Merge branch 'master' into mario.vidal/taint_tracking_string_builder_append

Mariovido · web-flow · commit e45b946d656e · 2024-11-28T13:25:16.000+01:00
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/LocalFSGitInfoExtractorTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/git/LocalFSGitInfoExtractorTest.groovy
@@ -50,7 +50,7 @@ class LocalFSGitInfoExtractorTest extends DDSpecification {
       )
   }
 
-  def "test git info extraction for local fs"() {
+  def "test git info extraction for local fs #gitFolder"() {
     setup:
     def sut = new LocalFSGitInfoExtractor()
 
@@ -119,7 +119,7 @@ class LocalFSGitInfoExtractorTest extends DDSpecification {
     fullMessage == null
   }
 
-  def "test repository url with different remotes"() {
+  def "test repository url with different remotes #gitFolder"() {
     setup:
     def sut = new LocalFSGitInfoExtractor()
 
diff --git a/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SerializerTest.groovy b/dd-java-agent/agent-ci-visibility/src/test/groovy/datadog/trace/civisibility/ipc/SerializerTest.groovy
@@ -154,6 +154,11 @@ class SerializerTest extends Specification {
       this.b = b
     }
 
+    @Override
+    String toString() {
+      "$a / $b"
+    }
+
     boolean equals(o) {
       if (this.is(o)) {
         return true
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/PropagationModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/PropagationModuleTest.groovy
@@ -688,7 +688,7 @@ class PropagationModuleTest extends IastModuleImplTestBase {
   }
 
   private Date date(Source source = null, int mark = NOT_MARKED) {
-    final result = new Date()
+    final result = new Date(1234567890) // Use a fixed date
     if (source != null) {
       taintObject(result, source, mark)
     }
diff --git a/dd-java-agent/instrumentation/apache-httpclient-4/src/test/groovy/IastHttpClientInstrumentationTest.groovy b/dd-java-agent/instrumentation/apache-httpclient-4/src/test/groovy/IastHttpClientInstrumentationTest.groovy
@@ -1,4 +1,5 @@
 import datadog.trace.agent.test.AgentTestRunner
+import datadog.trace.agent.test.server.http.TestHttpServer
 import datadog.trace.api.iast.InstrumentationBridge
 import datadog.trace.api.iast.sink.SsrfModule
 import org.apache.http.HttpHost
@@ -31,7 +32,7 @@ class IastHttpClientInstrumentationTest extends AgentTestRunner {
     }
   }
 
-  void 'test ssrf httpClient execute method with args #args expecting call module'() {
+  void 'test ssrf httpClient execute method expecting call module #iterationIndex'() {
     given:
     final ssrf = Mock(SsrfModule)
     InstrumentationBridge.registerIastModule(ssrf)
@@ -68,7 +69,7 @@ class IastHttpClientInstrumentationTest extends AgentTestRunner {
     return new BasicHttpRequest("GET", server.address.toString())
   }
 
-  private static HttpHost getHttpHost(final server){
+  private static HttpHost getHttpHost(final TestHttpServer server){
     return new HttpHost(server.address.host, server.address.port, server.address.scheme)
   }
 }
diff --git a/dd-java-agent/instrumentation/hibernate/core-3.3/src/test/groovy/IastQueryInstrumentationTest.groovy b/dd-java-agent/instrumentation/hibernate/core-3.3/src/test/groovy/IastQueryInstrumentationTest.groovy
@@ -25,7 +25,7 @@ class IastQueryInstrumentationTest extends AbstractHibernateTest {
     session.close()
   }
 
-  void 'test sql query'() {
+  void 'test sql query [#iterationIndex] #queryString'() {
     given:
     final module = Mock(SqlInjectionModule)
     InstrumentationBridge.registerIastModule(module)
@@ -48,7 +48,7 @@ class IastQueryInstrumentationTest extends AbstractHibernateTest {
     'select * from value'                               | { Query query -> query.scroll(ScrollMode.FORWARD_ONLY) }
   }
 
