Clean instrumentation

DataDog · Sep 30, 2024 · 6ce057d · 6ce057d
1 parent f5b5636
commit 6ce057d
Show file tree

Hide file tree

Showing 12 changed files with 29 additions and 118 deletions.
diff --git a/...nt-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/iast/NamedContext.java b/...nt-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/iast/NamedContext.java
@@ -19,8 +19,6 @@ public abstract class NamedContext {
 
   public abstract void taintName(@Nullable String name);
 
-  public abstract void setCurrentName(@Nullable final String name);
-
   @Nonnull
   public static <E> NamedContext getOrCreate(
       @Nonnull final ContextStore<E, NamedContext> store, @Nonnull final E target) {
@@ -49,9 +47,6 @@ public void taintValue(@Nullable final String value) {}
 
     @Override
     public void taintName(@Nullable final String name) {}
-
-    @Override
-    public void setCurrentName(@Nullable final String name) {}
   }
 
   private static class NamedContextImpl extends NamedContext {
@@ -83,11 +78,6 @@ public void taintName(@Nullable final String name) {
       }
     }
 
-    @Override
-    public void setCurrentName(@Nullable final String name) {
-      currentName = name;
-    }
-
     private IastContext iastCtx() {
       if (!fetched) {
         fetched = true;

diff --git a/dd-java-agent/agent-jmxfetch/integrations-core b/dd-java-agent/agent-jmxfetch/integrations-core
diff --git a/...ter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie b/...ter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
@@ -125,8 +125,6 @@
 1 graphql.*
 1 ibm.security.*
 1 io.dropwizard.*
-2 io.ebean.*
-2 io.ebeaninternal.*
 1 io.github.lukehutch.fastclasspathscanner.*
 1 io.grpc.*
 1 io.leangen.geantyref.*

diff --git a/...ntation/jackson-core/src/main/java/com/fasterxml/jackson/core/json/Json2ParserHelper.java b/...ntation/jackson-core/src/main/java/com/fasterxml/jackson/core/json/Json2ParserHelper.java
diff --git a/...ckson-core/src/main/java/com/fasterxml/jackson/core/sym/ByteQuadsCanonicalizerHelper.java b/...ckson-core/src/main/java/com/fasterxml/jackson/core/sym/ByteQuadsCanonicalizerHelper.java
diff --git a/.../src/main/java/datadog/trace/instrumentation/jackson/core/Json2ParserInstrumentation.java b/.../src/main/java/datadog/trace/instrumentation/jackson/core/Json2ParserInstrumentation.java
@@ -10,8 +10,6 @@
 
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonToken;
-import com.fasterxml.jackson.core.json.Json2ParserHelper;
-import com.fasterxml.jackson.core.json.UTF8StreamJsonParser;
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.InstrumenterModule;
@@ -70,14 +68,6 @@ public Map<String, String> contextStore() {
     return singletonMap(TARGET_TYPE, "datadog.trace.bootstrap.instrumentation.iast.NamedContext");
   }
 
-  @Override
-  public String[] helperClassNames() {
-    return new String[] {
-      "com.fasterxml.jackson.core.json" + ".Json2ParserHelper",
-      "com.fasterxml.jackson.core.sym" + ".ByteQuadsCanonicalizerHelper",
-    };
-  }
-
   public static class TextAdvice {
 
     @Advice.OnMethodExit(suppress = Throwable.class)
@@ -115,11 +105,6 @@ public static void onExit(@Advice.This JsonParser jsonParser, @Advice.Return Str
         final ContextStore<JsonParser, NamedContext> store =
             InstrumentationContext.get(JsonParser.class, NamedContext.class);
         final NamedContext context = NamedContext.getOrCreate(store, jsonParser);
-        if (jsonParser instanceof UTF8StreamJsonParser
-            && Json2ParserHelper.fetchInterned((UTF8StreamJsonParser) jsonParser)) {
-          context.setCurrentName(result);
-          return;
-        }
         context.taintName(result);
       }
     }

diff --git a/...-agent/instrumentation/jackson-core/src/test/groovy/Json2ParserInstrumentationTest.groovy b/...-agent/instrumentation/jackson-core/src/test/groovy/Json2ParserInstrumentationTest.groovy
@@ -42,32 +42,7 @@ class Json2ParserInstrumentationTest extends AgentTestRunner {
     0 * _
 
