From 707f88d62c068102e0b2eb5fb4d0f4d2b3abbc04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Thu, 19 Sep 2024 15:06:42 +0200 Subject: [PATCH 1/7] Fix styles --- .../iast/propagation/StringModuleImpl.java | 36 +++++++++++ .../iast/propagation/StringModuleTest.groovy | 64 +++++++++++++++++++ .../java/lang/jdk11/StringCallSite.java | 29 +++++++++ .../java/lang/jdk11/StringCallSiteTest.groovy | 37 +++++++++++ .../java/foo/bar/TestStringJDK11Suite.java | 21 ++++++ .../api/iast/propagation/StringModule.java | 2 + 6 files changed, 189 insertions(+) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java index db1f1ad865d..a6cf9556ea0 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java @@ -567,6 +567,42 @@ public void onSplit(@Nonnull String self, @Nonnull String[] result) { } } + @Override + public void onStringStrip(@Nonnull String self, @Nonnull String result, boolean trailing) { + if (!canBeTainted(result) || self == result) { + return; + } + final IastContext ctx = IastContext.Provider.get(); + if (ctx == null) { + return; + } + final TaintedObjects taintedObjects = ctx.getTaintedObjects(); + final TaintedObject taintedSelf = taintedObjects.get(self); + if (taintedSelf == null) { + return; + } + + final Range[] rangesSelf = taintedSelf.getRanges(); + if (rangesSelf.length == 0) { + return; + } + + int offset = 0; + if (!trailing) { + while ((offset < self.length()) && (Character.isWhitespace(self.charAt(offset)))) { + offset++; + } + } + + int resultLength = result.length(); + + final Range[] newRanges = Ranges.forSubstring(offset, resultLength, rangesSelf); + + if (newRanges != null) { + taintedObjects.taint(result, newRanges); + } + } + /** * Adds the tainted ranges belonging to the current parameter added via placeholder taking care of * an optional tainted placeholder. diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy index e8d7ece64e0..880d340667e 100644 --- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy +++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy @@ -984,6 +984,70 @@ class StringModuleTest extends IastModuleImplTestBase { '==>testing<== the ==>test<==' | ' ' | ['==>testing<==', '==>the<==', '==>test<=='] as String[] } + void 'test strip and make sure IastRequestContext is called'() { + given: + final taintedObjects = ctx.getTaintedObjects() + def self = addFromTaintFormat(taintedObjects, testString) + def result = self."$method"() + + when: + module.onStringStrip(self, result, trailing) + def taintedObject = taintedObjects.get(result) + + then: + 1 * tracer.activeSpan() >> span + taintFormat(result, taintedObject.getRanges()) == expected + + where: + method | trailing | testString | expected + "strip" | false | " ==>123<== " | "==>123<==" + "stripLeading" | false | " ==>123<== " | "==>123<== " + "stripTrailing" | true | " ==>123<== " | " ==>123<==" + } + + void 'test strip for not empty string cases'() { + given: + final taintedObjects = ctx.getTaintedObjects() + def self = addFromTaintFormat(taintedObjects, testString) + def result = self."$method"() + + when: + module.onStringStrip(self, result, trailing) + def taintedObject = taintedObjects.get(result) + + then: + taintFormat(result, taintedObject.getRanges()) == expected + + where: + method | trailing | testString | expected + "strip" | false | " ==> <== ==> <== ==>456<== ==>ABC<== ==> <== ==> <== " | "==>456<== ==>ABC<==" + "stripLeading" | false | " ==> <== ==> <== ==>456<== ==>ABC<== ==> <== ==> <== " | "==>456<== ==>ABC<== ==> <== ==> <== " + "stripTrailing" | true | " ==> <== ==> <== ==>456<== ==>ABC<== ==> <== ==> <== " | " ==> <== ==> <== ==>456<== ==>ABC<==" + } + + void 'test strip for empty string cases'() { + given: + final taintedObjects = ctx.getTaintedObjects() + def self = addFromTaintFormat(taintedObjects, testString) + def result = self."