From 4d2f1fe882ab64b435906d4165ff0512e912171f Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Tue, 30 Apr 2024 08:11:00 +0200 Subject: [PATCH 01/28] Add StratumManager and some tests --- .../tooling/iast/stratum/AbstractStratum.java | 17 ++ .../tooling/iast/stratum/EmbeddedStratum.java | 37 ++++ .../agent/tooling/iast/stratum/FileInfo.java | 60 ++++++ .../iast/stratum/GeneratorException.java | 12 ++ .../agent/tooling/iast/stratum/LineInfo.java | 124 +++++++++++ .../agent/tooling/iast/stratum/Location.java | 20 ++ .../tooling/iast/stratum/ParserException.java | 12 ++ .../agent/tooling/iast/stratum/Resolver.java | 179 ++++++++++++++++ .../agent/tooling/iast/stratum/SourceMap.java | 86 ++++++++ .../iast/stratum/SourceMapException.java | 12 ++ .../agent/tooling/iast/stratum/Stratum.java | 5 + .../tooling/iast/stratum/StratumExt.java | 168 +++++++++++++++ .../tooling/iast/stratum/StratumManager.java | 106 ++++++++++ .../tooling/iast/stratum/UnknownInfo.java | 18 ++ .../tooling/iast/stratum/VendorInfo.java | 25 +++ .../tooling/iast/stratum/parser/Builder.java | 18 ++ .../tooling/iast/stratum/parser/Builders.java | 194 ++++++++++++++++++ .../tooling/iast/stratum/parser/Parser.java | 154 ++++++++++++++ .../tooling/iast/stratum/parser/State.java | 104 ++++++++++ .../iast/stratum/utils/PatternUtils.java | 124 +++++++++++ .../stratum/utils/StoppableCharSequence.java | 44 ++++ .../iast/stratum/StratumManagerTest.groovy | 48 +++++ .../agent/tooling/iast/stratum/IndexJsp.java | 59 ++++++ 23 files changed, 1626 insertions(+) create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/AbstractStratum.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/GeneratorException.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Location.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/ParserException.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Resolver.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMapException.java create mode 100644 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java create mode 100644 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/UnknownInfo.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builder.java create mode 100644 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java create mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/State.java create mode 100644 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/PatternUtils.java create mode 100644 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/StoppableCharSequence.java create mode 100644 dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy create mode 100644 dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/stratum/IndexJsp.java diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/AbstractStratum.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/AbstractStratum.java new file mode 100755 index 00000000000..ea15d4de9cd --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/AbstractStratum.java @@ -0,0 +1,17 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public abstract class AbstractStratum { + private String name; + + public AbstractStratum(final String name) { + this.name = name; + } + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java new file mode 100755 index 00000000000..a25bd71f893 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java @@ -0,0 +1,37 @@ +package datadog.trace.agent.tooling.iast.stratum; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +public class EmbeddedStratum extends AbstractStratum implements Cloneable { + private final List sourceMapList = new ArrayList(); + + public EmbeddedStratum() { + this(""); + } + + public EmbeddedStratum(final String name) { + super(name); + } + + @Override + public Object clone() { + EmbeddedStratum embeddedStratum = new EmbeddedStratum(getName()); + for (Iterator iter = sourceMapList.iterator(); iter.hasNext(); ) { + embeddedStratum.getSourceMapList().add((SourceMap) iter.next().clone()); + } + return embeddedStratum; + } + + public List getSourceMapList() { + return sourceMapList; + } + + public void setSourceMapList(final List sourceMapList) { + this.sourceMapList.clear(); + if (sourceMapList != null) { + this.sourceMapList.addAll(sourceMapList); + } + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java new file mode 100755 index 00000000000..583ff4fe643 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java @@ -0,0 +1,60 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public class FileInfo implements Cloneable { + private int fileId = -1; + + private String inputFileName; + + private String inputFilePath; + + public FileInfo() {} + + public FileInfo(final int fileId, final String inputFileName, final String inputFilePath) { + this.fileId = fileId; + this.inputFileName = inputFileName; + this.inputFilePath = inputFilePath; + } + + @Override + public Object clone() { + return new FileInfo(fileId, inputFileName, inputFilePath); + } + + public int getFileId() { + return fileId; + } + + public void setFileId(final int fileId) { + this.fileId = fileId; + } + + public String getInputFileName() { + return inputFileName; + } + + public void setInputFileName(final String inputFileName) { + this.inputFileName = inputFileName; + } + + public String getInputFilePath() { + if (inputFilePath == null) { + return inputFileName; + } + return inputFilePath; + } + + public void setInputFilePath(final String inputFilePath) { + this.inputFilePath = inputFilePath; + } + + @Override + public String toString() { + return "FileInfo [fileId=" + + fileId + + ", inputFileName=" + + inputFileName + + ", inputFilePath=" + + inputFilePath + + "]"; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/GeneratorException.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/GeneratorException.java new file mode 100755 index 00000000000..b050cb05ef2 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/GeneratorException.java @@ -0,0 +1,12 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public class GeneratorException extends SourceMapException { + /** */ + private static final long serialVersionUID = -7787799486007303990L; + + public GeneratorException() {} + + public GeneratorException(final String msg) { + super(msg); + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java new file mode 100755 index 00000000000..afb4a306d5e --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java @@ -0,0 +1,124 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public class LineInfo implements Cloneable { + private int fileId = -1; + + int inputStartLine; + + int repeatCount; + + int outputStartLine; + + int outputLineIncrement; + + private FileInfo fileInfo; + + public LineInfo( + final int fileId, + final int inputStartLine, + final int repeatCount, + final int outputStartLine, + final int outputLineIncrement) { + this.fileId = fileId; + fileInfo = null; + this.inputStartLine = inputStartLine; + this.repeatCount = repeatCount; + this.outputStartLine = outputStartLine; + this.outputLineIncrement = outputLineIncrement; + } + + public LineInfo( + final FileInfo fileInfo, + final int inputStartLine, + final int repeatCount, + final int outputStartLine, + final int outputLineIncrement) { + fileId = -1; + this.fileInfo = fileInfo; + this.inputStartLine = inputStartLine; + this.repeatCount = repeatCount; + this.outputStartLine = outputStartLine; + this.outputLineIncrement = outputLineIncrement; + } + + @Override + public Object clone() { + LineInfo lineInfo = + new LineInfo(fileId, inputStartLine, repeatCount, outputStartLine, outputLineIncrement); + + lineInfo.setFileInfo(fileInfo); + return lineInfo; + } + + public int getFileId() { + return fileId; + } + + public void setFileId(final int fileId) { + this.fileId = fileId; + } + + public int resolveFileId() { + if (fileInfo != null) { + fileId = fileInfo.getFileId(); + } + return fileId; + } + + public int getInputStartLine() { + return inputStartLine; + } + + public void setInputStartLine(final int inputStartLine) { + this.inputStartLine = inputStartLine; + } + + public int getRepeatCount() { + return repeatCount; + } + + public void setRepeatCount(final int repeatCount) { + this.repeatCount = repeatCount; + } + + public int getOutputStartLine() { + return outputStartLine; + } + + public void setOutputStartLine(final int outputStartLine) { + this.outputStartLine = outputStartLine; + } + + public int getOutputLineIncrement() { + return outputLineIncrement; + } + + public void setOutputLineIncrement(final int outputLineIncrement) { + this.outputLineIncrement = outputLineIncrement; + } + + public FileInfo getFileInfo() { + return fileInfo; + } + + public void setFileInfo(final FileInfo fileInfo) { + this.fileInfo = fileInfo; + } + + @Override + public String toString() { + return "LineInfo [fileId=" + + fileId + + ", inputStartLine=" + + inputStartLine + + ", repeatCount=" + + repeatCount + + ", outputStartLine=" + + outputStartLine + + ", outputLineIncrement=" + + outputLineIncrement + + ", fileInfo=" + + fileInfo + + "]\n"; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Location.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Location.java new file mode 100755 index 00000000000..5789f4f08aa --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Location.java @@ -0,0 +1,20 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public class Location { + private final FileInfo fileInfo; + + private final int lineNum; + + public Location(final FileInfo fileInfo, final int lineNum) { + this.fileInfo = fileInfo; + this.lineNum = lineNum; + } + + public FileInfo getFileInfo() { + return fileInfo; + } + + public int getLineNum() { + return lineNum; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/ParserException.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/ParserException.java new file mode 100755 index 00000000000..f5eb877f9f9 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/ParserException.java @@ -0,0 +1,12 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public class ParserException extends SourceMapException { + /** */ + private static final long serialVersionUID = 4991227723777615317L; + + public ParserException() {} + + public ParserException(final String msg) { + super(msg); + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Resolver.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Resolver.java new file mode 100755 index 00000000000..fa1eae278d9 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Resolver.java @@ -0,0 +1,179 @@ +package datadog.trace.agent.tooling.iast.stratum; + +import java.util.Iterator; +import java.util.List; + +public class Resolver { + public SourceMap resolve(final SourceMap sourceMap) { + SourceMap result = (SourceMap) sourceMap.clone(); + for (EmbeddedStratum stratum : result.getEmbeddedStratumList()) { + StratumExt outerStratum = result.getStratum(stratum.getName()); + if (outerStratum != null) { + for (SourceMap embeddedSourceMap : stratum.getSourceMapList()) { + SourceMap resolvedEmbeddedSourceMap = resolve(embeddedSourceMap); + String outerFileName = resolvedEmbeddedSourceMap.getOutputFileName(); + for (StratumExt embeddedStratum : resolvedEmbeddedSourceMap.getStratumList()) { + StratumExt resolvedStratum = result.getStratum(embeddedStratum.getName()); + if (resolvedStratum == null) { + resolvedStratum = new StratumExt(embeddedStratum.getName()); + result.getStratumList().add(resolvedStratum); + } + resolve(new Context(outerStratum, outerFileName, resolvedStratum, embeddedStratum)); + } + } + } + } + result.getEmbeddedStratumList().clear(); + return result; + } + + private void resolve(final Context context) { + for (LineInfo eli : context.embeddedStratum.getLineInfo()) { + resolve(context, eli); + } + } + + private void resolve(final Context context, final LineInfo eli) { + Iterator iter; + if (eli.getRepeatCount() > 0) { + for (iter = context.outerStratum.getLineInfo().iterator(); iter.hasNext(); ) { + LineInfo oli = iter.next(); + if (oli.getFileInfo().getInputFileName().equals(context.outerFileName)) { + if (oli.getInputStartLine() <= eli.getOutputStartLine() + && eli.getOutputStartLine() < oli.getInputStartLine() + oli.getRepeatCount()) { + int difference = eli.getOutputStartLine() - oli.getInputStartLine(); + int available = oli.getRepeatCount() - difference; + int completeCount = + Math.min(available / eli.getOutputLineIncrement(), eli.getRepeatCount()); + + FileInfo fileInfo = + getByPath( + context.resolvedStratum.getFileInfo(), eli.getFileInfo().getInputFilePath()); + if (fileInfo == null) { + fileInfo = (FileInfo) eli.getFileInfo().clone(); + context.resolvedStratum.getFileInfo().add(fileInfo); + } + if (completeCount > 0) { + LineInfo rli = + new LineInfo( + fileInfo, + eli.getInputStartLine(), + completeCount, + oli.getOutputStartLine() + difference * oli.getOutputLineIncrement(), + eli.getOutputLineIncrement() * oli.getOutputLineIncrement()); + + context.resolvedStratum.addLineInfo(rli); + LineInfo neli = + new LineInfo( + fileInfo, + eli.getInputStartLine() + completeCount, + eli.getRepeatCount() - completeCount, + eli.getOutputStartLine() + completeCount * eli.getOutputLineIncrement(), + eli.getOutputLineIncrement()); + + resolve(context, neli); + } else { + LineInfo rli = + new LineInfo( + fileInfo, + eli.getInputStartLine(), + 1, + oli.getOutputStartLine() + difference * oli.getOutputLineIncrement(), + available); + + context.resolvedStratum.addLineInfo(rli); + LineInfo neli = + new LineInfo( + fileInfo, + eli.getInputStartLine(), + 1, + eli.getOutputStartLine() + available, + eli.getOutputLineIncrement() - available); + + resolve(context, neli); + neli = + new LineInfo( + fileInfo, + eli.getInputStartLine() + 1, + eli.getRepeatCount() - 1, + eli.getOutputStartLine() + eli.getOutputLineIncrement(), + eli.getOutputLineIncrement()); + + resolve(context, neli); + } + } + } + } + } + } + + private FileInfo getByPath(final List list, final String filePath) { + for (FileInfo fileInfo : list) { + if (fileInfo.getInputFilePath().compareTo(filePath) == 0) { + return fileInfo; + } + } + return null; + } + + private class Context { + + StratumExt outerStratum; + + String outerFileName; + + StratumExt resolvedStratum; + + StratumExt embeddedStratum; + + public Context( + final StratumExt outerStratum, + final String outerFileName, + final StratumExt resolvedStratum, + final StratumExt embeddedStratum) { + this.outerStratum = outerStratum; + this.outerFileName = outerFileName; + this.resolvedStratum = resolvedStratum; + this.embeddedStratum = embeddedStratum; + } + } + + public Location resolve(final SourceMap sourceMap, final String stratumName, final int lineNum) { + SourceMap resolvedSourceMap = resolve(sourceMap); + StratumExt stratum = resolvedSourceMap.getStratum(stratumName); + if (stratum == null) { + return new Location(null, lineNum); + } + LineInfo bestFitLineInfo = null; + int bestFitLineNum = lineNum; + int bfOutputStartLine = Integer.MIN_VALUE; + int bfOutputEndLine = Integer.MAX_VALUE; + for (Iterator iter = stratum.getLineInfo().iterator(); iter.hasNext(); ) { + LineInfo lineInfo = iter.next(); + for (int i = 0; i < lineInfo.getRepeatCount(); i++) { + int outputStartLine = lineInfo.getOutputStartLine() + i * lineInfo.getOutputLineIncrement(); + int outputEndLine = + Math.max(outputStartLine, outputStartLine + lineInfo.getOutputLineIncrement() - 1); + if (outputStartLine <= lineNum && lineNum <= outputEndLine) { + if (lineInfo.getOutputLineIncrement() == 1) { + return new Location(lineInfo.getFileInfo(), lineInfo.getInputStartLine() + i); + } + if (bfOutputStartLine <= outputStartLine && outputEndLine <= bfOutputEndLine) { + bestFitLineInfo = lineInfo; + bestFitLineNum = lineInfo.getInputStartLine() + i; + bfOutputStartLine = + bestFitLineInfo.getOutputStartLine() + i * bestFitLineInfo.getOutputLineIncrement(); + bfOutputEndLine = + Math.max( + bfOutputStartLine, + bfOutputStartLine + bestFitLineInfo.getOutputLineIncrement() - 1); + } + } + } + } + if (bestFitLineInfo != null) { + return new Location(bestFitLineInfo.getFileInfo(), bestFitLineNum); + } + return new Location(null, lineNum); + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java new file mode 100755 index 00000000000..a827d135251 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java @@ -0,0 +1,86 @@ +package datadog.trace.agent.tooling.iast.stratum; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +public class SourceMap implements Cloneable { + private String outputFileName; + + private String defaultStratumName; + + private final List stratumList = new ArrayList(); + + private final List embeddedStratumList = new ArrayList(); + + public SourceMap() {} + + public SourceMap(final String outputFileName, final String defaultStratumName) { + this.outputFileName = outputFileName; + this.defaultStratumName = defaultStratumName; + } + + @Override + public Object clone() { + SourceMap sourceMap = new SourceMap(outputFileName, defaultStratumName); + for (Iterator iter = stratumList.iterator(); iter.hasNext(); ) { + sourceMap.getStratumList().add((StratumExt) iter.next().clone()); + } + for (Iterator iter = embeddedStratumList.iterator(); iter.hasNext(); ) { + sourceMap.getEmbeddedStratumList().add((EmbeddedStratum) iter.next().clone()); + } + return sourceMap; + } + + public boolean isResolved() { + return embeddedStratumList.isEmpty(); + } + + public String getOutputFileName() { + return outputFileName; + } + + public void setOutputFileName(final String outputFileName) { + this.outputFileName = outputFileName; + } + + public String getDefaultStratumName() { + return defaultStratumName; + } + + public void setDefaultStratumName(final String defaultStratumName) { + this.defaultStratumName = defaultStratumName; + } + + public List getStratumList() { + return stratumList; + } + + public void setStratumList(final List stratumList) { + this.stratumList.clear(); + if (stratumList != null) { + this.stratumList.addAll(stratumList); + } + } + + public List getEmbeddedStratumList() { + return embeddedStratumList; + } + + public void setEmbeddedStratumList(final List embeddedStratumList) { + this.embeddedStratumList.clear(); + if (embeddedStratumList != null) { + this.embeddedStratumList.addAll(embeddedStratumList); + } + } + + public StratumExt getStratum(final String stratumName) { + for (Iterator iter = stratumList.iterator(); iter.hasNext(); ) { + StratumExt stratum = iter.next(); + if (stratum.getName().compareTo(stratumName) == 0) { + return stratum; + } + } + return null; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMapException.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMapException.java new file mode 100755 index 00000000000..9c6f2647f34 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMapException.java @@ -0,0 +1,12 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public class SourceMapException extends Exception { + /** */ + private static final long serialVersionUID = 254089927846131094L; + + public SourceMapException() {} + + public SourceMapException(final String msg) { + super(msg); + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java new file mode 100644 index 00000000000..a696ae56324 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java @@ -0,0 +1,5 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public interface Stratum { + int getInputLineNumber(final int outputLineNumber); +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java new file mode 100755 index 00000000000..2aa6dcacbce --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java @@ -0,0 +1,168 @@ +package datadog.trace.agent.tooling.iast.stratum; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.Comparator; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class StratumExt extends AbstractStratum implements Cloneable, Stratum { + private final List fileInfo = new ArrayList(); + + private int[] lineStart = null; + + private final List lineInfo = new ArrayList(); + + private final List vendorInfo = new ArrayList(); + + private final List unknownInfo = new ArrayList(); + + private static final Logger LOG = LoggerFactory.getLogger(StratumExt.class); + + public StratumExt() { + this(""); + } + + public StratumExt(final String name) { + super(name); + } + + @Override + public int getInputLineNumber(final int outputLineNumber) { + try { + List info = getLineInfo(); + int startPoint = Arrays.binarySearch(getLineStart(), outputLineNumber); + if (startPoint < 0) { + if (startPoint == -1) { + startPoint = 0; + } else { + startPoint = Math.abs(startPoint) - 2; + } + } + int size = info.size(); + for (int i = startPoint; i < size; i++) { + LineInfo li = info.get(i); + final int start = li.outputStartLine; + if (outputLineNumber >= start) { + int offset = li.repeatCount * li.outputLineIncrement - 1; + int stop = li.outputStartLine + offset; + if (outputLineNumber <= stop) { + int rc = (outputLineNumber - li.outputStartLine) / li.outputLineIncrement; + return li.inputStartLine + rc; + } + } + } + } catch (Exception e) { + LOG.error("Could not get input line number from stratum", e); + } + return 0; + } + + @Override + public Object clone() { + StratumExt stratum = new StratumExt(getName()); + for (Iterator iter = vendorInfo.iterator(); iter.hasNext(); ) { + stratum.getVendorInfo().add((VendorInfo) iter.next().clone()); + } + for (Iterator iter = unknownInfo.iterator(); iter.hasNext(); ) { + stratum.getUnknownInfo().add((UnknownInfo) iter.next().clone()); + } + Map fileInfoMap = new HashMap(); + for (Iterator iter = fileInfo.iterator(); iter.hasNext(); ) { + FileInfo fileInfoOrig = iter.next(); + FileInfo fileInfoClone = (FileInfo) fileInfoOrig.clone(); + fileInfoMap.put(fileInfoOrig, fileInfoClone); + stratum.getFileInfo().add(fileInfoClone); + } + + for (Iterator iter = lineInfo.iterator(); iter.hasNext(); ) { + LineInfo lineInfo = iter.next(); + FileInfo fileInfo = lineInfo.getFileInfo(); + if (fileInfo != null) { + fileInfo = fileInfoMap.get(fileInfo); + lineInfo.setFileInfo(fileInfo); + } + stratum.addLineInfo(lineInfo); + } + + return stratum; + } + + public List getFileInfo() { + return fileInfo; + } + + public void setFileInfo(final List fileInfoList) { + fileInfo.clear(); + if (fileInfoList != null) { + fileInfo.addAll(fileInfoList); + } + } + + public List getLineInfo() { + return lineInfo; + } + + public void addLineInfo(final LineInfo info) { + lineInfo.add(info); + Collections.sort( + lineInfo, + new Comparator() { + + @Override + public int compare(final LineInfo o1, final LineInfo o2) { + return o1.getOutputStartLine() - o2.getOutputStartLine(); + } + }); + } + + public int[] getLineStart() { + if (lineStart == null) { + lineStart = new int[lineInfo.size()]; + for (int i = 0; i < lineStart.length; i++) { + lineStart[i] = lineInfo.get(i).getOutputStartLine(); + } + } + return lineStart; + } + + public List getVendorInfo() { + return vendorInfo; + } + + public void setVendorInfo(final List vendorInfoList) { + vendorInfo.clear(); + if (vendorInfoList != null) { + vendorInfo.addAll(vendorInfoList); + } + } + + public List getUnknownInfo() { + return unknownInfo; + } + + public void setUnknownInfo(final List unknownInfoList) { + unknownInfo.clear(); + if (unknownInfoList != null) { + unknownInfo.addAll(unknownInfoList); + } + } + + @Override + public String toString() { + return "Stratum [fileInfoList=" + + fileInfo + + ", lineInfoList=" + + lineInfo + + ", vendorInfoList=" + + vendorInfo + + ", unknownInfoList=" + + unknownInfo + + "]"; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java new file mode 100644 index 00000000000..070b668bc48 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java @@ -0,0 +1,106 @@ +package datadog.trace.agent.tooling.iast.stratum; + +import datadog.trace.agent.tooling.iast.stratum.parser.Parser; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; +import org.objectweb.asm.ClassReader; +import org.objectweb.asm.ClassVisitor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class StratumManager { + + private static final Logger LOG = LoggerFactory.getLogger(StratumManager.class); + + private static final Map map = new ConcurrentHashMap<>(); + + public static final StratumExt NO_DEBUG_INFO = new StratumExt(); + + private static boolean EMPTY_DEBUG_INFO; + + public static boolean shouldBeAnalyzed(final String internalClassName) { + return internalClassName.contains("jsp") + && (internalClassName.contains("_jsp") + || internalClassName.contains("jsp_") + || internalClassName.contains("2ejsp") + || internalClassName.contains("_tag")); + } + + public static void analyzeClass(final byte[] bytes) { + StratumExt s = getDefaultStratum(bytes); + if (s != null) { + map.put(s.getName(), s); + } + } + + public static Stratum get(final String classname) { + StratumExt s = map.get(classname); + if (s != null) { + return s; + } else if (EMPTY_DEBUG_INFO) { + return NO_DEBUG_INFO; + } else { + return null; + } + } + + private static SourceMap getResolvedSmap(final String smap) { + try { + SourceMap[] sourceMaps = new Parser().parse(smap); + + return new Resolver().resolve(sourceMaps[0]); + } catch (Exception e) { + LOG.error("Could not get resolved source map from smap", e); + } + return null; + } + + private static StratumExt getDefaultStratum(final byte[] bytes) { + try { + String[] classData = extractSourceDebugExtensionASM(bytes); + if (classData[1] == null) { + EMPTY_DEBUG_INFO = true; + return null; + } + SourceMap smap = getResolvedSmap(classData[1]); + StratumExt stratum = smap != null ? smap.getStratum(smap.getDefaultStratumName()) : null; + + if (stratum == null) { + EMPTY_DEBUG_INFO = true; + return null; + } + + stratum.setName(classData[0]); + return stratum; + } catch (Exception e) { + LOG.error("Could not get default stratum from byte array", e); + } + return null; + } + + private static String[] extractSourceDebugExtensionASM(final byte[] classBytes) { + ClassReader cr = new ClassReader(classBytes); + final String[] result = new String[2]; + cr.accept( + new ClassVisitor(262144) { + @Override + public void visit( + final int version, + final int access, + final String name, + final String signature, + final String superName, + final String[] interfaces) { + result[0] = name.replace('/', '.'); + } + + @Override + public void visitSource(final String source, final String debug) { + result[1] = debug; + } + }, + 0); + + return result; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/UnknownInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/UnknownInfo.java new file mode 100755 index 00000000000..ae5bd15ca9c --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/UnknownInfo.java @@ -0,0 +1,18 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public class UnknownInfo implements Cloneable { + private final String[] data; + + public UnknownInfo(final String[] data) { + this.data = data; + } + + @Override + public Object clone() { + return new UnknownInfo(data.clone()); + } + + public String[] getData() { + return data; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java new file mode 100755 index 00000000000..2ad2b854bd9 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java @@ -0,0 +1,25 @@ +package datadog.trace.agent.tooling.iast.stratum; + +public class VendorInfo implements Cloneable { + private final String vendorId; + + private final String[] data; + + public VendorInfo(final String vendorId, final String[] data) { + this.vendorId = vendorId; + this.data = data; + } + + @Override + public Object clone() { + return new VendorInfo(vendorId, data.clone()); + } + + public String getVendorId() { + return vendorId; + } + + public String[] getData() { + return data; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builder.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builder.java new file mode 100755 index 00000000000..2a2bc452d2f --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builder.java @@ -0,0 +1,18 @@ +package datadog.trace.agent.tooling.iast.stratum.parser; + +import datadog.trace.agent.tooling.iast.stratum.SourceMapException; + +abstract class Builder { + + private final String section; + + Builder(final String section) { + this.section = section; + } + + String getSectionName() { + return section; + } + + abstract void build(State paramState, String[] paramArrayOfString) throws SourceMapException; +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java new file mode 100644 index 00000000000..cff691f3243 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java @@ -0,0 +1,194 @@ +package datadog.trace.agent.tooling.iast.stratum.parser; + +import datadog.trace.agent.tooling.iast.stratum.EmbeddedStratum; +import datadog.trace.agent.tooling.iast.stratum.FileInfo; +import datadog.trace.agent.tooling.iast.stratum.LineInfo; +import datadog.trace.agent.tooling.iast.stratum.SourceMap; +import datadog.trace.agent.tooling.iast.stratum.SourceMapException; +import datadog.trace.agent.tooling.iast.stratum.StratumExt; +import datadog.trace.agent.tooling.iast.stratum.UnknownInfo; +import datadog.trace.agent.tooling.iast.stratum.VendorInfo; +import datadog.trace.agent.tooling.iast.stratum.utils.PatternUtils; + +class Builders { + + private static final String LineInfoPattern = + "(\\d++)(#(\\d++))?