     where:
-    target << [JSON_STRING]
-  }
-
-  void 'test json parsing (tainted but field names)'() {
-    given:
-    final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
-    final module = Mock(PropagationModule)
-    InstrumentationBridge.registerIastModule(module)
-
-    and:
-    final reader = new ObjectMapper().readerFor(Map)
-
-    when:
-    final taintedResult = reader.readValue(target) as Map
-
-    then:
-    JsonOutput.toJson(taintedResult) == JSON_STRING
-    _ * module.taintObjectIfTainted(_, _)
-    _ * module.findSource(_) >> source
-    1 * module.taintString(_, 'root_value', source.origin, 'root', JSON_STRING)
-    1 * module.taintString(_, 'array_0', source.origin, 'nested_array', JSON_STRING)
-    1 * module.taintString(_, 'array_1', source.origin, 'nested_array', JSON_STRING)
-    0 * _
-
-    where:
-    target << [new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))]
+    target << testSuite()
   }
 
   void 'test json parsing (not tainted)'() {

diff --git a/...on/kafka-clients-0.11/src/iastLatestDepTest3/groovy/iast/KafkaIastDeserializerTest.groovy b/...on/kafka-clients-0.11/src/iastLatestDepTest3/groovy/iast/KafkaIastDeserializerTest.groovy
@@ -124,6 +124,10 @@ class KafkaIastDeserializerTest extends IastAgentTestRunner {
       value(instanceOf(TestBean))
       range(0, Integer.MAX_VALUE, source(origin as byte))
     }
+    to.hasTaintedObject {
+      value('name')
+      range(0, 4, source(origin as byte, 'name', 'name'))
+    }
     to.hasTaintedObject {
       value('Mr Bean')
       range(0, 7, source(origin as byte, 'name', 'Mr Bean'))

diff --git a/...umentation/kafka-clients-0.11/src/test/groovy/iast/KafkaIastDeserializerForkedTest.groovy b/...umentation/kafka-clients-0.11/src/test/groovy/iast/KafkaIastDeserializerForkedTest.groovy
@@ -122,6 +122,10 @@ class KafkaIastDeserializerForkedTest extends IastAgentTestRunner {
       value(instanceOf(TestBean))
       range(0, Integer.MAX_VALUE, source(origin as byte))
     }
+    to.hasTaintedObject {
+      value('name')
+      range(0, 4, source(origin as byte, 'name', 'name'))
+    }
     to.hasTaintedObject {
       value('Mr Bean')
       range(0, 7, source(origin as byte, 'name', 'Mr Bean'))

diff --git a/...iastTest/groovy/datadog/trace/instrumentation/springwebflux/server/IastWebFluxTest.groovy b/...iastTest/groovy/datadog/trace/instrumentation/springwebflux/server/IastWebFluxTest.groovy
@@ -275,6 +275,14 @@ class IastWebFluxTest extends IastRequestTestRunner {
 
     then:
     // source values take the value of the current object as the body is never converted to a CharSequence
+    toc.hasTaintedObject {
+      value 'var1'
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1',  'var1')
+    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  'var2')
+    }
     toc.hasTaintedObject {
       value 'foo'
       range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1',  'foo')

diff --git a/...astTest/groovy/datadog/trace/instrumentation/springwebflux6/server/IastWebFluxTest.groovy b/...astTest/groovy/datadog/trace/instrumentation/springwebflux6/server/IastWebFluxTest.groovy
@@ -278,6 +278,14 @@ class IastWebFluxTest extends IastRequestTestRunner {
 
     then:
     // source values take the value of the current object as the body is never converted to a CharSequence
+    toc.hasTaintedObject {
+      value 'var1'
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1',  'var1')
+    }
+    toc.hasTaintedObject {
+      value 'var2'
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  'var2')
+    }
     toc.hasTaintedObject {
       value 'foo'
       range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1',  'foo')

diff --git a/...sts/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastVertxSmokeTest.groovy b/...sts/iast-util/src/testFixtures/groovy/datadog/smoketest/AbstractIastVertxSmokeTest.groovy
@@ -166,6 +166,9 @@ abstract class AbstractIastVertxSmokeTest extends AbstractIastServerSmokeTest {
     client.newCall(request).execute()
 
     then:
+    hasTainted { tainted ->
+      tainted.value == 'my_key' && tainted.ranges[0].source.origin == 'http.request.body'
+    }
     hasTainted { tainted ->
       tainted.value == 'my_value' && tainted.ranges[0].source.origin == 'http.request.body'
     }