Ensure no strong references are kept due to source names

DataDog · Nov 2, 2023 · 22f6132 · 22f6132
1 parent 20a70a4
commit 22f6132
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 6 deletions.
diff --git a/...va-agent/agent-iast/src/main/java/com/datadog/iast/propagation/PropagationModuleImpl.java b/...va-agent/agent-iast/src/main/java/com/datadog/iast/propagation/PropagationModuleImpl.java
@@ -74,7 +74,11 @@ public void taint(
     if (!canBeTainted(target)) {
       return;
     }
-    internalTaint(ctx, target, new Source(origin, name, sourceValue(target, value)), NOT_MARKED);
+    internalTaint(
+        ctx,
+        target,
+        new Source(origin, newReference(target, name), newReference(target, value)),
+        NOT_MARKED);
   }
 
   @Override
@@ -175,7 +179,11 @@ public void taintIfTainted(
       return;
     }
     if (isTainted(ctx, input)) {
-      internalTaint(ctx, target, new Source(origin, name, sourceValue(target, value)), NOT_MARKED);
+      internalTaint(
+          ctx,
+          target,
+          new Source(origin, newReference(target, name), newReference(target, value)),
+          NOT_MARKED);
     }
   }
 
@@ -289,9 +297,9 @@ public boolean isTainted(@Nullable final IastContext ctx, @Nullable final Object
    * @see #sourceValue(Object)
    */
   @Nullable
-  private static CharSequence sourceValue(
-      @Nullable final Object origin, @Nullable final CharSequence value) {
-    if (value != null && origin == value) {
+  private static CharSequence newReference(
+      @Nullable final Object reference, @Nullable final CharSequence value) {
+    if (value != null && value == reference) {
       return sourceValue(value);
     }
     return value;

diff --git a/...gent/agent-iast/src/test/groovy/com/datadog/iast/propagation/PropagationModuleTest.groovy b/...gent/agent-iast/src/test/groovy/com/datadog/iast/propagation/PropagationModuleTest.groovy
@@ -434,6 +434,19 @@ class PropagationModuleTest extends IastModuleImplTestBase {
     stringBuilder((0..Config.get().getIastTruncationMaxValueLength() * 2).join('')) | _
   }
 
+  void 'test that source names should not make a strong reference over the value'() {
+    given:
+    final name = 'name'
+
+    when:
+    module.taint(name, SourceTypes.REQUEST_PARAMETER_NAME, name)
+
+    then:
+    final tainted = ctx.getTaintedObjects().get(name)
+    final taintedName = tainted.ranges[0].source.name
+    assert !taintedName.is(name) : 'Weak value should not be retained by the source name'
+  }
+
   private List<Tuple<Object>> taintIfSuite() {
     return [
       Tuple.tuple(string('string'), string('string')),
@@ -531,7 +544,8 @@ class PropagationModuleTest extends IastModuleImplTestBase {
         assert (range.marks & mark) > 0
       }
       final source = range.source
-      assert !source.value.is(originalValue): 'Weak value should not be retained by the source'
+      assert !source.name.is(originalValue): 'Weak value should not be retained by the source name'
+      assert !source.value.is(originalValue): 'Weak value should not be retained by the source value'
 
       final expectedSource = expected.source
       assert source.origin == expectedSource.origin