(,(\\d++))?:(\\d++)(,(\\d++))?($)"; + + public static final Builder closeStratumBuilder() { + return new Builder("C") { + + @Override + public void build(final State state, final String[] lines) throws SourceMapException { + String[] tokens = lines[0].split(" ", 2); + if (tokens.length < 2 || tokens[1].equals("")) { + throw new SourceMapException("Stratum name expected"); + } + EmbeddedStratum embeddedStratum = new EmbeddedStratum(tokens[1]); + state.pop(embeddedStratum); + } + }; + } + + public static final Builder endSourceMapBuilder() { + return new Builder("E") { + + @Override + public void build(final State state, final String[] lines) throws SourceMapException { + state.endSourceMap(); + } + }; + } + + public static final Builder fileInfoBuilder() { + return new Builder("F") { + + @Override + public void build(final State state, final String[] lines) throws SourceMapException { + if (!state.getStratum().getFileInfo().isEmpty()) { + throw new SourceMapException("Only one file section allowed"); + } + for (int i = 1; i < lines.length; ) { + FileInfo fileInfo = new FileInfo(); + String s = lines[i++]; + String fileId = "0"; + String fileName = ""; + String filePath = ""; + if (s.startsWith("+")) { + String[] tokens = s.split(" ", 3); + fileId = tokens[1]; + fileName = tokens[2]; + if (i == lines.length) { + throw new SourceMapException("File path expected"); + } + filePath = lines[i++]; + } else { + String[] tokens = s.split(" ", 2); + fileId = tokens[0]; + fileName = tokens[1]; + filePath = fileName; + } + try { + fileInfo.setFileId(Integer.parseInt(fileId)); + } catch (NumberFormatException nfe) { + throw new SourceMapException("Invalid file id: " + fileId); + } + fileInfo.setInputFileName(fileName); + fileInfo.setInputFilePath(filePath); + state.getStratum().getFileInfo().add(fileInfo); + } + } + }; + } + + public static Builder lineInfoBuilder() { + return new Builder("L") { + + @Override + public void build(final State state, final String[] lines) throws SourceMapException { + if (!state.getStratum().getLineInfo().isEmpty()) { + throw new SourceMapException("Only one line section allowed"); + } + PatternUtils.LimitedPattern p = PatternUtils.compile(LineInfoPattern); + int fileId = 0; + for (int i = 1; i < lines.length; i++) { + int inputStartLine = 1; + int repeatCount = 1; + int outputStartLine = 1; + int outputLineIncrement = 1; + PatternUtils.LimitedMatcher m = p.matcher(lines[i]); + if (!m.matches()) { + throw new SourceMapException("Invalid line info: " + lines[i]); + } + try { + inputStartLine = Integer.parseInt(m.group(1)); + if (m.group(3) != null) { + fileId = Integer.parseInt(m.group(3)); + } + if (m.group(5) != null) { + repeatCount = Integer.parseInt(m.group(5)); + } + outputStartLine = Integer.parseInt(m.group(6)); + if (m.group(8) != null) { + outputLineIncrement = Integer.parseInt(m.group(8)); + } + } catch (NumberFormatException nfe) { + throw new SourceMapException("Invalid line info: " + lines[i]); + } + LineInfo lineInfo = + new LineInfo( + fileId, inputStartLine, repeatCount, outputStartLine, outputLineIncrement); + state.getStratum().addLineInfo(lineInfo); + } + } + }; + } + + public static Builder sourceMapBuilder() { + return new Builder("SMAP") { + @Override + public void build(final State state, final String[] lines) throws SourceMapException { + if (lines.length < 3) { + throw new SourceMapException("Source map information expected"); + } + SourceMap sourceMap = new SourceMap(lines[1], lines[2]); + state.getParentStratum().getSourceMapList().add(sourceMap); + state.setSourceMap(sourceMap); + } + }; + } + + public static Builder openEmbeddedStratumBuilder() { + return new Builder("O") { + @Override + public void build(final State state, final String[] lines) throws SourceMapException { + String[] tokens = lines[0].split(" ", 2); + if (tokens.length < 2 || tokens[1].equals("")) { + throw new SourceMapException("Stratum name expected"); + } + EmbeddedStratum embeddedStratum = new EmbeddedStratum(tokens[1]); + state.getSourceMap().getEmbeddedStratumList().add(embeddedStratum); + state.push(embeddedStratum); + } + }; + } + + public static Builder stratumBuilder() { + return new Builder("S") { + @Override + public void build(final State state, final String[] lines) throws SourceMapException { + String[] tokens = lines[0].split(" ", 2); + if (tokens.length < 2 || tokens[1].equals("")) { + throw new SourceMapException("Stratum name expected"); + } + StratumExt stratum = new StratumExt(tokens[1]); + state.getSourceMap().getStratumList().add(stratum); + state.setStratum(stratum); + } + }; + } + + public static Builder vendorInfoBuilder() { + return new Builder("V") { + @Override + public void build(final State state, final String[] lines) throws SourceMapException { + if (lines.length < 1) { + throw new SourceMapException("Vendor information expected"); + } + String[] viLines = new String[lines.length - 2]; + System.arraycopy(lines, 2, viLines, 0, viLines.length); + + state.getStratum().getVendorInfo().add(new VendorInfo(lines[1], viLines)); + } + }; + } + + public static Builder unknownInfoBuilder() { + return new Builder("") { + @Override + public void build(final State state, final String[] lines) throws SourceMapException { + state.getStratum().getUnknownInfo().add(new UnknownInfo(lines)); + } + }; + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java new file mode 100755 index 00000000000..7ca55f5285a --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java @@ -0,0 +1,154 @@ +package datadog.trace.agent.tooling.iast.stratum.parser; + +import datadog.trace.agent.tooling.iast.stratum.EmbeddedStratum; +import datadog.trace.agent.tooling.iast.stratum.FileInfo; +import datadog.trace.agent.tooling.iast.stratum.LineInfo; +import datadog.trace.agent.tooling.iast.stratum.ParserException; +import datadog.trace.agent.tooling.iast.stratum.SourceMap; +import datadog.trace.agent.tooling.iast.stratum.SourceMapException; +import datadog.trace.agent.tooling.iast.stratum.StratumExt; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.Reader; +import java.io.StringReader; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.TreeMap; + +public class Parser { + private final Map builders = new TreeMap(); + + private final State state = new State(); + + public Parser() { + registerBuilders(); + } + + protected void registerBuilders() { + add(Builders.sourceMapBuilder()); + add(Builders.endSourceMapBuilder()); + add(Builders.stratumBuilder()); + add(Builders.fileInfoBuilder()); + add(Builders.lineInfoBuilder()); + add(Builders.vendorInfoBuilder()); + add(Builders.openEmbeddedStratumBuilder()); + add(Builders.closeStratumBuilder()); + } + + private void parseInit() throws SourceMapException { + state.init(); + } + + private SourceMap[] parseDone() throws SourceMapException { + EmbeddedStratum result = state.done(); + resolveLineFileInfo(result); + return result.getSourceMapList().toArray(new SourceMap[0]); + } + + private void resolveLineFileInfo(final EmbeddedStratum embeddedStratum) + throws SourceMapException { + for (Iterator iter = embeddedStratum.getSourceMapList().iterator(); + iter.hasNext(); ) { + SourceMap sourceMap = iter.next(); + resolveLineFileInfo(sourceMap); + } + } + + private void resolveLineFileInfo(final SourceMap sourceMap) throws SourceMapException { + for (Iterator iter = sourceMap.getStratumList().iterator(); iter.hasNext(); ) { + StratumExt stratum = iter.next(); + resolveLineFileInfo(stratum); + } + for (Iterator iter = sourceMap.getEmbeddedStratumList().iterator(); + iter.hasNext(); ) { + EmbeddedStratum stratum = iter.next(); + resolveLineFileInfo(stratum); + } + } + + private void resolveLineFileInfo(final StratumExt stratum) throws SourceMapException { + for (Iterator iter = stratum.getLineInfo().iterator(); iter.hasNext(); ) { + LineInfo lineInfo = iter.next(); + FileInfo fileInfo = get(stratum.getFileInfo(), lineInfo.getFileId()); + if (fileInfo == null) { + throw new ParserException("Invalid file id: " + lineInfo.getFileId()); + } + lineInfo.setFileInfo(fileInfo); + } + } + + public FileInfo get(final List list, final int fileId) { + for (FileInfo fileInfo : list) { + if (fileInfo.getFileId() == fileId) { + return fileInfo; + } + } + return null; + } + + private Builder getBuilder(final String[] lines) throws SourceMapException { + if (lines.length == 0) { + return null; + } + String sectionName = lines[0]; + String[] tokens = lines[0].split(" ", 2); + if (tokens.length > 1) { + sectionName = tokens[0].trim(); + } + if (sectionName.startsWith("*")) { + sectionName = sectionName.substring("*".length()); + } + Builder builder = builders.get(sectionName); + if (builder == null) { + builder = Builders.unknownInfoBuilder(); + } + return builder; + } + + private void parseSection(final String[] lines) throws SourceMapException { + Builder builder = getBuilder(lines); + if (builder != null) { + builder.build(state, lines); + } + } + + public SourceMap[] parse(final String source) throws SourceMapException, IOException { + return parse(new StringReader(source)); + } + + public SourceMap[] parse(final Reader reader) throws SourceMapException, IOException { + String line = ""; + try { + parseInit(); + ArrayList lines = new ArrayList(); + BufferedReader br = new BufferedReader(reader); + boolean sectionLine = true; + while ((line = br.readLine()) != null) { + state.lineNumber += 1; + if (line.startsWith("*") || sectionLine && line.equals("SMAP")) { + parseSection(lines.toArray(new String[0])); + lines.clear(); + } + sectionLine = line.startsWith("*"); + lines.add(line); + } + parseSection(lines.toArray(new String[0])); + return parseDone(); + } catch (SourceMapException sme) { + ParserException pe = + new ParserException(sme.getMessage() + ":" + state.lineNumber + ":" + line); + pe.initCause(sme); + throw pe; + } + } + + public void add(final Builder builder) { + builders.put(builder.getSectionName(), builder); + } + + public void remove(final Builder builder) { + builders.remove(builder.getSectionName()); + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/State.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/State.java new file mode 100755 index 00000000000..4f6659a07bd --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/State.java @@ -0,0 +1,104 @@ +package datadog.trace.agent.tooling.iast.stratum.parser; + +import datadog.trace.agent.tooling.iast.stratum.EmbeddedStratum; +import datadog.trace.agent.tooling.iast.stratum.ParserException; +import datadog.trace.agent.tooling.iast.stratum.SourceMap; +import datadog.trace.agent.tooling.iast.stratum.SourceMapException; +import datadog.trace.agent.tooling.iast.stratum.StratumExt; +import java.util.ArrayDeque; +import java.util.Deque; + +class State { + private SourceMap sourceMap; + + private StratumExt stratum; + + private EmbeddedStratum parentStratum; + + private final Deque stateStack = new ArrayDeque<>(); + + int lineNumber; + + public void init() { + lineNumber = 0; + sourceMap = null; + stratum = null; + parentStratum = new EmbeddedStratum(); + stateStack.clear(); + } + + public EmbeddedStratum done() throws SourceMapException { + if (!stateStack.isEmpty()) { + throw new ParserException("Unbalanced source map"); + } + return parentStratum; + } + + public SourceMap getSourceMap() { + return sourceMap; + } + + void setSourceMap(final SourceMap sourceMap) throws SourceMapException { + if (this.sourceMap != null) { + throw new ParserException("End of source map expected"); + } + this.sourceMap = sourceMap; + stratum = null; + } + + void endSourceMap() throws SourceMapException { + if (sourceMap == null) { + throw new ParserException("Unexpected end of source map"); + } + sourceMap = null; + stratum = null; + } + + public StratumExt getStratum() throws SourceMapException { + if (stratum == null) { + throw new ParserException("Stratum expected"); + } + return stratum; + } + + void setStratum(final StratumExt stratum) throws SourceMapException { + if (sourceMap == null) { + throw new ParserException("Source map expected"); + } + this.stratum = stratum; + } + + void push(final EmbeddedStratum embeddedStratum) throws SourceMapException { + stateStack.push(new StackItem(sourceMap, parentStratum)); + endSourceMap(); + setParentStratum(embeddedStratum); + } + + void pop(final EmbeddedStratum embeddedStratum) throws SourceMapException { + if (!parentStratum.getName().equals(embeddedStratum.getName())) { + throw new ParserException("Invalid closing embedded stratum: " + embeddedStratum.getName()); + } + StackItem item = stateStack.pop(); + setSourceMap(item.sourceMap); + setParentStratum(item.parentStratum); + } + + public EmbeddedStratum getParentStratum() { + return parentStratum; + } + + private void setParentStratum(final EmbeddedStratum parentStratum) { + this.parentStratum = parentStratum; + } + + private class StackItem { + SourceMap sourceMap; + + EmbeddedStratum parentStratum; + + public StackItem(final SourceMap sourceMap, final EmbeddedStratum parentStratum) { + this.sourceMap = sourceMap; + this.parentStratum = parentStratum; + } + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/PatternUtils.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/PatternUtils.java new file mode 100644 index 00000000000..d7d8f7be740 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/PatternUtils.java @@ -0,0 +1,124 @@ +package datadog.trace.agent.tooling.iast.stratum.utils; + +import java.util.regex.Pattern; + +public class PatternUtils { + + public static final int DEFAULT_ITERATIONS = 5000000; + + private static final RuntimeException BLOCKING = new RuntimeException(); + + private static final Runnable BLOCKER = + () -> { + throw BLOCKING; + }; + + private PatternUtils() {} + + public static LimitedPattern compile(final String pattern) { + return new LimitedPattern(Pattern.compile(pattern)); + } + + public static LimitedPattern compile(final String pattern, final int flags) { + return new LimitedPattern(Pattern.compile(pattern, flags)); + } + + public static LimitedPattern compile(final Pattern pattern) { + if (pattern != null) { + return new LimitedPattern(pattern); + } + return null; + } + + public static class LimitedPattern { + + Pattern pattern; + + LimitedPattern(final Pattern pattern) { + this.pattern = pattern; + } + + public LimitedMatcher matcher(final CharSequence seq) { + return new LimitedMatcher( + seq, pattern.matcher(new StoppableCharSequence(seq, DEFAULT_ITERATIONS, BLOCKER))); + } + + public String pattern() { + return pattern.pattern(); + } + + public Pattern internal() { + return pattern; + } + + @Override + public String toString() { + return pattern(); + } + } + + public static class LimitedMatcher { + + private final java.util.regex.Matcher jmatcher; + + private final CharSequence seq; + + public LimitedMatcher(final CharSequence seq, final java.util.regex.Matcher jmatcher) { + this.seq = seq; + this.jmatcher = jmatcher; + } + + public boolean find() { + try { + return jmatcher.find(); + } catch (RuntimeException e) { + return false; + } + } + + public boolean matches() { + try { + return jmatcher.matches(); + } catch (RuntimeException e) { + return false; + } + } + + public String replaceFirst(final String replacement) { + try { + return jmatcher.replaceFirst(replacement); + } catch (RuntimeException e) { + return String.valueOf(seq); + } + } + + public String replaceAll(final String replacement) { + try { + return jmatcher.replaceAll(replacement); + } catch (RuntimeException e) { + return String.valueOf(seq); + } + } + + public String group(final int group) { + return jmatcher.group(group); + } + + public int start() { + return jmatcher.start(); + } + + public int end() { + return jmatcher.end(); + } + + public LimitedMatcher appendReplacement(final StringBuffer sb, final String replacement) { + jmatcher.appendReplacement(sb, replacement); + return this; + } + + public StringBuffer appendTail(final StringBuffer sb) { + return jmatcher.appendTail(sb); + } + } +} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/StoppableCharSequence.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/StoppableCharSequence.java new file mode 100644 index 00000000000..a16cdbae3a9 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/StoppableCharSequence.java @@ -0,0 +1,44 @@ +package datadog.trace.agent.tooling.iast.stratum.utils; + +public class StoppableCharSequence implements CharSequence { + + protected final CharSequence original; + + protected Runnable onPendingFinished; + + int pending; + + protected StoppableCharSequence(final CharSequence original, final int maxIt) { + this(original, maxIt, null); + } + + public StoppableCharSequence( + final CharSequence original, final int maxIt, final Runnable onPendingFinished) { + this.original = original; + pending = Math.max(original.length() * 5, maxIt); + this.onPendingFinished = onPendingFinished; + } + + @Override + public char charAt(final int index) { + if (pending-- == 0) { + onPendingFinished.run(); + } + return original.charAt(index); + } + + @Override + public int length() { + return original.length(); + } + + @Override + public CharSequence subSequence(final int start, final int stop) { + return original.subSequence(start, stop); + } + + @Override + public String toString() { + return original.toString(); + } +} diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy new file mode 100644 index 00000000000..cd990afc2d5 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy @@ -0,0 +1,48 @@ +package datadog.trace.agent.tooling.iast.stratum + +import datadog.trace.test.util.DDSpecification +import org.apache.commons.io.IOUtils + +class StratumManagerTest extends DDSpecification { + + void 'test StratumManager shouldBeAnalyzed'(){ + + when: + def result = StratumManager.shouldBeAnalyzed(internalClassName) + + then: + result == expected + + where: + internalClassName | expected + 'foo/bar/Baz' | false + 'foo/jsp/Baz' | false + 'foo/bar/Baz_jsp' | true + 'foo/bar/jsp_Baz' | true + 'foo/bar/Baz2ejsp' | true + 'foo/bar/Baz_tag' | false + 'foo/bar/jsp/Baz_tag' | true + } + + void 'test StratumManager analyzeClass'(){ + given: + final clazz = IndexJsp + + when: + StratumManager.analyzeClass(readClassBytes(clazz)) + + then: + final result = StratumManager.get(IndexJsp.getSimpleName()) != null + result == true + } + + byte [] readClassBytes(Class clazz){ + final String classResourceName = clazz.getName().replace('.', '/') + ".class" + try (InputStream is = clazz.getClassLoader().getResourceAsStream(classResourceName)) { + if(is == null) { + throw new IllegalStateException("Could not find class resource: " + classResourceName) + } + return IOUtils.toByteArray(is) + } + } +} diff --git a/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/stratum/IndexJsp.java b/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/stratum/IndexJsp.java new file mode 100644 index 00000000000..8d881b45f1e --- /dev/null +++ b/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/stratum/IndexJsp.java @@ -0,0 +1,59 @@ +/* + * Generated by the Jasper component of Apache Tomcat + * Version: Apache Tomcat/7.0.47 + * Generated at: 2024-04-25 10:32:08 UTC + * Note: The last modified time of this file was set to + * the last modified time of the source file after + * generation to assist with modification tracking. + */ +package datadog.trace.agent.tooling.iast.stratum; + +import java.io.PrintWriter; +import java.io.Writer; +import javax.servlet.*; +import javax.servlet.http.*; + +public final class IndexJsp { + + private static java.util.Map _jspx_dependants; + + static { + _jspx_dependants = new java.util.HashMap(2); + _jspx_dependants.put("/WEB-INF/tlds/hdiv-c.tld", Long.valueOf(1709715080729L)); + _jspx_dependants.put("/WEB-INF/jsp/template/tags.jsp", Long.valueOf(1709715080729L)); + } + + public java.util.Map getDependants() { + return _jspx_dependants; + } + + public void _jspInit() {} + + public void _jspDestroy() {} + + public void _jspService(final HttpServletRequest request, final HttpServletResponse response) + throws java.io.IOException, ServletException { + + Writer out = null; + + response.setContentType("text/html"); + out = new PrintWriter(response.getWriter()); + + out.write("\n"); + out.write("\n"); + out.write("\n"); + out.write("\n"); + out.write("\n"); + out.write("\n"); + out.write("\n"); + out.write("\n"); + out.write("\n"); + out.write("Hdiv Spring Mvc Examples\n"); + out.write("\n"); + out.write("\n"); + out.write("\t"); + out.write("\n"); + out.write("\n"); + out.write("\n"); + } +} From fa33ab4789f7275a9dd2d02d919873d10e81b349 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Tue, 7 May 2024 10:18:00 +0200 Subject: [PATCH 02/28] improve StratumManager --- .../java/com/datadog/iast/Dependencies.java | 11 +- .../java/com/datadog/iast/IastSystem.java | 8 +- .../com/datadog/iast/sink/SinkModuleBase.java | 21 +- .../agent/tooling/iast/stratum/FileInfo.java | 4 + .../iast/stratum/GeneratorException.java | 12 - .../agent/tooling/iast/stratum/LineInfo.java | 14 + .../agent/tooling/iast/stratum/Stratum.java | 2 + .../tooling/iast/stratum/StratumExt.java | 8 + .../tooling/iast/stratum/StratumManager.java | 27 +- .../tooling/iast/stratum/VendorInfo.java | 4 + .../tooling/iast/stratum/parser/Builders.java | 4 + .../iast/stratum/StratumManagerTest.groovy | 23 +- .../register.jsp | 136 ++++++++ .../register_jsp.class | Bin 0 -> 12349 bytes .../register_jsp.java | 308 ++++++++++++++++++ .../iastinstrumenter/IastInstrumentation.java | 5 +- .../IastJSPClassListener.java | 32 ++ 17 files changed, 578 insertions(+), 41 deletions(-) delete mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/GeneratorException.java create mode 100644 dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register.jsp create mode 100644 dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class create mode 100644 dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.java create mode 100644 dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastJSPClassListener.java diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java index de8f760652c..feccf20f102 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java @@ -3,6 +3,7 @@ import com.datadog.iast.overhead.OverheadController; import datadog.trace.api.Config; import datadog.trace.api.iast.IastContext; +import datadog.trace.instrumentation.iastinstrumenter.IastJSPClassListener; import datadog.trace.util.stacktrace.StackWalker; import javax.annotation.Nonnull; @@ -13,6 +14,8 @@ public class Dependencies { private final OverheadController overheadController; private final StackWalker stackWalker; + private final IastJSPClassListener iastJSPClassListener; + final IastContext.Provider contextProvider; public Dependencies( @@ -20,12 +23,14 @@ public Dependencies( @Nonnull final Reporter reporter, @Nonnull final OverheadController overheadController, @Nonnull final StackWalker stackWalker, - @Nonnull final IastContext.Provider contextProvider) { + @Nonnull final IastContext.Provider contextProvider, + @Nonnull final IastJSPClassListener iastJSPClassListener) { this.config = config; this.reporter = reporter; this.overheadController = overheadController; this.stackWalker = stackWalker; this.contextProvider = contextProvider; + this.iastJSPClassListener = iastJSPClassListener; } public Config getConfig() { @@ -43,4 +48,8 @@ public OverheadController getOverheadController() { public StackWalker getStackWalker() { return stackWalker; } + + public IastJSPClassListener getIastJSPClassListener() { + return iastJSPClassListener; + } } diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java index bd002f60416..f5d104a2691 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java @@ -48,6 +48,7 @@ import datadog.trace.api.iast.InstrumentationBridge; import datadog.trace.api.iast.telemetry.IastMetricCollector; import datadog.trace.api.iast.telemetry.Verbosity; +import datadog.trace.instrumentation.iastinstrumenter.IastJSPClassListener; import datadog.trace.util.AgentTaskScheduler; import datadog.trace.util.stacktrace.StackWalkerFactory; import java.lang.reflect.Constructor; @@ -98,7 +99,12 @@ public static void start( IastContext.Provider.register(contextProvider); final Dependencies dependencies = new Dependencies( - config, reporter, overheadController, StackWalkerFactory.INSTANCE, contextProvider); + config, + reporter, + overheadController, + StackWalkerFactory.INSTANCE, + contextProvider, + IastJSPClassListener.INSTANCE); final boolean addTelemetry = config.getIastTelemetryVerbosity() != Verbosity.OFF; iastModules(iast, dependencies).forEach(InstrumentationBridge::registerIastModule); registerRequestStartedCallback(ss, addTelemetry, dependencies); diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java index ab9ac727304..3be3de3189a 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java @@ -19,10 +19,12 @@ import com.datadog.iast.util.ObjectVisitor; import com.datadog.iast.util.RangeBuilder; import datadog.trace.api.Config; +import datadog.trace.api.Pair; import datadog.trace.api.iast.IastContext; import datadog.trace.bootstrap.instrumentation.api.AgentSpan; import datadog.trace.bootstrap.instrumentation.api.AgentTracer; import datadog.trace.instrumentation.iastinstrumenter.IastExclusionTrie; +import datadog.trace.instrumentation.iastinstrumenter.IastJSPClassListener; import datadog.trace.util.stacktrace.StackWalker; import java.util.Iterator; import java.util.stream.Stream; @@ -40,10 +42,13 @@ public abstract class SinkModuleBase { protected final Reporter reporter; protected final StackWalker stackWalker; + protected final IastJSPClassListener iastJSPClassListener; + protected SinkModuleBase(@Nonnull final Dependencies dependencies) { overheadController = dependencies.getOverheadController(); reporter = dependencies.getReporter(); stackWalker = dependencies.getStackWalker(); + iastJSPClassListener = dependencies.getIastJSPClassListener(); } protected void report(final Vulnerability vulnerability) { @@ -301,7 +306,21 @@ protected Location buildLocation( } protected final StackTraceElement getCurrentStackTrace() { - return stackWalker.walk(SinkModuleBase::findValidPackageForVulnerability); + StackTraceElement stackTraceElement = + stackWalker.walk(SinkModuleBase::findValidPackageForVulnerability); + // TODO Call the listener to get the JSP class and line number + Pair pair = + iastJSPClassListener.getFileAndLine( + stackTraceElement.getClassName(), stackTraceElement.getLineNumber()); + if (pair != null) { + return new StackTraceElement( + stackTraceElement.getClassName(), + stackTraceElement.getMethodName(), + pair.getLeft(), + pair.getRight()); + } + + return stackTraceElement; } static StackTraceElement findValidPackageForVulnerability( diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java index 583ff4fe643..046eb155af1 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java @@ -1,5 +1,9 @@ package datadog.trace.agent.tooling.iast.stratum; +/** + * The fileInfo describes the translated-source file names + * https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#filesection + */ public class FileInfo implements Cloneable { private int fileId = -1; diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/GeneratorException.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/GeneratorException.java deleted file mode 100755 index b050cb05ef2..00000000000 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/GeneratorException.java +++ /dev/null @@ -1,12 +0,0 @@ -package datadog.trace.agent.tooling.iast.stratum; - -public class GeneratorException extends SourceMapException { - /** */ - private static final long serialVersionUID = -7787799486007303990L; - - public GeneratorException() {} - - public GeneratorException(final String msg) { - super(msg); - } -} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java index afb4a306d5e..bc581de74ae 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java @@ -1,5 +1,19 @@ package datadog.trace.agent.tooling.iast.stratum; +/** + * The line section associates line numbers in the output source with line numbers and source names + * in the input source. + * + *

