wip

Author: smola

dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/ApiSecurityRequestSampler.java

@@ -28,8 +28,7 @@ public class ApiSecurityRequestSampler {
   private final long expirationTimeInMs;
   private final int capacity;
   private final TimeSource timeSource;
-
-  final NonBlockingSemaphore counter =
+  private final NonBlockingSemaphore counter =
       NonBlockingSemaphore.withPermitCount(MAX_POST_PROCESSING_TASKS);
 
   public ApiSecurityRequestSampler() {
@@ -86,6 +85,11 @@ public boolean sampleRequest(AppSecRequestContext ctx) {
     return updateApiAccessIfExpired(hash);
   }
 
+  /** Release one permit for the sampler. This must be called after processing a span. */
+  void releaseOne() {
+    counter.release();
+  }
+
   private boolean updateApiAccessIfExpired(final long hash) {
     final long currentTime = timeSource.getCurrentTimeMillis();
 

dd-java-agent/appsec/src/main/java/com/datadog/appsec/api/security/AppSecSpanPostProcessor.java

@@ -13,6 +13,7 @@
 import datadog.trace.bootstrap.instrumentation.api.SpanPostProcessor;
 import java.util.Collections;
 import java.util.function.BooleanSupplier;
+import javax.annotation.Nonnull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -29,7 +30,7 @@ public AppSecSpanPostProcessor(
   }
 
   @Override
-  public void process(AgentSpan span, BooleanSupplier timeoutCheck) {
+  public void process(@Nonnull AgentSpan span, @Nonnull BooleanSupplier timeoutCheck) {
     final RequestContext ctx_ = span.getRequestContext();
     if (ctx_ == null) {
       return;
@@ -58,7 +59,7 @@ public void process(AgentSpan span, BooleanSupplier timeoutCheck) {
       } catch (Exception e) {
         log.debug("Error closing AppSecRequestContext", e);
       }
-      sampler.counter.release();
+      sampler.releaseOne();
     }
   }
 

dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/api/security/AppSecSpanPostProcessorTest.groovy