-  void 'test hql query'() {
+  void 'test hql query [#iterationIndex] #queryString'() {
     given:
     final module = Mock(SqlInjectionModule)
     InstrumentationBridge.registerIastModule(module)
diff --git a/dd-java-agent/instrumentation/hibernate/core-4.0/src/test/groovy/IastQueryInstrumentationTest.groovy b/dd-java-agent/instrumentation/hibernate/core-4.0/src/test/groovy/IastQueryInstrumentationTest.groovy
@@ -25,7 +25,7 @@ class IastQueryInstrumentationTest extends AbstractHibernateTest {
     session.close()
   }
 
-  void 'test sql query'() {
+  void 'test sql query [#iterationIndex] #queryString'() {
     given:
     final module = Mock(SqlInjectionModule)
     InstrumentationBridge.registerIastModule(module)
@@ -48,7 +48,7 @@ class IastQueryInstrumentationTest extends AbstractHibernateTest {
     'select * from value'                               | { Query query -> query.scroll(ScrollMode.FORWARD_ONLY) }
   }
 
-  void 'test hql query'() {
+  void 'test hql query [#iterationIndex] #queryString'() {
     given:
     final module = Mock(SqlInjectionModule)
     InstrumentationBridge.registerIastModule(module)
diff --git a/dd-java-agent/instrumentation/jackson-core/jackson-core-2.12/src/test/groovy/datadog/trace/instrumentation/jackson212/core/JsonParserInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/jackson-core-2.12/src/test/groovy/datadog/trace/instrumentation/jackson212/core/JsonParserInstrumentationTest.groovy
@@ -21,6 +21,7 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
 
   void 'test json parsing (tainted)'() {
     given:
+    final target = JSON_STRING
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -38,13 +39,11 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     1 * module.taintString(_, 'root', source.origin, 'root', JSON_STRING)
     1 * module.taintString(_, 'nested', source.origin, 'nested', JSON_STRING)
     0 * _
-
-    where:
-    target << [JSON_STRING]
   }
 
   void 'test json parsing (tainted but field names)'() {
     given:
+    final target = new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -60,12 +59,9 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     _ * module.taintObjectIfTainted(_, _)
     _ * module.findSource(_) >> source
     0 * _
-
-    where:
-    target << [new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))]
   }
 
-  void 'test json parsing (not tainted)'() {
+  void 'test json parsing (not tainted) #iterationIndex'() {
     given:
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
diff --git a/dd-java-agent/instrumentation/jackson-core/jackson-core-2.16/src/test/groovy/datadog/trace/instrumentation/jackson216/core/JsonParserInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/jackson-core-2.16/src/test/groovy/datadog/trace/instrumentation/jackson216/core/JsonParserInstrumentationTest.groovy
@@ -21,6 +21,7 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
 
   void 'test json parsing (tainted)'() {
     given:
+    final target = JSON_STRING
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -39,13 +40,11 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     1 * module.taintString(_, 'nested', source.origin, 'nested', JSON_STRING)
     1 * module.taintString(_, 'nested_array', source.origin, 'nested_array', JSON_STRING)
     0 * _
-
-    where:
-    target << [JSON_STRING]
   }
 
   void 'test json parsing (tainted but field names)'() {
     given:
+    final target = new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -61,12 +60,9 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     _ * module.taintObjectIfTainted(_, _)
     _ * module.findSource(_) >> source
     0 * _
-
-    where:
-    target << [new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))]
   }
 
-  void 'test json parsing (not tainted)'() {
+  void 'test json parsing (not tainted) #iterationIndex'() {
     given:
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
diff --git a/dd-java-agent/instrumentation/jackson-core/jackson-core-2.6/src/test/groovy/datadog/trace/instrumentation/jackson26/core/JsonParserInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/jackson-core-2.6/src/test/groovy/datadog/trace/instrumentation/jackson26/core/JsonParserInstrumentationTest.groovy
@@ -21,6 +21,7 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
 
   void 'test json parsing (tainted)'() {
     given:
+    final target = JSON_STRING
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -38,13 +39,11 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     1 * module.taintString(_, 'root', source.origin, 'root', JSON_STRING)
     1 * module.taintString(_, 'nested', source.origin, 'nested', JSON_STRING)
     0 * _
-
-    where:
-    target << [JSON_STRING]
   }
 
   void 'test json parsing (tainted but field names)'() {
     given:
+    final target = new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -60,12 +59,9 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     _ * module.taintObjectIfTainted(_, _)
     _ * module.findSource(_) >> source
     0 * _
-
-    where:
-    target << [new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))]
   }
 