The format of the line section is the line section marker *L on a line by itself, followed by + * the lines of LineInfo. Each LineInfo has the form: + * + *

InputStartLine # LineFileID , RepeatCount : OutputStartLine , OutputLineIncrement where all + * but + * + *

InputStartLine : OutputStartLine are optional. + * + *

https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#stratumsection + */ public class LineInfo implements Cloneable { private int fileId = -1; diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java index a696ae56324..31607cddf74 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java @@ -2,4 +2,6 @@ public interface Stratum { int getInputLineNumber(final int outputLineNumber); + + String getSourceFile(); } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java index 2aa6dcacbce..18e5b27ac4b 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java @@ -63,6 +63,14 @@ public int getInputLineNumber(final int outputLineNumber) { return 0; } + @Override + public String getSourceFile() { + if (fileInfo.isEmpty()) { + return null; + } + return fileInfo.get(0).getInputFilePath(); + } + @Override public Object clone() { StratumExt stratum = new StratumExt(getName()); diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java index 070b668bc48..5da135f8fd3 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java @@ -8,32 +8,41 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +/** + * Manages SMAP information for classes + * https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#stratumsection + */ public class StratumManager { private static final Logger LOG = LoggerFactory.getLogger(StratumManager.class); - private static final Map map = new ConcurrentHashMap<>(); + private StratumManager() { + // Prevent instantiation + } + + private final Map map = new ConcurrentHashMap<>(); + + public final StratumExt NO_DEBUG_INFO = new StratumExt(); - public static final StratumExt NO_DEBUG_INFO = new StratumExt(); + private boolean EMPTY_DEBUG_INFO; - private static boolean EMPTY_DEBUG_INFO; + public static final StratumManager INSTANCE = new StratumManager(); public static boolean shouldBeAnalyzed(final String internalClassName) { return internalClassName.contains("jsp") && (internalClassName.contains("_jsp") || internalClassName.contains("jsp_") - || internalClassName.contains("2ejsp") || internalClassName.contains("_tag")); } - public static void analyzeClass(final byte[] bytes) { + public void analyzeClass(final byte[] bytes) { StratumExt s = getDefaultStratum(bytes); if (s != null) { map.put(s.getName(), s); } } - public static Stratum get(final String classname) { + public Stratum get(final String classname) { StratumExt s = map.get(classname); if (s != null) { return s; @@ -44,7 +53,7 @@ public static Stratum get(final String classname) { } } - private static SourceMap getResolvedSmap(final String smap) { + private SourceMap getResolvedSmap(final String smap) { try { SourceMap[] sourceMaps = new Parser().parse(smap); @@ -55,7 +64,7 @@ private static SourceMap getResolvedSmap(final String smap) { return null; } - private static StratumExt getDefaultStratum(final byte[] bytes) { + private StratumExt getDefaultStratum(final byte[] bytes) { try { String[] classData = extractSourceDebugExtensionASM(bytes); if (classData[1] == null) { @@ -78,7 +87,7 @@ private static StratumExt getDefaultStratum(final byte[] bytes) { return null; } - private static String[] extractSourceDebugExtensionASM(final byte[] classBytes) { + private String[] extractSourceDebugExtensionASM(final byte[] classBytes) { ClassReader cr = new ClassReader(classBytes); final String[] result = new String[2]; cr.accept( diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java index 2ad2b854bd9..3a42c56f484 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java @@ -1,5 +1,9 @@ package datadog.trace.agent.tooling.iast.stratum; +/** + * The vendorInfo describes the vendor-specific information + * https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#vendorsection + */ public class VendorInfo implements Cloneable { private final String vendorId; diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java index cff691f3243..a82d3c2510d 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java @@ -10,6 +10,10 @@ import datadog.trace.agent.tooling.iast.stratum.VendorInfo; import datadog.trace.agent.tooling.iast.stratum.utils.PatternUtils; +/** + * A collection of builders to parse SMAP Information. + * https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#smap-syntax + */ class Builders { private static final String LineInfoPattern = diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy index cd990afc2d5..46d8caf6bf9 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy @@ -1,6 +1,7 @@ package datadog.trace.agent.tooling.iast.stratum import datadog.trace.test.util.DDSpecification +import org.apache.commons.io.FileUtils import org.apache.commons.io.IOUtils class StratumManagerTest extends DDSpecification { @@ -19,30 +20,22 @@ class StratumManagerTest extends DDSpecification { 'foo/jsp/Baz' | false 'foo/bar/Baz_jsp' | true 'foo/bar/jsp_Baz' | true - 'foo/bar/Baz2ejsp' | true 'foo/bar/Baz_tag' | false 'foo/bar/jsp/Baz_tag' | true } void 'test StratumManager analyzeClass'(){ given: - final clazz = IndexJsp + byte[] data = FileUtils.readFileToByteArray(new File("src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class")) when: - StratumManager.analyzeClass(readClassBytes(clazz)) + StratumManager.INSTANCE.analyzeClass(data) then: - final result = StratumManager.get(IndexJsp.getSimpleName()) != null - result == true - } - - byte [] readClassBytes(Class clazz){ - final String classResourceName = clazz.getName().replace('.', '/') + ".class" - try (InputStream is = clazz.getClassLoader().getResourceAsStream(classResourceName)) { - if(is == null) { - throw new IllegalStateException("Could not find class resource: " + classResourceName) - } - return IOUtils.toByteArray(is) - } + final result = StratumManager.INSTANCE.get("org.apache.jsp.register_jsp") + result != null + result.getInputLineNumber(216) == 70 + result.getSourceFile() == "register.jsp" + result } } diff --git a/dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register.jsp b/dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register.jsp new file mode 100644 index 00000000000..23b41838f7b --- /dev/null +++ b/dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register.jsp @@ -0,0 +1,136 @@ +<%@ page import="java.sql.*" %> + +<%@ include file="/dbconnection.jspf" %> + +<% +String username = (String) request.getParameter("username"); +String password1 = (String) request.getParameter("password1"); +String password2 = (String) request.getParameter("password2"); +String usertype = (String) session.getAttribute("usertype"); +String userid = (String) session.getAttribute("userid"); +String debug = ""; +String result = null; +boolean registered = false; + +if (request.getMethod().equals("POST") && username != null) { + if (username == null || username.length() < 5) { + result = "You must supply a username of at least 5 characters."; + + } else if (username.indexOf("@") < 0) { + result = "Invalid username - please supply a valid email address."; + + } else if (password1 == null || password1.length() < 5) { + result = "You must supply a password of at least 5 characters."; + + } else if (password1.equals(password2)) { + Statement stmt = conn.createStatement(); + ResultSet rs = null; + try { + stmt.executeQuery("INSERT INTO Users (name, type, password) VALUES ('" + username + "', 'USER', '" + password1 + "')"); + rs = stmt.executeQuery("SELECT * FROM Users WHERE (name = '" + username + "' AND password = '" + password1 + "')"); + rs.next(); + userid = "" + rs.getInt("userid"); + + session.setAttribute("username", username); + session.setAttribute("usertype", "USER"); + session.setAttribute("userid", userid); + + + if (username.replaceAll("\\s", "").toLowerCase().indexOf("") >= 0) { + conn.createStatement().execute("UPDATE Score SET status = 1 WHERE task = 'XSS_USER'"); + } + + registered = true; + + // Update basket + Cookie[] cookies = request.getCookies(); + String basketId = null; + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals("b_id") && cookie.getValue().length() > 0) { + basketId = cookie.getValue(); + break; + } + } + } + if (basketId != null) { + debug += " userId = " + userid + " basketId = " + basketId; + // TODO breaks basket scoring :( + stmt.execute("UPDATE Users SET currentbasketid = " + basketId + " WHERE userid = " + userid); + stmt.execute("UPDATE Baskets SET userid = " + userid + " WHERE basketid = " + basketId); + response.addCookie(new Cookie("b_id", "")); + } + + } catch (SQLException e) { + if (e.getMessage().indexOf("Unique constraint violation") >= 0) { + result = "A user with this name already exists."; + } else { + if ("true".equals(request.getParameter("debug"))) { + conn.createStatement().execute("UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'"); + out.println("DEBUG System error: " + e + "

"); + } else { + out.println("System error."); + } + } + } catch (Exception e) { + if ("true".equals(request.getParameter("debug"))) { + conn.createStatement().execute("UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'"); + out.println("DEBUG System error: " + e + "

"); + } else { + out.println("System error."); + } + } finally { + stmt.close(); + } + } else { + result = "The passwords you have supplied are different."; + } +} +%> + + +

Register

+<% +if ("true".equals(request.getParameter("debug"))) { + conn.createStatement().execute("UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'"); + out.println("DEBUG: " + debug + "

"); +} + +if (registered) { + out.println("
You have successfully registered with The BodgeIt Store."); +%> + +<% + return; + +} else if (result != null) { + out.println("

" + result + "


"); +} +%> + +Please enter the following details to register with us:

+
+
+ + + + + + + + + + + + + + + + + +
Username (your email address):
Password:
Confirm Password:
+
+
+ + + diff --git a/dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class b/dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class new file mode 100644 index 0000000000000000000000000000000000000000..30ef036a5924be62d634bcdd7d2613c52dbb83e1 GIT binary patch literal 12349 zcmcIq3w#vSx&OY|-OOY&39w6qMUWv#NkYgb;k^Xpks!eUk?;`I;$|};3!B|_b{B&8 z+Lu8IE-8!L6xe(9pL;Q)%7UjDbvUrYX(^ z;Z#yLf<`8uj`rxm<>_>CMJl-@oYG|~VyYQ_DVDV-GDbvi(vy0;Q;(-*Qkbg$g&i$D z$%K(kF}Wj&c$}%cb!&KgIG8#+7F>!6J(7+l;`5nQfpYJ%a3q~Db~2q{F6#}ZbYpu= zPn*O63;R9Rk2KeB?lch!$HfUFEYO*BG!|SLPGV7Udvr@YoX!|J(~SJLjn*(0j&BLJ zr;TWQ%Y4U7YXakifN-33Ow^)cGdR61yhSfKtX)rI>14+Nm>J>#0kAwDU?dh!r3Ae4 z&3bIJ-kUV^R0J###8BVJfio60pb!Xr;9XxG0U0STr6@FJy96R;`DOmL@uNFHN9{GM&IQUWjTq8K|VuB&JbY^mLQn z70$%cIpJxQRW{bch_9G{qDm#C$}|NqOqDR@wmh8bhU~m_B287PlB$@B8f_fil`U24 z#nx#ml~S2P)0uq1&JLkimLAoD8C@PC-nR4bNo`)Lrx`LeFqN4Hn6egmCU4>=2kkCW_8C_py5;_d&UXd zo|0+7AiAM6UTUP11l{8Vor_f(MLva=LR12WT3Ag9HPgv5Ez3g-J5^dvEkG;W*$HJD z0aDc}qtHt5P{7Vj)po-#D74x}Z(tt06-b?`(rEGtYm3J9Rhga+-B=s$ zh{3{qt%*oDwmxh`#n_zml8a6fyVk2zOkQYMx;qMOpWxI_0M2t<;I53h7HFnIr-K^k za&0$g@9e1E3UN0X(e1k7r88->OrHlP1JYe8%t@uQC=3`~31d~b2Z&8^vcooZr%cRU z^A(Cf6T|@_>#$Id-Vt?&)zxx$lK7}m}1@+nHFVX&+cZU!n75I&YAV%BNDLuL_i1vBVaIE`%Rw--+nh zlO;>0uYsPN6d~&7-iV$Q5lN;?gffUwWx9mi3nqp(jIksqgyP%<&9&oO{wB@1-x=t`Nsl|3+D)GB?O#xZ#!u|x_d3$?PMuod)1W!d8hd$S7X zhKNND)yoAt;mg~s2$u`n`S7hsHzg1L@Ud=$FacqaIcNbhTw!`pEJMh*p$-%4gctd~ zO67E%(ES@#`T_kAX#iji$h<2G3!RvQld_YCyajOVH&a5U-N>GVdO3Mq-EMrpIJuP>>J^KUwAU%fsXiLJ)l_jiIq#+D~`M)X!As zNH@0TrlsD%sQZhY|l|wWUY+0RqBhy1r z`Fu&+N9NX)(8Kg|nI3^;@)r(1-9%EQM}_k&22)q+>Fz|QLcf6bJGptSm!6=fWO@nB&bBF3Z76EtWELlYE~&|!LArq`H0_gRdz#Hi9A=?!o)g*etMVj!Y@WsAdS z+Ht6Ay+VJ+I$`U^+Il_?B~%IMvK#^M>{fUxTnv;$WE#hJ`OAt z6h=E?>O5BE03&HAis|t!>2COd%BmKH$1}~`n8;{7nN(U!Wf0DGYGEzQ7%kDIh0|J0 z5994DEz%t}P=xA6s#akXgS<#U)>NLv6-ch5xCZDIwNqZLku?h(b|TZ9mN-hRXy?EY z)3v04uMeDVEkNZOjcKS|MEQ&JJ~t$$S(XovDN-q}RJn?)Q5HlDJ)G8&cOm724GI&s zvwkyg%g)bNxQ3~rWmS9gnzdTXsL)5s}$-|qX{wAXxX!?wDpTy*EP3ml~a+h zaxHRR4i==kSuPARKRdm~iS-cm)EaH-Ivgrmg=e6~m|9iBvv`iov+b(PyeG*~pz>Uv zhmCr#9)WtCn$g8oN#*cbE9hLKr%;=V#7$x3p_AL2Tbq}z)vC2+YgVtcDc!KVc}=rL zueLxSgW}XTRa?BODMz=MFX5ATvCNB{$mPJRyo6Dxy5na30fpNn68e+Go@FYZER;qV zc}pBcuE8yWZz~W{P}2{~CSg3SDzD^KAR5lpVHi_~Ald;ZTWqXXxD7Z7E-Q?nB%P5G zTD(@}bu0q4p(kVEh`u-$E2!md5jsE)D^$3oC-^j#H;UL>l1{WHcId`ZD7nI?!-qDe zB1SZsUKoz)M!K@1HQ3-TIk z!F(@o;i$}TAA$TpVEQg=k;+>I*)qV2T3cZ-(%rEcZU~#>Dkscp4sX|syB5KzvvK>v zh0ZoBufhCQ7>4ULJxEI@SfKEBD1+7khCrFD8N}MjHV-Y!6+Db&3v(%RE<*t}WeUNu;tSAtd!GZIAn{A6iuudP**{$$v&yp``2nA&^7;H# z#0>a5i;F@OpCX7Vl-C#Wg(_bpxG6-q5^fUdgTfah4z7zwk^X5B7?a@Tc ztWy;JI+Dl5Ci}D<(R8;a?q4+F*tBpA{;_kXruX8?SUBCwAiA`X0n~3Ibav_;nJo%m z0XP1y>*w;8rl#gqo12=KtUDQQiV{x9feWA}`OYwWB4#vle>g;7Y# zChtQ~{M(oon4A{j-{w>#0wwCo#E=AJKO2B?rjiKmE=hE5(Oc45J1*pPaPW4)!LCFC z8G*?`n!tCeyqEiMzM-2@-H{xM1aJsq94k;MDZC#(t1$_Gw=H}5WaqhcbyA` z$1&}x5?W|zd6`UAs4<8oSpNvqJZn8}vvGB-MRBn3Fk)+kX^@Wb!p5Mv3az#MQ3w;< zu+IJkD6n9)**R$Lm?xM{8FWlGb*ayuHryt|jRsN%Sxz`oTq`Jk-pH%*{m??=s*9{8_YAk+J<+u2+ zxJu{_$2((s-r2aIaz>xrRSzu8OAqopB1B=UY*<$r2v!A_>8M4_uWecP1x6qrH}5r& zW`5=-+p9r(;=-kOvt?g!59ZFi5()$+o#pSu0^owjPG14+@s&(`7{kp#!CD9QR$Ym5 zCm~A72?Y!Dy(w(lLepI9v-$$5%?PB{C3+F4NA3)T8E}wrznc&zQ|TVekG3ewFDH;? z8c41j?{YaZ@^3kk&A!HeTJ8nbXHy(_9cvFleE~&|L=2!srsTYS9#8~XLdER0KH)Bl zif=WevJ?rrYlVUX&PKTr zu<%ugyw&??Z8h(ubp!Cr0GR;Q4U&t|iv6m!nl=EcfV43O=^?C>Ft^ILX+NE@q1xBs z>-2T)r*6R9O`+E6K8hb8W1}y~q^I3M&sFptFwxTR@0xmA3o3=s-B8Qh&|2zLWX`oZ z#O%(Ac^6%sgKwu-OwW}dop>A^^l))D8V~6R!H{mVQE#xtFe=_P}l`n)blGV%crjTmtR}0U`(!UJJE}FlEC36V29%S_G(d0yQ0|bwT+%X$oz1pjKUo+JrpR z?#`+AG#nt*fCo(8(t)@G8s~K2p3mNR_K+LzrTf5w`*Bhc+Jp3<5MW6yT<17Uxu*3K z($Q7E$ENqu<5yFi?`f+u)%T3mIpKEtH5MVU>7$pgrV%xx_}ji$`soiY+QT6ahl)5P zb4aQ2{i&b+B9RdPv>JAg(#YLMe+{_uPao_p)%L( z5f;_Hr$O^B>9s)dA?am2NDUPC@fhVsD)IC2p|ai5qk&>SPw3-`*NUmhVrpN&D;9cl z3#W+L8v@=yi3#lrsM@-Ip2`#&$)Qn!k;3izc^X`+fIi*Nb$E*X=r-UfJTcEi0Lm^6 z4J>UOdMUt;>gR>f4gq{0Hw8wSgf>gm$IAgQqzckq0dVLP7nw})^XlB7JfK>AP3Jc!QrefzWHHJV$_^&*d+%x+)*X;7$R2LXi zUfvKI9T?rmU4Gss7(rvjs0VDij!MmL$iJIP&oAfl^77+uIQC?~e~3>P_yO(_*>#s zA0n%tzinaF$KTmaC4nM8UyW{HWItakg4gzt@Banv38As}8G*6)=1x=m{Jl`wfN2S1 znpWfI>jOou{d|MKZg(I5NVGpeI|#Fe;VJ&9ptuyYIw>w6v5RI3XtxTQbB0}PAG;@e ztZDJ^6#=D>@7NP4J49NRlluhRG81lpj+0JAvj`us5x?7R@3q_e?e+n?eaLPfw%eZ< zynoCdKR(R+C++!P4)gw3_WZL2@1L{BFWBvG?N;C~WRTAcn_0Ul8Y&JH-_I{zO(zFr z;UN#vlt57*|9%%usOjfdnRW@a>f_gT!x5oh`s1e8Nm8c>9f`3vmq06n-dP`r=d zzBkL{-8427$PNO5-25IY=CfRq%Y$n|(WdBPv{Bb%h{-9}{i3B7_qm=cX^;B?&*h@^ z-0FGA^9X{8n12hY%mtoTMQa6dse`_Y{&qyl9SH8d)JQvN0i8>W=u1e7zk+1=JZhl} z=~Sd)8|Z8JE!IWUfmE!EF2T>AzK)y!OR?iJto{a_PnTo%3jBQwWM4_&$1hrT(^d2{ zoY9Y&2a$_BN!QSebS=F}-@_Nu>+n_adOAWka53G;W9SDw9;rw*-ONF{g%{C}xEa68 zScA0WO!_IGMYr-LbQ|wOG`knSdw8Diq~7d<5P&><;_@j3LU^hJ71x|trA9-}9ucj!r%L{Gb9`jxAko^g$%XI&HM z*RCKv=UPn9yFO1ZxWe=sSCn1@$6s`1=q1;M^n2GXdfC-Suekc@RoDG^_ZS^^J&yJn zdfoLL+L!2$u2<*{*X#7A>n(cA^*;U8b&TG2%k++W1ikB?MDMw0(EIK-`oO)8K6IZ+ zAGtf}WA`>X>fTPDxXk@xu=eg^UUQjo<%&?vz!B-HXi3W zjgR-7#p6BQJi(LX6Fj{<(Q_Vao{M>s=W?#_T*Z?;*YSy-8+nT7R-WqF&y}9Lxyo}N zS9>1f8qd#py61VW^}NdUp0~Kp^ETQKxWV%g*B41V!%TJF6;)sn>N&FY0L`|{C^8o*YKSE8q6sLX6N0AsU!`YvpCsT{(F8(Lh zDbx=hxUsjG9&|sBueL`}uRiHMh!3_$kpI2uz6sw=kDw%b$9)6typN!keb0RzA49K< zj<~Nu;)%+Z&y>C_Ns^03@>$XsB)8Gf1Sod^S}ar3ErQag1J|k;pG)dRV5zn2_l`nK5(B{P&(Y zgUNw^V2w%ol=?iR$0-;#K%+cmRU=AEY1_Qy-q|&CXNKx$ zHF)RF!%V}B+1`2eXy#(^yoQ?kx=_Q+I&Xa)=4Oc&OJ>#A%s_8u&201mybc=ybauVB We#Wd&!(4Gr{S3UEJI`C)?EN30i9Lk? literal 0 HcmV?d00001 diff --git a/dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.java b/dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.java new file mode 100644 index 00000000000..90bd4074550 --- /dev/null +++ b/dd-java-agent/agent-tooling/src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.java @@ -0,0 +1,308 @@ +/* + * Generated by the Jasper component of Apache Tomcat + * Version: Apache Tomcat/8.0.33 + * Generated at: 2019-06-25 17:35:15 UTC + * Note: The last modified time of this file was set to + * the last modified time of the source file after + * generation to assist with modification tracking. + */ +package org.apache.jsp; + +import javax.servlet.*; +import javax.servlet.http.*; +import javax.servlet.jsp.*; +import java.sql.*; +import java.sql.*; + +public final class register_jsp extends org.apache.jasper.runtime.HttpJspBase + implements org.apache.jasper.runtime.JspSourceDependent, + org.apache.jasper.runtime.JspSourceImports { + + + private Connection conn = null; + + public void jspInit() { + try { + // Get hold of the JDBC driver + Class.forName("org.hsqldb.jdbcDriver" ); + // Establish a connection to an in memory db + conn = DriverManager.getConnection("jdbc:hsqldb:mem:SQL", "sa", ""); + } catch (SQLException e) { + getServletContext().log("Db error: " + e); + } catch (Exception e) { + getServletContext().log("System error: " + e); + } + } + + public void jspDestroy() { + try { + if (conn != null) { + conn.close(); + } + } catch (SQLException e) { + getServletContext().log("Db error: " + e); + } catch (Exception e) { + getServletContext().log("System error: " + e); + } + } + + private static final javax.servlet.jsp.JspFactory _jspxFactory = + javax.servlet.jsp.JspFactory.getDefaultFactory(); + + private static java.util.Map _jspx_dependants; + + static { + _jspx_dependants = new java.util.HashMap(1); + _jspx_dependants.put("/dbconnection.jspf", Long.valueOf(1561118130000L)); + } + + private static final java.util.Set _jspx_imports_packages; + + private static final java.util.Set _jspx_imports_classes; + + static { + _jspx_imports_packages = new java.util.HashSet<>(); + _jspx_imports_packages.add("java.sql"); + _jspx_imports_packages.add("javax.servlet"); + _jspx_imports_packages.add("javax.servlet.http"); + _jspx_imports_packages.add("javax.servlet.jsp"); + _jspx_imports_classes = null; + } + + private volatile javax.el.ExpressionFactory _el_expressionfactory; + private volatile org.apache.tomcat.InstanceManager _jsp_instancemanager; + + public java.util.Map getDependants() { + return _jspx_dependants; + } + + public java.util.Set getPackageImports() { + return _jspx_imports_packages; + } + + public java.util.Set getClassImports() { + return _jspx_imports_classes; + } + + public javax.el.ExpressionFactory _jsp_getExpressionFactory() { + if (_el_expressionfactory == null) { + synchronized (this) { + if (_el_expressionfactory == null) { + _el_expressionfactory = _jspxFactory.getJspApplicationContext(getServletConfig().getServletContext()).getExpressionFactory(); + } + } + } + return _el_expressionfactory; + } + + public org.apache.tomcat.InstanceManager _jsp_getInstanceManager() { + if (_jsp_instancemanager == null) { + synchronized (this) { + if (_jsp_instancemanager == null) { + _jsp_instancemanager = org.apache.jasper.runtime.InstanceManagerFactory.getInstanceManager(getServletConfig()); + } + } + } + return _jsp_instancemanager; + } + + public void _jspInit() { + } + + public void _jspDestroy() { + } + + public void _jspService(final javax.servlet.http.HttpServletRequest request, final javax.servlet.http.HttpServletResponse response) + throws java.io.IOException, javax.servlet.ServletException { + +final java.lang.String _jspx_method = request.getMethod(); +if (!"GET".equals(_jspx_method) && !"POST".equals(_jspx_method) && !"HEAD".equals(_jspx_method) && !javax.servlet.DispatcherType.ERROR.equals(request.getDispatcherType())) { +response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "JSPs only permit GET POST or HEAD"); +return; +} + + final javax.servlet.jsp.PageContext pageContext; + javax.servlet.http.HttpSession session = null; + final javax.servlet.ServletContext application; + final javax.servlet.ServletConfig config; + javax.servlet.jsp.JspWriter out = null; + final java.lang.Object page = this; + javax.servlet.jsp.JspWriter _jspx_out = null; + javax.servlet.jsp.PageContext _jspx_page_context = null; + + + try { + response.setContentType("text/html"); + pageContext = _jspxFactory.getPageContext(this, request, response, + null, true, 8192, true); + _jspx_page_context = pageContext; + application = pageContext.getServletContext(); + config = pageContext.getServletConfig(); + session = pageContext.getSession(); + out = pageContext.getOut(); + _jspx_out = out; + + out.write('\n'); + out.write('\n'); + out.write('\r'); + out.write('\n'); + out.write('\n'); + out.write('\n'); + +String username = (String) request.getParameter("username"); +String password1 = (String) request.getParameter("password1"); +String password2 = (String) request.getParameter("password2"); +String usertype = (String) session.getAttribute("usertype"); +String userid = (String) session.getAttribute("userid"); +String debug = ""; +String result = null; +boolean registered = false; + +if (request.getMethod().equals("POST") && username != null) { + if (username == null || username.length() < 5) { + result = "You must supply a username of at least 5 characters."; + + } else if (username.indexOf("@") < 0) { + result = "Invalid username - please supply a valid email address."; + + } else if (password1 == null || password1.length() < 5) { + result = "You must supply a password of at least 5 characters."; + + } else if (password1.equals(password2)) { + Statement stmt = conn.createStatement(); + ResultSet rs = null; + try { + stmt.executeQuery("INSERT INTO Users (name, type, password) VALUES ('" + username + "', 'USER', '" + password1 + "')"); + rs = stmt.executeQuery("SELECT * FROM Users WHERE (name = '" + username + "' AND password = '" + password1 + "')"); + rs.next(); + userid = "" + rs.getInt("userid"); + + session.setAttribute("username", username); + session.setAttribute("usertype", "USER"); + session.setAttribute("userid", userid); + + + if (username.replaceAll("\\s", "").toLowerCase().indexOf("") >= 0) { + conn.createStatement().execute("UPDATE Score SET status = 1 WHERE task = 'XSS_USER'"); + } + + registered = true; + + // Update basket + Cookie[] cookies = request.getCookies(); + String basketId = null; + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals("b_id") && cookie.getValue().length() > 0) { + basketId = cookie.getValue(); + break; + } + } + } + if (basketId != null) { + debug += " userId = " + userid + " basketId = " + basketId; + // TODO breaks basket scoring :( + stmt.execute("UPDATE Users SET currentbasketid = " + basketId + " WHERE userid = " + userid); + stmt.execute("UPDATE Baskets SET userid = " + userid + " WHERE basketid = " + basketId); + response.addCookie(new Cookie("b_id", "")); + } + + } catch (SQLException e) { + if (e.getMessage().indexOf("Unique constraint violation") >= 0) { + result = "A user with this name already exists."; + } else { + if ("true".equals(request.getParameter("debug"))) { + conn.createStatement().execute("UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'"); + out.println("DEBUG System error: " + e + "

"); + } else { + out.println("System error."); + } + } + } catch (Exception e) { + if ("true".equals(request.getParameter("debug"))) { + conn.createStatement().execute("UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'"); + out.println("DEBUG System error: " + e + "

"); + } else { + out.println("System error."); + } + } finally { + stmt.close(); + } + } else { + result = "The passwords you have supplied are different."; + } +} + + out.write('\n'); + out.write('\n'); + org.apache.jasper.runtime.JspRuntimeLibrary.include(request, response, "/header.jsp", out, false); + out.write("\n"); + out.write("

Register

\n"); + +if ("true".equals(request.getParameter("debug"))) { + conn.createStatement().execute("UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'"); + out.println("DEBUG: " + debug + "

"); +} + +if (registered) { + out.println("
You have successfully registered with The BodgeIt Store."); + + out.write('\n'); + out.write(' '); + org.apache.jasper.runtime.JspRuntimeLibrary.include(request, response, "/footer.jsp", out, false); + out.write('\n'); + + return; + +} else if (result != null) { + out.println("

" + result + "


"); +} + + out.write("\n"); + out.write("\n"); + out.write("Please enter the following details to register with us:

\n"); + out.write("
\n"); + out.write("\t
\n"); + out.write("\t\n"); + out.write("\t\n"); + out.write("\t\t\n"); + out.write("\t\t\n"); + out.write("\t\n"); + out.write("\t\n"); + out.write("\t\t\n"); + out.write("\t\t\n"); + out.write("\t\n"); + out.write("\t\n"); + out.write("\t\t\n"); + out.write("\t\t\n"); + out.write("\t\n"); + out.write("\t\n"); + out.write("\t\t\n"); + out.write("\t\t\n"); + out.write("\t\n"); + out.write("\t
Username (your email address):
Password:
Confirm Password:
\n"); + out.write("\t
\n"); + out.write("
\n"); + out.write("\n"); + org.apache.jasper.runtime.JspRuntimeLibrary.include(request, response, "/footer.jsp", out, false); + out.write('\n'); + out.write('\n'); + } catch (java.lang.Throwable t) { + if (!(t instanceof javax.servlet.jsp.SkipPageException)){ + out = _jspx_out; + if (out != null && out.getBufferSize() != 0) + try { + if (response.isCommitted()) { + out.flush(); + } else { + out.clearBuffer(); + } + } catch (java.io.IOException e) {} + if (_jspx_page_context != null) _jspx_page_context.handlePageException(t); + else throw new ServletException(t); + } + } finally { + _jspxFactory.releasePageContext(_jspx_page_context); + } + } +} diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java index e259dd55796..44980db9a66 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java @@ -46,9 +46,10 @@ protected CallSiteSupplier callSites() { @Override protected Advices buildAdvices(final Iterable callSites) { if (Config.get().isIastHardcodedSecretEnabled()) { - return Advices.fromCallSites(callSites, IastHardcodedSecretListener.INSTANCE); + return Advices.fromCallSites( + callSites, IastJSPClassListener.INSTANCE, IastHardcodedSecretListener.INSTANCE); } else { - return Advices.fromCallSites(callSites); + return Advices.fromCallSites(callSites, IastJSPClassListener.INSTANCE); } } diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastJSPClassListener.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastJSPClassListener.java new file mode 100644 index 00000000000..77181f4b7d9 --- /dev/null +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastJSPClassListener.java @@ -0,0 +1,32 @@ +package datadog.trace.instrumentation.iastinstrumenter; + +import datadog.trace.agent.tooling.bytebuddy.csi.Advices; +import datadog.trace.agent.tooling.bytebuddy.csi.ConstantPool; +import datadog.trace.agent.tooling.iast.stratum.Stratum; +import datadog.trace.agent.tooling.iast.stratum.StratumManager; +import datadog.trace.api.Pair; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; +import net.bytebuddy.description.type.TypeDescription; + +public class IastJSPClassListener implements Advices.Listener { + + public static final IastJSPClassListener INSTANCE = new IastJSPClassListener(); + + @Override + public void onConstantPool( + @Nonnull TypeDescription type, @Nonnull ConstantPool pool, byte[] classFile) { + if (StratumManager.shouldBeAnalyzed(type.getInternalName())) { + StratumManager.INSTANCE.analyzeClass(classFile); + } + } + + @Nullable + public Pair getFileAndLine(final String clazz, final int line) { + Stratum stratum = StratumManager.INSTANCE.get(clazz); + if (stratum != null) { + return Pair.of(stratum.getSourceFile(), stratum.getInputLineNumber(line)); + } + return null; + } +} From 6cc03b86477e2e8d3d092137feec892a1993726d Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Wed, 8 May 2024 09:47:27 +0200 Subject: [PATCH 03/28] clean and link everything --- .../java/com/datadog/iast/Dependencies.java | 10 +- .../java/com/datadog/iast/IastSystem.java | 4 +- .../com/datadog/iast/sink/SinkModuleBase.java | 14 +- .../tooling/iast/stratum/EmbeddedStratum.java | 12 +- .../agent/tooling/iast/stratum/FileInfo.java | 7 +- .../agent/tooling/iast/stratum/LineInfo.java | 11 +- .../agent/tooling/iast/stratum/Resolver.java | 15 +-- .../agent/tooling/iast/stratum/SourceMap.java | 14 +- .../tooling/iast/stratum/StratumExt.java | 71 +--------- ...umManager.java => StratumManagerImpl.java} | 8 +- .../tooling/iast/stratum/UnknownInfo.java | 18 --- .../tooling/iast/stratum/VendorInfo.java | 29 ---- .../tooling/iast/stratum/parser/Builders.java | 33 +---- .../tooling/iast/stratum/parser/Parser.java | 7 +- .../iast/stratum/utils/PatternUtils.java | 124 ------------------ .../stratum/utils/StoppableCharSequence.java | 44 ------- ...t.groovy => StratumManagerImplTest.groovy} | 9 +- .../iastinstrumenter/IastInstrumentation.java | 4 +- .../IastJSPClassListener.java | 32 ----- .../iastinstrumenter/SourceMapperImpl.java | 24 ++++ .../iastinstrumenter/StratumListener.java | 20 +++ .../trace/agent/test/utils/OkHttpUtils.java | 2 +- .../springboot/IastSpringBootSmokeTest.groovy | 4 +- .../springboot/IastSpringBootSmokeTest.groovy | 5 +- .../trace/api/iast/stratum/SourceMapper.java | 8 ++ 25 files changed, 98 insertions(+), 431 deletions(-) rename dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/{StratumManager.java => StratumManagerImpl.java} (94%) delete mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/UnknownInfo.java delete mode 100755 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java delete mode 100644 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/PatternUtils.java delete mode 100644 dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/StoppableCharSequence.java rename dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/{StratumManagerTest.groovy => StratumManagerImplTest.groovy} (73%) delete mode 100644 dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastJSPClassListener.java create mode 100644 dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java create mode 100644 dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java create mode 100644 internal-api/src/main/java/datadog/trace/api/iast/stratum/SourceMapper.java diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java index feccf20f102..ba9e49be920 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java @@ -3,7 +3,7 @@ import com.datadog.iast.overhead.OverheadController; import datadog.trace.api.Config; import datadog.trace.api.iast.IastContext; -import datadog.trace.instrumentation.iastinstrumenter.IastJSPClassListener; +import datadog.trace.instrumentation.iastinstrumenter.StratumListener; import datadog.trace.util.stacktrace.StackWalker; import javax.annotation.Nonnull; @@ -14,7 +14,7 @@ public class Dependencies { private final OverheadController overheadController; private final StackWalker stackWalker; - private final IastJSPClassListener iastJSPClassListener; + private final StratumListener iastJSPClassListener; final IastContext.Provider contextProvider; @@ -24,13 +24,13 @@ public Dependencies( @Nonnull final OverheadController overheadController, @Nonnull final StackWalker stackWalker, @Nonnull final IastContext.Provider contextProvider, - @Nonnull final IastJSPClassListener iastJSPClassListener) { + @Nonnull final StratumListener stratumListener) { this.config = config; this.reporter = reporter; this.overheadController = overheadController; this.stackWalker = stackWalker; this.contextProvider = contextProvider; - this.iastJSPClassListener = iastJSPClassListener; + this.iastJSPClassListener = stratumListener; } public Config getConfig() { @@ -49,7 +49,7 @@ public StackWalker getStackWalker() { return stackWalker; } - public IastJSPClassListener getIastJSPClassListener() { + public StratumListener getIastJSPClassListener() { return iastJSPClassListener; } } diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java index f5d104a2691..0fd08f08950 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java @@ -48,7 +48,7 @@ import datadog.trace.api.iast.InstrumentationBridge; import datadog.trace.api.iast.telemetry.IastMetricCollector; import datadog.trace.api.iast.telemetry.Verbosity; -import datadog.trace.instrumentation.iastinstrumenter.IastJSPClassListener; +import datadog.trace.instrumentation.iastinstrumenter.StratumListener; import datadog.trace.util.AgentTaskScheduler; import datadog.trace.util.stacktrace.StackWalkerFactory; import java.lang.reflect.Constructor; @@ -104,7 +104,7 @@ public static void start( overheadController, StackWalkerFactory.INSTANCE, contextProvider, - IastJSPClassListener.INSTANCE); + StratumListener.INSTANCE); final boolean addTelemetry = config.getIastTelemetryVerbosity() != Verbosity.OFF; iastModules(iast, dependencies).forEach(InstrumentationBridge::registerIastModule); registerRequestStartedCallback(ss, addTelemetry, dependencies); diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java index 3be3de3189a..db01326bd40 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java @@ -24,7 +24,7 @@ import datadog.trace.bootstrap.instrumentation.api.AgentSpan; import datadog.trace.bootstrap.instrumentation.api.AgentTracer; import datadog.trace.instrumentation.iastinstrumenter.IastExclusionTrie; -import datadog.trace.instrumentation.iastinstrumenter.IastJSPClassListener; +import datadog.trace.instrumentation.iastinstrumenter.SourceMapperImpl; import datadog.trace.util.stacktrace.StackWalker; import java.util.Iterator; import java.util.stream.Stream; @@ -42,13 +42,10 @@ public abstract class SinkModuleBase { protected final Reporter reporter; protected final StackWalker stackWalker; - protected final IastJSPClassListener iastJSPClassListener; - protected SinkModuleBase(@Nonnull final Dependencies dependencies) { overheadController = dependencies.getOverheadController(); reporter = dependencies.getReporter(); stackWalker = dependencies.getStackWalker(); - iastJSPClassListener = dependencies.getIastJSPClassListener(); } protected void report(final Vulnerability vulnerability) { @@ -308,18 +305,13 @@ protected Location buildLocation( protected final StackTraceElement getCurrentStackTrace() { StackTraceElement stackTraceElement = stackWalker.walk(SinkModuleBase::findValidPackageForVulnerability); - // TODO Call the listener to get the JSP class and line number Pair pair = - iastJSPClassListener.getFileAndLine( + SourceMapperImpl.INSTANCE.getFileAndLine( stackTraceElement.getClassName(), stackTraceElement.getLineNumber()); if (pair != null) { return new StackTraceElement( - stackTraceElement.getClassName(), - stackTraceElement.getMethodName(), - pair.getLeft(), - pair.getRight()); + pair.getLeft(), stackTraceElement.getMethodName(), pair.getLeft(), pair.getRight()); } - return stackTraceElement; } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java index a25bd71f893..547086d56cb 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java @@ -1,10 +1,9 @@ package datadog.trace.agent.tooling.iast.stratum; import java.util.ArrayList; -import java.util.Iterator; import java.util.List; -public class EmbeddedStratum extends AbstractStratum implements Cloneable { +public class EmbeddedStratum extends AbstractStratum { private final List sourceMapList = new ArrayList(); public EmbeddedStratum() { @@ -15,15 +14,6 @@ public EmbeddedStratum(final String name) { super(name); } - @Override - public Object clone() { - EmbeddedStratum embeddedStratum = new EmbeddedStratum(getName()); - for (Iterator iter = sourceMapList.iterator(); iter.hasNext(); ) { - embeddedStratum.getSourceMapList().add((SourceMap) iter.next().clone()); - } - return embeddedStratum; - } - public List getSourceMapList() { return sourceMapList; } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java index 046eb155af1..3578e7aa251 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java @@ -4,7 +4,7 @@ * The fileInfo describes the translated-source file names * https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#filesection */ -public class FileInfo implements Cloneable { +public class FileInfo { private int fileId = -1; private String inputFileName; @@ -19,11 +19,6 @@ public FileInfo(final int fileId, final String inputFileName, final String input this.inputFilePath = inputFilePath; } - @Override - public Object clone() { - return new FileInfo(fileId, inputFileName, inputFilePath); - } - public int getFileId() { return fileId; } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java index bc581de74ae..cd1e7a10e74 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java @@ -14,7 +14,7 @@ * *

