feat: Add initial deny list

.gitlab/prepare-oci-package.sh

@@ -10,3 +10,4 @@ fi
 mkdir -p sources
 cp ../workspace/dd-java-agent/build/libs/*.jar sources/dd-java-agent.jar
 echo -n "$VERSION" > sources/version
+cp ../metadata/requirements.json sources/

metadata/base-requirements.json

@@ -0,0 +1,82 @@
+{
+  "version": 1,
+  "deny": [
+    {
+      "id": "unsupported_jvm",
+      "description": "Skip older JVMs",
+      "os": null,
+      "cmds": [
+        "**/java-1.5*/**/java",
+        "**/java-1.6*/**/java",
+        "**/java-6*/**/java",
+        "**/java-7/**/java"
+      ],
+      "args": [],
+      "envars": null
+    },
+    {
+      "id": "java8_version",
+      "description": "Skip java -version command",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "-version"
+          ],
+          "position": 0
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "java_version",
+      "description": "Skip java --version command",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "--version"
+          ],
+          "position": 0
+        }
+      ],
+      "envars": null
+    }
+  ],
+  "native_deps": {
+    "glibc": [
+      {
+        "arch": "x86",
+        "supported": true
+      },
+      {
+        "arch": "x64",
+        "supported": true
+      },
+      {
+        "arch": "arm64",
+        "supported": true
+      }
+    ],
+    "musl": [
+      {
+        "arch": "x86",
+        "supported": true
+      },
+      {
+        "arch": "x64",
+        "supported": true
+      },
+      {
+        "arch": "arm64",
+        "supported": true
+      }
+    ]
+  }
+}

metadata/build-requirements.sh

@@ -0,0 +1,84 @@
+#!/bin/bash
+#
+# This script builds the requirements.json file based on
+# - the base-requirements.json as base file,
+# - the denied-main-classes.tsv as rules to exclude application from their main classes,
+# - the denied-environment-variables.tsv as rules to exclude applications from their exported environment variables.
+#
+
+log-json() {
+    local JSON=$1
+    echo "Logging JSON"
+    echo "$JSON" | jq
+}
+
+#
+# Initialize requirements from base file
+#
+JSON=$(cat base-requirements.json)
+
+#
+# Append deny list entries based on main classes
+#
+while read -r ENTRY; do
+    # Skip comments or empty lines
+    if [[ -z $ENTRY || $ENTRY == \#* ]]; then
+        continue
+    fi
+    # Take first word
+    IDENTIFIER=$(echo "$ENTRY" | awk '{print $1}')
+    # Take second word
+    MAIN_CLASS=$(echo "$ENTRY" | awk '{print $2}')
+    # Take the rest as description
+    DESCRIPTION=$(echo "$ENTRY" | awk '{for(i=3;i<=NF;++i) printf "%s%s", $i, (i<NF)?" ":""}')
+    # Build deny list entry
+    DENY_ENTRY=$(cat <<-END
+    {
+        "id": "$IDENTIFIER",
+        "description": "$DESCRIPTION",
+        "os": null,
+        "cmds": ["**/java"],
+        "args": [{
+          "args": ["$MAIN_CLASS"],
+          "position": null
+        }],
+        "envars": null
+    }
+END
+    )
+    JSON=$(echo "$JSON" | jq ".deny += [$DENY_ENTRY]")
+done < denied-main-classes.tsv
+
+#
+# Append deny list entries based on environment variables
+#
+while read -r ENTRY; do
+    # Skip comments or empty lines
+    if [[ -z $ENTRY || $ENTRY == \#* ]]; then
+        continue
+    fi
+    # Take first word
+    IDENTIFIER=$(echo "$ENTRY" | awk '{print $1}')
+    # Take second word
+    ENVIRONMENT_VARIABLE=$(echo "$ENTRY" | awk '{print $2}')
+    # Take the rest as description
+    DESCRIPTION=$(echo "$ENTRY" | awk '{for(i=3;i<=NF;++i) printf "%s%s", $i, (i<NF)?" ":""}')
+    # Build deny list entry
+    DENY_ENTRY=$(cat <<-END
+    {
+        "id": "$IDENTIFIER",
+        "description": "$DESCRIPTION",
+        "os": null,
+        "cmds": ["**/java"],
+        "args": [],
+        "envars": {
+            "$ENVIRONMENT_VARIABLE": null
+        }
+    }
+END
+    )
+    JSON=$(echo "$JSON" | jq ".deny += [$DENY_ENTRY]")
+done < denied-environment-variables.tsv
+
+log-json "$JSON"
+echo "$JSON" > requirements.json

metadata/denied-environment-variables.tsv

@@ -0,0 +1,5 @@
+# Identifier    EnvironmentVariable     Description
+apache_hbase    HBASE_HOME              Skip Apache HBase
+apache_hadoop3  HADOOP_HOME             Skip Apache Hadoop 3
+apache_hive     HIVE_HOME               Skip Apache Hive
+apache_solr9    SOLR_PORT               Skip Apache Solr 9

metadata/denied-main-classes.tsv

@@ -0,0 +1,33 @@
+# Identifier    MainClass   Description
+
+# Apache ActiveMQ Artemis
+apache_activemq_artemis         org.apache.activemq.artemis.boot.Artemis            Skip Apache ActiveMQ Artemis
+
+# Apache Cassandra
+
+apache_cassandra                org.apache.cassandra.service.CassandraDaemon        Skip Apache Cassandra
+apache_cassandra_debugcql       org.apache.cassandra.transport.Client               Skip Apache Cassandra debug-cql
+apache_cassandra_nodetool       org.apache.cassandra.tools.NodeTool                 Skip Apache Cassandra nodetool
+apache_cassandra_sstableloader  org.apache.cassandra.tools.BulkLoader               Skip Apache Cassandra sstableloader
+apache_cassandra_sstablescrub   org.apache.cassandra.tools.StandaloneScrubber       Skip Apache Cassandra stablescrub
+apache_cassandra_sstableupgrade org.apache.cassandra.tools.StandaloneUpgrader       Skip Apache Cassandra sstableupgrade
+apache_cassandra_sstableutil    org.apache.cassandra.tools.StandaloneSSTableUtil    Skip Apache Cassandra sstableutil
+apache_cassandra_sstableverify  org.apache.cassandra.tools.StandaloneVerifier       Skip Apache Cassandra sstableverify
+
+# Apache Lucene
+apache_lucene8_luke             org.apache.lucene.luke.app.desktop.LukeMain         Skip Lucene 8 Luke
+apache_lucene9_luke             org.apache.lucene.luke                              Skip Apache Netbeans
+
+# Apache Netbeans
+apache_netbeans                 org.netbeans.Main                                   Skip Apache Netbeans
+
+# Apache Solr 8
+apache_solr8_start              -Dsolr.solr.home=*                                  Skip Apache Solr 8 start command using System Properties
+apache_solr8_stop               *solr/server/start.jar                              Skip Apache Solr 8 stop using path to jar
+apache_solr8_tools              org.apache.solr.util.SolrCLI                        Skip Apache Solr 8 CLI tools
+
+# Elastic Search 7+
+elasticsearch7                  -Des.path.home=*                                    Skip Elastic Search 7+ commands
+
+# Jetbrains IntelliJ IDEA
+intellij_idea                   com.intellij.idea.Main                              Skip Jetbrains IntelliJ IDEA