Request body blocking for netty (#377)

shashank11p · web-flow · commit dd21236df53b · 2023-02-25T04:24:09.000+05:30
* add blocking for req body in netty 4.0

* add blocking for req body in netty 4.1
diff --git a/instrumentation/netty/netty-4.0/src/main/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_0/AttributeKeys.java b/instrumentation/netty/netty-4.0/src/main/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_0/AttributeKeys.java
@@ -33,4 +33,8 @@ public class AttributeKeys {
   public static final AttributeKey<Map<String, String>> REQUEST_HEADERS =
       io.opentelemetry.javaagent.instrumentation.netty.v4_0.AttributeKeys.attributeKey(
           AttributeKeys.class.getName() + ".request-headers");
+
+  public static final AttributeKey<?> REQUEST =
+      io.opentelemetry.javaagent.instrumentation.netty.v4_0.AttributeKeys.attributeKey(
+          "io.opentelemetry.javaagent.instrumentation.netty.v4_0.AttributeKeys.http-server-request");
 }
diff --git a/instrumentation/netty/netty-4.0/src/main/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_0/server/HttpServerBlockingRequestHandler.java b/instrumentation/netty/netty-4.0/src/main/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_0/server/HttpServerBlockingRequestHandler.java
@@ -21,13 +21,15 @@
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelInboundHandlerAdapter;
 import io.netty.handler.codec.http.DefaultFullHttpResponse;
+import io.netty.handler.codec.http.HttpContent;
 import io.netty.handler.codec.http.HttpRequest;
 import io.netty.handler.codec.http.HttpResponseStatus;
 import io.netty.util.Attribute;
 import io.netty.util.ReferenceCountUtil;
 import io.opentelemetry.api.trace.Span;
 import io.opentelemetry.context.Context;
 import io.opentelemetry.javaagent.instrumentation.hypertrace.netty.v4_0.AttributeKeys;
+import io.opentelemetry.javaagent.instrumentation.netty.common.HttpRequestAndChannel;
 import java.util.Map;
 import org.hypertrace.agent.filter.FilterRegistry;
 
@@ -55,6 +57,14 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) {
         return;
       }
     }
+    if (msg instanceof HttpContent) {
+      if (FilterRegistry.getFilter().evaluateRequestBody(span, null, null)) {
+        Attribute<?> requestAttr = channel.attr(AttributeKeys.REQUEST);
+        HttpRequest req = ((HttpRequestAndChannel) (requestAttr.get())).request();
+        forbidden(ctx, req);
+        return;
+      }
+    }
     ctx.fireChannelRead(msg);
   }
 
diff --git a/instrumentation/netty/netty-4.0/src/test/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_0/server/AbstractNetty40ServerInstrumentationTest.java b/instrumentation/netty/netty-4.0/src/test/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_0/server/AbstractNetty40ServerInstrumentationTest.java
@@ -171,5 +171,39 @@ public void blocking() throws IOException, TimeoutException, InterruptedExceptio
         spanData
             .getAttributes()
             .get(HypertraceSemanticAttributes.httpResponseHeader(RESPONSE_BODY)));
+
+    RequestBody requestBody = blockedRequestBody(true, 3000, 75);
+    Request request2 =
+        new Request.Builder()
+            .url(String.format("http://localhost:%d/post", port))
+            .header(REQUEST_HEADER_NAME, REQUEST_HEADER_VALUE)
+            .post(requestBody)
+            .build();
+
+    try (Response response = httpClient.newCall(request2).execute()) {
+      Assertions.assertEquals(403, response.code());
+      Assertions.assertTrue(response.body().string().isEmpty());
+    }
+
+    List<List<SpanData>> traces2 = TEST_WRITER.getTraces();
+    TEST_WRITER.waitForTraces(2);
+    Assertions.assertEquals(2, traces2.size());
+    List<SpanData> trace2 = traces2.get(1);
+    Assertions.assertEquals(1, trace2.size());
+    SpanData spanData2 = trace2.get(0);
+
+    Assertions.assertEquals(
+        REQUEST_HEADER_VALUE,
+        spanData2
+            .getAttributes()
+            .get(HypertraceSemanticAttributes.httpRequestHeader(REQUEST_HEADER_NAME)));
+    Assertions.assertNull(
+        spanData2
+            .getAttributes()
+            .get(HypertraceSemanticAttributes.httpResponseHeader(RESPONSE_HEADER_NAME)));
+    Assertions.assertNull(
+        spanData2
+            .getAttributes()
+            .get(HypertraceSemanticAttributes.httpResponseHeader(RESPONSE_BODY)));
   }
 }
diff --git a/instrumentation/netty/netty-4.1/src/main/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_1/AttributeKeys.java b/instrumentation/netty/netty-4.1/src/main/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_1/AttributeKeys.java
@@ -31,4 +31,8 @@ public class AttributeKeys {
 