https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#stratumsection */ -public class LineInfo implements Cloneable { +public class LineInfo { private int fileId = -1; int inputStartLine; @@ -55,15 +55,6 @@ public LineInfo( this.outputLineIncrement = outputLineIncrement; } - @Override - public Object clone() { - LineInfo lineInfo = - new LineInfo(fileId, inputStartLine, repeatCount, outputStartLine, outputLineIncrement); - - lineInfo.setFileInfo(fileInfo); - return lineInfo; - } - public int getFileId() { return fileId; } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Resolver.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Resolver.java index fa1eae278d9..ae6cb321437 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Resolver.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Resolver.java @@ -5,26 +5,25 @@ public class Resolver { public SourceMap resolve(final SourceMap sourceMap) { - SourceMap result = (SourceMap) sourceMap.clone(); - for (EmbeddedStratum stratum : result.getEmbeddedStratumList()) { - StratumExt outerStratum = result.getStratum(stratum.getName()); + for (EmbeddedStratum stratum : sourceMap.getEmbeddedStratumList()) { + StratumExt outerStratum = sourceMap.getStratum(stratum.getName()); if (outerStratum != null) { for (SourceMap embeddedSourceMap : stratum.getSourceMapList()) { SourceMap resolvedEmbeddedSourceMap = resolve(embeddedSourceMap); String outerFileName = resolvedEmbeddedSourceMap.getOutputFileName(); for (StratumExt embeddedStratum : resolvedEmbeddedSourceMap.getStratumList()) { - StratumExt resolvedStratum = result.getStratum(embeddedStratum.getName()); + StratumExt resolvedStratum = sourceMap.getStratum(embeddedStratum.getName()); if (resolvedStratum == null) { resolvedStratum = new StratumExt(embeddedStratum.getName()); - result.getStratumList().add(resolvedStratum); + sourceMap.getStratumList().add(resolvedStratum); } resolve(new Context(outerStratum, outerFileName, resolvedStratum, embeddedStratum)); } } } } - result.getEmbeddedStratumList().clear(); - return result; + sourceMap.getEmbeddedStratumList().clear(); + return sourceMap; } private void resolve(final Context context) { @@ -50,7 +49,7 @@ private void resolve(final Context context, final LineInfo eli) { getByPath( context.resolvedStratum.getFileInfo(), eli.getFileInfo().getInputFilePath()); if (fileInfo == null) { - fileInfo = (FileInfo) eli.getFileInfo().clone(); + fileInfo = eli.getFileInfo(); context.resolvedStratum.getFileInfo().add(fileInfo); } if (completeCount > 0) { diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java index a827d135251..5f240e1b180 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java @@ -4,7 +4,7 @@ import java.util.Iterator; import java.util.List; -public class SourceMap implements Cloneable { +public class SourceMap { private String outputFileName; private String defaultStratumName; @@ -20,18 +20,6 @@ public SourceMap(final String outputFileName, final String defaultStratumName) { this.defaultStratumName = defaultStratumName; } - @Override - public Object clone() { - SourceMap sourceMap = new SourceMap(outputFileName, defaultStratumName); - for (Iterator iter = stratumList.iterator(); iter.hasNext(); ) { - sourceMap.getStratumList().add((StratumExt) iter.next().clone()); - } - for (Iterator iter = embeddedStratumList.iterator(); iter.hasNext(); ) { - sourceMap.getEmbeddedStratumList().add((EmbeddedStratum) iter.next().clone()); - } - return sourceMap; - } - public boolean isResolved() { return embeddedStratumList.isEmpty(); } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java index 18e5b27ac4b..50d75cef0f9 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java @@ -4,24 +4,17 @@ import java.util.Arrays; import java.util.Collections; import java.util.Comparator; -import java.util.HashMap; -import java.util.Iterator; import java.util.List; -import java.util.Map; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class StratumExt extends AbstractStratum implements Cloneable, Stratum { +public class StratumExt extends AbstractStratum implements Stratum { private final List fileInfo = new ArrayList(); private int[] lineStart = null; private final List lineInfo = new ArrayList(); - private final List vendorInfo = new ArrayList(); - - private final List unknownInfo = new ArrayList(); - private static final Logger LOG = LoggerFactory.getLogger(StratumExt.class); public StratumExt() { @@ -71,36 +64,6 @@ public String getSourceFile() { return fileInfo.get(0).getInputFilePath(); } - @Override - public Object clone() { - StratumExt stratum = new StratumExt(getName()); - for (Iterator iter = vendorInfo.iterator(); iter.hasNext(); ) { - stratum.getVendorInfo().add((VendorInfo) iter.next().clone()); - } - for (Iterator iter = unknownInfo.iterator(); iter.hasNext(); ) { - stratum.getUnknownInfo().add((UnknownInfo) iter.next().clone()); - } - Map fileInfoMap = new HashMap(); - for (Iterator iter = fileInfo.iterator(); iter.hasNext(); ) { - FileInfo fileInfoOrig = iter.next(); - FileInfo fileInfoClone = (FileInfo) fileInfoOrig.clone(); - fileInfoMap.put(fileInfoOrig, fileInfoClone); - stratum.getFileInfo().add(fileInfoClone); - } - - for (Iterator iter = lineInfo.iterator(); iter.hasNext(); ) { - LineInfo lineInfo = iter.next(); - FileInfo fileInfo = lineInfo.getFileInfo(); - if (fileInfo != null) { - fileInfo = fileInfoMap.get(fileInfo); - lineInfo.setFileInfo(fileInfo); - } - stratum.addLineInfo(lineInfo); - } - - return stratum; - } - public List getFileInfo() { return fileInfo; } @@ -139,38 +102,8 @@ public int[] getLineStart() { return lineStart; } - public List getVendorInfo() { - return vendorInfo; - } - - public void setVendorInfo(final List vendorInfoList) { - vendorInfo.clear(); - if (vendorInfoList != null) { - vendorInfo.addAll(vendorInfoList); - } - } - - public List getUnknownInfo() { - return unknownInfo; - } - - public void setUnknownInfo(final List unknownInfoList) { - unknownInfo.clear(); - if (unknownInfoList != null) { - unknownInfo.addAll(unknownInfoList); - } - } - @Override public String toString() { - return "Stratum [fileInfoList=" - + fileInfo - + ", lineInfoList=" - + lineInfo - + ", vendorInfoList=" - + vendorInfo - + ", unknownInfoList=" - + unknownInfo - + "]"; + return "Stratum [fileInfoList=" + fileInfo + ", lineInfoList=" + lineInfo + "]"; } } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java similarity index 94% rename from dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java rename to dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index 5da135f8fd3..67f9be40248 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -12,11 +12,11 @@ * Manages SMAP information for classes * https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#stratumsection */ -public class StratumManager { +public class StratumManagerImpl { - private static final Logger LOG = LoggerFactory.getLogger(StratumManager.class); + private static final Logger LOG = LoggerFactory.getLogger(StratumManagerImpl.class); - private StratumManager() { + private StratumManagerImpl() { // Prevent instantiation } @@ -26,7 +26,7 @@ private StratumManager() { private boolean EMPTY_DEBUG_INFO; - public static final StratumManager INSTANCE = new StratumManager(); + public static final StratumManagerImpl INSTANCE = new StratumManagerImpl(); public static boolean shouldBeAnalyzed(final String internalClassName) { return internalClassName.contains("jsp") diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/UnknownInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/UnknownInfo.java deleted file mode 100755 index ae5bd15ca9c..00000000000 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/UnknownInfo.java +++ /dev/null @@ -1,18 +0,0 @@ -package datadog.trace.agent.tooling.iast.stratum; - -public class UnknownInfo implements Cloneable { - private final String[] data; - - public UnknownInfo(final String[] data) { - this.data = data; - } - - @Override - public Object clone() { - return new UnknownInfo(data.clone()); - } - - public String[] getData() { - return data; - } -} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java deleted file mode 100755 index 3a42c56f484..00000000000 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/VendorInfo.java +++ /dev/null @@ -1,29 +0,0 @@ -package datadog.trace.agent.tooling.iast.stratum; - -/** - * The vendorInfo describes the vendor-specific information - * https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#vendorsection - */ -public class VendorInfo implements Cloneable { - private final String vendorId; - - private final String[] data; - - public VendorInfo(final String vendorId, final String[] data) { - this.vendorId = vendorId; - this.data = data; - } - - @Override - public Object clone() { - return new VendorInfo(vendorId, data.clone()); - } - - public String getVendorId() { - return vendorId; - } - - public String[] getData() { - return data; - } -} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java index a82d3c2510d..4116a96c09e 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java @@ -6,9 +6,8 @@ import datadog.trace.agent.tooling.iast.stratum.SourceMap; import datadog.trace.agent.tooling.iast.stratum.SourceMapException; import datadog.trace.agent.tooling.iast.stratum.StratumExt; -import datadog.trace.agent.tooling.iast.stratum.UnknownInfo; -import datadog.trace.agent.tooling.iast.stratum.VendorInfo; -import datadog.trace.agent.tooling.iast.stratum.utils.PatternUtils; +import java.util.regex.Matcher; +import java.util.regex.Pattern; /** * A collection of builders to parse SMAP Information. @@ -93,14 +92,14 @@ public void build(final State state, final String[] lines) throws SourceMapExcep if (!state.getStratum().getLineInfo().isEmpty()) { throw new SourceMapException("Only one line section allowed"); } - PatternUtils.LimitedPattern p = PatternUtils.compile(LineInfoPattern); + Pattern p = Pattern.compile(LineInfoPattern); int fileId = 0; for (int i = 1; i < lines.length; i++) { int inputStartLine = 1; int repeatCount = 1; int outputStartLine = 1; int outputLineIncrement = 1; - PatternUtils.LimitedMatcher m = p.matcher(lines[i]); + Matcher m = p.matcher(lines[i]); if (!m.matches()) { throw new SourceMapException("Invalid line info: " + lines[i]); } @@ -171,28 +170,4 @@ public void build(final State state, final String[] lines) throws SourceMapExcep } }; } - - public static Builder vendorInfoBuilder() { - return new Builder("V") { - @Override - public void build(final State state, final String[] lines) throws SourceMapException { - if (lines.length < 1) { - throw new SourceMapException("Vendor information expected"); - } - String[] viLines = new String[lines.length - 2]; - System.arraycopy(lines, 2, viLines, 0, viLines.length); - - state.getStratum().getVendorInfo().add(new VendorInfo(lines[1], viLines)); - } - }; - } - - public static Builder unknownInfoBuilder() { - return new Builder("") { - @Override - public void build(final State state, final String[] lines) throws SourceMapException { - state.getStratum().getUnknownInfo().add(new UnknownInfo(lines)); - } - }; - } } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java index 7ca55f5285a..b8b164447dc 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java @@ -32,7 +32,6 @@ protected void registerBuilders() { add(Builders.stratumBuilder()); add(Builders.fileInfoBuilder()); add(Builders.lineInfoBuilder()); - add(Builders.vendorInfoBuilder()); add(Builders.openEmbeddedStratumBuilder()); add(Builders.closeStratumBuilder()); } @@ -100,11 +99,7 @@ private Builder getBuilder(final String[] lines) throws SourceMapException { if (sectionName.startsWith("*")) { sectionName = sectionName.substring("*".length()); } - Builder builder = builders.get(sectionName); - if (builder == null) { - builder = Builders.unknownInfoBuilder(); - } - return builder; + return builders.get(sectionName); } private void parseSection(final String[] lines) throws SourceMapException { diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/PatternUtils.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/PatternUtils.java deleted file mode 100644 index d7d8f7be740..00000000000 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/PatternUtils.java +++ /dev/null @@ -1,124 +0,0 @@ -package datadog.trace.agent.tooling.iast.stratum.utils; - -import java.util.regex.Pattern; - -public class PatternUtils { - - public static final int DEFAULT_ITERATIONS = 5000000; - - private static final RuntimeException BLOCKING = new RuntimeException(); - - private static final Runnable BLOCKER = - () -> { - throw BLOCKING; - }; - - private PatternUtils() {} - - public static LimitedPattern compile(final String pattern) { - return new LimitedPattern(Pattern.compile(pattern)); - } - - public static LimitedPattern compile(final String pattern, final int flags) { - return new LimitedPattern(Pattern.compile(pattern, flags)); - } - - public static LimitedPattern compile(final Pattern pattern) { - if (pattern != null) { - return new LimitedPattern(pattern); - } - return null; - } - - public static class LimitedPattern { - - Pattern pattern; - - LimitedPattern(final Pattern pattern) { - this.pattern = pattern; - } - - public LimitedMatcher matcher(final CharSequence seq) { - return new LimitedMatcher( - seq, pattern.matcher(new StoppableCharSequence(seq, DEFAULT_ITERATIONS, BLOCKER))); - } - - public String pattern() { - return pattern.pattern(); - } - - public Pattern internal() { - return pattern; - } - - @Override - public String toString() { - return pattern(); - } - } - - public static class LimitedMatcher { - - private final java.util.regex.Matcher jmatcher; - - private final CharSequence seq; - - public LimitedMatcher(final CharSequence seq, final java.util.regex.Matcher jmatcher) { - this.seq = seq; - this.jmatcher = jmatcher; - } - - public boolean find() { - try { - return jmatcher.find(); - } catch (RuntimeException e) { - return false; - } - } - - public boolean matches() { - try { - return jmatcher.matches(); - } catch (RuntimeException e) { - return false; - } - } - - public String replaceFirst(final String replacement) { - try { - return jmatcher.replaceFirst(replacement); - } catch (RuntimeException e) { - return String.valueOf(seq); - } - } - - public String replaceAll(final String replacement) { - try { - return jmatcher.replaceAll(replacement); - } catch (RuntimeException e) { - return String.valueOf(seq); - } - } - - public String group(final int group) { - return jmatcher.group(group); - } - - public int start() { - return jmatcher.start(); - } - - public int end() { - return jmatcher.end(); - } - - public LimitedMatcher appendReplacement(final StringBuffer sb, final String replacement) { - jmatcher.appendReplacement(sb, replacement); - return this; - } - - public StringBuffer appendTail(final StringBuffer sb) { - return jmatcher.appendTail(sb); - } - } -} diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/StoppableCharSequence.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/StoppableCharSequence.java deleted file mode 100644 index a16cdbae3a9..00000000000 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/utils/StoppableCharSequence.java +++ /dev/null @@ -1,44 +0,0 @@ -package datadog.trace.agent.tooling.iast.stratum.utils; - -public class StoppableCharSequence implements CharSequence { - - protected final CharSequence original; - - protected Runnable onPendingFinished; - - int pending; - - protected StoppableCharSequence(final CharSequence original, final int maxIt) { - this(original, maxIt, null); - } - - public StoppableCharSequence( - final CharSequence original, final int maxIt, final Runnable onPendingFinished) { - this.original = original; - pending = Math.max(original.length() * 5, maxIt); - this.onPendingFinished = onPendingFinished; - } - - @Override - public char charAt(final int index) { - if (pending-- == 0) { - onPendingFinished.run(); - } - return original.charAt(index); - } - - @Override - public int length() { - return original.length(); - } - - @Override - public CharSequence subSequence(final int start, final int stop) { - return original.subSequence(start, stop); - } - - @Override - public String toString() { - return original.toString(); - } -} diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy similarity index 73% rename from dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy rename to dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy index 46d8caf6bf9..b52f3d194a0 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy @@ -2,14 +2,13 @@ package datadog.trace.agent.tooling.iast.stratum import datadog.trace.test.util.DDSpecification import org.apache.commons.io.FileUtils -import org.apache.commons.io.IOUtils -class StratumManagerTest extends DDSpecification { +class StratumManagerImplTest extends DDSpecification { void 'test StratumManager shouldBeAnalyzed'(){ when: - def result = StratumManager.shouldBeAnalyzed(internalClassName) + def result = StratumManagerImpl.shouldBeAnalyzed(internalClassName) then: result == expected @@ -29,10 +28,10 @@ class StratumManagerTest extends DDSpecification { byte[] data = FileUtils.readFileToByteArray(new File("src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class")) when: - StratumManager.INSTANCE.analyzeClass(data) + StratumManagerImpl.INSTANCE.analyzeClass(data) then: - final result = StratumManager.INSTANCE.get("org.apache.jsp.register_jsp") + final result = StratumManagerImpl.INSTANCE.get("org.apache.jsp.register_jsp") result != null result.getInputLineNumber(216) == 70 result.getSourceFile() == "register.jsp" diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java index 44980db9a66..8ecb8f07e51 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java @@ -47,9 +47,9 @@ protected CallSiteSupplier callSites() { protected Advices buildAdvices(final Iterable callSites) { if (Config.get().isIastHardcodedSecretEnabled()) { return Advices.fromCallSites( - callSites, IastJSPClassListener.INSTANCE, IastHardcodedSecretListener.INSTANCE); + callSites, StratumListener.INSTANCE, IastHardcodedSecretListener.INSTANCE); } else { - return Advices.fromCallSites(callSites, IastJSPClassListener.INSTANCE); + return Advices.fromCallSites(callSites, StratumListener.INSTANCE); } } diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastJSPClassListener.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastJSPClassListener.java deleted file mode 100644 index 77181f4b7d9..00000000000 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastJSPClassListener.java +++ /dev/null @@ -1,32 +0,0 @@ -package datadog.trace.instrumentation.iastinstrumenter; - -import datadog.trace.agent.tooling.bytebuddy.csi.Advices; -import datadog.trace.agent.tooling.bytebuddy.csi.ConstantPool; -import datadog.trace.agent.tooling.iast.stratum.Stratum; -import datadog.trace.agent.tooling.iast.stratum.StratumManager; -import datadog.trace.api.Pair; -import javax.annotation.Nonnull; -import javax.annotation.Nullable; -import net.bytebuddy.description.type.TypeDescription; - -public class IastJSPClassListener implements Advices.Listener { - - public static final IastJSPClassListener INSTANCE = new IastJSPClassListener(); - - @Override - public void onConstantPool( - @Nonnull TypeDescription type, @Nonnull ConstantPool pool, byte[] classFile) { - if (StratumManager.shouldBeAnalyzed(type.getInternalName())) { - StratumManager.INSTANCE.analyzeClass(classFile); - } - } - - @Nullable - public Pair getFileAndLine(final String clazz, final int line) { - Stratum stratum = StratumManager.INSTANCE.get(clazz); - if (stratum != null) { - return Pair.of(stratum.getSourceFile(), stratum.getInputLineNumber(line)); - } - return null; - } -} diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java new file mode 100644 index 00000000000..2657c570b05 --- /dev/null +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java @@ -0,0 +1,24 @@ +package datadog.trace.instrumentation.iastinstrumenter; + +import datadog.trace.agent.tooling.iast.stratum.Stratum; +import datadog.trace.agent.tooling.iast.stratum.StratumManagerImpl; +import datadog.trace.api.Pair; +import datadog.trace.api.iast.stratum.SourceMapper; + +public class SourceMapperImpl implements SourceMapper { + + public static final SourceMapperImpl INSTANCE = new SourceMapperImpl(); + + private SourceMapperImpl() { + // Prevent instantiation + } + + @Override + public Pair getFileAndLine(String className, int lineNumber) { + Stratum stratum = StratumManagerImpl.INSTANCE.get(className); + if (stratum != null) { + return Pair.of(stratum.getSourceFile(), stratum.getInputLineNumber(lineNumber)); + } + return null; + } +} diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java new file mode 100644 index 00000000000..35b0fa93df2 --- /dev/null +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java @@ -0,0 +1,20 @@ +package datadog.trace.instrumentation.iastinstrumenter; + +import datadog.trace.agent.tooling.bytebuddy.csi.Advices; +import datadog.trace.agent.tooling.bytebuddy.csi.ConstantPool; +import datadog.trace.agent.tooling.iast.stratum.StratumManagerImpl; +import javax.annotation.Nonnull; +import net.bytebuddy.description.type.TypeDescription; + +public class StratumListener implements Advices.Listener { + + public static final StratumListener INSTANCE = new StratumListener(); + + @Override + public void onConstantPool( + @Nonnull TypeDescription type, @Nonnull ConstantPool pool, byte[] classFile) { + if (StratumManagerImpl.shouldBeAnalyzed(type.getInternalName())) { + StratumManagerImpl.INSTANCE.analyzeClass(classFile); + } + } +} diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/OkHttpUtils.java b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/OkHttpUtils.java index 16eb4fddd80..866396a11ac 100644 --- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/OkHttpUtils.java +++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/OkHttpUtils.java @@ -40,7 +40,7 @@ public class OkHttpUtils { } public static OkHttpClient.Builder clientBuilder() { - final TimeUnit unit = TimeUnit.MINUTES; + final TimeUnit unit = TimeUnit.HOURS; return new OkHttpClient.Builder() .addInterceptor(EXPECT_CONTINUE_INTERCEPTOR) .addInterceptor(LOGGING_INTERCEPTOR) diff --git a/dd-smoke-tests/springboot-jetty-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy b/dd-smoke-tests/springboot-jetty-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy index 3f9277ce834..315935fd7aa 100644 --- a/dd-smoke-tests/springboot-jetty-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy +++ b/dd-smoke-tests/springboot-jetty-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy @@ -40,7 +40,9 @@ class IastSpringBootSmokeTest extends AbstractIastServerSmokeTest { then: response.successful hasVulnerability { vul -> - vul.type == 'XSS' + vul.type == 'XSS' && + vul.location.path == 'WEB-INF/jsp/test_xss.jsp' && + vul.location.line == 9 } } } diff --git a/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy b/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy index 3f9277ce834..f82856d11de 100644 --- a/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy +++ b/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy @@ -16,6 +16,7 @@ class IastSpringBootSmokeTest extends AbstractIastServerSmokeTest { List command = [] command.add(javaPath()) + //command.add("-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005") command.addAll(defaultJavaProperties) command.addAll([ withSystemProperty(IAST_ENABLED, true), @@ -40,7 +41,9 @@ class IastSpringBootSmokeTest extends AbstractIastServerSmokeTest { then: response.successful hasVulnerability { vul -> - vul.type == 'XSS' + vul.type == 'XSS' && + vul.location.path == 'WEB-INF/jsp/test_xss.jsp' && + vul.location.line == 9 } } } diff --git a/internal-api/src/main/java/datadog/trace/api/iast/stratum/SourceMapper.java b/internal-api/src/main/java/datadog/trace/api/iast/stratum/SourceMapper.java new file mode 100644 index 00000000000..f72ac131f3d --- /dev/null +++ b/internal-api/src/main/java/datadog/trace/api/iast/stratum/SourceMapper.java @@ -0,0 +1,8 @@ +package datadog.trace.api.iast.stratum; + +import datadog.trace.api.Pair; + +public interface SourceMapper { + + Pair getFileAndLine(String className, int lineNumber); +} From daea85ce6848e773e64cf97f740223af451bea28 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Wed, 8 May 2024 13:02:19 +0200 Subject: [PATCH 04/28] no necessary --- .../agent/tooling/iast/stratum/IndexJsp.java | 59 ------------------- 1 file changed, 59 deletions(-) delete mode 100644 dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/stratum/IndexJsp.java diff --git a/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/stratum/IndexJsp.java b/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/stratum/IndexJsp.java deleted file mode 100644 index 8d881b45f1e..00000000000 --- a/dd-java-agent/agent-tooling/src/test/java/datadog/trace/agent/tooling/iast/stratum/IndexJsp.