From 94fe5ff3b22e0ea11fed4f407f74d4fdbf2817e9 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 22 Jul 2024 15:14:21 +0000
Subject: [PATCH] fix: add encodings.idna to the denylist [backport 2.9]
 (#9886)

Backport 185076ff3d273618645db56c9acca08f5a6cd333 from #9873 to 2.9.

## Checklist
- [X] PR author has checked that all the criteria below are met
- The PR description includes an overview of the change
- The PR description articulates the motivation for the change
- The change includes tests OR the PR description describes a testing
strategy
- The PR description notes risks associated with the change, if any
- Newly-added code is easy to change
- The change follows the [library release note
guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html)
- The change includes or references documentation updates if necessary
- Backport labels are set (if
[applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting))

## Reviewer Checklist
- [x] Reviewer has checked that all the criteria below are met
- Title is accurate
- All changes are related to the pull request's stated goal
- Avoids breaking
[API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces)
changes
- Testing strategy adequately addresses listed risks
- Newly-added code is easy to change
- Release note makes sense to a user of the library
- If necessary, author has acknowledged and discussed the performance
implications of this PR as reported in the benchmarks PR comment
- Backport labels are set in a manner that is consistent with the
[release branch maintenance
policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)

Co-authored-by: Juanjo Alvarez Martinez <juanjo.alvarezmartinez@datadoghq.com>
---
 ddtrace/appsec/_iast/_ast/ast_patching.py               | 1 +
 releasenotes/notes/asm-avoid-idna-d724dce73afafa93.yaml | 4 ++++
 2 files changed, 5 insertions(+)
 create mode 100644 releasenotes/notes/asm-avoid-idna-d724dce73afafa93.yaml

diff --git a/ddtrace/appsec/_iast/_ast/ast_patching.py b/ddtrace/appsec/_iast/_ast/ast_patching.py
index d561cc08a6b..7c491d05c4f 100644
--- a/ddtrace/appsec/_iast/_ast/ast_patching.py
+++ b/ddtrace/appsec/_iast/_ast/ast_patching.py
@@ -38,6 +38,7 @@
     "ddsketch",
     "ddtrace",
     "encodings",  # this package is used to load encodings when a module is imported, propagation is not needed
+    "encodings.idna",
     "envier",
     "exceptiongroup",
     "freezegun",  # Testing utilities for time manipulation
diff --git a/releasenotes/notes/asm-avoid-idna-d724dce73afafa93.yaml b/releasenotes/notes/asm-avoid-idna-d724dce73afafa93.yaml
new file mode 100644
index 00000000000..58f63e5d8df
--- /dev/null
+++ b/releasenotes/notes/asm-avoid-idna-d724dce73afafa93.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Code Security: add encodings.idna to the IAST patching denylist to avoid problems with gevent.