   public static final AttributeKey<Map<String, String>> REQUEST_HEADERS =
       AttributeKey.valueOf(AttributeKeys.class, "request-headers");
+
+  public static final AttributeKey<?> REQUEST =
+      AttributeKey.valueOf(
+          "io.opentelemetry.javaagent.instrumentation.netty.v4_1.server.NettyServerSingletons#http-server-request");
 }
diff --git a/instrumentation/netty/netty-4.1/src/main/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_1/server/HttpServerBlockingRequestHandler.java b/instrumentation/netty/netty-4.1/src/main/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_1/server/HttpServerBlockingRequestHandler.java
@@ -21,13 +21,15 @@
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelInboundHandlerAdapter;
 import io.netty.handler.codec.http.DefaultFullHttpResponse;
+import io.netty.handler.codec.http.HttpContent;
 import io.netty.handler.codec.http.HttpRequest;
 import io.netty.handler.codec.http.HttpResponseStatus;
 import io.netty.util.Attribute;
 import io.netty.util.ReferenceCountUtil;
 import io.opentelemetry.api.trace.Span;
 import io.opentelemetry.context.Context;
 import io.opentelemetry.javaagent.instrumentation.hypertrace.netty.v4_1.AttributeKeys;
+import io.opentelemetry.javaagent.instrumentation.netty.common.HttpRequestAndChannel;
 import java.util.Map;
 import org.hypertrace.agent.filter.FilterRegistry;
 
@@ -55,6 +57,14 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) {
         return;
       }
     }
+    if (msg instanceof HttpContent) {
+      if (FilterRegistry.getFilter().evaluateRequestBody(span, null, null)) {
+        Attribute<?> requestAttr = channel.attr(AttributeKeys.REQUEST);
+        HttpRequest req = ((HttpRequestAndChannel) (requestAttr.get())).request();
+        forbidden(ctx, req);
+        return;
+      }
+    }
     ctx.fireChannelRead(msg);
   }
 