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Generated by the Jasper component of Apache Tomcat - * Version: Apache Tomcat/7.0.47 - * Generated at: 2024-04-25 10:32:08 UTC - * Note: The last modified time of this file was set to - * the last modified time of the source file after - * generation to assist with modification tracking. - */ -package datadog.trace.agent.tooling.iast.stratum; - -import java.io.PrintWriter; -import java.io.Writer; -import javax.servlet.*; -import javax.servlet.http.*; - -public final class IndexJsp { - - private static java.util.Map _jspx_dependants; - - static { - _jspx_dependants = new java.util.HashMap(2); - _jspx_dependants.put("/WEB-INF/tlds/hdiv-c.tld", Long.valueOf(1709715080729L)); - _jspx_dependants.put("/WEB-INF/jsp/template/tags.jsp", Long.valueOf(1709715080729L)); - } - - public java.util.Map getDependants() { - return _jspx_dependants; - } - - public void _jspInit() {} - - public void _jspDestroy() {} - - public void _jspService(final HttpServletRequest request, final HttpServletResponse response) - throws java.io.IOException, ServletException { - - Writer out = null; - - response.setContentType("text/html"); - out = new PrintWriter(response.getWriter()); - - out.write("\n"); - out.write("\n"); - out.write("\n"); - out.write("\n"); - out.write("\n"); - out.write("\n"); - out.write("\n"); - out.write("\n"); - out.write("\n"); - out.write("Hdiv Spring Mvc Examples\n"); - out.write("\n"); - out.write("\n"); - out.write("\t"); - out.write("\n"); - out.write("\n"); - out.write("\n"); - } -} From 5571e211e4a996f49b8a3a259403928e923f6ad7 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Wed, 8 May 2024 13:02:55 +0200 Subject: [PATCH 05/28] fix --- .../main/groovy/datadog/trace/agent/test/utils/OkHttpUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/OkHttpUtils.java b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/OkHttpUtils.java index 866396a11ac..16eb4fddd80 100644 --- a/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/OkHttpUtils.java +++ b/dd-java-agent/testing/src/main/groovy/datadog/trace/agent/test/utils/OkHttpUtils.java @@ -40,7 +40,7 @@ public class OkHttpUtils { } public static OkHttpClient.Builder clientBuilder() { - final TimeUnit unit = TimeUnit.HOURS; + final TimeUnit unit = TimeUnit.MINUTES; return new OkHttpClient.Builder() .addInterceptor(EXPECT_CONTINUE_INTERCEPTOR) .addInterceptor(LOGGING_INTERCEPTOR) From 3fd121a6e45f098650401ebc907acb10fadfa80f Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Thu, 9 May 2024 08:40:46 +0200 Subject: [PATCH 06/28] fix --- .../src/main/java/com/datadog/iast/Dependencies.java | 11 +---------- .../src/main/java/com/datadog/iast/IastSystem.java | 8 +------- 2 files changed, 2 insertions(+), 17 deletions(-) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java index ba9e49be920..de8f760652c 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/Dependencies.java @@ -3,7 +3,6 @@ import com.datadog.iast.overhead.OverheadController; import datadog.trace.api.Config; import datadog.trace.api.iast.IastContext; -import datadog.trace.instrumentation.iastinstrumenter.StratumListener; import datadog.trace.util.stacktrace.StackWalker; import javax.annotation.Nonnull; @@ -14,8 +13,6 @@ public class Dependencies { private final OverheadController overheadController; private final StackWalker stackWalker; - private final StratumListener iastJSPClassListener; - final IastContext.Provider contextProvider; public Dependencies( @@ -23,14 +20,12 @@ public Dependencies( @Nonnull final Reporter reporter, @Nonnull final OverheadController overheadController, @Nonnull final StackWalker stackWalker, - @Nonnull final IastContext.Provider contextProvider, - @Nonnull final StratumListener stratumListener) { + @Nonnull final IastContext.Provider contextProvider) { this.config = config; this.reporter = reporter; this.overheadController = overheadController; this.stackWalker = stackWalker; this.contextProvider = contextProvider; - this.iastJSPClassListener = stratumListener; } public Config getConfig() { @@ -48,8 +43,4 @@ public OverheadController getOverheadController() { public StackWalker getStackWalker() { return stackWalker; } - - public StratumListener getIastJSPClassListener() { - return iastJSPClassListener; - } } diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java index 0fd08f08950..bd002f60416 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/IastSystem.java @@ -48,7 +48,6 @@ import datadog.trace.api.iast.InstrumentationBridge; import datadog.trace.api.iast.telemetry.IastMetricCollector; import datadog.trace.api.iast.telemetry.Verbosity; -import datadog.trace.instrumentation.iastinstrumenter.StratumListener; import datadog.trace.util.AgentTaskScheduler; import datadog.trace.util.stacktrace.StackWalkerFactory; import java.lang.reflect.Constructor; @@ -99,12 +98,7 @@ public static void start( IastContext.Provider.register(contextProvider); final Dependencies dependencies = new Dependencies( - config, - reporter, - overheadController, - StackWalkerFactory.INSTANCE, - contextProvider, - StratumListener.INSTANCE); + config, reporter, overheadController, StackWalkerFactory.INSTANCE, contextProvider); final boolean addTelemetry = config.getIastTelemetryVerbosity() != Verbosity.OFF; iastModules(iast, dependencies).forEach(InstrumentationBridge::registerIastModule); registerRequestStartedCallback(ss, addTelemetry, dependencies); From 18414553c764a11e659cd922c481455549382527 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Wed, 12 Jun 2024 13:05:47 +0200 Subject: [PATCH 07/28] avoid String#split to fix forbiddenapis --- .../agent/tooling/iast/stratum/parser/Builders.java | 12 +++++++----- .../agent/tooling/iast/stratum/parser/Parser.java | 4 +++- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java index 4116a96c09e..82492174db4 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Builders.java @@ -18,12 +18,14 @@ class Builders { private static final String LineInfoPattern = "(\\d++)(#(\\d++))?(,(\\d++))?:(\\d++)(,(\\d++))?($)"; + static final Pattern SPLITTER = Pattern.compile(" "); + public static final Builder closeStratumBuilder() { return new Builder("C") { @Override public void build(final State state, final String[] lines) throws SourceMapException { - String[] tokens = lines[0].split(" ", 2); + String[] tokens = SPLITTER.split(lines[0], 2); if (tokens.length < 2 || tokens[1].equals("")) { throw new SourceMapException("Stratum name expected"); } @@ -58,7 +60,7 @@ public void build(final State state, final String[] lines) throws SourceMapExcep String fileName = ""; String filePath = ""; if (s.startsWith("+")) { - String[] tokens = s.split(" ", 3); + String[] tokens = SPLITTER.split(s, 3); fileId = tokens[1]; fileName = tokens[2]; if (i == lines.length) { @@ -66,7 +68,7 @@ public void build(final State state, final String[] lines) throws SourceMapExcep } filePath = lines[i++]; } else { - String[] tokens = s.split(" ", 2); + String[] tokens = SPLITTER.split(s, 2); fileId = tokens[0]; fileName = tokens[1]; filePath = fileName; @@ -145,7 +147,7 @@ public static Builder openEmbeddedStratumBuilder() { return new Builder("O") { @Override public void build(final State state, final String[] lines) throws SourceMapException { - String[] tokens = lines[0].split(" ", 2); + String[] tokens = SPLITTER.split(lines[0], 2); if (tokens.length < 2 || tokens[1].equals("")) { throw new SourceMapException("Stratum name expected"); } @@ -160,7 +162,7 @@ public static Builder stratumBuilder() { return new Builder("S") { @Override public void build(final State state, final String[] lines) throws SourceMapException { - String[] tokens = lines[0].split(" ", 2); + String[] tokens = SPLITTER.split(lines[0], 2); if (tokens.length < 2 || tokens[1].equals("")) { throw new SourceMapException("Stratum name expected"); } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java index b8b164447dc..cd3d9d25b33 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/parser/Parser.java @@ -1,5 +1,7 @@ package datadog.trace.agent.tooling.iast.stratum.parser; +import static datadog.trace.agent.tooling.iast.stratum.parser.Builders.SPLITTER; + import datadog.trace.agent.tooling.iast.stratum.EmbeddedStratum; import datadog.trace.agent.tooling.iast.stratum.FileInfo; import datadog.trace.agent.tooling.iast.stratum.LineInfo; @@ -92,7 +94,7 @@ private Builder getBuilder(final String[] lines) throws SourceMapException { return null; } String sectionName = lines[0]; - String[] tokens = lines[0].split(" ", 2); + String[] tokens = SPLITTER.split(lines[0], 2); if (tokens.length > 1) { sectionName = tokens[0].trim(); } From 7ae5d1e24c08ce7dda0851c129b05c8dca426035 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Gonz=C3=A1lez=20Garc=C3=ADa?= Date: Wed, 26 Jun 2024 08:49:19 +0200 Subject: [PATCH 08/28] Update dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Manuel Álvarez Álvarez --- .../trace/agent/tooling/iast/stratum/StratumManagerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index 67f9be40248..57f4e83c238 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -108,7 +108,7 @@ public void visitSource(final String source, final String debug) { result[1] = debug; } }, - 0); + ClassReader.SKIP_CODE | ClassReader.SKIP_FRAMES); return result; } From 86fa888fdd1b9d150fd3cd95aac9e1d19958c94e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Gonz=C3=A1lez=20Garc=C3=ADa?= Date: Wed, 26 Jun 2024 08:49:26 +0200 Subject: [PATCH 09/28] Update dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Manuel Álvarez Álvarez --- .../trace/agent/tooling/iast/stratum/StratumManagerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index 57f4e83c238..abf988616e9 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -91,7 +91,7 @@ private String[] extractSourceDebugExtensionASM(final byte[] classBytes) { ClassReader cr = new ClassReader(classBytes); final String[] result = new String[2]; cr.accept( - new ClassVisitor(262144) { + new ClassVisitor(OpenedClassReader.ASM_API) { @Override public void visit( final int version, From 23886b402385ed7ad8da6cf6f1a240bc36ee7b14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Gonz=C3=A1lez=20Garc=C3=ADa?= Date: Wed, 26 Jun 2024 08:49:41 +0200 Subject: [PATCH 10/28] Update dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy Co-authored-by: Santiago M. Mola --- .../agent/tooling/iast/stratum/StratumManagerImplTest.groovy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy index b52f3d194a0..dda743bc30a 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy @@ -5,7 +5,7 @@ import org.apache.commons.io.FileUtils class StratumManagerImplTest extends DDSpecification { - void 'test StratumManager shouldBeAnalyzed'(){ + void 'test shouldBeAnalyzed'(){ when: def result = StratumManagerImpl.shouldBeAnalyzed(internalClassName) From 3c8ca9e44c2eabd353cd46b7678176c94ca48a60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Gonz=C3=A1lez=20Garc=C3=ADa?= Date: Wed, 26 Jun 2024 08:49:49 +0200 Subject: [PATCH 11/28] Update dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy Co-authored-by: Santiago M. Mola --- .../agent/tooling/iast/stratum/StratumManagerImplTest.groovy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy index dda743bc30a..e15cf7fa39a 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy @@ -23,7 +23,7 @@ class StratumManagerImplTest extends DDSpecification { 'foo/bar/jsp/Baz_tag' | true } - void 'test StratumManager analyzeClass'(){ + void 'test analyzeClass'(){ given: byte[] data = FileUtils.readFileToByteArray(new File("src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class")) From f17de3b6365d60c42751056e95d5ff02c4080e8e Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Thu, 4 Jul 2024 09:24:45 +0200 Subject: [PATCH 12/28] fix import --- .../trace/agent/tooling/iast/stratum/StratumManagerImpl.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index abf988616e9..ecafc6c7258 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -3,6 +3,8 @@ import datadog.trace.agent.tooling.iast.stratum.parser.Parser; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; + +import net.bytebuddy.utility.OpenedClassReader; import org.objectweb.asm.ClassReader; import org.objectweb.asm.ClassVisitor; import org.slf4j.Logger; From d85598e9a057ee271d2225e70e6a8dee9323e751 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Thu, 4 Jul 2024 12:58:37 +0200 Subject: [PATCH 13/28] fix spotless --- .../trace/agent/tooling/iast/stratum/StratumManagerImpl.java | 1 - 1 file changed, 1 deletion(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index ecafc6c7258..69da3806c6a 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -3,7 +3,6 @@ import datadog.trace.agent.tooling.iast.stratum.parser.Parser; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; - import net.bytebuddy.utility.OpenedClassReader; import org.objectweb.asm.ClassReader; import org.objectweb.asm.ClassVisitor; From bdc07205d79ae61d395b259ea5c116b86e6a6ecb Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Fri, 5 Jul 2024 10:13:51 +0200 Subject: [PATCH 14/28] remove debug leftovers --- .../datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy | 1 - 1 file changed, 1 deletion(-) diff --git a/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy b/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy index f82856d11de..315935fd7aa 100644 --- a/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy +++ b/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy @@ -16,7 +16,6 @@ class IastSpringBootSmokeTest extends AbstractIastServerSmokeTest { List command = [] command.add(javaPath()) - //command.add("-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005") command.addAll(defaultJavaProperties) command.addAll([ withSystemProperty(IAST_ENABLED, true), From 3ee81442f4ae716a8b88cfb69a8f3c3454459a16 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Fri, 5 Jul 2024 10:19:47 +0200 Subject: [PATCH 15/28] Clean unused methods Improve memory usage removing not necessary info from StratumExt objects Fix method to get the mapped jsp file and line --- .../tooling/iast/stratum/EmbeddedStratum.java | 9 +---- .../agent/tooling/iast/stratum/FileInfo.java | 8 ----- .../agent/tooling/iast/stratum/LineInfo.java | 27 -------------- .../agent/tooling/iast/stratum/SourceMap.java | 24 ------------- .../agent/tooling/iast/stratum/Stratum.java | 19 ++++++++-- .../tooling/iast/stratum/StratumExt.java | 36 +++++++------------ .../iast/stratum/StratumManagerImpl.java | 7 +++- .../stratum/StratumManagerImplTest.groovy | 2 +- .../iastinstrumenter/SourceMapperImpl.java | 10 ++++-- 9 files changed, 45 insertions(+), 97 deletions(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java index 547086d56cb..17801f0b109 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java @@ -4,7 +4,7 @@ import java.util.List; public class EmbeddedStratum extends AbstractStratum { - private final List sourceMapList = new ArrayList(); + private final List sourceMapList = new ArrayList<>(); public EmbeddedStratum() { this(""); @@ -17,11 +17,4 @@ public EmbeddedStratum(final String name) { public List getSourceMapList() { return sourceMapList; } - - public void setSourceMapList(final List sourceMapList) { - this.sourceMapList.clear(); - if (sourceMapList != null) { - this.sourceMapList.addAll(sourceMapList); - } - } } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java index 3578e7aa251..a51fcc8c098 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java @@ -11,14 +11,6 @@ public class FileInfo { private String inputFilePath; - public FileInfo() {} - - public FileInfo(final int fileId, final String inputFileName, final String inputFilePath) { - this.fileId = fileId; - this.inputFileName = inputFileName; - this.inputFilePath = inputFilePath; - } - public int getFileId() { return fileId; } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java index cd1e7a10e74..d35ed38917f 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java @@ -59,49 +59,22 @@ public int getFileId() { return fileId; } - public void setFileId(final int fileId) { - this.fileId = fileId; - } - - public int resolveFileId() { - if (fileInfo != null) { - fileId = fileInfo.getFileId(); - } - return fileId; - } - public int getInputStartLine() { return inputStartLine; } - public void setInputStartLine(final int inputStartLine) { - this.inputStartLine = inputStartLine; - } - public int getRepeatCount() { return repeatCount; } - public void setRepeatCount(final int repeatCount) { - this.repeatCount = repeatCount; - } - public int getOutputStartLine() { return outputStartLine; } - public void setOutputStartLine(final int outputStartLine) { - this.outputStartLine = outputStartLine; - } - public int getOutputLineIncrement() { return outputLineIncrement; } - public void setOutputLineIncrement(final int outputLineIncrement) { - this.outputLineIncrement = outputLineIncrement; - } - public FileInfo getFileInfo() { return fileInfo; } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java index 5f240e1b180..2fa51b34f79 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java @@ -13,8 +13,6 @@ public class SourceMap { private final List embeddedStratumList = new ArrayList(); - public SourceMap() {} - public SourceMap(final String outputFileName, final String defaultStratumName) { this.outputFileName = outputFileName; this.defaultStratumName = defaultStratumName; @@ -28,40 +26,18 @@ public String getOutputFileName() { return outputFileName; } - public void setOutputFileName(final String outputFileName) { - this.outputFileName = outputFileName; - } - public String getDefaultStratumName() { return defaultStratumName; } - public void setDefaultStratumName(final String defaultStratumName) { - this.defaultStratumName = defaultStratumName; - } - public List getStratumList() { return stratumList; } - public void setStratumList(final List stratumList) { - this.stratumList.clear(); - if (stratumList != null) { - this.stratumList.addAll(stratumList); - } - } - public List getEmbeddedStratumList() { return embeddedStratumList; } - public void setEmbeddedStratumList(final List embeddedStratumList) { - this.embeddedStratumList.clear(); - if (embeddedStratumList != null) { - this.embeddedStratumList.addAll(embeddedStratumList); - } - } - public StratumExt getStratum(final String stratumName) { for (Iterator iter = stratumList.iterator(); iter.hasNext(); ) { StratumExt stratum = iter.next(); diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java index 31607cddf74..7a2fac55d6c 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java @@ -1,7 +1,22 @@ package datadog.trace.agent.tooling.iast.stratum; +import datadog.trace.api.Pair; + public interface Stratum { - int getInputLineNumber(final int outputLineNumber); - String getSourceFile(); + /** + * Returns the input line number and the input file id for the given output line number. + * + * @param outputLineNumber + * @return + */ + Pair getInputLine(final int outputLineNumber); + + /** + * Returns the source file for the given file id. + * + * @param fileId + * @return + */ + String getSourceFile(final int fileId); } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java index 50d75cef0f9..54bc7210024 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java @@ -1,5 +1,6 @@ package datadog.trace.agent.tooling.iast.stratum; +import datadog.trace.api.Pair; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -9,11 +10,11 @@ import org.slf4j.LoggerFactory; public class StratumExt extends AbstractStratum implements Stratum { - private final List fileInfo = new ArrayList(); + private final List fileInfo = new ArrayList<>(); private int[] lineStart = null; - private final List lineInfo = new ArrayList(); + private final List lineInfo = new ArrayList<>(); private static final Logger LOG = LoggerFactory.getLogger(StratumExt.class); @@ -26,7 +27,7 @@ public StratumExt(final String name) { } @Override - public int getInputLineNumber(final int outputLineNumber) { + public Pair getInputLine(final int outputLineNumber) { try { List info = getLineInfo(); int startPoint = Arrays.binarySearch(getLineStart(), outputLineNumber); @@ -46,50 +47,39 @@ public int getInputLineNumber(final int outputLineNumber) { int stop = li.outputStartLine + offset; if (outputLineNumber <= stop) { int rc = (outputLineNumber - li.outputStartLine) / li.outputLineIncrement; - return li.inputStartLine + rc; + return Pair.of(li.getFileId(), li.inputStartLine + rc); } } } } catch (Exception e) { LOG.error("Could not get input line number from stratum", e); } - return 0; + return null; } @Override - public String getSourceFile() { + public String getSourceFile(final int fileId) { if (fileInfo.isEmpty()) { return null; } - return fileInfo.get(0).getInputFilePath(); + return fileInfo.stream() + .filter(f -> f.getFileId() == fileId) + .findFirst() + .map(FileInfo::getInputFilePath) + .orElse(null); } public List getFileInfo() { return fileInfo; } - public void setFileInfo(final List fileInfoList) { - fileInfo.clear(); - if (fileInfoList != null) { - fileInfo.addAll(fileInfoList); - } - } - public List getLineInfo() { return lineInfo; } public void addLineInfo(final LineInfo info) { lineInfo.add(info); - Collections.sort( - lineInfo, - new Comparator() { - - @Override - public int compare(final LineInfo o1, final LineInfo o2) { - return o1.getOutputStartLine() - o2.getOutputStartLine(); - } - }); + Collections.sort(lineInfo, Comparator.comparingInt(LineInfo::getOutputStartLine)); } public int[] getLineStart() { diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index 69da3806c6a..f14de3add11 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -58,7 +58,12 @@ private SourceMap getResolvedSmap(final String smap) { try { SourceMap[] sourceMaps = new Parser().parse(smap); - return new Resolver().resolve(sourceMaps[0]); + SourceMap result = new Resolver().resolve(sourceMaps[0]); + // clean result object to minimize memory usage + result + .getStratumList() + .forEach(stratum -> stratum.getLineInfo().forEach(li -> li.setFileInfo(null))); + return result; } catch (Exception e) { LOG.error("Could not get resolved source map from smap", e); } diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy index e15cf7fa39a..b55d1ecda9a 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy @@ -33,7 +33,7 @@ class StratumManagerImplTest extends DDSpecification { then: final result = StratumManagerImpl.INSTANCE.get("org.apache.jsp.register_jsp") result != null - result.getInputLineNumber(216) == 70 + result.getInputLine(216) == 70 result.getSourceFile() == "register.jsp" result } diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java index 2657c570b05..718af84bd55 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java @@ -16,9 +16,13 @@ private SourceMapperImpl() { @Override public Pair getFileAndLine(String className, int lineNumber) { Stratum stratum = StratumManagerImpl.INSTANCE.get(className); - if (stratum != null) { - return Pair.of(stratum.getSourceFile(), stratum.getInputLineNumber(lineNumber)); + if (stratum == null) { + return null; } - return null; + Pair inputLine = stratum.getInputLine(lineNumber); + if (inputLine == null) { + return null; + } + return Pair.of(stratum.getSourceFile(inputLine.getLeft()), inputLine.getRight()); } } From 80497268989d4ae108d53db11d36194707bb0744 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Fri, 5 Jul 2024 10:34:00 +0200 Subject: [PATCH 16/28] Fix test and solve code analysis warnings --- .../trace/agent/tooling/iast/stratum/FileInfo.java | 2 +- .../trace/agent/tooling/iast/stratum/LineInfo.java | 4 ++-- .../trace/agent/tooling/iast/stratum/SourceMap.java | 11 +++++------ .../trace/agent/tooling/iast/stratum/Stratum.java | 6 +----- .../trace/agent/tooling/iast/stratum/StratumExt.java | 2 +- .../tooling/iast/stratum/StratumManagerImpl.java | 2 +- .../iast/stratum/StratumManagerImplTest.groovy | 5 +++-- .../iastinstrumenter/SourceMapperImpl.java | 2 +- 8 files changed, 15 insertions(+), 19 deletions(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java index a51fcc8c098..86d8631d41d 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java @@ -2,7 +2,7 @@ /** * The fileInfo describes the translated-source file names - * https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#filesection + * ... */ public class FileInfo { private int fileId = -1; diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java index d35ed38917f..588eff04204 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java @@ -12,10 +12,10 @@ * *