$method"() + + when: + module.onStringStrip(self, result, trailing) + + then: + null == taintedObjects.get(result) + result == expected + + where: + method | trailing | testString | expected + "strip" | false | " ==> <== " | "" + "stripLeading" | false | " ==> <== " | "" + "stripTrailing" | true | " ==> <== " | "" + "strip" | false | "" | "" + "stripLeading" | false | "" | "" + "stripTrailing" | true | "" | "" + } + private static Date date(final String pattern, final String value) { return new SimpleDateFormat(pattern).parse(value) } diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/main/java/datadog/trace/instrumentation/java/lang/jdk11/StringCallSite.java b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/main/java/datadog/trace/instrumentation/java/lang/jdk11/StringCallSite.java index c035cb51a2b..ea376a8aa23 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/main/java/datadog/trace/instrumentation/java/lang/jdk11/StringCallSite.java +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/main/java/datadog/trace/instrumentation/java/lang/jdk11/StringCallSite.java @@ -26,4 +26,33 @@ public static String afterRepeat( } return result; } + + @CallSite.After("java.lang.String java.lang.String.strip()") + @CallSite.After("java.lang.String java.lang.String.stripLeading()") + public static String afterStrip( + @CallSite.This final String self, @CallSite.Return final String result) { + final StringModule module = InstrumentationBridge.STRING; + try { + if (module != null) { + module.onStringStrip(self, result, false); + } + } catch (final Throwable e) { + module.onUnexpectedException("afterRepeat threw", e); + } + return result; + } + + @CallSite.After("java.lang.String java.lang.String.stripTrailing()") + public static String afterStripTrailing( + @CallSite.This final String self, @CallSite.Return final String result) { + final StringModule module = InstrumentationBridge.STRING; + try { + if (module != null) { + module.onStringStrip(self, result, true); + } + } catch (final Throwable e) { + module.onUnexpectedException("afterRepeat threw", e); + } + return result; + } } diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy index e0b97dbb98d..68faea15ed6 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy @@ -31,4 +31,41 @@ class StringCallSiteTest extends AgentTestRunner { 1 * iastModule.onStringRepeat(self, count, expected) 0 * _ } + + def 'test string strip call site'() { + setup: + final module = Mock(StringModule) + InstrumentationBridge.registerIastModule(module) + + when: + final result = TestStringJDK11Suite."$method"(input) + + then: + result == output + 1 * module.onStringStrip(input, output) + 0 * _ + + where: + method | input | output + "stringStrip" | ' hello ' | 'hello' + "stringStripLeading" | ' hello ' | 'hello ' + } + + def 'test string strip trailing call site'() { + setup: + final module = Mock(StringModule) + InstrumentationBridge.registerIastModule(module) + + when: + final result = TestStringJDK11Suite.stringStripTrailing(input) + + then: + result == output + 1 * module.onStringStrip(input, output) + 0 * _ + + where: + input | output + ' hello ' | ' hello' + } } diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java index 6da40940227..a78bccc270a 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java @@ -15,4 +15,25 @@ public static String stringRepeat(String self, int count) { LOGGER.debug("After string repeat {}", result); return result; } + + public static String stringStrip(final String self) { + LOGGER.debug("Before string strip {} ", self); + final String result = self.strip(); + LOGGER.debug("After string strip {}", result); + return result; + } + + public static String stringStripLeading(final String self) { + LOGGER.debug("Before string strip {} ", self); + final String result = self.stripLeading(); + LOGGER.debug("After string strip {}", result); + return result; + } + + public static String stringStripTrailing(final String self) { + LOGGER.debug("Before string strip {} ", self); + final