Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extract interfaces for tainted objects classes #8060

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.InstrumentationBridge;
import datadog.trace.api.iast.Taintable.Source;
import datadog.trace.api.iast.propagation.PropagationModule;
import datadog.trace.api.iast.taint.Source;
import datadog.trace.api.iast.taint.TaintedObjects;
import datadog.trace.bootstrap.ContextStore;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import javax.annotation.Nonnull;
Expand All @@ -30,7 +31,8 @@ public static <E> NamedContext getOrCreate(
}
final PropagationModule module = InstrumentationBridge.PROPAGATION;
if (module != null) {
final Source source = module.findSource(target);
final TaintedObjects to = IastContext.Provider.taintedObjects();
final Source source = module.findSource(to, target);
if (source != null) {
result = new NamedContextImpl(module, source);
}
Expand Down Expand Up @@ -60,7 +62,7 @@ private static class NamedContextImpl extends NamedContext {
@Nullable private String currentName;

private boolean fetched;
@Nullable private IastContext context;
@Nullable private TaintedObjects to;

public NamedContextImpl(@Nonnull final PropagationModule module, @Nonnull final Source source) {
this.module = module;
Expand All @@ -69,7 +71,7 @@ public NamedContextImpl(@Nonnull final PropagationModule module, @Nonnull final

@Override
public void taintValue(@Nullable final String value) {
module.taintString(iastCtx(), value, source.getOrigin(), currentName, source.getValue());
module.taintObject(to(), value, source.getOrigin(), currentName, source.getValue());
}

@Override
Expand All @@ -79,7 +81,7 @@ public void taintName(@Nullable final String name) {
// prevent tainting the same name more than once
if (currentName != name) {
currentName = name;
module.taintString(iastCtx(), name, source.getOrigin(), name, source.getValue());
module.taintObject(to(), name, source.getOrigin(), name, source.getValue());
}
}

Expand All @@ -88,12 +90,12 @@ public void setCurrentName(@Nullable final String name) {
currentName = name;
}

private IastContext iastCtx() {
private TaintedObjects to() {
if (!fetched) {
fetched = true;
context = IastContext.Provider.get();
to = IastContext.Provider.taintedObjects();
}
return context;
return to;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ package datadog.trace.bootstrap.instrumentation.iast

import datadog.trace.api.iast.InstrumentationBridge
import datadog.trace.api.iast.SourceTypes
import datadog.trace.api.iast.Taintable.Source
import datadog.trace.api.iast.propagation.PropagationModule
import datadog.trace.api.iast.taint.Source
import datadog.trace.bootstrap.ContextStore
import datadog.trace.test.util.DDSpecification

Expand All @@ -31,14 +31,14 @@ class NamedContextTest extends DDSpecification {

then:
1 * store.get(target) >> null
1 * module.findSource(target) >> source
1 * module.findSource(_, target) >> source
1 * store.put(target, _)

when:
context.taintName(name)

then:
1 * module.taintString(_, name, source.origin, name, source.value)
1 * module.taintObject(_, name, source.origin, name, source.value)

when:
context.taintName(name)
Expand All @@ -50,7 +50,7 @@ class NamedContextTest extends DDSpecification {
context.taintValue(value)

then:
1 * module.taintString(_, value, source.origin, name, source.value)
1 * module.taintObject(_, value, source.origin, name, source.value)
0 * _
}

Expand All @@ -62,7 +62,7 @@ class NamedContextTest extends DDSpecification {
final ctx = NamedContext.getOrCreate(store, target)

then:
1 * module.findSource(target) >> null
1 * module.findSource(_, target) >> null
1 * store.put(target, _)

when:
Expand All @@ -82,5 +82,20 @@ class NamedContextTest extends DDSpecification {
byte origin
String name
String value

@Override
Source attachValue(Object newValue) {
return new SourceImpl(origin: origin, name: name, value: newValue as String)
}