InputStartLine : OutputStartLine are optional. * - *

https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#stratumsection + *

... */ public class LineInfo { - private int fileId = -1; + private int fileId; int inputStartLine; diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java index 2fa51b34f79..218330734b4 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java @@ -5,13 +5,13 @@ import java.util.List; public class SourceMap { - private String outputFileName; + private final String outputFileName; - private String defaultStratumName; + private final String defaultStratumName; - private final List stratumList = new ArrayList(); + private final List stratumList = new ArrayList<>(); - private final List embeddedStratumList = new ArrayList(); + private final List embeddedStratumList = new ArrayList<>(); public SourceMap(final String outputFileName, final String defaultStratumName) { this.outputFileName = outputFileName; @@ -39,8 +39,7 @@ public List getEmbeddedStratumList() { } public StratumExt getStratum(final String stratumName) { - for (Iterator iter = stratumList.iterator(); iter.hasNext(); ) { - StratumExt stratum = iter.next(); + for (StratumExt stratum : stratumList) { if (stratum.getName().compareTo(stratumName) == 0) { return stratum; } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java index 7a2fac55d6c..75d88f62d9b 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java @@ -7,16 +7,12 @@ public interface Stratum { /** * Returns the input line number and the input file id for the given output line number. * - * @param outputLineNumber - * @return + * @param outputLineNumber the class line number */ Pair getInputLine(final int outputLineNumber); /** * Returns the source file for the given file id. - * - * @param fileId - * @return */ String getSourceFile(final int fileId); } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java index 54bc7210024..8ab1e05916f 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java @@ -79,7 +79,7 @@ public List getLineInfo() { public void addLineInfo(final LineInfo info) { lineInfo.add(info); - Collections.sort(lineInfo, Comparator.comparingInt(LineInfo::getOutputStartLine)); + lineInfo.sort(Comparator.comparingInt(LineInfo::getOutputStartLine)); } public int[] getLineStart() { diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index f14de3add11..b3a9178ef49 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -11,7 +11,7 @@ /** * Manages SMAP information for classes - * https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#stratumsection + * ... */ public class StratumManagerImpl { diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy index b55d1ecda9a..0b1fa9b4177 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy @@ -33,8 +33,9 @@ class StratumManagerImplTest extends DDSpecification { then: final result = StratumManagerImpl.INSTANCE.get("org.apache.jsp.register_jsp") result != null - result.getInputLine(216) == 70 - result.getSourceFile() == "register.jsp" + final inputLine = result.getInputLine(216) + inputLine.right == 70 + result.getSourceFile(inputLine.left) == "register.jsp" result } } diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java index 718af84bd55..7ec5719f131 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java @@ -20,7 +20,7 @@ public Pair getFileAndLine(String className, int lineNumber) { return null; } Pair inputLine = stratum.getInputLine(lineNumber); - if (inputLine == null) { + if (inputLine == null || inputLine.getLeft() == null) { return null; } return Pair.of(stratum.getSourceFile(inputLine.getLeft()), inputLine.getRight()); From 03d5b95bdcb6a7babe483d17420d127e0cf7a449 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Fri, 5 Jul 2024 10:38:49 +0200 Subject: [PATCH 17/28] Fix test and solve code analysis warnings --- .../datadog/trace/agent/tooling/iast/stratum/FileInfo.java | 4 ++-- .../datadog/trace/agent/tooling/iast/stratum/LineInfo.java | 3 ++- .../datadog/trace/agent/tooling/iast/stratum/SourceMap.java | 1 - .../datadog/trace/agent/tooling/iast/stratum/Stratum.java | 4 +--- .../datadog/trace/agent/tooling/iast/stratum/StratumExt.java | 1 - .../trace/agent/tooling/iast/stratum/StratumManagerImpl.java | 4 ++-- 6 files changed, 7 insertions(+), 10 deletions(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java index 86d8631d41d..09e63b4bd4f 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java @@ -1,8 +1,8 @@ package datadog.trace.agent.tooling.iast.stratum; /** - * The fileInfo describes the translated-source file names - * ... + * The fileInfo describes the translated-source file names ... */ public class FileInfo { private int fileId = -1; diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java index 588eff04204..8e275784f00 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java @@ -12,7 +12,8 @@ * *