-  void 'test json parsing (not tainted)'() {
+  void 'test json parsing (not tainted) #iterationIndex'() {
     given:
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
diff --git a/dd-java-agent/instrumentation/jackson-core/jackson-core-2.8/src/test/groovy/datadog/trace/instrumentation/jackson28/core/JsonParserInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/jackson-core-2.8/src/test/groovy/datadog/trace/instrumentation/jackson28/core/JsonParserInstrumentationTest.groovy
@@ -21,6 +21,7 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
 
   void 'test json parsing (tainted)'() {
     given:
+    final target = JSON_STRING
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -38,13 +39,11 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     1 * module.taintString(_, 'root', source.origin, 'root', JSON_STRING)
     1 * module.taintString(_, 'nested', source.origin, 'nested', JSON_STRING)
     0 * _
-
-    where:
-    target << [JSON_STRING]
   }
 
   void 'test json parsing (tainted but field names)'() {
     given:
+    final target = new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -60,12 +59,9 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     _ * module.taintObjectIfTainted(_, _)
     _ * module.findSource(_) >> source
     0 * _
-
-    where:
-    target << [new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))]
   }
 
-  void 'test json parsing (not tainted)'() {
+  void 'test json parsing (not tainted) #iterationIndex'() {
     given:
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
diff --git a/dd-java-agent/instrumentation/jackson-core/jackson-core-2/src/test/groovy/datadog/trace/instrumentation/jackson2/core/JsonParserInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/jackson-core-2/src/test/groovy/datadog/trace/instrumentation/jackson2/core/JsonParserInstrumentationTest.groovy
@@ -21,6 +21,7 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
 
   void 'test json parsing (tainted)'() {
     given:
+    final target = JSON_STRING
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -38,13 +39,11 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     1 * module.taintString(_, 'root', source.origin, 'root', JSON_STRING)
     1 * module.taintString(_, 'nested', source.origin, 'nested', JSON_STRING)
     0 * _
-
-    where:
-    target << [JSON_STRING]
   }
 
   void 'test json parsing (tainted but field names)'() {
     given:
+    final target = new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -60,12 +59,9 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     _ * module.taintObjectIfTainted(_, _)
     _ * module.findSource(_) >> source
     0 * _
-
-    where:
-    target << [new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))]
   }
 
-  void 'test json parsing (not tainted)'() {
+  void 'test json parsing (not tainted) #iterationIndex'() {
     given:
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
diff --git a/dd-java-agent/instrumentation/jackson-core/src/test/groovy/JsonParserInstrumentationTest.groovy b/dd-java-agent/instrumentation/jackson-core/src/test/groovy/JsonParserInstrumentationTest.groovy
@@ -19,6 +19,7 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
 
   void 'test json parsing (tainted)'() {
     given:
+    final target = JSON_STRING
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -37,13 +38,11 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     1 * module.taintString(_, 'array_0', source.origin, _, JSON_STRING)
     1 * module.taintString(_, 'array_1', source.origin, _, JSON_STRING)
     0 * _
-
-    where:
-    target << [JSON_STRING]
   }
 
   void 'test json parsing (tainted but field names)'() {
     given:
+    final target = new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))
     final source = new SourceImpl(origin: SourceTypes.REQUEST_BODY, name: 'body', value: JSON_STRING)
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
@@ -62,12 +61,9 @@ class JsonParserInstrumentationTest extends AgentTestRunner {
     1 * module.taintString(_, 'array_0', source.origin, _, JSON_STRING)
     1 * module.taintString(_, 'array_1', source.origin, _, JSON_STRING)
     0 * _
-
-    where:
-    target << [new ByteArrayInputStream(JSON_STRING.getBytes(Charset.defaultCharset()))]
   }
 
