dont use inner function

Signed-off-by: Juanjo Alvarez <[email protected]>
DataDog · Jan 7, 2025 · bd07128 · bd07128
1 parent 2b4a611
commit bd07128
Showing 1 changed file with 19 additions and 18 deletions.
diff --git a/ddtrace/appsec/_iast/taint_sinks/header_injection.py b/ddtrace/appsec/_iast/taint_sinks/header_injection.py
@@ -112,36 +112,37 @@ class HeaderInjection(VulnerabilityBase):
     vulnerability_type = VULN_HEADER_INJECTION
 
 
-def _iast_report_header_injection(headers_or_args) -> None:
+def _process_header(headers_args):
     from ddtrace.appsec._iast._taint_tracking.aspects import add_aspect
 
-    def process_header(headers_args):
-        if len(headers_args) != 2:
-            return
+    if len(headers_args) != 2:
+        return
 
-        header_name, header_value = headers_args
-        if header_name is None:
+    header_name, header_value = headers_args
+    if header_name is None:
+        return
+
+    for header_to_exclude in HEADER_INJECTION_EXCLUSIONS:
+        header_name_lower = header_name.lower()
+        if header_name_lower == header_to_exclude or header_name_lower.startswith(header_to_exclude):
             return
 
-        for header_to_exclude in HEADER_INJECTION_EXCLUSIONS:
-            header_name_lower = header_name.lower()
-            if header_name_lower == header_to_exclude or header_name_lower.startswith(header_to_exclude):
-                return
+    increment_iast_span_metric(IAST_SPAN_TAGS.TELEMETRY_EXECUTED_SINK, HeaderInjection.vulnerability_type)
+    _set_metric_iast_executed_sink(HeaderInjection.vulnerability_type)
 
-        increment_iast_span_metric(IAST_SPAN_TAGS.TELEMETRY_EXECUTED_SINK, HeaderInjection.vulnerability_type)
-        _set_metric_iast_executed_sink(HeaderInjection.vulnerability_type)
+    if is_iast_request_enabled() and HeaderInjection.has_quota():
+        if is_pyobject_tainted(header_name) or is_pyobject_tainted(header_value):
+            header_evidence = add_aspect(add_aspect(header_name, HEADER_NAME_VALUE_SEPARATOR), header_value)
+            HeaderInjection.report(evidence_value=header_evidence)
 
-        if is_iast_request_enabled() and HeaderInjection.has_quota():
-            if is_pyobject_tainted(header_name) or is_pyobject_tainted(header_value):
-                header_evidence = add_aspect(add_aspect(header_name, HEADER_NAME_VALUE_SEPARATOR), header_value)
-                HeaderInjection.report(evidence_value=header_evidence)
 
+def _iast_report_header_injection(headers_or_args) -> None:
     if headers_or_args and isinstance(headers_or_args[0], typing.Mapping):
         # ({header_name: header_value}, {header_name: header_value}, ...), used by FastAPI Response constructor
         # when used with Response(..., headers={...})
         for headers_dict in headers_or_args:
             for header_name, header_value in headers_dict.items():
-                process_header((header_name, header_value))
+                _process_header((header_name, header_value))
     else:
         # (header_name, header_value), used in other cases
-        process_header(headers_or_args)
+        _process_header(headers_or_args)