Merge branch 'master' into shatzi/fix-code-origin-tags

Author: shatzi

dd-java-agent/agent-ci-visibility/src/main/java/datadog/trace/civisibility/decorator/TestDecoratorImpl.java

@@ -15,6 +15,7 @@ public class TestDecoratorImpl implements TestDecorator {
   private final String component;
   private final String sessionName;
   private final Map<String, String> ciTags;
+  private final int cpuCount;
 
   public TestDecoratorImpl(
       String component, String sessionName, String testCommand, Map<String, String> ciTags) {
@@ -27,6 +28,7 @@ public TestDecoratorImpl(
       this.sessionName =
           Strings.isNotBlank(ciJobName) ? ciJobName + "-" + testCommand : testCommand;
     }
+    cpuCount = Runtime.getRuntime().availableProcessors();
   }
 
   protected String testType() {
@@ -46,6 +48,7 @@ public CharSequence component() {
   public AgentSpan afterStart(final AgentSpan span) {
     span.setSamplingPriority(PrioritySampling.SAMPLER_KEEP);
     span.setTag(DDTags.ORIGIN_KEY, CIAPP_TEST_ORIGIN);
+    span.setTag(DDTags.HOST_VCPU_COUNT, cpuCount);
     span.setTag(Tags.TEST_TYPE, testType());
     span.setTag(Tags.COMPONENT, component());
     span.setTag(Tags.TEST_SESSION_NAME, sessionName);

dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/decorator/TestDecoratorImplTest.groovy

@@ -23,6 +23,7 @@ class TestDecoratorImplTest extends Specification {
     1 * span.setTag(Tags.TEST_TYPE, decorator.testType())
     1 * span.setSamplingPriority(PrioritySampling.SAMPLER_KEEP)
     1 * span.setTag(DDTags.ORIGIN_KEY, decorator.origin())
+    1 * span.setTag(DDTags.HOST_VCPU_COUNT, Runtime.runtime.availableProcessors())
     1 * span.setTag("ci-tag-1", "value")
     1 * span.setTag("ci-tag-2", "another value")
 

dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/agent/DebuggerAgent.java

@@ -48,7 +48,6 @@
 /** Debugger agent implementation */
 public class DebuggerAgent {
   private static final Logger LOGGER = LoggerFactory.getLogger(DebuggerAgent.class);
-  public static final Duration EXCEPTION_CAPTURE_INTERVAL = Duration.ofHours(1);
   private static ConfigurationPoller configurationPoller;
   private static DebuggerSink sink;
   private static String agentVersion;
@@ -95,7 +94,7 @@ public static synchronized void run(
           new DefaultExceptionDebugger(
               configurationUpdater,
               classNameFiltering,
-              EXCEPTION_CAPTURE_INTERVAL,
+              Duration.ofSeconds(config.getDebuggerExceptionCaptureInterval()),
               config.getDebuggerMaxExceptionPerSecond());
       DebuggerContext.initExceptionDebugger(defaultExceptionDebugger);
     }

dd-java-agent/agent-debugger/src/main/java/com/datadog/debugger/probe/LogProbe.java

@@ -41,6 +41,7 @@
 import java.util.List;
 import java.util.Objects;
 import java.util.regex.Pattern;
+import java.util.function.Consumer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -575,24 +576,33 @@ protected boolean fillSnapshot(
       shouldCommit = true;
     }
     if (entryStatus.shouldReportError()) {
-      if (entryContext.getCapturedThrowable() != null) {
-        // report also uncaught exception
-        snapshot.setEntry(entryContext);
-      }
-      snapshot.addEvaluationErrors(entryStatus.getErrors());
+      populateErrors(entryContext, snapshot, entryStatus, snapshot::setEntry);
       shouldCommit = true;
     }
     if (exitStatus.shouldReportError()) {
-      if (exitContext.getCapturedThrowable() != null) {
-        // report also uncaught exception
-        snapshot.setExit(exitContext);
-      }
-      snapshot.addEvaluationErrors(exitStatus.getErrors());
+      populateErrors(exitContext, snapshot, exitStatus, snapshot::setExit);
       shouldCommit = true;
     }
     return shouldCommit;
   }
 
+  private static void populateErrors(
+      CapturedContext context,
+      Snapshot snapshot,
+      LogStatus status,
+      Consumer<CapturedContext> contextSetter) {
+    if (context.getCapturedThrowable() != null) {
+      // report also uncaught exception
+      contextSetter.accept(context);
+    }
+    snapshot.addEvaluationErrors(status.getErrors());
+    if (status.getMessage() != null) {
+      snapshot.setMessage(status.getMessage());
+    } else if (!status.getErrors().isEmpty()) {
+      snapshot.setMessage(status.getErrors().get(0).getMessage());
+    }
+  }
+
   private LogStatus convertStatus(CapturedContext.Status status) {
     if (status == CapturedContext.Status.EMPTY_STATUS) {
       return LogStatus.EMPTY_LOG_STATUS;

dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/agent/CapturedSnapshotTest.java