String result = self.stripTrailing(); + LOGGER.debug("After string strip {}", result); + return result; + } } diff --git a/internal-api/src/main/java/datadog/trace/api/iast/propagation/StringModule.java b/internal-api/src/main/java/datadog/trace/api/iast/propagation/StringModule.java index 4805e1dd6c1..c53b2d03117 100644 --- a/internal-api/src/main/java/datadog/trace/api/iast/propagation/StringModule.java +++ b/internal-api/src/main/java/datadog/trace/api/iast/propagation/StringModule.java @@ -50,4 +50,6 @@ void onStringFormat( @Nonnull Iterable literals, @Nonnull Object[] params, @Nonnull String result); void onSplit(final @Nonnull String self, final @Nonnull String[] result); + + void onStringStrip(@Nonnull String self, @Nonnull String result, boolean trailing); } From 6a6872ad6a877fd65b0cc9dc0ee3e5f8765d547f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Fri, 20 Sep 2024 10:23:31 +0200 Subject: [PATCH 2/7] Add supressFbWarning to pass check_base --- .../main/java/com/datadog/iast/propagation/StringModuleImpl.java | 1 + 1 file changed, 1 insertion(+) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java index a6cf9556ea0..cd5080b298a 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java @@ -568,6 +568,7 @@ public void onSplit(@Nonnull String self, @Nonnull String[] result) { } @Override + @SuppressFBWarnings public void onStringStrip(@Nonnull String self, @Nonnull String result, boolean trailing) { if (!canBeTainted(result) || self == result) { return; From 4ab949acd3e98e9b720a4ee3d3e38af4531b16de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Fri, 20 Sep 2024 11:21:54 +0200 Subject: [PATCH 3/7] Update tests --- .../iast/propagation/StringModuleTest.groovy | 36 ++++++++----------- .../java/lang/jdk11/StringCallSiteTest.groovy | 19 +--------- 2 files changed, 15 insertions(+), 40 deletions(-) diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy index 880d340667e..3fc48d97be7 100644 --- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy +++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy @@ -984,7 +984,7 @@ class StringModuleTest extends IastModuleImplTestBase { '==>testing<== the ==>test<==' | ' ' | ['==>testing<==', '==>the<==', '==>test<=='] as String[] } - void 'test strip and make sure IastRequestContext is called'() { + void 'test #method and make sure IastRequestContext is called'() { given: final taintedObjects = ctx.getTaintedObjects() def self = addFromTaintFormat(taintedObjects, testString) @@ -998,34 +998,26 @@ class StringModuleTest extends IastModuleImplTestBase { 1 * tracer.activeSpan() >> span taintFormat(result, taintedObject.getRanges()) == expected - where: - method | trailing | testString | expected - "strip" | false | " ==>123<== " | "==>123<==" - "stripLeading" | false | " ==>123<== " | "==>123<== " - "stripTrailing" | true | " ==>123<== " | " ==>123<==" - } - - void 'test strip for not empty string cases'() { - given: - final taintedObjects = ctx.getTaintedObjects() - def self = addFromTaintFormat(taintedObjects, testString) - def result = self."$method"() - - when: - module.onStringStrip(self, result, trailing) - def taintedObject = taintedObjects.get(result) - - then: - taintFormat(result, taintedObject.getRanges()) == expected - where: method | trailing | testString | expected + "strip" | false | " ==>123<== " | "==>123<==" + "stripLeading" | false | " ==>123<== " | "==>123<== " + "stripTrailing" | true | " ==>123<== " | " ==>123<==" "strip" | false | " ==> <== ==> <== ==>456<== ==>ABC<== ==> <== ==> <== " | "==>456<== ==>ABC<==" "stripLeading" | false | " ==> <== ==> <== ==>456<== ==>ABC<== ==> <== ==> <== " | "==>456<== ==>ABC<== ==> <== ==> <== " "stripTrailing" | true | " ==> <== ==> <== ==>456<== ==>ABC<== ==> <== ==> <== " | " ==> <== ==> <== ==>456<== ==>ABC<==" + "strip" | false | " ==>123<== " | "==>123<==" + "stripLeading" | false | " ==>123<== " | "==>123<== " + "stripTrailing" | true | " ==>123<== " | " ==>123<==" + "strip" | false | "==> 123 <==" | "==>123<==" + "stripLeading" | false | "==> 123 <==" | "==>123 <==" + "stripTrailing" | true | "==> 123 <==" | "==> 123<==" + "strip" | false | " a==> b <==c " | "a==> b <==c" + "stripLeading" | false | " a==> b <==c " | "a==> b <==c " + "stripTrailing" | true | " a==> b <==c " | " a==> b <==c" } - void 'test strip for empty string cases'() { + void 'test #method for empty string cases'() { given: final taintedObjects = ctx.getTaintedObjects() def self = addFromTaintFormat(taintedObjects, testString) diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy index 68faea15ed6..1802f6d47a3 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy @@ -49,23 +49,6 @@ class StringCallSiteTest extends AgentTestRunner { method | input | output "stringStrip" | ' hello ' | 'hello' "stringStripLeading" | ' hello ' | 'hello ' - } - - def 'test string strip trailing call site'() { - setup: - final module = Mock(StringModule) - InstrumentationBridge.registerIastModule(module) - - when: - final result = TestStringJDK11Suite.stringStripTrailing(input) - - then: - result == output - 1 * module.onStringStrip(input, output) - 0 * _ - - where: - input | output - ' hello ' | ' hello' + "stringStripTrailing" | ' hello ' | ' hello' } } From fb3c2b7851e6de20adacba2dcded6419fbfeb4b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Fri, 20 Sep 2024 11:29:23 +0200 Subject: [PATCH 4/7] Fix StringCallSiteTest --- .../java/lang/jdk11/StringCallSiteTest.groovy | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy index 1802f6d47a3..2e4948135d3 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy @@ -42,13 +42,13 @@ class StringCallSiteTest extends AgentTestRunner { then: result == output - 1 * module.onStringStrip(input, output) + 1 * module.onStringStrip(input, output, trailing) 0 * _ where: - method | input | output - "stringStrip" | ' hello ' | 'hello' - "stringStripLeading" | ' hello ' | 'hello ' - "stringStripTrailing" | ' hello ' | ' hello' + method | trailing | input | output + "stringStrip" | false | ' hello ' | 'hello' + "stringStripLeading" | false | ' hello ' | 'hello ' + "stringStripTrailing" | true | ' hello ' | ' hello' } } From 86cfbb88d8c3f9fd118fc874b33beb2d240ebb71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Fri, 20 Sep 2024 13:09:58 +0200 Subject: [PATCH 5/7] Fix tests --- .../java/lang/jdk11/StringCallSiteTest.groovy | 3 +-- .../src/test/java/foo/bar/TestStringJDK11Suite.java | 8 ++++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy index 2e4948135d3..18453014a06 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy @@ -32,7 +32,7 @@ class StringCallSiteTest extends AgentTestRunner { 0 * _ } - def 'test string strip call site'() { + def 'test string #method call site'() { setup: final module = Mock(StringModule) InstrumentationBridge.registerIastModule(module) @@ -43,7 +43,6 @@ class StringCallSiteTest extends AgentTestRunner { then: result == output 1 * module.onStringStrip(input, output, trailing) - 0 * _ where: method | trailing | input | output diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java index a78bccc270a..4f0b9815292 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java @@ -24,16 +24,16 @@ public static String stringStrip(final String self) { } public static String stringStripLeading(final String self) { - LOGGER.debug("Before string strip {} ", self); + LOGGER.debug("Before string stripLeading {} ", self); final String result = self.stripLeading(); - LOGGER.debug("After string strip {}", result); + LOGGER.debug("After string stripLeading {}", result); return result; } public static String stringStripTrailing(final String self) { - LOGGER.debug("Before string strip {} ", self); + LOGGER.debug("Before string stripTrailing {} ", self); final String result = self.stripTrailing(); - LOGGER.debug("After string strip {}", result); + LOGGER.debug("After