Skip to content

Commit

Permalink
Added option to disable stacktrace suppression
Browse files Browse the repository at this point in the history
  • Loading branch information
@ValentinZakharov
ValentinZakharov committed Aug 28, 2023
1 parent 5daa816 commit e051208
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 0 deletions.
6 changes: 6 additions & 0 deletions ...-appsec-7/src/main/java/datadog/trace/instrumentation/tomcat7/ErrorReportValueAdvice.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import static datadog.trace.bootstrap.blocking.BlockingActionHelper.TemplateType.HTML;
import static datadog.trace.bootstrap.instrumentation.api.AgentTracer.activeSpan;

import datadog.trace.api.Config;
import datadog.trace.api.iast.InstrumentationBridge;
import datadog.trace.api.iast.sink.StacktraceLeakModule;
import datadog.trace.bootstrap.blocking.BlockingActionHelper;
Expand Down Expand Up @@ -41,6 +42,11 @@ public static boolean onEnter(
}
}

// If we don't need to suppress stacktrace leak
if (!Config.get().isIastStacktraceLeakSuppress()) {
return false;
}

byte[] template = BlockingActionHelper.getTemplate(HTML);
if (template == null) {
return false;
Expand Down
1 change: 1 addition & 0 deletions dd-trace-api/src/main/java/datadog/trace/api/ConfigDefaults.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ public final class ConfigDefaults {
"(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)";
static final String DEFAULT_IAST_REDACTION_VALUE_PATTERN =
"(?:bearer\\s+[a-z0-9\\._\\-]+|glpat-[\\w\\-]{20}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=\\-]+\\.ey[I-L][\\w=\\-]+(?:\\.[\\w.+/=\\-]+)?|(?:[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY[\\-]{5}|ssh-rsa\\s*[a-z0-9/\\.+]{100,}))";
static final boolean DEFAULT_IAST_STACKTRACE_LEAK_SUPPRESS = true;

public static final boolean DEFAULT_IAST_DEDUPLICATION_ENABLED = true;

Expand Down
1 change: 1 addition & 0 deletions dd-trace-api/src/main/java/datadog/trace/api/config/IastConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ public final class IastConfig {
public static final String IAST_REDACTION_ENABLED = "iast.redaction.enabled";
public static final String IAST_REDACTION_NAME_PATTERN = "iast.redaction.name.pattern";
public static final String IAST_REDACTION_VALUE_PATTERN = "iast.redaction.value.pattern";
public static final String IAST_STACKTRACE_LEAK_SUPPRESS = "iast.stacktrace-leak.suppress";

private IastConfig() {}
}
10 changes: 10 additions & 0 deletions internal-api/src/main/java/datadog/trace/api/Config.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@
import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_REDACTION_ENABLED;
import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_REDACTION_NAME_PATTERN;
import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_REDACTION_VALUE_PATTERN;
import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_STACKTRACE_LEAK_SUPPRESS;
import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_WEAK_CIPHER_ALGORITHMS;
import static datadog.trace.api.ConfigDefaults.DEFAULT_IAST_WEAK_HASH_ALGORITHMS;
import static datadog.trace.api.ConfigDefaults.DEFAULT_JMX_FETCH_ENABLED;
Expand Down Expand Up @@ -212,6 +213,7 @@
import static datadog.trace.api.config.IastConfig.IAST_REDACTION_ENABLED;
import static datadog.trace.api.config.IastConfig.IAST_REDACTION_NAME_PATTERN;
import static datadog.trace.api.config.IastConfig.IAST_REDACTION_VALUE_PATTERN;
import static datadog.trace.api.config.IastConfig.IAST_STACKTRACE_LEAK_SUPPRESS;
import static datadog.trace.api.config.IastConfig.IAST_TELEMETRY_VERBOSITY;
import static datadog.trace.api.config.IastConfig.IAST_WEAK_CIPHER_ALGORITHMS;
import static datadog.trace.api.config.IastConfig.IAST_WEAK_HASH_ALGORITHMS;
Expand Down Expand Up @@ -629,6 +631,7 @@ static class HostNameHolder {
private final boolean iastRedactionEnabled;
private final String iastRedactionNamePattern;
private final String iastRedactionValuePattern;
private final boolean iastStacktraceLeakSuppress;

private final boolean ciVisibilityTraceSanitationEnabled;
private final boolean ciVisibilityAgentlessEnabled;
Expand Down Expand Up @@ -1441,6 +1444,9 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
iastRedactionValuePattern =
configProvider.getString(
IAST_REDACTION_VALUE_PATTERN, DEFAULT_IAST_REDACTION_VALUE_PATTERN);
iastStacktraceLeakSuppress =
configProvider.getBoolean(
IAST_STACKTRACE_LEAK_SUPPRESS, DEFAULT_IAST_STACKTRACE_LEAK_SUPPRESS);

ciVisibilityTraceSanitationEnabled =
configProvider.getBoolean(CIVISIBILITY_TRACE_SANITATION_ENABLED, true);
Expand Down Expand Up @@ -2395,6 +2401,10 @@ public String getIastRedactionValuePattern() {
return iastRedactionValuePattern;
}

public boolean isIastStacktraceLeakSuppress() {
return iastStacktraceLeakSuppress;
}

public boolean isCiVisibilityEnabled() {
return instrumenterConfig.isCiVisibilityEnabled();
}
Expand Down

0 comments on commit e051208

Please sign in to comment.