@@ -1147,11 +1147,12 @@ public void nullCondition() throws IOException, URISyntaxException {
     TestSnapshotListener listener = installProbes(CLASS_NAME, logProbes);
     Class<?> testClass = compileAndLoadClass(CLASS_NAME);
     int result = Reflect.onClass(testClass).call("main", "1").get();
-    assertEquals(1, listener.snapshots.size());
-    List<EvaluationError> evaluationErrors = listener.snapshots.get(0).getEvaluationErrors();
-    Assertions.assertEquals(1, evaluationErrors.size());
-    Assertions.assertEquals("nullTyped.fld.fld", evaluationErrors.get(0).getExpr());
-    Assertions.assertEquals("Cannot dereference field: fld", evaluationErrors.get(0).getMessage());
+    Snapshot snapshot = assertOneSnapshot(listener);
+    List<EvaluationError> evaluationErrors = snapshot.getEvaluationErrors();
+    assertEquals(1, evaluationErrors.size());
+    assertEquals("nullTyped.fld.fld", evaluationErrors.get(0).getExpr());
+    assertEquals("Cannot dereference field: fld", evaluationErrors.get(0).getMessage());
+    assertEquals("Cannot dereference field: fld", snapshot.getMessage());
   }
 
   @Test

dd-java-agent/agent-debugger/src/test/java/com/datadog/debugger/probe/LogProbeTest.java

@@ -7,6 +7,7 @@
 
 import com.datadog.debugger.sink.Snapshot;
 import datadog.trace.bootstrap.debugger.CapturedContext;
+import datadog.trace.bootstrap.debugger.EvaluationError;
 import datadog.trace.bootstrap.debugger.MethodLocation;
 import datadog.trace.bootstrap.debugger.ProbeId;
 import java.util.stream.Stream;
@@ -134,12 +135,35 @@ private static Stream<Arguments> statusValues() {
   public void fillSnapshot_shouldSend_exit() {
     LogProbe logProbe = createLog(null).evaluateAt(MethodLocation.EXIT).build();
     CapturedContext entryContext = new CapturedContext();
-    entryContext.evaluate(PROBE_ID.getEncodedId(), logProbe, "", 0, MethodLocation.ENTRY);
-    entryContext.getStatus(PROBE_ID.getEncodedId());
+    prepareContext(entryContext, logProbe, MethodLocation.ENTRY);
+    CapturedContext exitContext = new CapturedContext();
+    prepareContext(exitContext, logProbe, MethodLocation.EXIT);
+    Snapshot snapshot = new Snapshot(Thread.currentThread(), logProbe, 10);
+    assertTrue(logProbe.fillSnapshot(entryContext, exitContext, null, snapshot));
+  }
+
+  @Test
+  public void fillSnapshot_shouldSend_evalErrors() {
+    LogProbe logProbe = createLog(null).evaluateAt(MethodLocation.EXIT).build();
+    CapturedContext entryContext = new CapturedContext();
+    LogProbe.LogStatus logStatus = prepareContext(entryContext, logProbe, MethodLocation.ENTRY);
+    logStatus.addError(new EvaluationError("expr", "msg1"));
+    logStatus.setLogTemplateErrors(true);
+    entryContext.addThrowable(new RuntimeException("errorEntry"));
     CapturedContext exitContext = new CapturedContext();
-    exitContext.evaluate(PROBE_ID.getEncodedId(), logProbe, "", 0, MethodLocation.EXIT);
+    logStatus = prepareContext(exitContext, logProbe, MethodLocation.EXIT);
+    logStatus.addError(new EvaluationError("expr", "msg2"));
+    logStatus.setLogTemplateErrors(true);
+    exitContext.addThrowable(new RuntimeException("errorExit"));
     Snapshot snapshot = new Snapshot(Thread.currentThread(), logProbe, 10);
     assertTrue(logProbe.fillSnapshot(entryContext, exitContext, null, snapshot));
+    assertEquals(2, snapshot.getEvaluationErrors().size());
+    assertEquals("msg1", snapshot.getEvaluationErrors().get(0).getMessage());
+    assertEquals("msg2", snapshot.getEvaluationErrors().get(1).getMessage());
+    assertEquals(
+        "errorEntry", snapshot.getCaptures().getEntry().getCapturedThrowable().getMessage());
+    assertEquals(
+        "errorExit", snapshot.getCaptures().getReturn().getCapturedThrowable().getMessage());
   }
 
