Map JSP stack traces to file names

dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/SinkModuleBase.java

@@ -19,10 +19,12 @@
 import com.datadog.iast.util.ObjectVisitor;
 import com.datadog.iast.util.RangeBuilder;
 import datadog.trace.api.Config;
+import datadog.trace.api.Pair;
 import datadog.trace.api.iast.IastContext;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
 import datadog.trace.instrumentation.iastinstrumenter.IastExclusionTrie;
+import datadog.trace.instrumentation.iastinstrumenter.SourceMapperImpl;
 import datadog.trace.util.stacktrace.StackWalker;
 import java.util.Iterator;
 import java.util.stream.Stream;
@@ -210,6 +212,7 @@ protected Evidence checkInjectionDeeply(final VulnerabilityType type, final Obje
   }
 
   @Nullable
+  @SuppressWarnings("unused")
   protected Evidence checkInjectionDeeply(
       final VulnerabilityType type,
       final Object value,
@@ -218,6 +221,7 @@ protected Evidence checkInjectionDeeply(
   }
 
   @Nullable
+  @SuppressWarnings("unused")
   protected Evidence checkInjectionDeeply(
       final VulnerabilityType type,
       final Object value,
@@ -301,7 +305,20 @@ protected Location buildLocation(
   }
 
   protected final StackTraceElement getCurrentStackTrace() {
-    return stackWalker.walk(SinkModuleBase::findValidPackageForVulnerability);
+    StackTraceElement stackTraceElement =
+        stackWalker.walk(SinkModuleBase::findValidPackageForVulnerability);
+    // If the source mapper is enabled, we should try to map the stack trace element to the original
+    // source file
+    if (SourceMapperImpl.INSTANCE != null) {
+      Pair<String, Integer> pair =
+          SourceMapperImpl.INSTANCE.getFileAndLine(
+              stackTraceElement.getClassName(), stackTraceElement.getLineNumber());
+      if (pair != null && pair.getLeft() != null && pair.getRight() != null) {
+        return new StackTraceElement(
+            pair.getLeft(), stackTraceElement.getMethodName(), pair.getLeft(), pair.getRight());
+      }
+    }
+    return stackTraceElement;
   }
 
   static StackTraceElement findValidPackageForVulnerability(

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/AbstractStratum.java

@@ -0,0 +1,17 @@
+package datadog.trace.agent.tooling.iast.stratum;
+
+public abstract class AbstractStratum {
+  private String name;
+
+  public AbstractStratum(final String name) {
+    this.name = name;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public void setName(final String name) {
+    this.name = name;
+  }
+}

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/EmbeddedStratum.java

@@ -0,0 +1,20 @@
+package datadog.trace.agent.tooling.iast.stratum;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class EmbeddedStratum extends AbstractStratum {
+  private final List<SourceMap> sourceMapList = new ArrayList<>();
+
+  public EmbeddedStratum() {
+    this("");
+  }
+
+  public EmbeddedStratum(final String name) {
+    super(name);
+  }
+
+  public List<SourceMap> getSourceMapList() {
+    return sourceMapList;
+  }
+}

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/FileInfo.java

@@ -0,0 +1,51 @@
+package datadog.trace.agent.tooling.iast.stratum;
+
+/**
+ * The fileInfo describes the translated-source file names <a
+ * href="https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#filesection">...</a>
+ */
+public class FileInfo {
+  private int fileId = -1;
+
+  private String inputFileName;
+
+  private String inputFilePath;
+
+  public int getFileId() {
+    return fileId;
+  }
+
+  public void setFileId(final int fileId) {
+    this.fileId = fileId;
+  }
+
+  public String getInputFileName() {
+    return inputFileName;
+  }
+
+  public void setInputFileName(final String inputFileName) {
+    this.inputFileName = inputFileName;
+  }
+
+  public String getInputFilePath() {
+    if (inputFilePath == null) {
+      return inputFileName;
+    }
+    return inputFilePath;
+  }
+
+  public void setInputFilePath(final String inputFilePath) {
+    this.inputFilePath = inputFilePath;
+  }
+
+  @Override
+  public String toString() {
+    return "FileInfo [fileId="
+        + fileId
+        + ", inputFileName="
+        + inputFileName
+        + ", inputFilePath="
+        + inputFilePath
+        + "]";
+  }
+}

