Skip to content

Commit

Permalink
Handle serialization exceptions in IAST
Browse files Browse the repository at this point in the history
  • Loading branch information
smola committed Oct 26, 2023
1 parent 4b83850 commit 7322733
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 4 deletions.
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
package com.datadog.iast.model.json;

import com.datadog.iast.model.VulnerabilityBatch;
import com.datadog.iast.sink.HstsMissingHeaderModuleImpl;
import com.squareup.moshi.JsonAdapter;
import com.squareup.moshi.Moshi;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class VulnerabilityEncoding {

private static final Logger log = LoggerFactory.getLogger(HstsMissingHeaderModuleImpl.class);
private static final int MAX_SPAN_TAG_SIZE = 25000;

static final Moshi MOSHI =
Expand All @@ -18,10 +22,15 @@ public class VulnerabilityEncoding {
MOSHI.adapter(TruncatedVulnerabilities.class);

public static String toJson(final VulnerabilityBatch value) {
String json = BATCH_ADAPTER.toJson(value);
return json.getBytes().length > MAX_SPAN_TAG_SIZE
? getExceededTagSizeJson(new TruncatedVulnerabilities(value.getVulnerabilities()))
: json;
try {
String json = BATCH_ADAPTER.toJson(value);
return json.getBytes().length > MAX_SPAN_TAG_SIZE
? getExceededTagSizeJson(new TruncatedVulnerabilities(value.getVulnerabilities()))
: json;
} catch (Exception ex) {
log.debug("Vulnerability serialization error", ex);
return "{\"vulnerabilities\":[]}";
}
}

static String getExceededTagSizeJson(final TruncatedVulnerabilities truncatedVulnerabilities) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -539,6 +539,25 @@ class VulnerabilityEncodingTest extends DDSpecification {

}

void 'exception during serialization is caught'() {
given:
final value = new VulnerabilityBatch()
final type = Mock(VulnerabilityType) {
name() >> { throw new RuntimeException("ERROR") }
}
final vuln = new Vulnerability(type, null, null)
value.add(vuln)

when:
final result = VulnerabilityEncoding.toJson(value)

then:
JSONAssert.assertEquals('''{
"vulnerabilities": [
]
}''', result, true)
}

private static String generateLargeString(){
int targetSize = 25 * 1024
StringBuilder sb = new StringBuilder()
Expand Down

0 comments on commit 7322733

Please sign in to comment.