@Override
boolean isReference() {
return false
}

@Override
Object getRawValue() {
return value
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,15 @@
import static java.util.concurrent.TimeUnit.NANOSECONDS;

import com.datadog.iast.IastSystem;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.Source;
import com.datadog.iast.taint.TaintedObjects;
import com.datadog.iast.model.SourceImpl;
import datadog.trace.api.Config;
import datadog.trace.api.ProductActivation;
import datadog.trace.api.gateway.InstrumentationGateway;
import datadog.trace.api.gateway.RequestContextSlot;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.taint.Range;
import datadog.trace.api.iast.taint.Source;
import datadog.trace.api.iast.taint.TaintedObjects;
import datadog.trace.bootstrap.instrumentation.api.AgentScope;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
Expand Down Expand Up @@ -95,7 +96,7 @@ protected <E> E notTainted(final E value) {
}

protected Source source() {
return new Source((byte) 0, "key", "value");
return new SourceImpl((byte) 0, "key", "value");
}

private static long computeHash(final Object value) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.RangeImpl;
import datadog.trace.api.iast.IastContext;
import datadog.trace.instrumentation.java.lang.StringBuilderCallSite;
import org.openjdk.jmh.annotations.Benchmark;
Expand All @@ -17,14 +17,14 @@ protected Context initializeContext() {
final IastRequestContext context = new IastRequestContext();
final String notTainted = notTainted("I am not a tainted string");
final String tainted =
tainted(context, "I am a tainted string", new Range(5, 6, source(), NOT_MARKED));
tainted(context, "I am a tainted string", new RangeImpl(5, 6, source(), NOT_MARKED));
final StringBuilder notTaintedBuilder =
notTainted(new StringBuilder("I am not a tainted string builder"));
final StringBuilder taintedBuilder =
tainted(
context,
new StringBuilder("I am a tainted string builder"),
new Range(5, 6, source(), NOT_MARKED));
new RangeImpl(5, 6, source(), NOT_MARKED));
return new Context(context, notTainted, tainted, notTaintedBuilder, taintedBuilder);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
import static java.util.concurrent.TimeUnit.MICROSECONDS;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.RangeImpl;
import datadog.trace.api.iast.IastContext;
import datadog.trace.instrumentation.java.lang.StringBuilderCallSite;
import java.util.ArrayList;
Expand Down Expand Up @@ -36,7 +36,8 @@ protected StringBuilderBatchBenchmark.Context initializeContext() {
final String value;
if (current < limit) {
value =
tainted(context, UUID.randomUUID().toString(), new Range(3, 6, source(), NOT_MARKED));
tainted(
context, UUID.randomUUID().toString(), new RangeImpl(3, 6, source(), NOT_MARKED));
} else {
value = notTainted(UUID.randomUUID().toString());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.RangeImpl;
import datadog.trace.api.iast.IastContext;
import datadog.trace.instrumentation.java.lang.StringBuilderCallSite;
import org.openjdk.jmh.annotations.Benchmark;
Expand All @@ -17,7 +17,7 @@ protected Context initializeContext() {
final IastRequestContext context = new IastRequestContext();
final String notTainted = notTainted("I am not a tainted string");
final String tainted =
tainted(context, "I am a tainted string", new Range(3, 6, source(), NOT_MARKED));
tainted(context, "I am a tainted string", new RangeImpl(3, 6, source(), NOT_MARKED));
return new Context(context, notTainted, tainted);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.RangeImpl;
import datadog.trace.api.iast.IastContext;
import datadog.trace.instrumentation.java.lang.StringBuilderCallSite;
import org.openjdk.jmh.annotations.Benchmark;
Expand All @@ -21,7 +21,7 @@ protected Context initializeContext() {
tainted(
context,
new StringBuilder("I am a tainted string builder"),
new Range(5, 7, source(), NOT_MARKED));
new RangeImpl(5, 7, source(), NOT_MARKED));
return new Context(context, notTaintedBuilder, taintedBuilder);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.RangeImpl;
import datadog.trace.api.iast.IastContext;
import datadog.trace.instrumentation.java.lang.StringCallSite;
import org.openjdk.jmh.annotations.Benchmark;
Expand All @@ -16,7 +16,7 @@ protected StringConcatBenchmark.Context initializeContext() {
final IastRequestContext context = new IastRequestContext();
final String notTainted = notTainted("I am not a tainted string");
final String tainted =
tainted(context, "I am a tainted string", new Range(3, 5, source(), NOT_MARKED));
tainted(context, "I am a tainted string", new RangeImpl(3, 5, source(), NOT_MARKED));
return new StringConcatBenchmark.Context(context, notTainted, tainted);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
import static java.util.concurrent.TimeUnit.MICROSECONDS;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.RangeImpl;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.InstrumentationBridge;
import java.lang.invoke.MethodHandle;
Expand Down Expand Up @@ -56,7 +56,7 @@ protected StringConcatFactoryBatchBenchmark.Context initializeContext() {
double current = i / (double) stringCount;
final String value;
if (current < limit) {
value = tainted(context, "Yep, tainted", new Range(3, 5, source(), NOT_MARKED));
value = tainted(context, "Yep, tainted", new RangeImpl(3, 5, source(), NOT_MARKED));
} else {
value = notTainted("Nop, tainted");
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.RangeImpl;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.InstrumentationBridge;
import org.openjdk.jmh.annotations.Benchmark;
Expand All @@ -16,7 +16,8 @@ public class StringConcatFactoryBenchmark
protected StringConcatFactoryBenchmark.Context initializeContext() {
final IastContext context = new IastRequestContext();
final String notTainted = notTainted("Nop, tainted");
final String tainted = tainted(context, "Yep, tainted", new Range(3, 5, source(), NOT_MARKED));
final String tainted =
tainted(context, "Yep, tainted", new RangeImpl(3, 5, source(), NOT_MARKED));
return new StringConcatFactoryBenchmark.Context(context, notTainted, tainted);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,11 @@
import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.Source;
import com.datadog.iast.model.RangeImpl;
import com.datadog.iast.model.SourceImpl;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.InstrumentationBridge;
import datadog.trace.api.iast.taint.Range;
import org.openjdk.jmh.annotations.Benchmark;
import org.openjdk.jmh.annotations.Fork;