string stripTrailing {}", result); return result; } } From 10517d1e39a6dd134a656d8964f0789dab9b22f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Fri, 20 Sep 2024 14:59:39 +0200 Subject: [PATCH 6/7] Fix typos --- .../instrumentation/java/lang/jdk11/StringCallSite.java | 4 ++-- .../java/lang/jdk11/StringCallSiteTest.groovy | 2 ++ .../src/test/java/foo/bar/TestStringJDK11Suite.java | 6 +++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/main/java/datadog/trace/instrumentation/java/lang/jdk11/StringCallSite.java b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/main/java/datadog/trace/instrumentation/java/lang/jdk11/StringCallSite.java index ea376a8aa23..2a5319c6b67 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/main/java/datadog/trace/instrumentation/java/lang/jdk11/StringCallSite.java +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/main/java/datadog/trace/instrumentation/java/lang/jdk11/StringCallSite.java @@ -37,7 +37,7 @@ public static String afterStrip( module.onStringStrip(self, result, false); } } catch (final Throwable e) { - module.onUnexpectedException("afterRepeat threw", e); + module.onUnexpectedException("afterStrip threw", e); } return result; } @@ -51,7 +51,7 @@ public static String afterStripTrailing( module.onStringStrip(self, result, true); } } catch (final Throwable e) { - module.onUnexpectedException("afterRepeat threw", e); + module.onUnexpectedException("afterStripTrailing threw", e); } return result; } diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy index 18453014a06..4a0908a2747 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/groovy/datadog/trace/instrumentation/java/lang/jdk11/StringCallSiteTest.groovy @@ -1,3 +1,5 @@ +package datadog.trace.instrumentation.java.lang.jdk11 + import datadog.trace.agent.test.AgentTestRunner import datadog.trace.api.iast.InstrumentationBridge import datadog.trace.api.iast.propagation.StringModule diff --git a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java index 4f0b9815292..25e3d57e769 100644 --- a/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java +++ b/dd-java-agent/instrumentation/java-lang/java-lang-11/src/test/java/foo/bar/TestStringJDK11Suite.java @@ -17,21 +17,21 @@ public static String stringRepeat(String self, int count) { } public static String stringStrip(final String self) { - LOGGER.debug("Before string strip {} ", self); + LOGGER.debug("Before string strip {}", self); final String result = self.strip(); LOGGER.debug("After string strip {}", result); return result; } public static String stringStripLeading(final String self) { - LOGGER.debug("Before string stripLeading {} ", self); + LOGGER.debug("Before string stripLeading {}", self); final String result = self.stripLeading(); LOGGER.debug("After string stripLeading {}", result); return result; } public static String stringStripTrailing(final String self) { - LOGGER.debug("Before string stripTrailing {} ", self); + LOGGER.debug("Before string stripTrailing {}", self); final String result = self.stripTrailing(); LOGGER.debug("After string stripTrailing {}", result); return result; From 6d35d2eba55b00a44037816f97b313e835d578fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Mon, 23 Sep 2024 09:37:17 +0200 Subject: [PATCH 7/7] Minor changes --- .../java/com/datadog/iast/propagation/StringModuleImpl.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java index cd5080b298a..be015d69d2e 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java @@ -568,9 +568,9 @@ public void onSplit(@Nonnull String self, @Nonnull String[] result) { } @Override - @SuppressFBWarnings + @SuppressFBWarnings("ES_COMPARING_PARAMETER_STRING_WITH_EQ") public void onStringStrip(@Nonnull String self, @Nonnull String result, boolean trailing) { - if (!canBeTainted(result) || self == result) { + if (self == result || !canBeTainted(result)) { return; } final IastContext ctx = IastContext.Provider.get();