-  void 'test json parsing (not tainted)'() {
+  void 'test json parsing (not tainted) #iterationIndex'() {
     given:
     final module = Mock(PropagationModule)
     InstrumentationBridge.registerIastModule(module)
diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-9/src/test/groovy/datadog/trace/instrumentation/java/lang/invoke/StringConcatFactoryCallSiteTest.groovy b/dd-java-agent/instrumentation/java-lang/java-lang-9/src/test/groovy/datadog/trace/instrumentation/java/lang/invoke/StringConcatFactoryCallSiteTest.groovy
@@ -163,7 +163,7 @@ class StringConcatFactoryCallSiteTest extends AgentTestRunner {
     0 * _
   }
 
-  void 'test string concat factory with primitives'() {
+  void 'test string concat factory with primitives #iterationIndex'() {
     setup:
     final iastModule = Mock(StringModule)
     InstrumentationBridge.registerIastModule(iastModule)
diff --git a/dd-java-agent/instrumentation/servlet/src/test/groovy/HttpServletRequestTest.groovy b/dd-java-agent/instrumentation/servlet/src/test/groovy/HttpServletRequestTest.groovy
diff --git a/dd-smoke-tests/maven/src/test/groovy/datadog/smoketest/MavenSmokeTest.groovy b/dd-smoke-tests/maven/src/test/groovy/datadog/smoketest/MavenSmokeTest.groovy

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ class LocalFSGitInfoExtractorTest extends DDSpecification {`
`50`	`50`	`)`
`51`	`51`	`}`
`52`	`52`
`53`		`- def "test git info extraction for local fs"() {`
	`53`	`+ def "test git info extraction for local fs #gitFolder"() {`
`54`	`54`	`setup:`
`55`	`55`	`def sut = new LocalFSGitInfoExtractor()`
`56`	`56`
`@@ -119,7 +119,7 @@ class LocalFSGitInfoExtractorTest extends DDSpecification {`
`119`	`119`	`fullMessage == null`
`120`	`120`	`}`
`121`	`121`
`122`		`- def "test repository url with different remotes"() {`
	`122`	`+ def "test repository url with different remotes #gitFolder"() {`
`123`	`123`	`setup:`
`124`	`124`	`def sut = new LocalFSGitInfoExtractor()`
`125`	`125`
Original file line number	Diff line number	Diff line change
`@@ -688,7 +688,7 @@ class PropagationModuleTest extends IastModuleImplTestBase {`
`688`	`688`	`}`
`689`	`689`
`690`	`690`	`private Date date(Source source = null, int mark = NOT_MARKED) {`
`691`		`- final result = new Date()`
	`691`	`+ final result = new Date(1234567890) // Use a fixed date`
`692`	`692`	`if (source != null) {`
`693`	`693`	`taintObject(result, source, mark)`
`694`	`694`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`import datadog.trace.agent.test.AgentTestRunner`
	`2`	`+import datadog.trace.agent.test.server.http.TestHttpServer`
`2`	`3`	`import datadog.trace.api.iast.InstrumentationBridge`
`3`	`4`	`import datadog.trace.api.iast.sink.SsrfModule`
`4`	`5`	`import org.apache.http.HttpHost`
`@@ -31,7 +32,7 @@ class IastHttpClientInstrumentationTest extends AgentTestRunner {`
`31`	`32`	`}`
`32`	`33`	`}`
`33`	`34`
`34`		`- void 'test ssrf httpClient execute method with args #args expecting call module'() {`
	`35`	`+ void 'test ssrf httpClient execute method expecting call module #iterationIndex'() {`
`35`	`36`	`given:`
`36`	`37`	`final ssrf = Mock(SsrfModule)`
`37`	`38`	`InstrumentationBridge.registerIastModule(ssrf)`
`@@ -68,7 +69,7 @@ class IastHttpClientInstrumentationTest extends AgentTestRunner {`
`68`	`69`	`return new BasicHttpRequest("GET", server.address.toString())`
`69`	`70`	`}`
`70`	`71`
`71`		`- private static HttpHost getHttpHost(final server){`
	`72`	`+ private static HttpHost getHttpHost(final TestHttpServer server){`
`72`	`73`	`return new HttpHost(server.address.host, server.address.port, server.address.scheme)`
`73`	`74`	`}`
`74`	`75`	`}`