@@ -0,0 +1,234 @@
+package com.datadog.appsec.api.security
+
+import com.datadog.appsec.event.EventProducerService
+import com.datadog.appsec.event.ExpiredSubscriberInfoException
+import com.datadog.appsec.gateway.AppSecRequestContext
+import datadog.trace.api.gateway.RequestContext
+import datadog.trace.bootstrap.instrumentation.api.AgentSpan
+import datadog.trace.test.util.DDSpecification
+
+class AppSecSpanPostProcessorTest extends DDSpecification {
+
+  void 'schema extracted on happy path'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def subInfo = Mock(EventProducerService.DataSubscriberInfo)
+    def span = Mock(AgentSpan)
+    def reqCtx = Mock(RequestContext)
+    def ctx = Mock(AppSecRequestContext)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(span, { false })
+
+    then:
+    noExceptionThrown()
+    1 * span.getRequestContext() >> reqCtx
+    1 * reqCtx.getData(_) >> ctx
+    1 * ctx.isKeepOpenForApiSecurityPostProcessing() >> true
+    1 * sampler.sampleRequest(_) >> true
+    1 * producer.getDataSubscribers(_) >> subInfo
+    1 * subInfo.isEmpty() >> false
+    1 * producer.publishDataEvent(_, ctx, _, _)
+    1 * ctx.setKeepOpenForApiSecurityPostProcessing(false)
+    1 * ctx.close()
+    1 * sampler.releaseOne()
+    0 * _
+  }
+
+  void 'no schema extracted if sampling is false'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def span = Mock(AgentSpan)
+    def reqCtx = Mock(RequestContext)
+    def ctx = Mock(AppSecRequestContext)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(span, { false })
+
+    then:
+    noExceptionThrown()
+    1 * span.getRequestContext() >> reqCtx
+    1 * reqCtx.getData(_) >> ctx
+    1 * ctx.isKeepOpenForApiSecurityPostProcessing() >> true
+    1 * sampler.sampleRequest(_) >> false
+    1 * ctx.setKeepOpenForApiSecurityPostProcessing(false)
+    1 * ctx.close()
+    1 * sampler.releaseOne()
+    0 * _
+  }
+
+  void 'permit is released even if request context close throws'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def span = Mock(AgentSpan)
+    def reqCtx = Mock(RequestContext)
+    def ctx = Mock(AppSecRequestContext)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(span, { false })
+
+    then:
+    noExceptionThrown()
+    1 * span.getRequestContext() >> reqCtx
+    1 * reqCtx.getData(_) >> ctx
+    1 * ctx.isKeepOpenForApiSecurityPostProcessing() >> true
+    1 * sampler.sampleRequest(_) >> true
+    1 * producer.getDataSubscribers(_) >> null
+    1 * ctx.setKeepOpenForApiSecurityPostProcessing(false)
+    1 * ctx.close() >> { throw new RuntimeException() }
+    1 * sampler.releaseOne()
+    0 * _
+  }
+
+  void 'context is cleaned up on timeout'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def span = Mock(AgentSpan)
+    def reqCtx = Mock(RequestContext)
+    def ctx = Mock(AppSecRequestContext)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(span, { true })
+
+    then:
+    noExceptionThrown()
+    1 * span.getRequestContext() >> reqCtx
+    1 * reqCtx.getData(_) >> ctx
+    1 * ctx.isKeepOpenForApiSecurityPostProcessing() >> true
+    1 * ctx.setKeepOpenForApiSecurityPostProcessing(false)
+    1 * ctx.close()
+    1 * sampler.releaseOne()
+    0 * _
+  }
+
+  void 'process null request context does nothing'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def span = Mock(AgentSpan)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(span, { false })
+
+    then:
+    noExceptionThrown()
+    1 * span.getRequestContext() >> null
+    0 * _
+  }
+
+  void 'process null appsec request context does nothing'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def span = Mock(AgentSpan)
+    def reqCtx = Mock(RequestContext)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(span, { false })
+
+    then:
+    noExceptionThrown()
+    1 * span.getRequestContext() >> reqCtx
+    1 * reqCtx.getData(_) >> null
+    0 * _
+  }
+
+  void 'process already closed context does nothing'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def span = Mock(AgentSpan)
+    def reqCtx = Mock(RequestContext)
+    def ctx = Mock(AppSecRequestContext)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(span, { false })
+
+    then:
+    noExceptionThrown()
+    1 * span.getRequestContext() >> reqCtx
+    1 * reqCtx.getData(_) >> ctx
+    1 * ctx.isKeepOpenForApiSecurityPostProcessing() >> false
+    0 * _
+  }
+
+  void 'process throws on null span'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(null, { false })
+
+    then:
+    thrown(NullPointerException)
+    0 * _
+  }
+
+  void 'empty event subscription does not break the process'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def subInfo = Mock(EventProducerService.DataSubscriberInfo)
+    def span = Mock(AgentSpan)
+    def reqCtx = Mock(RequestContext)
+    def ctx = Mock(AppSecRequestContext)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(span, { false })
+
+    then:
+    noExceptionThrown()
+    1 * span.getRequestContext() >> reqCtx
+    1 * reqCtx.getData(_) >> ctx
+    1 * ctx.isKeepOpenForApiSecurityPostProcessing() >> true
+    1 * sampler.sampleRequest(_) >> true
+    1 * producer.getDataSubscribers(_) >> subInfo
+    1 * subInfo.isEmpty() >> true
+    1 * ctx.setKeepOpenForApiSecurityPostProcessing(false)
+    1 * ctx.close()
+    1 * sampler.releaseOne()
+    0 * _
+  }
+
+  void 'expired event subscription does not break the process'() {
+    given:
+    def sampler = Mock(ApiSecurityRequestSampler)
+    def producer = Mock(EventProducerService)
+    def subInfo = Mock(EventProducerService.DataSubscriberInfo)
+    def span = Mock(AgentSpan)
+    def reqCtx = Mock(RequestContext)
+    def ctx = Mock(AppSecRequestContext)
+    def processor = new AppSecSpanPostProcessor(sampler, producer)
+
+    when:
+    processor.process(span, { false })
+
+    then:
+    noExceptionThrown()
+    1 * span.getRequestContext() >> reqCtx
+    1 * reqCtx.getData(_) >> ctx
+    1 * ctx.isKeepOpenForApiSecurityPostProcessing() >> true
+    1 * sampler.sampleRequest(_) >> true
+    1 * producer.getDataSubscribers(_) >> subInfo
+    1 * subInfo.isEmpty() >> false
+    1 * producer.publishDataEvent(_, ctx, _, _) >> { throw new ExpiredSubscriberInfoException() }
+    1 * ctx.setKeepOpenForApiSecurityPostProcessing(false)
+    1 * ctx.close()
+    1 * sampler.releaseOne()
+    0 * _
+  }
+}

internal-api/src/main/java/datadog/trace/bootstrap/instrumentation/api/SpanPostProcessor.java

@@ -20,7 +20,7 @@ public interface SpanPostProcessor {
    * much as possible. This method is guaranteed to be called even if post-processing of previous
    * spans have timed out.
    */
-  void process(AgentSpan span, BooleanSupplier timeoutCheck);
+  void process(@Nonnull AgentSpan span, @Nonnull BooleanSupplier timeoutCheck);
 
   class Holder {
     private static final SpanPostProcessor NOOP = new NoOpSpanPostProcessor();
@@ -32,6 +32,6 @@ class Holder {
 
   class NoOpSpanPostProcessor implements SpanPostProcessor {
     @Override
-    public void process(AgentSpan span, BooleanSupplier timeoutCheck) {}
+    public void process(@Nonnull AgentSpan span, @Nonnull BooleanSupplier timeoutCheck) {}
   }
 }