add checks around properties and env variables to avoid crashing if security manager is in the way

vandonr · vandonr · commit 3efcbc966f86 · 2024-10-29T12:26:48.000+01:00
diff --git a/internal-api/src/main/java/datadog/trace/api/Config.java b/internal-api/src/main/java/datadog/trace/api/Config.java
@@ -39,6 +39,7 @@
 import datadog.trace.context.TraceScope;
 import datadog.trace.util.PidHelper;
 import datadog.trace.util.Strings;
+import datadog.trace.util.SystemUtils;
 import datadog.trace.util.throwable.FatalAgentMisconfigurationError;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.BufferedReader;
@@ -3917,7 +3918,7 @@ private static boolean isWindowsOS() {
   }
 
   private static String getEnv(String name) {
-    String value = System.getenv(name);
+    String value = SystemUtils.tryGetEnv(name);
     if (value != null) {
       ConfigCollector.get().put(name, value, ConfigOrigin.ENV);
     }
diff --git a/internal-api/src/main/java/datadog/trace/api/env/CapturedEnvironment.java b/internal-api/src/main/java/datadog/trace/api/env/CapturedEnvironment.java
@@ -1,6 +1,7 @@
 package datadog.trace.api.env;
 
 import datadog.trace.api.config.GeneralConfig;
+import datadog.trace.util.SystemUtils;
 import de.thetaphi.forbiddenapis.SuppressForbidden;
 import java.io.File;
 import java.util.HashMap;
@@ -40,8 +41,8 @@ static void useFixedEnv(final Map<String, String> props) {
    * autodetection will return either the JAR filename or the java main class.
    */
   private String autodetectServiceName() {
-    String inAas = System.getenv("DD_AZURE_APP_SERVICES");
-    String siteName = System.getenv("WEBSITE_SITE_NAME");
+    String inAas = SystemUtils.tryGetEnv("DD_AZURE_APP_SERVICES");
+    String siteName = SystemUtils.tryGetEnv("WEBSITE_SITE_NAME");
 
     if (("true".equalsIgnoreCase(inAas) || "1".equals(inAas)) && siteName != null) {
       return siteName;
@@ -50,7 +51,7 @@ private String autodetectServiceName() {
     // Besides "sun.java.command" property is not an standard, all main JDKs has set this property.
     // Tested on:
     // - OracleJDK, OpenJDK, AdoptOpenJDK, IBM JDK, Azul Zulu JDK, Amazon Coretto JDK
-    return extractJarOrClass(System.getProperty("sun.java.command"));
+    return extractJarOrClass(SystemUtils.tryGetProperty("sun.java.command"));
   }
 
   @SuppressForbidden
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/AgentArgsInjector.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/AgentArgsInjector.java
@@ -1,6 +1,7 @@
 package datadog.trace.bootstrap.config.provider;
 
 import datadog.trace.util.Strings;
+import datadog.trace.util.SystemUtils;
 import java.util.Map;
 
 public class AgentArgsInjector {
@@ -21,14 +22,14 @@ public static void injectAgentArgsConfig(Map<String, String> args) {
     }
     for (Map.Entry<String, String> e : args.entrySet()) {
       String propertyName = e.getKey();
-      String existingPropertyValue = System.getProperty(propertyName);
+      String existingPropertyValue = SystemUtils.tryGetProperty(propertyName);
       if (existingPropertyValue != null) {
         // system properties should have higher priority than agent arguments
         continue;
       }
 
       String envVarName = Strings.toEnvVar(propertyName);
-      String envVarValue = System.getenv(envVarName);
+      String envVarValue = SystemUtils.tryGetEnv(envVarName);
       if (envVarValue != null) {
         // env variables should have higher priority than agent arguments
         continue;
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/EnvironmentConfigSource.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/EnvironmentConfigSource.java
@@ -3,12 +3,13 @@
 import static datadog.trace.util.Strings.propertyNameToEnvironmentVariableName;
 
 import datadog.trace.api.ConfigOrigin;
+import datadog.trace.util.SystemUtils;
 
 final class EnvironmentConfigSource extends ConfigProvider.Source {
 
   @Override
   protected String get(String key) {
-    return System.getenv(propertyNameToEnvironmentVariableName(key));
+    return SystemUtils.tryGetEnv(propertyNameToEnvironmentVariableName(key));
   }
 
   @Override
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/OtelEnvironmentConfigSource.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/OtelEnvironmentConfigSource.java
@@ -19,6 +19,7 @@
 import datadog.trace.api.TracePropagationStyle;
 import datadog.trace.api.telemetry.OtelEnvMetricCollector;
 import datadog.trace.util.Strings;
+import datadog.trace.util.SystemUtils;
 import java.io.BufferedInputStream;
 import java.io.File;
 import java.io.FileInputStream;
@@ -186,9 +187,9 @@ private String getDatadogProperty(String sysProp) {
    * <p>Checks system properties and environment variables.
    */
   private static String getProperty(String sysProp) {
-    String value = System.getProperty(sysProp);
+    String value = SystemUtils.tryGetProperty(sysProp);
     if (null == value) {
-      value = System.getenv(Strings.toEnvVar(sysProp));
+      value = SystemUtils.tryGetEnv(Strings.toEnvVar(sysProp));
     }
     return value;
   }
diff --git a/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/SystemPropertiesConfigSource.java b/internal-api/src/main/java/datadog/trace/bootstrap/config/provider/SystemPropertiesConfigSource.java
@@ -3,12 +3,13 @@
 import static datadog.trace.util.Strings.propertyNameToSystemPropertyName;
 
 import datadog.trace.api.ConfigOrigin;
+import datadog.trace.util.SystemUtils;
 
 public final class SystemPropertiesConfigSource extends ConfigProvider.Source {
 
   @Override
   protected String get(String key) {
-    return System.getProperty(propertyNameToSystemPropertyName(key));
+    return SystemUtils.tryGetProperty(propertyNameToSystemPropertyName(key));
   }
 
   @Override
diff --git a/internal-api/src/main/java/datadog/trace/util/SystemUtils.java b/internal-api/src/main/java/datadog/trace/util/SystemUtils.java
@@ -0,0 +1,40 @@
+package datadog.trace.util;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public final class SystemUtils {
+  private static final Logger log = LoggerFactory.getLogger(SystemUtils.class);
+  // to be templatized with the type of thing we wanted to access and the key
+  private static final String logMessageOnSecurityError =
+      "The Java Security Manager prevented the Datadog Tracer from accessing the {} '{}'. "
+          + "Consider granting AllPermission to the dd-java-agent jar.";
+
+  private SystemUtils() {}
+
+  public static String tryGetEnv(String envVar) {
+    return getEnvOrDefault(envVar, null);
+  }
+
+  public static String getEnvOrDefault(String envVar, String defaultValue) {
+    try {
+      return System.getenv(envVar);
+    } catch (SecurityException e) {
+      log.warn(logMessageOnSecurityError, "environment variable", envVar, e);
+      return defaultValue;
+    }
+  }
+
+  public static String tryGetProperty(String property) {
+    return getPropertyOrDefault(property, null);
+  }
+
+  public static String getPropertyOrDefault(String property, String defaultValue) {
+    try {
+      return System.getProperty(property, defaultValue);
+    } catch (SecurityException e) {
+      log.warn(logMessageOnSecurityError, "system property", property, e);
+      return defaultValue;
+    }
+  }
+}
