprocessing.context 0.036 ms (0.02%)

multiprocessing.reduction 0.036 ms (0.02%)

pickle 0.036 ms (0.02%)

_pickle 0.036 ms (0.02%)

ddtrace.internal.remoteconfig._connectors 0.050 ms (0.02%)

ctypes 0.050 ms (0.02%)

_ctypes 0.050 ms (0.02%)

ddtrace.internal.symbol_db.remoteconfig 0.028 ms (0.01%)

ddtrace.internal.symbol_db.symbols 0.028 ms (0.01%)

ddtrace.settings.symbol_db 0.028 ms (0.01%)

ddtrace.settings.profiling 0.399 ms (0.17%)

ddtrace.vendor.psutil 0.304 ms (0.13%)

ddtrace.vendor.psutil._common 0.224 ms (0.10%)

ddtrace.internal.datadog.profiling.ddup 0.038 ms (0.02%)

ddtrace.internal.datadog.profiling.ddup._ddup 0.038 ms (0.02%)

ddtrace.internal.flare.flare 0.099 ms (0.04%)

logging.handlers 0.044 ms (0.02%)

ddtrace.settings.crashtracker 0.078 ms (0.03%)

ddtrace.internal.datadog.profiling.crashtracker 0.052 ms (0.02%)

ddtrace.internal.datadog.profiling.crashtracker._crashtracker 0.052 ms (0.02%)

ddtrace._trace.trace_handlers 0.146 ms (0.06%)

ddtrace._trace._inferred_proxy 0.094 ms (0.04%)

ddtrace.propagation.http 0.094 ms (0.04%)

ddtrace.internal._tagset 0.032 ms (0.01%)

ddtrace 2.216 ms (0.95%)

ddtrace._logger 0.936 ms (0.40%)

ddtrace.internal.telemetry 0.764 ms (0.33%)

ddtrace.internal.telemetry.writer 0.715 ms (0.31%)

http.client 0.243 ms (0.10%)

email.parser 0.069 ms (0.03%)

email.feedparser 0.069 ms (0.03%)

email._policybase 0.069 ms (0.03%)

email.utils 0.044 ms (0.02%)

email._parseaddr 0.044 ms (0.02%)

calendar 0.044 ms (0.02%)

locale 0.044 ms (0.02%)

email.header 0.024 ms (0.01%)

binascii 0.024 ms (0.01%)

ddtrace.internal.encoding 0.208 ms (0.09%)

ddtrace.internal._encoding 0.039 ms (0.02%)

ddtrace.internal.utils.version 0.114 ms (0.05%)

ddtrace.vendor.packaging.version 0.114 ms (0.05%)

ddtrace.settings._agent 0.040 ms (0.02%)

ddtrace.settings._core 0.040 ms (0.02%)

ddtrace.internal.native 0.040 ms (0.02%)

ddtrace.internal.native._native 0.040 ms (0.02%)

ddtrace.internal.utils.http 0.038 ms (0.02%)

ddtrace.internal.http 0.021 ms (0.01%)

ddtrace.internal.runtime 0.021 ms (0.01%)

ddtrace.internal.forksafe 0.021 ms (0.01%)

dataclasses 0.017 ms (0.01%)

inspect 0.017 ms (0.01%)

dis 0.017 ms (0.01%)

opcode 0.017 ms (0.01%)

_opcode 0.017 ms (0.01%)

ddtrace.internal.telemetry.data 0.037 ms (0.02%)

ddtrace.internal.packages 0.037 ms (0.02%)

_sysconfigdata__linux_x86_64-linux-gnu 0.037 ms (0.02%)

logging 0.172 ms (0.07%)

traceback 0.172 ms (0.07%)

contextlib 0.172 ms (0.07%)

ddtrace.settings._config 0.268 ms (0.12%)

ddtrace.internal.gitmetadata 0.188 ms (0.08%)

ddtrace.ext.ci 0.188 ms (0.08%)

ddtrace.ext.git 0.154 ms (0.07%)

shutil 0.064 ms (0.03%)

zlib 0.023 ms (0.01%)

subprocess 0.055 ms (0.02%)

ddtrace.internal.schema 0.030 ms (0.01%)

ddtrace.internal.schema.span_attribute_schema 0.030 ms (0.01%)

ddtrace.trace 0.122 ms (0.05%)

ddtrace._trace.filters 0.039 ms (0.02%)

ddtrace._trace.processor 0.039 ms (0.02%)

ddtrace._trace.sampler 0.039 ms (0.02%)

ddtrace._trace.span 0.039 ms (0.02%)

ddtrace.internal._rand 0.039 ms (0.02%)

ddtrace._trace.tracer 0.028 ms (0.01%)

ddtrace.internal.peer_service.processor 0.028 ms (0.01%)

ddtrace.internal._unpatched 0.019 ms (0.01%)

json 0.019 ms (0.01%)

json.decoder 0.019 ms (0.01%)

json.scanner 0.019 ms (0.01%)

_json 0.019 ms (0.01%)

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-04-02 12:52:37

Comparing candidate commit f64c9b6 in PR branch christophe-papazian/update_security_rules with baseline commit 5b3a8f2 in branch main.

Found 1 performance improvements and 0 performance regressions! Performance is the same for 497 metrics, 2 unstable metrics.

scenario:iast_aspects-ospathsplitext_aspect

• 🟩 execution_time [-388.246ns; -338.600ns] or [-9.604%; -8.376%]