Expand All @@ -23,7 +24,8 @@ protected StringJoinBenchmark.Context initializeContext() {
.taint(
tainted,
new Range[] {
new Range(0, tainted.length(), new Source((byte) 0, "key", "value"), NOT_MARKED)
new RangeImpl(
0, tainted.length(), new SourceImpl((byte) 0, "key", "value"), NOT_MARKED)
});

final String taintedDelimiter = new String("-");
Expand All @@ -32,8 +34,11 @@ protected StringJoinBenchmark.Context initializeContext() {
.taint(
taintedDelimiter,
new Range[] {
new Range(
0, taintedDelimiter.length(), new Source((byte) 1, "key", "value"), NOT_MARKED)
new RangeImpl(
0,
taintedDelimiter.length(),
new SourceImpl((byte) 1, "key", "value"),
NOT_MARKED)
});

return new StringJoinBenchmark.Context(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,11 @@
import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.Source;
import com.datadog.iast.model.RangeImpl;
import com.datadog.iast.model.SourceImpl;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.InstrumentationBridge;
import datadog.trace.api.iast.taint.Range;
import org.openjdk.jmh.annotations.Benchmark;
import org.openjdk.jmh.annotations.Fork;

Expand All @@ -29,7 +30,7 @@ protected StringSubsequenceBenchmark.Context initializeContext() {
.taint(
taintedLoseRange,
new Range[] {
new Range(0, RANGE_SIZE, new Source((byte) 0, "key", "value"), NOT_MARKED)
new RangeImpl(0, RANGE_SIZE, new SourceImpl((byte) 0, "key", "value"), NOT_MARKED)
});

final String taintedModifyRange = new String(DEFAULT_STRING);
Expand All @@ -38,7 +39,7 @@ protected StringSubsequenceBenchmark.Context initializeContext() {
.taint(
taintedModifyRange,
new Range[] {
new Range(1, RANGE_SIZE, new Source((byte) 1, "key", "value"), NOT_MARKED)
new RangeImpl(1, RANGE_SIZE, new SourceImpl((byte) 1, "key", "value"), NOT_MARKED)
});

return new StringSubsequenceBenchmark.Context(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static java.util.concurrent.TimeUnit.NANOSECONDS;

import com.datadog.iast.model.Range;
import datadog.trace.api.iast.taint.Range;
import java.util.ArrayList;
import java.util.List;
import org.openjdk.jmh.annotations.Benchmark;
Expand Down Expand Up @@ -45,12 +45,12 @@ public void setup(BenchmarkParams params) {
for (int i = 0; i < INITIAL_OP_COUNT; i++) {
final Object k = new Object();
initialObjectList.add(k);
map.put(new TaintedObject(k, new Range[0]));
map.put(new TaintedObjectEntry(k, new Range[0]));
}
for (int i = 0; i < OP_COUNT; i++) {
final Object k = new Object();
objectList.add(k);
map.put(new TaintedObject(k, new Range[0]));
map.put(new TaintedObjectEntry(k, new Range[0]));
}
}

Expand Down
Loading
Loading