diff --git a/instrumentation/netty/netty-4.1/src/test/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_1/server/AbstractNetty41ServerInstrumentationTest.java b/instrumentation/netty/netty-4.1/src/test/java/io/opentelemetry/javaagent/instrumentation/hypertrace/netty/v4_1/server/AbstractNetty41ServerInstrumentationTest.java
@@ -171,5 +171,39 @@ public void blocking() throws IOException, TimeoutException, InterruptedExceptio
         spanData
             .getAttributes()
             .get(HypertraceSemanticAttributes.httpResponseHeader(RESPONSE_BODY)));
+
+    RequestBody requestBody = blockedRequestBody(true, 3000, 75);
+    Request request2 =
+        new Request.Builder()
+            .url(String.format("http://localhost:%d/post", port))
+            .header(REQUEST_HEADER_NAME, REQUEST_HEADER_VALUE)
+            .post(requestBody)
+            .build();
+
+    try (Response response = httpClient.newCall(request2).execute()) {
+      Assertions.assertEquals(403, response.code());
+      Assertions.assertTrue(response.body().string().isEmpty());
+    }
+
+    List<List<SpanData>> traces2 = TEST_WRITER.getTraces();
+    TEST_WRITER.waitForTraces(2);
+    Assertions.assertEquals(2, traces2.size());
+    List<SpanData> trace2 = traces2.get(1);
+    Assertions.assertEquals(1, trace2.size());
+    SpanData spanData2 = trace2.get(0);
+
+    Assertions.assertEquals(
+        REQUEST_HEADER_VALUE,
+        spanData2
+            .getAttributes()
+            .get(HypertraceSemanticAttributes.httpRequestHeader(REQUEST_HEADER_NAME)));
+    Assertions.assertNull(
+        spanData2
+            .getAttributes()
+            .get(HypertraceSemanticAttributes.httpResponseHeader(RESPONSE_HEADER_NAME)));
+    Assertions.assertNull(
+        spanData2
+            .getAttributes()
+            .get(HypertraceSemanticAttributes.httpResponseHeader(RESPONSE_BODY)));
   }
 }
diff --git a/testing-common/src/testFixtures/java/org/hypertrace/agent/testing/AbstractInstrumenterTest.java b/testing-common/src/testFixtures/java/org/hypertrace/agent/testing/AbstractInstrumenterTest.java
@@ -155,4 +155,31 @@ public void writeTo(BufferedSink sink) throws IOException {
       }
     };
   }
+
+  public static RequestBody blockedRequestBody(
+      final boolean chunked, final long size, final int writeSize) {
+    final byte[] buffer = new byte[writeSize];
+    Arrays.fill(buffer, (byte) 'x');
+
+    return new RequestBody() {
+      @Override
+      public MediaType contentType() {
+        return MediaType.get("application/json; charset=utf-8");
+      }
+
+      @Override
+      public long contentLength() throws IOException {
+        return chunked ? -1L : size;
+      }
+
+      @Override
+      public void writeTo(BufferedSink sink) throws IOException {
+        sink.write("{\"block=true\":\"".getBytes());
+        for (int count = 0; count < size; count += writeSize) {
+          sink.write(buffer, 0, (int) Math.min(size - count, writeSize));
+        }
+        sink.write("\"}".getBytes());
+      }
+    };
+  }
 }
diff --git a/testing-common/src/testFixtures/java/org/hypertrace/agent/testing/mockfilter/MockFilter.java b/testing-common/src/testFixtures/java/org/hypertrace/agent/testing/mockfilter/MockFilter.java
@@ -16,7 +16,9 @@
 
 package org.hypertrace.agent.testing.mockfilter;
 
+import io.opentelemetry.api.common.AttributeKey;
 import io.opentelemetry.api.trace.Span;
+import io.opentelemetry.sdk.trace.ReadableSpan;
 import java.util.Map;
 import org.hypertrace.agent.filter.api.Filter;
 
@@ -37,6 +39,14 @@ public boolean evaluateRequestHeaders(Span span, Map<String, String> headers) {
 
   @Override
   public boolean evaluateRequestBody(Span span, String body, Map<String, String> headers) {
-    return body.contains("block=true");
+    if (body != null && body.contains("block=true")) {
+      return true;
+    }
+    if (span instanceof ReadableSpan) {
+      String spanReqBody =
+          ((ReadableSpan) span).getAttribute(AttributeKey.stringKey("http.request.body"));
+      return spanReqBody != null && spanReqBody.contains("block=true");
+    }
+    return false;
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -33,4 +33,8 @@ public class AttributeKeys {`
`33`	`33`	`public static final AttributeKey<Map<String, String>> REQUEST_HEADERS =`
`34`	`34`	`io.opentelemetry.javaagent.instrumentation.netty.v4_0.AttributeKeys.attributeKey(`
`35`	`35`	`AttributeKeys.class.getName() + ".request-headers");`
	`36`	`+`
	`37`	`+ public static final AttributeKey<?> REQUEST =`
	`38`	`+ io.opentelemetry.javaagent.instrumentation.netty.v4_0.AttributeKeys.attributeKey(`
	`39`	`+ "io.opentelemetry.javaagent.instrumentation.netty.v4_0.AttributeKeys.http-server-request");`
`36`	`40`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,4 +31,8 @@ public class AttributeKeys {`
`31`	`31`
`32`	`32`	`public static final AttributeKey<Map<String, String>> REQUEST_HEADERS =`
`33`	`33`	`AttributeKey.valueOf(AttributeKeys.class, "request-headers");`
	`34`	`+`
	`35`	`+ public static final AttributeKey<?> REQUEST =`
	`36`	`+ AttributeKey.valueOf(`
	`37`	`+ "io.opentelemetry.javaagent.instrumentation.netty.v4_1.server.NettyServerSingletons#http-server-request");`
`34`	`38`	`}`