InputStartLine : OutputStartLine are optional. * - *

... + *

... */ public class LineInfo { private int fileId; diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java index 218330734b4..eb3b30b3586 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/SourceMap.java @@ -1,7 +1,6 @@ package datadog.trace.agent.tooling.iast.stratum; import java.util.ArrayList; -import java.util.Iterator; import java.util.List; public class SourceMap { diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java index 75d88f62d9b..8342315c0b9 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Stratum.java @@ -11,8 +11,6 @@ public interface Stratum { */ Pair getInputLine(final int outputLineNumber); - /** - * Returns the source file for the given file id. - */ + /** Returns the source file for the given file id. */ String getSourceFile(final int fileId); } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java index 8ab1e05916f..eb6adaeecad 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java @@ -3,7 +3,6 @@ import datadog.trace.api.Pair; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.Comparator; import java.util.List; import org.slf4j.Logger; diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index b3a9178ef49..e6f99495c23 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -10,8 +10,8 @@ import org.slf4j.LoggerFactory; /** - * Manages SMAP information for classes - * ... + * Manages SMAP information for classes ... */ public class StratumManagerImpl { From 046289f321314e96ef5c4da5b1ca482a74aae650 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Mon, 8 Jul 2024 12:40:50 +0200 Subject: [PATCH 18/28] Disable by default and add limit to the mappings --- .../com/datadog/iast/sink/SinkModuleBase.java | 16 +++--- .../iast/stratum/StratumManagerImpl.java | 39 ++++++++++++++- .../stratum/StratumManagerImplTest.groovy | 23 +++++++++ .../iastinstrumenter/SourceMapperImpl.java | 14 ++++-- .../iastinstrumenter/StratumListener.java | 4 ++ .../SourceMapperImplTest.groovy | 49 +++++++++++++++++++ .../springboot/IastSpringBootSmokeTest.groovy | 4 +- .../springboot/IastSpringBootSmokeTest.groovy | 4 +- .../datadog/trace/api/config/IastConfig.java | 2 + .../main/java/datadog/trace/api/Config.java | 26 +++++----- .../trace/api/iast/telemetry/IastMetric.java | 4 +- 11 files changed, 158 insertions(+), 27 deletions(-) create mode 100644 dd-java-agent/instrumentation/iast-instrumenter/src/test/groovy/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImplTest.groovy diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java index db01326bd40..eea381e71be 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java @@ -305,12 +305,16 @@ protected Location buildLocation( protected final StackTraceElement getCurrentStackTrace() { StackTraceElement stackTraceElement = stackWalker.walk(SinkModuleBase::findValidPackageForVulnerability); - Pair pair = - SourceMapperImpl.INSTANCE.getFileAndLine( - stackTraceElement.getClassName(), stackTraceElement.getLineNumber()); - if (pair != null) { - return new StackTraceElement( - pair.getLeft(), stackTraceElement.getMethodName(), pair.getLeft(), pair.getRight()); + // If the source mapper is enabled, we should try to map the stack trace element to the original + // source file + if (SourceMapperImpl.INSTANCE != null) { + Pair pair = + SourceMapperImpl.INSTANCE.getFileAndLine( + stackTraceElement.getClassName(), stackTraceElement.getLineNumber()); + if (pair != null && pair.getLeft() != null && pair.getRight() != null) { + return new StackTraceElement( + pair.getLeft(), stackTraceElement.getMethodName(), pair.getLeft(), pair.getRight()); + } } return stackTraceElement; } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index e6f99495c23..6665ffb2669 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -1,7 +1,10 @@ package datadog.trace.agent.tooling.iast.stratum; +import com.sun.istack.internal.NotNull; import datadog.trace.agent.tooling.iast.stratum.parser.Parser; -import java.util.Map; +import datadog.trace.api.Config; +import datadog.trace.api.iast.telemetry.IastMetric; +import datadog.trace.api.iast.telemetry.IastMetricCollector; import java.util.concurrent.ConcurrentHashMap; import net.bytebuddy.utility.OpenedClassReader; import org.objectweb.asm.ClassReader; @@ -21,7 +24,8 @@ private StratumManagerImpl() { // Prevent instantiation } - private final Map map = new ConcurrentHashMap<>(); + private final LimitedConcurrentHashMap map = + new LimitedConcurrentHashMap<>(Config.get().getIastSourceMappingMaxSize()); public final StratumExt NO_DEBUG_INFO = new StratumExt(); @@ -37,6 +41,9 @@ public static boolean shouldBeAnalyzed(final String internalClassName) { } public void analyzeClass(final byte[] bytes) { + if (map.isLimitReached()) { + return; + } StratumExt s = getDefaultStratum(bytes); if (s != null) { map.put(s.getName(), s); @@ -118,4 +125,32 @@ public void visitSource(final String source, final String debug) { return result; } + + static class LimitedConcurrentHashMap extends ConcurrentHashMap { + private final int maxSize; + private boolean limitReached = false; + + public LimitedConcurrentHashMap(int maxSize) { + this.maxSize = maxSize; + } + + @Override + public V put(@NotNull K key, @NotNull V value) { + synchronized (this) { + if (limitReached) { + return null; + } + V result = super.put(key, value); + if (this.size() == maxSize) { + IastMetricCollector.add(IastMetric.SOURCE_MAPPING_LIMIT_REACHED, (byte) 0, 1); + limitReached = true; + } + return result; + } + } + + public boolean isLimitReached() { + return limitReached; + } + } } diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy index 0b1fa9b4177..6c565c3f98d 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy @@ -1,5 +1,6 @@ package datadog.trace.agent.tooling.iast.stratum +import datadog.trace.api.config.IastConfig import datadog.trace.test.util.DDSpecification import org.apache.commons.io.FileUtils @@ -38,4 +39,26 @@ class StratumManagerImplTest extends DDSpecification { result.getSourceFile(inputLine.left) == "register.jsp" result } + + void 'test limit reached'(){ + setup: + injectSysConfig(IastConfig.IAST_SOURCE_MAPPING_MAX_SIZE, "1") + byte[] data = FileUtils.readFileToByteArray(new File("src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class")) + + when: + StratumManagerImpl.INSTANCE.analyzeClass(data) + + then: + final result = StratumManagerImpl.INSTANCE.get("org.apache.jsp.register_jsp") + result != null + StratumManagerImpl.INSTANCE.map.size() == 1 + StratumManagerImpl.INSTANCE.map.isLimitReached() + + when: + StratumManagerImpl.INSTANCE.analyzeClass(new byte[0]) + + then: + StratumManagerImpl.INSTANCE.map.size() == 1 + StratumManagerImpl.INSTANCE.map.isLimitReached() + } } diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java index 7ec5719f131..4f976ffec3a 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java @@ -2,20 +2,28 @@ import datadog.trace.agent.tooling.iast.stratum.Stratum; import datadog.trace.agent.tooling.iast.stratum.StratumManagerImpl; +import datadog.trace.api.Config; import datadog.trace.api.Pair; import datadog.trace.api.iast.stratum.SourceMapper; public class SourceMapperImpl implements SourceMapper { - public static final SourceMapperImpl INSTANCE = new SourceMapperImpl(); + // This is only available if IAST source mapping is enabled + public static final SourceMapperImpl INSTANCE = + Config.get().isIastSourceMappingEnabled() + ? new SourceMapperImpl(StratumManagerImpl.INSTANCE) + : null; - private SourceMapperImpl() { + private final StratumManagerImpl stratumManager; + + private SourceMapperImpl(StratumManagerImpl stratumManager) { // Prevent instantiation + this.stratumManager = stratumManager; } @Override public Pair getFileAndLine(String className, int lineNumber) { - Stratum stratum = StratumManagerImpl.INSTANCE.get(className); + Stratum stratum = stratumManager.get(className); if (stratum == null) { return null; } diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java index 35b0fa93df2..def6e7fb7d9 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java @@ -10,6 +10,10 @@ public class StratumListener implements Advices.Listener { public static final StratumListener INSTANCE = new StratumListener(); + private StratumListener() { + // Prevent instantiation + } + @Override public void onConstantPool( @Nonnull TypeDescription type, @Nonnull ConstantPool pool, byte[] classFile) { diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/test/groovy/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImplTest.groovy b/dd-java-agent/instrumentation/iast-instrumenter/src/test/groovy/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImplTest.groovy new file mode 100644 index 00000000000..d68ec3269c5 --- /dev/null +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/test/groovy/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImplTest.groovy @@ -0,0 +1,49 @@ +package datadog.trace.instrumentation.iastinstrumenter + +import datadog.trace.agent.test.AgentTestRunner +import datadog.trace.agent.tooling.iast.stratum.Stratum +import datadog.trace.agent.tooling.iast.stratum.StratumManagerImpl +import datadog.trace.api.Pair + +class SourceMapperImplTest extends AgentTestRunner { + + void 'test is disabled by default'(){ + when: + def instance = SourceMapperImpl.INSTANCE + + then: + instance == null + } + + void 'test getFileAndLine'(){ + setup: + final stratumManager = Mock(StratumManagerImpl) + final stratum = Mock(Stratum) + final sourceMapper = new SourceMapperImpl(stratumManager) + + when: + def result = sourceMapper.getFileAndLine("foo/bar/Baz", 42) + + then: "no stratum for this class" + 1 * stratumManager.get("foo/bar/Baz") >> null + result == null + + when: + result = sourceMapper.getFileAndLine("foo/bar/Baz", 42) + + then: "stratum exists but could not get input line number from stratum" + 1 * stratumManager.get("foo/bar/Baz") >> stratum + 1 * stratum.getInputLine(_) >> null + result == null + + when: + result = sourceMapper.getFileAndLine("foo/bar/Baz", 42) + + then: "stratum exists and input line number is found" + 1 * stratumManager.get("foo/bar/Baz") >> stratum + 1 * stratum.getInputLine(_) >> new Pair<>(1, 52) + 1 * stratum.getSourceFile(1) >> "foo/bar/Baz.jsp" + result.getLeft() == "foo/bar/Baz.jsp" + result.getRight() == 52 + } +} diff --git a/dd-smoke-tests/springboot-jetty-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy b/dd-smoke-tests/springboot-jetty-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy index 315935fd7aa..fae89b6cefd 100644 --- a/dd-smoke-tests/springboot-jetty-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy +++ b/dd-smoke-tests/springboot-jetty-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy @@ -7,6 +7,7 @@ import okhttp3.Response import static datadog.trace.api.config.IastConfig.IAST_DEBUG_ENABLED import static datadog.trace.api.config.IastConfig.IAST_DETECTION_MODE import static datadog.trace.api.config.IastConfig.IAST_ENABLED +import static datadog.trace.api.config.IastConfig.IAST_SOURCE_MAPPING_ENABLED class IastSpringBootSmokeTest extends AbstractIastServerSmokeTest { @@ -20,7 +21,8 @@ class IastSpringBootSmokeTest extends AbstractIastServerSmokeTest { command.addAll([ withSystemProperty(IAST_ENABLED, true), withSystemProperty(IAST_DETECTION_MODE, 'FULL'), - withSystemProperty(IAST_DEBUG_ENABLED, true) + withSystemProperty(IAST_DEBUG_ENABLED, true), + withSystemProperty(IAST_SOURCE_MAPPING_ENABLED, true) ]) command.addAll((String[]) ['-jar', springBootWar, "--server.port=${httpPort}"]) ProcessBuilder processBuilder = new ProcessBuilder(command) diff --git a/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy b/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy index 315935fd7aa..fae89b6cefd 100644 --- a/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy +++ b/dd-smoke-tests/springboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy @@ -7,6 +7,7 @@ import okhttp3.Response import static datadog.trace.api.config.IastConfig.IAST_DEBUG_ENABLED import static datadog.trace.api.config.IastConfig.IAST_DETECTION_MODE import static datadog.trace.api.config.IastConfig.IAST_ENABLED +import static datadog.trace.api.config.IastConfig.IAST_SOURCE_MAPPING_ENABLED class IastSpringBootSmokeTest extends AbstractIastServerSmokeTest { @@ -20,7 +21,8 @@ class IastSpringBootSmokeTest extends AbstractIastServerSmokeTest { command.addAll([ withSystemProperty(IAST_ENABLED, true), withSystemProperty(IAST_DETECTION_MODE, 'FULL'), - withSystemProperty(IAST_DEBUG_ENABLED, true) + withSystemProperty(IAST_DEBUG_ENABLED, true), + withSystemProperty(IAST_SOURCE_MAPPING_ENABLED, true) ]) command.addAll((String[]) ['-jar', springBootWar, "--server.port=${httpPort}"]) ProcessBuilder processBuilder = new ProcessBuilder(command) diff --git a/dd-trace-api/src/main/java/datadog/trace/api/config/IastConfig.java b/dd-trace-api/src/main/java/datadog/trace/api/config/IastConfig.java index cd6ae363226..973d706a6f1 100644 --- a/dd-trace-api/src/main/java/datadog/trace/api/config/IastConfig.java +++ b/dd-trace-api/src/main/java/datadog/trace/api/config/IastConfig.java @@ -23,6 +23,8 @@ public final class IastConfig { public static final String IAST_TRUNCATION_MAX_VALUE_LENGTH = "iast.truncation.max.value.length"; public static final String IAST_CONTEXT_MODE = "iast.context.mode"; public static final String IAST_ANONYMOUS_CLASSES_ENABLED = "iast.anonymous-classes.enabled"; + public static final String IAST_SOURCE_MAPPING_ENABLED = "iast.source-mapping.enabled"; + public static final String IAST_SOURCE_MAPPING_MAX_SIZE = "iast.source-mapping.max-size"; private IastConfig() {} } diff --git a/internal-api/src/main/java/datadog/trace/api/Config.java b/internal-api/src/main/java/datadog/trace/api/Config.java index f128c9febe6..a94189b22cc 100644 --- a/internal-api/src/main/java/datadog/trace/api/Config.java +++ b/internal-api/src/main/java/datadog/trace/api/Config.java @@ -292,19 +292,7 @@ import static datadog.trace.api.config.GeneralConfig.TRIAGE_REPORT_DIR; import static datadog.trace.api.config.GeneralConfig.TRIAGE_REPORT_TRIGGER; import static datadog.trace.api.config.GeneralConfig.VERSION; -import static datadog.trace.api.config.IastConfig.IAST_ANONYMOUS_CLASSES_ENABLED; -import static datadog.trace.api.config.IastConfig.IAST_CONTEXT_MODE; -import static datadog.trace.api.config.IastConfig.IAST_DEBUG_ENABLED; -import static datadog.trace.api.config.IastConfig.IAST_DETECTION_MODE; -import static datadog.trace.api.config.IastConfig.IAST_HARDCODED_SECRET_ENABLED; -import static datadog.trace.api.config.IastConfig.IAST_REDACTION_ENABLED; -import static datadog.trace.api.config.IastConfig.IAST_REDACTION_NAME_PATTERN; -import static datadog.trace.api.config.IastConfig.IAST_REDACTION_VALUE_PATTERN; -import static datadog.trace.api.config.IastConfig.IAST_STACKTRACE_LEAK_SUPPRESS; -import static datadog.trace.api.config.IastConfig.IAST_TELEMETRY_VERBOSITY; -import static datadog.trace.api.config.IastConfig.IAST_TRUNCATION_MAX_VALUE_LENGTH; -import static datadog.trace.api.config.IastConfig.IAST_WEAK_CIPHER_ALGORITHMS; -import static datadog.trace.api.config.IastConfig.IAST_WEAK_HASH_ALGORITHMS; +import static datadog.trace.api.config.IastConfig.*; import static datadog.trace.api.config.JmxFetchConfig.JMX_FETCH_CHECK_PERIOD; import static datadog.trace.api.config.JmxFetchConfig.JMX_FETCH_CONFIG; import static datadog.trace.api.config.JmxFetchConfig.JMX_FETCH_CONFIG_DIR; @@ -776,6 +764,8 @@ static class HostNameHolder { private final IastContext.Mode iastContextMode; private final boolean iastHardcodedSecretEnabled; private final boolean iastAnonymousClassesEnabled; + private final boolean iastSourceMappingEnabled; + private final int iastSourceMappingMaxSize; private final boolean ciVisibilityTraceSanitationEnabled; private final boolean ciVisibilityAgentlessEnabled; @@ -1746,6 +1736,8 @@ PROFILING_DATADOG_PROFILER_ENABLED, isDatadogProfilerSafeInCurrentEnvironment()) iastAnonymousClassesEnabled = configProvider.getBoolean( IAST_ANONYMOUS_CLASSES_ENABLED, DEFAULT_IAST_ANONYMOUS_CLASSES_ENABLED); + iastSourceMappingEnabled = configProvider.getBoolean(IAST_SOURCE_MAPPING_ENABLED, false); + iastSourceMappingMaxSize = configProvider.getInteger(IAST_SOURCE_MAPPING_MAX_SIZE, 100); ciVisibilityTraceSanitationEnabled = configProvider.getBoolean(CIVISIBILITY_TRACE_SANITATION_ENABLED, true); @@ -2979,6 +2971,14 @@ public boolean isIastHardcodedSecretEnabled() { return iastHardcodedSecretEnabled; } + public boolean isIastSourceMappingEnabled() { + return iastSourceMappingEnabled; + } + + public int getIastSourceMappingMaxSize() { + return iastSourceMappingMaxSize; + } + public IastDetectionMode getIastDetectionMode() { return iastDetectionMode; } diff --git a/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetric.java b/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetric.java index 0421715bc51..6e2942b3a03 100644 --- a/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetric.java +++ b/internal-api/src/main/java/datadog/trace/api/iast/telemetry/IastMetric.java @@ -19,7 +19,9 @@ public enum IastMetric { EXECUTED_TAINTED("executed.tainted", true, Scope.REQUEST, Verbosity.DEBUG), REQUEST_TAINTED("request.tainted", true, Scope.REQUEST, Verbosity.INFORMATION), TAINTED_FLAT_MODE("tainted.flat.mode", false, Scope.GLOBAL, Verbosity.INFORMATION), - JSON_TAG_SIZE_EXCEED("json.tag.size.exceeded", true, Scope.GLOBAL, Verbosity.INFORMATION); + JSON_TAG_SIZE_EXCEED("json.tag.size.exceeded", true, Scope.GLOBAL, Verbosity.INFORMATION), + SOURCE_MAPPING_LIMIT_REACHED( + "source.mapping.limit.reached", true, Scope.GLOBAL, Verbosity.INFORMATION); private static final int COUNT; From 5351f62026cc9183d1d5575e52257c49c2b890bf Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Mon, 8 Jul 2024 12:43:14 +0200 Subject: [PATCH 19/28] Fix code analysis --- .../src/main/java/com/datadog/iast/sink/SinkModuleBase.java | 2 ++ .../trace/agent/tooling/iast/stratum/StratumManagerImpl.java | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java index eea381e71be..fbde0f4c962 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java @@ -212,6 +212,7 @@ protected Evidence checkInjectionDeeply(final VulnerabilityType type, final Obje } @Nullable + @SuppressWarnings("unused") protected Evidence checkInjectionDeeply( final VulnerabilityType type, final Object value, @@ -220,6 +221,7 @@ protected Evidence checkInjectionDeeply( } @Nullable + @SuppressWarnings("unused") protected Evidence checkInjectionDeeply( final VulnerabilityType type, final Object value, diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index 6665ffb2669..7853efa0193 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -1,6 +1,5 @@ package datadog.trace.agent.tooling.iast.stratum; -import com.sun.istack.internal.NotNull; import datadog.trace.agent.tooling.iast.stratum.parser.Parser; import datadog.trace.api.Config; import datadog.trace.api.iast.telemetry.IastMetric; @@ -135,7 +134,7 @@ public LimitedConcurrentHashMap(int maxSize) { } @Override - public V put(@NotNull K key, @NotNull V value) { + public V put(K key, V value) { synchronized (this) { if (limitReached) { return null; From a6fefdbaef9093636b7aae1a535d1b79161f4f09 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Tue, 9 Jul 2024 07:52:52 +0200 Subject: [PATCH 20/28] Fix test --- .../trace/agent/tooling/iast/stratum/StratumManagerImpl.java | 2 +- .../agent/tooling/iast/stratum/StratumManagerImplTest.groovy | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index 7853efa0193..48a9f9696c9 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -140,7 +140,7 @@ public V put(K key, V value) { return null; } V result = super.put(key, value); - if (this.size() == maxSize) { + if (this.size() >= maxSize) { IastMetricCollector.add(IastMetric.SOURCE_MAPPING_LIMIT_REACHED, (byte) 0, 1); limitReached = true; } diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy index 6c565c3f98d..5b0de313f5a 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy @@ -52,7 +52,6 @@ class StratumManagerImplTest extends DDSpecification { final result = StratumManagerImpl.INSTANCE.get("org.apache.jsp.register_jsp") result != null StratumManagerImpl.INSTANCE.map.size() == 1 - StratumManagerImpl.INSTANCE.map.isLimitReached() when: StratumManagerImpl.INSTANCE.analyzeClass(new byte[0]) From 428334d271641b19548b81d1c11bf7120dc6a0e1 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Tue, 9 Jul 2024 08:20:53 +0200 Subject: [PATCH 21/28] remove unnecessary null check --- .../instrumentation/iastinstrumenter/SourceMapperImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java index 4f976ffec3a..2440396a189 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java @@ -28,7 +28,7 @@ public Pair getFileAndLine(String className, int lineNumber) { return null; } Pair inputLine = stratum.getInputLine(lineNumber); - if (inputLine == null || inputLine.getLeft() == null) { + if (inputLine == null) { return null; } return Pair.of(stratum.getSourceFile(inputLine.getLeft()), inputLine.getRight()); From 164331d5643de94e36e97d9effa88f6ff6565130 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Tue, 9 Jul 2024 11:15:33 +0200 Subject: [PATCH 22/28] improve StratumManagerImpl --- .../iast/stratum/StratumManagerImpl.java | 37 ++++++++++++------- .../stratum/StratumManagerImplTest.groovy | 16 ++++---- 2 files changed, 31 insertions(+), 22 deletions(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java index 48a9f9696c9..ec1c0468e84 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java @@ -4,6 +4,7 @@ import datadog.trace.api.Config; import datadog.trace.api.iast.telemetry.IastMetric; import datadog.trace.api.iast.telemetry.IastMetricCollector; +import java.util.Map; import java.util.concurrent.ConcurrentHashMap; import net.bytebuddy.utility.OpenedClassReader; import org.objectweb.asm.ClassReader; @@ -19,18 +20,19 @@ public class StratumManagerImpl { private static final Logger LOG = LoggerFactory.getLogger(StratumManagerImpl.class); - private StratumManagerImpl() { - // Prevent instantiation - } - - private final LimitedConcurrentHashMap map = - new LimitedConcurrentHashMap<>(Config.get().getIastSourceMappingMaxSize()); + private final LimitedConcurrentHashMap map; public final StratumExt NO_DEBUG_INFO = new StratumExt(); private boolean EMPTY_DEBUG_INFO; - public static final StratumManagerImpl INSTANCE = new StratumManagerImpl(); + public static final StratumManagerImpl INSTANCE = + new StratumManagerImpl(Config.get().getIastSourceMappingMaxSize()); + + private StratumManagerImpl(int sourceMappingLimit) { + // Prevent instantiation + this.map = new LimitedConcurrentHashMap(sourceMappingLimit); + } public static boolean shouldBeAnalyzed(final String internalClassName) { return internalClassName.contains("jsp") @@ -125,31 +127,38 @@ public void visitSource(final String source, final String debug) { return result; } - static class LimitedConcurrentHashMap extends ConcurrentHashMap { + static class LimitedConcurrentHashMap { private final int maxSize; - private boolean limitReached = false; + private volatile boolean limitReached = false; + private final Map map = new ConcurrentHashMap<>(); public LimitedConcurrentHashMap(int maxSize) { this.maxSize = maxSize; } - @Override - public V put(K key, V value) { + public void put(String className, StratumExt value) { synchronized (this) { if (limitReached) { - return null; + return; } - V result = super.put(key, value); + map.put(className, value); if (this.size() >= maxSize) { IastMetricCollector.add(IastMetric.SOURCE_MAPPING_LIMIT_REACHED, (byte) 0, 1); limitReached = true; } - return result; } } + public int size() { + return map.size(); + } + public boolean isLimitReached() { return limitReached; } + + public StratumExt get(String classname) { + return map.get(classname); + } } } diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy index 5b0de313f5a..398e3c82696 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy @@ -1,6 +1,5 @@ package datadog.trace.agent.tooling.iast.stratum -import datadog.trace.api.config.IastConfig import datadog.trace.test.util.DDSpecification import org.apache.commons.io.FileUtils @@ -42,22 +41,23 @@ class StratumManagerImplTest extends DDSpecification { void 'test limit reached'(){ setup: - injectSysConfig(IastConfig.IAST_SOURCE_MAPPING_MAX_SIZE, "1") + def newStratumManager = new StratumManagerImpl(1) byte[] data = FileUtils.readFileToByteArray(new File("src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class")) when: - StratumManagerImpl.INSTANCE.analyzeClass(data) + newStratumManager.analyzeClass(data) then: - final result = StratumManagerImpl.INSTANCE.get("org.apache.jsp.register_jsp") + final result =newStratumManager.get("org.apache.jsp.register_jsp") result != null - StratumManagerImpl.INSTANCE.map.size() == 1 + newStratumManager.map.size() == 1 + newStratumManager.map.isLimitReached() when: - StratumManagerImpl.INSTANCE.analyzeClass(new byte[0]) + newStratumManager.analyzeClass(new byte[0]) then: - StratumManagerImpl.INSTANCE.map.size() == 1 - StratumManagerImpl.INSTANCE.map.isLimitReached() + newStratumManager.map.size() == 1 + newStratumManager.map.isLimitReached() } } From ff841a026331f877ab74364d9f67155e67c408ba Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Wed, 10 Jul 2024 07:58:37 +0200 Subject: [PATCH 23/28] Refactor --- .../{StratumManagerImpl.java => StratumManager.java} | 11 ++++++----- ...nagerImplTest.groovy => StratumManagerTest.groovy} | 10 +++++----- .../iastinstrumenter/SourceMapperImpl.java | 8 ++++---- .../iastinstrumenter/StratumListener.java | 6 +++--- .../iastinstrumenter/SourceMapperImplTest.groovy | 4 ++-- 5 files changed, 20 insertions(+), 19 deletions(-) rename dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/{StratumManagerImpl.java => StratumManager.java} (94%) rename dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/{StratumManagerImplTest.groovy => StratumManagerTest.groovy} (81%) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java similarity index 94% rename from dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java rename to dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java index ec1c0468e84..1e23690f7d8 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java @@ -16,9 +16,9 @@ * Manages SMAP information for classes ... */ -public class StratumManagerImpl { +public class StratumManager { - private static final Logger LOG = LoggerFactory.getLogger(StratumManagerImpl.class); + private static final Logger LOG = LoggerFactory.getLogger(StratumManager.class); private final LimitedConcurrentHashMap map; @@ -26,10 +26,10 @@ public class StratumManagerImpl { private boolean EMPTY_DEBUG_INFO; - public static final StratumManagerImpl INSTANCE = - new StratumManagerImpl(Config.get().getIastSourceMappingMaxSize()); + public static final StratumManager INSTANCE = + new StratumManager(Config.get().getIastSourceMappingMaxSize()); - private StratumManagerImpl(int sourceMappingLimit) { + private StratumManager(int sourceMappingLimit) { // Prevent instantiation this.map = new LimitedConcurrentHashMap(sourceMappingLimit); } @@ -101,6 +101,7 @@ private StratumExt getDefaultStratum(final byte[] bytes) { return null; } + /** Get name and debug info */ private String[] extractSourceDebugExtensionASM(final byte[] classBytes) { ClassReader cr = new ClassReader(classBytes); final String[] result = new String[2]; diff --git a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy similarity index 81% rename from dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy rename to dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy index 398e3c82696..9fe6c727180 100644 --- a/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy +++ b/dd-java-agent/agent-tooling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerTest.groovy @@ -3,12 +3,12 @@ package datadog.trace.agent.tooling.iast.stratum import datadog.trace.test.util.DDSpecification import org.apache.commons.io.FileUtils -class StratumManagerImplTest extends DDSpecification { +class StratumManagerTest extends DDSpecification { void 'test shouldBeAnalyzed'(){ when: - def result = StratumManagerImpl.shouldBeAnalyzed(internalClassName) + def result = StratumManager.shouldBeAnalyzed(internalClassName) then: result == expected @@ -28,10 +28,10 @@ class StratumManagerImplTest extends DDSpecification { byte[] data = FileUtils.readFileToByteArray(new File("src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class")) when: - StratumManagerImpl.INSTANCE.analyzeClass(data) + StratumManager.INSTANCE.analyzeClass(data) then: - final result = StratumManagerImpl.INSTANCE.get("org.apache.jsp.register_jsp") + final result = StratumManager.INSTANCE.get("org.apache.jsp.register_jsp") result != null final inputLine = result.getInputLine(216) inputLine.right == 70 @@ -41,7 +41,7 @@ class StratumManagerImplTest extends DDSpecification { void 'test limit reached'(){ setup: - def newStratumManager = new StratumManagerImpl(1) + def newStratumManager = new StratumManager(1) byte[] data = FileUtils.readFileToByteArray(new File("src/test/resources/datadog.trace.agent.tooling.stratum/register_jsp.class")) when: diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java index 2440396a189..ef65b6b4ccb 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImpl.java @@ -1,7 +1,7 @@ package datadog.trace.instrumentation.iastinstrumenter; import datadog.trace.agent.tooling.iast.stratum.Stratum; -import datadog.trace.agent.tooling.iast.stratum.StratumManagerImpl; +import datadog.trace.agent.tooling.iast.stratum.StratumManager; import datadog.trace.api.Config; import datadog.trace.api.Pair; import datadog.trace.api.iast.stratum.SourceMapper; @@ -11,12 +11,12 @@ public class SourceMapperImpl implements SourceMapper { // This is only available if IAST source mapping is enabled public static final SourceMapperImpl INSTANCE = Config.get().isIastSourceMappingEnabled() - ? new SourceMapperImpl(StratumManagerImpl.INSTANCE) + ? new SourceMapperImpl(StratumManager.INSTANCE) : null; - private final StratumManagerImpl stratumManager; + private final StratumManager stratumManager; - private SourceMapperImpl(StratumManagerImpl stratumManager) { + private SourceMapperImpl(StratumManager stratumManager) { // Prevent instantiation this.stratumManager = stratumManager; } diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java index def6e7fb7d9..cf03a62911f 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java @@ -2,7 +2,7 @@ import datadog.trace.agent.tooling.bytebuddy.csi.Advices; import datadog.trace.agent.tooling.bytebuddy.csi.ConstantPool; -import datadog.trace.agent.tooling.iast.stratum.StratumManagerImpl; +import datadog.trace.agent.tooling.iast.stratum.StratumManager; import javax.annotation.Nonnull; import net.bytebuddy.description.type.TypeDescription; @@ -17,8 +17,8 @@ private StratumListener() { @Override public void onConstantPool( @Nonnull TypeDescription type, @Nonnull ConstantPool pool, byte[] classFile) { - if (StratumManagerImpl.shouldBeAnalyzed(type.getInternalName())) { - StratumManagerImpl.INSTANCE.analyzeClass(classFile); + if (StratumManager.shouldBeAnalyzed(type.getInternalName())) { + StratumManager.INSTANCE.analyzeClass(classFile); } } } diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/test/groovy/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImplTest.groovy b/dd-java-agent/instrumentation/iast-instrumenter/src/test/groovy/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImplTest.groovy index d68ec3269c5..9642bdf50b6 100644 --- a/dd-java-agent/instrumentation/iast-instrumenter/src/test/groovy/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImplTest.groovy +++ b/dd-java-agent/instrumentation/iast-instrumenter/src/test/groovy/datadog/trace/instrumentation/iastinstrumenter/SourceMapperImplTest.groovy @@ -2,7 +2,7 @@ package datadog.trace.instrumentation.iastinstrumenter import datadog.trace.agent.test.AgentTestRunner import datadog.trace.agent.tooling.iast.stratum.Stratum -import datadog.trace.agent.tooling.iast.stratum.StratumManagerImpl +import datadog.trace.agent.tooling.iast.stratum.StratumManager import datadog.trace.api.Pair class SourceMapperImplTest extends AgentTestRunner { @@ -17,7 +17,7 @@ class SourceMapperImplTest extends AgentTestRunner { void 'test getFileAndLine'(){ setup: - final stratumManager = Mock(StratumManagerImpl) + final stratumManager = Mock(StratumManager) final stratum = Mock(Stratum) final sourceMapper = new SourceMapperImpl(stratumManager) From b2950d6735ea68a2a466e590fe48c9230f7f67fa Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Thu, 18 Jul 2024 08:30:33 +0200 Subject: [PATCH 24/28] change log error for debug --- .../datadog/trace/agent/tooling/iast/stratum/StratumExt.java | 2 +- .../trace/agent/tooling/iast/stratum/StratumManager.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java index eb6adaeecad..cac2ebdb1d9 100755 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java @@ -51,7 +51,7 @@ public Pair getInputLine(final int outputLineNumber) { } } } catch (Exception e) { - LOG.error("Could not get input line number from stratum", e); + LOG.debug("Could not get input line number from stratum", e); } return null; } diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java index 1e23690f7d8..01283928b22 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java @@ -73,7 +73,7 @@ private SourceMap getResolvedSmap(final String smap) { .forEach(stratum -> stratum.getLineInfo().forEach(li -> li.setFileInfo(null))); return result; } catch (Exception e) { - LOG.error("Could not get resolved source map from smap", e); + LOG.debug("Could not get resolved source map from smap", e); } return null; } @@ -96,7 +96,7 @@ private StratumExt getDefaultStratum(final byte[] bytes) { stratum.setName(classData[0]); return stratum; } catch (Exception e) { - LOG.error("Could not get default stratum from byte array", e); + LOG.debug("Could not get default stratum from byte array", e); } return null; } From 7ab42fbbe54ccc056a6c3723a89c364a8077c0f0 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Fri, 19 Jul 2024 16:02:56 +0200 Subject: [PATCH 25/28] increase default limit to 1000 --- internal-api/src/main/java/datadog/trace/api/Config.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal-api/src/main/java/datadog/trace/api/Config.java b/internal-api/src/main/java/datadog/trace/api/Config.java index a94189b22cc..e7511970281 100644 --- a/internal-api/src/main/java/datadog/trace/api/Config.java +++ b/internal-api/src/main/java/datadog/trace/api/Config.java @@ -1737,7 +1737,7 @@ PROFILING_DATADOG_PROFILER_ENABLED, isDatadogProfilerSafeInCurrentEnvironment()) configProvider.getBoolean( IAST_ANONYMOUS_CLASSES_ENABLED, DEFAULT_IAST_ANONYMOUS_CLASSES_ENABLED); iastSourceMappingEnabled = configProvider.getBoolean(IAST_SOURCE_MAPPING_ENABLED, false); - iastSourceMappingMaxSize = configProvider.getInteger(IAST_SOURCE_MAPPING_MAX_SIZE, 100); + iastSourceMappingMaxSize = configProvider.getInteger(IAST_SOURCE_MAPPING_MAX_SIZE, 1000); ciVisibilityTraceSanitationEnabled = configProvider.getBoolean(CIVISIBILITY_TRACE_SANITATION_ENABLED, true); From 8f6f8f56b4b30470e9565158274d11c50d8c5a6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Gonz=C3=A1lez=20Garc=C3=ADa?= Date: Tue, 23 Jul 2024 17:43:32 +0200 Subject: [PATCH 26/28] Update dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Manuel Álvarez Álvarez --- .../trace/agent/tooling/iast/stratum/StratumManager.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java index 01283928b22..fc49d90c235 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java @@ -144,7 +144,7 @@ public void put(String className, StratumExt value) { } map.put(className, value); if (this.size() >= maxSize) { - IastMetricCollector.add(IastMetric.SOURCE_MAPPING_LIMIT_REACHED, (byte) 0, 1); + IastMetricCollector.add(IastMetric.SOURCE_MAPPING_LIMIT_REACHED, 1); limitReached = true; } } From 8e32f9f07a806e3a430165fd6b616f4cc2d5988c Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Tue, 23 Jul 2024 17:56:06 +0200 Subject: [PATCH 27/28] fix imports --- .../src/main/java/datadog/trace/api/Config.java | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/internal-api/src/main/java/datadog/trace/api/Config.java b/internal-api/src/main/java/datadog/trace/api/Config.java index e7511970281..61a274d06e0 100644 --- a/internal-api/src/main/java/datadog/trace/api/Config.java +++ b/internal-api/src/main/java/datadog/trace/api/Config.java @@ -292,7 +292,21 @@ import static datadog.trace.api.config.GeneralConfig.TRIAGE_REPORT_DIR; import static datadog.trace.api.config.GeneralConfig.TRIAGE_REPORT_TRIGGER; import static datadog.trace.api.config.GeneralConfig.VERSION; -import static datadog.trace.api.config.IastConfig.*; +import static datadog.trace.api.config.IastConfig.IAST_ANONYMOUS_CLASSES_ENABLED; +import static datadog.trace.api.config.IastConfig.IAST_CONTEXT_MODE; +import static datadog.trace.api.config.IastConfig.IAST_DEBUG_ENABLED; +import static datadog.trace.api.config.IastConfig.IAST_DETECTION_MODE; +import static datadog.trace.api.config.IastConfig.IAST_HARDCODED_SECRET_ENABLED; +import static datadog.trace.api.config.IastConfig.IAST_REDACTION_ENABLED; +import static datadog.trace.api.config.IastConfig.IAST_REDACTION_NAME_PATTERN; +import static datadog.trace.api.config.IastConfig.IAST_REDACTION_VALUE_PATTERN; +import static datadog.trace.api.config.IastConfig.IAST_SOURCE_MAPPING_ENABLED; +import static datadog.trace.api.config.IastConfig.IAST_SOURCE_MAPPING_MAX_SIZE; +import static datadog.trace.api.config.IastConfig.IAST_STACKTRACE_LEAK_SUPPRESS; +import static datadog.trace.api.config.IastConfig.IAST_TELEMETRY_VERBOSITY; +import static datadog.trace.api.config.IastConfig.IAST_TRUNCATION_MAX_VALUE_LENGTH; +import static datadog.trace.api.config.IastConfig.IAST_WEAK_CIPHER_ALGORITHMS; +import static datadog.trace.api.config.IastConfig.IAST_WEAK_HASH_ALGORITHMS; import static datadog.trace.api.config.JmxFetchConfig.JMX_FETCH_CHECK_PERIOD; import static datadog.trace.api.config.JmxFetchConfig.JMX_FETCH_CONFIG; import static datadog.trace.api.config.JmxFetchConfig.JMX_FETCH_CONFIG_DIR; From b00b96a6b107b5577181d8ec223bd776e1e3d415 Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Wed, 24 Jul 2024 08:23:08 +0200 Subject: [PATCH 28/28] remove EMPTY_DEBUG_INFO and NO_DEBUG_INFO --- .../tooling/iast/stratum/StratumManager.java | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java index fc49d90c235..4318e8a93f4 100644 --- a/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java +++ b/dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java @@ -22,10 +22,6 @@ public class StratumManager { private final LimitedConcurrentHashMap map; - public final StratumExt NO_DEBUG_INFO = new StratumExt(); - - private boolean EMPTY_DEBUG_INFO; - public static final StratumManager INSTANCE = new StratumManager(Config.get().getIastSourceMappingMaxSize()); @@ -52,14 +48,7 @@ public void analyzeClass(final byte[] bytes) { } public Stratum get(final String classname) { - StratumExt s = map.get(classname); - if (s != null) { - return s; - } else if (EMPTY_DEBUG_INFO) { - return NO_DEBUG_INFO; - } else { - return null; - } + return map.get(classname); } private SourceMap getResolvedSmap(final String smap) { @@ -82,14 +71,12 @@ private StratumExt getDefaultStratum(final byte[] bytes) { try { String[] classData = extractSourceDebugExtensionASM(bytes); if (classData[1] == null) { - EMPTY_DEBUG_INFO = true; return null; } SourceMap smap = getResolvedSmap(classData[1]); StratumExt stratum = smap != null ? smap.getStratum(smap.getDefaultStratumName()) : null; if (stratum == null) { - EMPTY_DEBUG_INFO = true; return null; }