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/LineInfo.java

@@ -0,0 +1,103 @@
+package datadog.trace.agent.tooling.iast.stratum;
+
+/**
+ * The line section associates line numbers in the output source with line numbers and source names
+ * in the input source.
+ *
+ * <p>The format of the line section is the line section marker *L on a line by itself, followed by
+ * the lines of LineInfo. Each LineInfo has the form:
+ *
+ * <p>InputStartLine # LineFileID , RepeatCount : OutputStartLine , OutputLineIncrement where all
+ * but
+ *
+ * <p>InputStartLine : OutputStartLine are optional.
+ *
+ * <p><a
+ * href="https://jakarta.ee/specifications/debugging/2.0/jdsol-spec-2.0#stratumsection">...</a>
+ */
+public class LineInfo {
+  private int fileId;
+
+  int inputStartLine;
+
+  int repeatCount;
+
+  int outputStartLine;
+
+  int outputLineIncrement;
+
+  private FileInfo fileInfo;
+
+  public LineInfo(
+      final int fileId,
+      final int inputStartLine,
+      final int repeatCount,
+      final int outputStartLine,
+      final int outputLineIncrement) {
+    this.fileId = fileId;
+    fileInfo = null;
+    this.inputStartLine = inputStartLine;
+    this.repeatCount = repeatCount;
+    this.outputStartLine = outputStartLine;
+    this.outputLineIncrement = outputLineIncrement;
+  }
+
+  public LineInfo(
+      final FileInfo fileInfo,
+      final int inputStartLine,
+      final int repeatCount,
+      final int outputStartLine,
+      final int outputLineIncrement) {
+    fileId = -1;
+    this.fileInfo = fileInfo;
+    this.inputStartLine = inputStartLine;
+    this.repeatCount = repeatCount;
+    this.outputStartLine = outputStartLine;
+    this.outputLineIncrement = outputLineIncrement;
+  }
+
+  public int getFileId() {
+    return fileId;
+  }
+
+  public int getInputStartLine() {
+    return inputStartLine;
+  }
+
+  public int getRepeatCount() {
+    return repeatCount;
+  }
+
+  public int getOutputStartLine() {
+    return outputStartLine;
+  }
+
+  public int getOutputLineIncrement() {
+    return outputLineIncrement;
+  }
+
+  public FileInfo getFileInfo() {
+    return fileInfo;
+  }
+
+  public void setFileInfo(final FileInfo fileInfo) {
+    this.fileInfo = fileInfo;
+  }
+
+  @Override
+  public String toString() {
+    return "LineInfo [fileId="
+        + fileId
+        + ", inputStartLine="
+        + inputStartLine
+        + ", repeatCount="
+        + repeatCount
+        + ", outputStartLine="
+        + outputStartLine
+        + ", outputLineIncrement="
+        + outputLineIncrement
+        + ", fileInfo="
+        + fileInfo
+        + "]\n";
+  }
+}

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/Location.java

@@ -0,0 +1,20 @@
+package datadog.trace.agent.tooling.iast.stratum;
+
+public class Location {
+  private final FileInfo fileInfo;
+
+  private final int lineNum;
+
+  public Location(final FileInfo fileInfo, final int lineNum) {
+    this.fileInfo = fileInfo;
+    this.lineNum = lineNum;
+  }
+
+  public FileInfo getFileInfo() {
+    return fileInfo;
+  }
+
+  public int getLineNum() {
+    return lineNum;
+  }
+}

dd-java-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/ParserException.java

@@ -0,0 +1,12 @@
+package datadog.trace.agent.tooling.iast.stratum;
+
+public class ParserException extends SourceMapException {
+  /** */
+  private static final long serialVersionUID = 4991227723777615317L;
+
+  public ParserException() {}
+
+  public ParserException(final String msg) {
+    super(msg);
+  }
+}