Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add propagation to URI#toURL method #8146

Merged
merged 1 commit into from
Jan 8, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import datadog.trace.api.iast.propagation.CodecModule;
import datadog.trace.api.iast.propagation.PropagationModule;
import java.net.URI;
import java.net.URL;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

Expand Down Expand Up @@ -105,4 +106,19 @@ public static URI afterNormalize(
}
return result;
}

@Propagation
@CallSite.After("java.net.URL java.net.URI.toURL()")
public static URL afterToURL(@CallSite.This final URI uri, @CallSite.Return final URL result) {
final PropagationModule module = InstrumentationBridge.PROPAGATION;
if (module != null && result != null) {
try {
boolean keepRanges = uri.toString().equals(result.toString());
module.taintObjectIfTainted(result, uri, keepRanges, NOT_MARKED);
} catch (final Throwable e) {
module.onUnexpectedException("After toURL threw", e);
}
}
return result;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -69,5 +69,6 @@ class URICallSIteTest extends AgentTestRunner {
'toASCIIString' | 'String' | [new URI('http://test.com/index?name=value#fragment')] | true
'toASCIIString' | 'String' | [new URI('http://test.com/漢/index?name=value#fragment')] | false
'toString' | 'String' | [new URI('http://test.com/index?name=value#fragment')] | true
'toURL' | 'Object' | [new URI('http://test.com/index?name=value#fragment')] | true
}
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package foo.bar;

import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -105,4 +107,11 @@ public static String toASCIIString(final URI uri) {
LOGGER.debug("After toAsciiString {}", result);
return result;
}

public static URL toURL(final URI uri) throws MalformedURLException {
LOGGER.debug("Before toURL {}", uri);
final URL result = uri.toURL();
LOGGER.debug("After toURL {}", result);
return result;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,11 @@ class VertxRxCircuitBreakerHttpServerForkedTest extends VertxHttpServerForkedTes
false
}

@Override
boolean testSessionId() {
false
}

static class VertxRxCircuitBreakerWebTestServer extends AbstractVerticle {

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import com.squareup.okhttp.OkHttpClient;
import com.squareup.okhttp.Request;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
Expand Down Expand Up @@ -39,6 +40,21 @@ public String ssrf(
return "ok";
}

@PostMapping("/uri")
public String uri(
@RequestParam(value = "url", required = false) final String url,
@RequestParam(value = "host", required = false) final String host) {
try {
final URI uri =
url != null ? new URI(url) : new URI("https", null, host, 443, "/test", null, null);
final URL target = uri.toURL();
final HttpURLConnection conn = (HttpURLConnection) target.openConnection();
conn.disconnect();
} catch (final Exception e) {
}
return "ok";
}

@PostMapping("/apache-httpclient4")
public String apacheHttpClient4(
@RequestParam(value = "url", required = false) final String url,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -688,7 +688,7 @@ abstract class AbstractIastSpringBootTest extends AbstractIastServerSmokeTest {

void 'ssrf is present'() {
setup:
final url = "http://localhost:${httpPort}/ssrf"
final url = "http://localhost:${httpPort}/ssrf${path}"
final body = new FormBody.Builder().add(parameter, value).build()
final request = new Request.Builder().url(url).post(body).build()

Expand All @@ -715,9 +715,11 @@ abstract class AbstractIastSpringBootTest extends AbstractIastServerSmokeTest {
}

where:
parameter | value
'url' | 'https://dd.datad0g.com/'
'host' | 'dd.datad0g.com'
path | parameter | value
'' | 'url' | 'https://dd.datad0g.com/'
'' | 'host' | 'dd.datad0g.com'
'/uri' | 'url' | 'https://dd.datad0g.com/'
'/uri' | 'host' | 'dd.datad0g.com'
}

void 'ssrf is present (#path) (#parameter)'() {
Expand Down
Loading