   private LogProbe.Builder createLog(String template) {

dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFModule.java

@@ -389,22 +389,6 @@ private static Collection<Address<?>> getUsedAddresses(PowerwafContext ctx) {
         addressList.add(address);
       }
     }
-
-    // TODO: get addresses dynamically when will it be implemented in waf
-    addressList.add(KnownAddresses.WAF_CONTEXT_PROCESSOR);
-    addressList.add(KnownAddresses.HEADERS_NO_COOKIES);
-    addressList.add(KnownAddresses.REQUEST_QUERY);
-    addressList.add(KnownAddresses.REQUEST_PATH_PARAMS);
-    addressList.add(KnownAddresses.REQUEST_COOKIES);
-    addressList.add(KnownAddresses.REQUEST_BODY_RAW);
-    addressList.add(KnownAddresses.RESPONSE_HEADERS_NO_COOKIES);
-    addressList.add(KnownAddresses.RESPONSE_BODY_OBJECT);
-    addressList.add(KnownAddresses.GRAPHQL_SERVER_ALL_RESOLVERS);
-    addressList.add(KnownAddresses.DB_TYPE);
-    addressList.add(KnownAddresses.DB_SQL_QUERY);
-    addressList.add(KnownAddresses.IO_NET_URL);
-    addressList.add(KnownAddresses.IO_FS_FILE);
-
     return addressList;
   }
 

dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleSpecification.groovy

@@ -1539,6 +1539,22 @@ class PowerWAFModuleSpecification extends DDSpecification {
     })
   }
 
+  void 'retrieve used addresses'() {
+    when:
+    setupWithStubConfigService('small_config.json')
+    def ctx0 = pwafModule.ctxAndAddresses.get().ctx
+    def addresses = pwafModule.getUsedAddresses(ctx0)
+
+    then:
+    addresses.size() == 6
+    addresses.contains(KnownAddresses.REQUEST_INFERRED_CLIENT_IP)
+    addresses.contains(KnownAddresses.REQUEST_QUERY)
+    addresses.contains(KnownAddresses.REQUEST_PATH_PARAMS)
+    addresses.contains(KnownAddresses.HEADERS_NO_COOKIES)
+    addresses.contains(KnownAddresses.REQUEST_URI_RAW)
+    addresses.contains(KnownAddresses.REQUEST_BODY_OBJECT)
+  }
+
   private Map<String, Object> getDefaultConfig() {
     def service = new StubAppSecConfigService()
     service.init()

dd-java-agent/appsec/src/test/resources/small_config.json

@@ -0,0 +1,181 @@
+{
+  "version": "2.1",
+  "metadata": {
+    "rules_version": "0.42.0"
+  },
+  "actions": [
+    {
+      "id": "block",
+      "type": "block_request",
+      "parameters": {
+        "status_code": 418,
+        "type": "html"
+      }
+    }
+  ],
+  "rules": [
+    {
+      "id": "ip_match_rule",
+      "name": "rule1",
+      "tags": {
+        "type": "flow1",
+        "category": "category1"
+      },
+      "conditions": [
+        {
+          "operator": "ip_match",
+          "parameters": {
+            "inputs": [
+              {
+                "address": "http.client_ip"
+              }
+            ],
+            "data": "ip_data"
+          }
+        }
+      ],
+      "on_match": ["block"]
+    },
+    {
+      "id": "crs-913-110",
+      "name": "Found request header associated with Acunetix security scanner",
+      "tags": {
+        "type": "security_scanner",
+        "crs_id": "913110",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.headers.no_cookies"
+              }
+            ],
+            "list": [
+              "acunetix-product",
+              "(acunetix web vulnerability scanner",
+              "acunetix-scanning-agreement",
+              "acunetix-user-agreement"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-913-120",
+      "name": "Found request filename/argument associated with security scanner",
+      "tags": {
+        "type": "security_scanner",
+        "crs_id": "913120",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              }
+            ],
+            "list": [
+              "/.adsensepostnottherenonobook",
+              "/<invalid>hello.html",
+              "/actsensepostnottherenonotive",
+              "/acunetix-wvs-test-for-some-inexistent-file",
+              "/antidisestablishmentarianism",
+              "/appscan_fingerprint/mac_address",
+              "/arachni-",
+              "/cybercop",
+              "/nessus_is_probing_you_",
+              "/nessustest",
+              "/netsparker-",
+              "/rfiinc.txt",
+              "/thereisnowaythat-you-canbethere",
+              "/w3af/remotefileinclude.html",
+              "appscan_fingerprint",
+              "w00tw00t.at.isc.sans.dfind",
+              "w00tw00t.at.blackhats.romanian.anti-sec"
+            ]
+          },
+          "operator": "phrase_match"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    },
+    {
+      "id": "crs-920-260",
+      "name": "Unicode Full/Half Width Abuse Attack Attempt",
+      "tags": {
+        "type": "http_protocol_violation",
+        "crs_id": "920260",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.uri.raw"
+              }
+            ],
+            "regex": "\\%u[fF]{2}[0-9a-fA-F]{2}",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 6
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "crs-921-110",
+      "name": "HTTP Request Smuggling Attack",
+      "tags": {
+        "type": "http_protocol_violation",
+        "crs_id": "921110",
+        "category": "attack_attempt"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              }
+            ],
+            "regex": "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\s+[^\\s]+\\s+http/\\d",
+            "options": {
+              "case_sensitive": true,
+              "min_length": 12
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": [
+        "lowercase"
+      ]
+    }
+  ]
+}