Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
fdda8e1
APPSEC-55380 String taint tracking: translateEscapes
sezen-datadog Jan 10, 2025
edbd4c1
TU correction
sezen-datadog Jan 10, 2025
91f4b56
non null correction
sezen-datadog Jan 10, 2025
d794020
builds
sezen-datadog Jan 10, 2025
1d28044
add module to StringCallSiteTest
sezen-datadog Jan 10, 2025
e16856d
add module to StringCallSiteTest
sezen-datadog Jan 10, 2025
fe5078c
smoke test
sezen-datadog Jan 13, 2025
33d3163
settings correction
sezen-datadog Jan 13, 2025
94fb227
test unicode added
sezen-datadog Jan 13, 2025
82e2530
Use env-entry to add tags per webapp deployment (#8138)
amarziali Jan 10, 2025
00c8cd0
fix github issue creation (#8179)
tlhunter Jan 10, 2025
542f3b8
Skip jacoco coverage for internal class (#8183)
amarziali Jan 13, 2025
19bafcb
Merge branch 'master' into sezen.leblay/APPSEC-55380-translateEscapes…
sezen-datadog Jan 13, 2025
3c388a5
smoke test spring boot for jv17
sezen-datadog Jan 13, 2025
70db9f3
whoops
sezen-datadog Jan 13, 2025
1037009
unit test
sezen-datadog Jan 13, 2025
977bff8
Merge branch 'master' into sezen.leblay/APPSEC-55380-translateEscapes…
sezen-datadog Jan 14, 2025
ca67979
unit test suppression of equal
sezen-datadog Jan 14, 2025
b8c0685
mario's idea for j17 tests
sezen-datadog Jan 14, 2025
30c46d4
mario's idea for j17 tests
sezen-datadog Jan 14, 2025
378bd84
a few more tests
sezen-datadog Jan 14, 2025
65ee3e0
Merge branch 'master' into sezen.leblay/APPSEC-55380-translateEscapes…
sezen-datadog Jan 15, 2025
13965a7
fix formatting
sezen-datadog Jan 15, 2025
4956aeb
fix formatting
sezen-datadog Jan 15, 2025
6013e2a
pr comments
sezen-datadog Jan 15, 2025
28db26f
revert StringModuleTest.groovy
sezen-datadog Jan 16, 2025
44f3db9
add ignore to string translate escapes test if version less than 15
sezen-datadog Jan 16, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
smoke test
  • Loading branch information
sezen-datadog committed Jan 13, 2025
commit fe5078c4b97bd7fb8c34754d7fc40fc618720093
35 changes: 35 additions & 0 deletions dd-smoke-tests/iast-util/iast-util-17/build.gradle
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
plugins {
id 'idea'
id 'java-test-fixtures'
}


apply from: "$rootDir/gradle/java.gradle"

description = 'iast-smoke-tests-utils-java-17'

idea {
module {
jdkName = '17'
}
}

dependencies {
api project(':dd-smoke-tests')
compileOnly group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: '2.2.0.RELEASE'

testFixturesImplementation testFixtures(project(":dd-smoke-tests:iast-util"))
}

project.tasks.withType(AbstractCompile).configureEach {
setJavaVersion(it, 17)
sourceCompatibility = JavaVersion.VERSION_17
targetCompatibility = JavaVersion.VERSION_17
if (it instanceof JavaCompile) {
it.options.release.set(17)
}
}

forbiddenApisMain {
failOnMissingClasses = false
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package datadog.smoketest.springboot.controller;

import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/string")
public class StringOperationController {

@PostMapping("/translateEscapes")
public String translateEscapes(@RequestParam(value = "parameter") final String parameter) {
parameter.translateEscapes();
return "ok";
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
package datadog.smoketest

import okhttp3.FormBody
import okhttp3.Request

import static datadog.trace.api.config.IastConfig.IAST_DEBUG_ENABLED
import static datadog.trace.api.config.IastConfig.IAST_DETECTION_MODE
import static datadog.trace.api.config.IastConfig.IAST_ENABLED

abstract class AbstractIast17SpringBootTest extends AbstractIastServerSmokeTest {

@Override
ProcessBuilder createProcessBuilder() {
String springBootShadowJar = System.getProperty('datadog.smoketest.springboot.shadowJar.path')

List<String> command = []
command.add(javaPath())
command.addAll(defaultJavaProperties)
command.addAll(iastJvmOpts())
command.addAll((String[]) ['-jar', springBootShadowJar, "--server.port=${httpPort}"])
ProcessBuilder processBuilder = new ProcessBuilder(command)
processBuilder.directory(new File(buildDirectory))
// Spring will print all environment variables to the log, which may pollute it and affect log assertions.
processBuilder.environment().clear()
return processBuilder
}

protected List<String> iastJvmOpts() {
return [
withSystemProperty(IAST_ENABLED, true),
withSystemProperty(IAST_DETECTION_MODE, 'FULL'),
withSystemProperty(IAST_DEBUG_ENABLED, true),
]
}

void 'test String#translateEscapes'() {
setup:
final url = "http://localhost:${httpPort}/string/translateEscapes"
final body = new FormBody.Builder()
.add('paramater', value)
.build()
final request = new Request.Builder().url(url).post(body).build()

when:
client.newCall(request).execute()

then:
hasTainted { tainted ->
tainted.value == expected
}

where:
value | expected
"withEscape/ttab" | "withEscape#0009tab"
}
}
1 change: 1 addition & 0 deletions settings.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ include ':dd-smoke-tests:datastreams:kafkaschemaregistry'
include ':dd-smoke-tests:iast-propagation'
include ':dd-smoke-tests:iast-util'
include ':dd-smoke-tests:iast-util:iast-util-11'
include ':dd-smoke-tests:iast-util:iast-util-17'
// TODO this fails too often with a jgit failure, so disable until fixed
//include ':dd-smoke-tests:debugger-integration-tests:latest-jdk-app'

Expand Down