From e2345c285373124d440a60f3e2bf73ea6bf8efcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Mon, 23 Dec 2024 10:57:29 +0100 Subject: [PATCH 1/6] Add support for stringbuffer in setlength and add remove method to taintedobjects --- .../iast/propagation/StringModuleImpl.java | 2 + .../com/datadog/iast/taint/TaintedMap.java | 24 ++++++++++ .../datadog/iast/taint/TaintedObjects.java | 30 +++++++++++++ .../taint/TaintedObjectsWithTelemetry.java | 5 +++ .../iast/propagation/StringModuleTest.groovy | 44 ++++++++++++++++--- .../java/lang/StringBuilderCallSite.java | 1 + .../lang/StringBuilderCallSiteTest.groovy | 1 + 7 files changed, 100 insertions(+), 7 deletions(-) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java index 2dcbc9b3c79..c1d7161719b 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java @@ -852,6 +852,8 @@ public void onStringBuilderSetLength(@Nonnull CharSequence self, int length) { Range[] newRanges = Ranges.forSubstring(0, length, rangesSelf); if (newRanges != null && newRanges.length > 0) { selfTainted.setRanges(newRanges); + } else { + taintedObjects.untaint(self); } } diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java index bc81f8947e1..2b7c5865dd1 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java @@ -85,6 +85,8 @@ static TaintedMap buildWithPurge(final int capacity, int maxAge, TimeUnit maxAge void put(final @Nonnull TaintedObject entry); + boolean remove(final @Nonnull Object obj); + int count(); void clear(); @@ -210,6 +212,18 @@ public void put(final @Nonnull TaintedObject entry) { } } + @Override + public boolean remove(final @Nonnull Object obj) { + TaintedObject entry = get(obj); + if (entry == null) { + return false; + } + + final int index = index(entry.positiveHashCode); + table[index] = null; + return true; + } + @Override public void clear() { Arrays.fill(table, null); @@ -352,6 +366,11 @@ public void put(@Nonnull final TaintedObject entry) { } } + @Override + public boolean remove(final @Nonnull Object obj) { + return delegate.remove(obj); + } + @Nullable @Override public TaintedObject get(@Nonnull final Object key) { @@ -455,6 +474,11 @@ public TaintedObject get(@Nonnull Object key) { @Override public void put(@Nonnull TaintedObject entry) {} + @Override + public boolean remove(@Nonnull Object obj) { + return false; + } + @Override public int count() { return 0; diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java index cf3c301926d..d3a0d10758d 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java @@ -28,6 +28,8 @@ static TaintedObjects build(@Nonnull final TaintedMap map) { @Nullable TaintedObject taint(@Nonnull Object obj, @Nonnull Range[] ranges); + void untaint(@Nonnull Object obj); + @Nullable TaintedObject get(@Nonnull Object obj); @@ -56,6 +58,11 @@ public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ran } } + @Override + public void untaint(final @Nonnull Object obj) { + map.remove(obj); + } + @Nullable @Override public TaintedObject get(final @Nonnull Object obj) { @@ -98,6 +105,12 @@ public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ran return tainted; } + @Override + public void untaint(final @Nonnull Object obj) { + delegated.untaint(obj); + logUntainted(obj); + } + @Nullable @Override public TaintedObject get(final @Nonnull Object obj) { @@ -145,6 +158,20 @@ private void logTainted(@Nullable final TaintedObject tainted) { } } + private void logUntainted(@Nullable final Object obj) { + if (LOGGER.isDebugEnabled()) { + try { + if (obj == null) { + LOGGER.debug("untaint {}: not removed", id); + } else { + LOGGER.debug("untaint {}: untainted={}", id, obj.hashCode()); + } + } catch (final Throwable e) { + LOGGER.error("Failed to debug untainted object", e); + } + } + } + @Override public TaintedObjectsImpl unwrap() { return delegated; @@ -161,6 +188,9 @@ public TaintedObject taint(@Nonnull final Object obj, @Nonnull final Range[] ran return null; } + @Override + public void untaint(final @Nonnull Object obj) {} + @Nullable @Override public TaintedObject get(@Nonnull final Object obj) { diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java index 14caf7fae4a..f0423c36bcb 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java @@ -45,6 +45,11 @@ public TaintedObject taint(@Nonnull Object obj, @Nonnull Range[] ranges) { return result; } + @Override + public void untaint(final @Nonnull Object obj) { + delegate.untaint(obj); + } + @Nullable @Override public TaintedObject get(@Nonnull Object obj) { diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy index e631cdc3270..cb2d40c20a5 100644 --- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy +++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy @@ -1448,9 +1448,11 @@ class StringModuleTest extends IastModuleImplTestBase { 0 * _ where: - self | length | mockCalls - sb("123") | 2 | 0 - sb() | 0 | 1 + self | length | mockCalls + sb("123") | 2 | 0 + sb() | 0 | 1 + sbf("123") | 2 | 0 + sbf() | 0 | 1 } void 'onStringBuilderSetLength (#input, #length)'() { @@ -1472,10 +1474,38 @@ class StringModuleTest extends IastModuleImplTestBase { taintFormat(result, taintedObject.getRanges()) == expected where: - input | length | expected - sb("==>0123<==") | 3 | "==>012<==" - sb("0123==>456<==78") | 5 | "0123==>4<==" - sb("01==>234<==5==>678<==90") | 8 | "01==>234<==5==>67<==" + input | length | expected + sb("==>0123<==") | 3 | "==>012<==" + sb("0123==>456<==78") | 5 | "0123==>4<==" + sb("01==>234<==5==>678<==90") | 8 | "01==>234<==5==>67<==" + sbf("==>0123<==") | 3 | "==>012<==" + sbf("0123==>456<==78") | 5 | "0123==>4<==" + sbf("01==>234<==5==>678<==90") | 8 | "01==>234<==5==>67<==" + } + + void 'onStringBuilderSetLength untainting after setLength (#input, #length)'() { + final taintedObjects = ctx.getTaintedObjects() + def self = addFromTaintFormat(taintedObjects, input) + if (self instanceof StringBuilder) { + ((StringBuilder) self).setLength(length) + } else if (self instanceof StringBuffer) { + ((StringBuffer) self).setLength(length) + } + + when: + module.onStringBuilderSetLength(self, length) + def taintedObject = taintedObjects.get(self) + + then: + 1 * tracer.activeSpan() >> span + taintedObject == null + + where: + input | length + sb("==>0123<==") | 0 + sb("0123==>456<==78") | 3 + sbf("==>0123<==") | 0 + sbf("0123==>456<==78") | 3 } private static Date date(final String pattern, final String value) { diff --git a/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringBuilderCallSite.java b/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringBuilderCallSite.java index 146f62f9627..f644d931f9f 100644 --- a/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringBuilderCallSite.java +++ b/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringBuilderCallSite.java @@ -183,6 +183,7 @@ public static CharSequence afterSubSequence( } @CallSite.After("void java.lang.StringBuilder.setLength(int)") + @CallSite.After("void java.lang.StringBuffer.setLength(int)") public static void afterSetLength( @CallSite.This final CharSequence self, @CallSite.Argument final int length) { final StringModule module = InstrumentationBridge.STRING; diff --git a/dd-java-agent/instrumentation/java-lang/src/test/groovy/datadog/trace/instrumentation/java/lang/StringBuilderCallSiteTest.groovy b/dd-java-agent/instrumentation/java-lang/src/test/groovy/datadog/trace/instrumentation/java/lang/StringBuilderCallSiteTest.groovy index dd8b81ca764..a3b7b8695cf 100644 --- a/dd-java-agent/instrumentation/java-lang/src/test/groovy/datadog/trace/instrumentation/java/lang/StringBuilderCallSiteTest.groovy +++ b/dd-java-agent/instrumentation/java-lang/src/test/groovy/datadog/trace/instrumentation/java/lang/StringBuilderCallSiteTest.groovy @@ -266,6 +266,7 @@ class StringBuilderCallSiteTest extends AgentTestRunner { where: type | suite | param | length | expected "builder" | new TestStringBuilderSuite() | sb('012345') | 5 | '01234' + "buffer" | new TestStringBufferSuite() | sbf('012345') | 5 | '01234' } private static class BrokenToString { From 29393893f9fc6bfe509a44e8e8c80dee33b72488 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Mon, 23 Dec 2024 11:02:47 +0100 Subject: [PATCH 2/6] Remove return boolean of the remove TaintedMap method --- .../java/com/datadog/iast/taint/TaintedMap.java | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java index 2b7c5865dd1..ffa9c79ab2a 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java @@ -85,7 +85,7 @@ static TaintedMap buildWithPurge(final int capacity, int maxAge, TimeUnit maxAge void put(final @Nonnull TaintedObject entry); - boolean remove(final @Nonnull Object obj); + void remove(final @Nonnull Object obj); int count(); @@ -213,15 +213,14 @@ public void put(final @Nonnull TaintedObject entry) { } @Override - public boolean remove(final @Nonnull Object obj) { + public void remove(final @Nonnull Object obj) { TaintedObject entry = get(obj); if (entry == null) { - return false; + return; } final int index = index(entry.positiveHashCode); table[index] = null; - return true; } @Override @@ -367,8 +366,8 @@ public void put(@Nonnull final TaintedObject entry) { } @Override - public boolean remove(final @Nonnull Object obj) { - return delegate.remove(obj); + public void remove(final @Nonnull Object obj) { + delegate.remove(obj); } @Nullable @@ -475,9 +474,7 @@ public TaintedObject get(@Nonnull Object key) { public void put(@Nonnull TaintedObject entry) {} @Override - public boolean remove(@Nonnull Object obj) { - return false; - } + public void remove(@Nonnull Object obj) {} @Override public int count() { From 1ea77655579e6be2cce68b960c05465970b2a4df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Mon, 23 Dec 2024 11:12:01 +0100 Subject: [PATCH 3/6] Rename untaint to clearTaint --- .../com/datadog/iast/propagation/StringModuleImpl.java | 2 +- .../java/com/datadog/iast/taint/TaintedObjects.java | 10 +++++----- .../telemetry/taint/TaintedObjectsWithTelemetry.java | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java index c1d7161719b..cec405065e0 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java @@ -853,7 +853,7 @@ public void onStringBuilderSetLength(@Nonnull CharSequence self, int length) { if (newRanges != null && newRanges.length > 0) { selfTainted.setRanges(newRanges); } else { - taintedObjects.untaint(self); + taintedObjects.clearTaint(self); } } diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java index d3a0d10758d..ec0d8173e5c 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java @@ -28,7 +28,7 @@ static TaintedObjects build(@Nonnull final TaintedMap map) { @Nullable TaintedObject taint(@Nonnull Object obj, @Nonnull Range[] ranges); - void untaint(@Nonnull Object obj); + void clearTaint(@Nonnull Object obj); @Nullable TaintedObject get(@Nonnull Object obj); @@ -59,7 +59,7 @@ public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ran } @Override - public void untaint(final @Nonnull Object obj) { + public void clearTaint(final @Nonnull Object obj) { map.remove(obj); } @@ -106,8 +106,8 @@ public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ran } @Override - public void untaint(final @Nonnull Object obj) { - delegated.untaint(obj); + public void clearTaint(final @Nonnull Object obj) { + delegated.clearTaint(obj); logUntainted(obj); } @@ -189,7 +189,7 @@ public TaintedObject taint(@Nonnull final Object obj, @Nonnull final Range[] ran } @Override - public void untaint(final @Nonnull Object obj) {} + public void clearTaint(final @Nonnull Object obj) {} @Nullable @Override diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java index f0423c36bcb..484a7f9324d 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java @@ -46,8 +46,8 @@ public TaintedObject taint(@Nonnull Object obj, @Nonnull Range[] ranges) { } @Override - public void untaint(final @Nonnull Object obj) { - delegate.untaint(obj); + public void clearTaint(final @Nonnull Object obj) { + delegate.clearTaint(obj); } @Nullable From a6233059fefda1dc79a985658e28b56d6edf5e4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Mon, 23 Dec 2024 11:22:08 +0100 Subject: [PATCH 4/6] Add tests for new method in TaintedObjects --- .../com/datadog/iast/taint/TaintedObjects.java | 10 +++++----- .../iast/taint/TaintedObjectsLogTest.groovy | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java index ec0d8173e5c..5a0b4eff1c7 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java @@ -108,7 +108,7 @@ public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ran @Override public void clearTaint(final @Nonnull Object obj) { delegated.clearTaint(obj); - logUntainted(obj); + logRemovedTaintedObject(obj); } @Nullable @@ -158,16 +158,16 @@ private void logTainted(@Nullable final TaintedObject tainted) { } } - private void logUntainted(@Nullable final Object obj) { + private void logRemovedTaintedObject(@Nullable final Object obj) { if (LOGGER.isDebugEnabled()) { try { if (obj == null) { - LOGGER.debug("untaint {}: not removed", id); + LOGGER.debug("clearTaint {}: not removed", id); } else { - LOGGER.debug("untaint {}: untainted={}", id, obj.hashCode()); + LOGGER.debug("clearTaint {}: untainted={}", id, obj.hashCode()); } } catch (final Throwable e) { - LOGGER.error("Failed to debug untainted object", e); + LOGGER.error("Failed to debug removed object", e); } } } diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy index 5fc3c2deed3..c8c84b7aa2d 100644 --- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy +++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy @@ -80,6 +80,23 @@ class TaintedObjectsLogTest extends DDSpecification { taintedObjects.iterator().size() == 1 } + void "test TaintedObjects debug log with clearTaint"() { + given: + IastSystem.DEBUG = true + logger.level = Level.ALL + TaintedObjects taintedObjects = taintedObjects() + final obj = 'A' + taintedObjects.taint(obj, Ranges.forCharSequence(obj, new Source(SourceTypes.NONE, null, null))) + + when: + taintedObjects.clearTaint(obj) + + then: + noExceptionThrown() + taintedObjects.size() == 0 + taintedObjects.iterator().size() == 0 + } + void 'should not taint null ranges'() { given: IastSystem.DEBUG = true From daba6bd3784fa8093acd70439c5afee2046999fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Mon, 23 Dec 2024 11:27:21 +0100 Subject: [PATCH 5/6] Remove clearTaint method and replace for existing one called clear --- .../iast/propagation/StringModuleImpl.java | 2 +- .../com/datadog/iast/taint/TaintedMap.java | 21 ----------- .../datadog/iast/taint/TaintedObjects.java | 30 ---------------- .../taint/TaintedObjectsWithTelemetry.java | 5 --- .../datadog/iast/taint/TaintedMapTest.groovy | 35 +++++++++++++++++++ .../iast/taint/TaintedObjectsLogTest.groovy | 17 --------- 6 files changed, 36 insertions(+), 74 deletions(-) diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java index cec405065e0..52a9c19f055 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java @@ -853,7 +853,7 @@ public void onStringBuilderSetLength(@Nonnull CharSequence self, int length) { if (newRanges != null && newRanges.length > 0) { selfTainted.setRanges(newRanges); } else { - taintedObjects.clearTaint(self); + selfTainted.clear(); } } diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java index ffa9c79ab2a..bc81f8947e1 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedMap.java @@ -85,8 +85,6 @@ static TaintedMap buildWithPurge(final int capacity, int maxAge, TimeUnit maxAge void put(final @Nonnull TaintedObject entry); - void remove(final @Nonnull Object obj); - int count(); void clear(); @@ -212,17 +210,6 @@ public void put(final @Nonnull TaintedObject entry) { } } - @Override - public void remove(final @Nonnull Object obj) { - TaintedObject entry = get(obj); - if (entry == null) { - return; - } - - final int index = index(entry.positiveHashCode); - table[index] = null; - } - @Override public void clear() { Arrays.fill(table, null); @@ -365,11 +352,6 @@ public void put(@Nonnull final TaintedObject entry) { } } - @Override - public void remove(final @Nonnull Object obj) { - delegate.remove(obj); - } - @Nullable @Override public TaintedObject get(@Nonnull final Object key) { @@ -473,9 +455,6 @@ public TaintedObject get(@Nonnull Object key) { @Override public void put(@Nonnull TaintedObject entry) {} - @Override - public void remove(@Nonnull Object obj) {} - @Override public int count() { return 0; diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java index 5a0b4eff1c7..cf3c301926d 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/TaintedObjects.java @@ -28,8 +28,6 @@ static TaintedObjects build(@Nonnull final TaintedMap map) { @Nullable TaintedObject taint(@Nonnull Object obj, @Nonnull Range[] ranges); - void clearTaint(@Nonnull Object obj); - @Nullable TaintedObject get(@Nonnull Object obj); @@ -58,11 +56,6 @@ public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ran } } - @Override - public void clearTaint(final @Nonnull Object obj) { - map.remove(obj); - } - @Nullable @Override public TaintedObject get(final @Nonnull Object obj) { @@ -105,12 +98,6 @@ public TaintedObject taint(final @Nonnull Object obj, final @Nonnull Range[] ran return tainted; } - @Override - public void clearTaint(final @Nonnull Object obj) { - delegated.clearTaint(obj); - logRemovedTaintedObject(obj); - } - @Nullable @Override public TaintedObject get(final @Nonnull Object obj) { @@ -158,20 +145,6 @@ private void logTainted(@Nullable final TaintedObject tainted) { } } - private void logRemovedTaintedObject(@Nullable final Object obj) { - if (LOGGER.isDebugEnabled()) { - try { - if (obj == null) { - LOGGER.debug("clearTaint {}: not removed", id); - } else { - LOGGER.debug("clearTaint {}: untainted={}", id, obj.hashCode()); - } - } catch (final Throwable e) { - LOGGER.error("Failed to debug removed object", e); - } - } - } - @Override public TaintedObjectsImpl unwrap() { return delegated; @@ -188,9 +161,6 @@ public TaintedObject taint(@Nonnull final Object obj, @Nonnull final Range[] ran return null; } - @Override - public void clearTaint(final @Nonnull Object obj) {} - @Nullable @Override public TaintedObject get(@Nonnull final Object obj) { diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java index 484a7f9324d..14caf7fae4a 100644 --- a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java +++ b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/telemetry/taint/TaintedObjectsWithTelemetry.java @@ -45,11 +45,6 @@ public TaintedObject taint(@Nonnull Object obj, @Nonnull Range[] ranges) { return result; } - @Override - public void clearTaint(final @Nonnull Object obj) { - delegate.clearTaint(obj); - } - @Nullable @Override public TaintedObject get(@Nonnull Object obj) { diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedMapTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedMapTest.groovy index ad7f7499d9d..9c3934e7414 100644 --- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedMapTest.groovy +++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedMapTest.groovy @@ -259,6 +259,41 @@ class TaintedMapTest extends DDSpecification { map.count() == 2 } + void 'test removal of elements'() { + given: + final capacity = 1 // single bucket + final map = new TaintedMap.TaintedMapImpl() + final gen = new ObjectGen(capacity) + final to = gen.genObjects(5, ObjectGen.TRUE).collect { new TaintedObject(it, [] as Range[]) } + + when: 'purging the head with put' + map.put(to[0]) + to[0].clear() + map.put(to[1]) + + then: + map.size() == 1 + map.count() == 1 + + when: 'purging an element in the middle with put' + map.put(to[2]) + map.put(to[3]) + to[2].clear() + map.put(to[4]) + + then: + map.size() == 3 + map.count() == 3 + + when: 'purging the tail with get' + to[4].clear() + map.get('I am not in the map!!!') + + then: + map.size() == 2 + map.count() == 2 + } + void 'test no op implementation'() { setup: final instance = TaintedMap.NoOp.INSTANCE diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy index c8c84b7aa2d..5fc3c2deed3 100644 --- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy +++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedObjectsLogTest.groovy @@ -80,23 +80,6 @@ class TaintedObjectsLogTest extends DDSpecification { taintedObjects.iterator().size() == 1 } - void "test TaintedObjects debug log with clearTaint"() { - given: - IastSystem.DEBUG = true - logger.level = Level.ALL - TaintedObjects taintedObjects = taintedObjects() - final obj = 'A' - taintedObjects.taint(obj, Ranges.forCharSequence(obj, new Source(SourceTypes.NONE, null, null))) - - when: - taintedObjects.clearTaint(obj) - - then: - noExceptionThrown() - taintedObjects.size() == 0 - taintedObjects.iterator().size() == 0 - } - void 'should not taint null ranges'() { given: IastSystem.DEBUG = true From d78ac81020a7a8c317ad58e6279cf17093945cd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Vidal=20Dom=C3=ADnguez?= Date: Mon, 23 Dec 2024 11:29:42 +0100 Subject: [PATCH 6/6] Remove unused test --- .../datadog/iast/taint/TaintedMapTest.groovy | 35 ------------------- 1 file changed, 35 deletions(-) diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedMapTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedMapTest.groovy index 9c3934e7414..ad7f7499d9d 100644 --- a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedMapTest.groovy +++ b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/taint/TaintedMapTest.groovy @@ -259,41 +259,6 @@ class TaintedMapTest extends DDSpecification { map.count() == 2 } - void 'test removal of elements'() { - given: - final capacity = 1 // single bucket - final map = new TaintedMap.TaintedMapImpl() - final gen = new ObjectGen(capacity) - final to = gen.genObjects(5, ObjectGen.TRUE).collect { new TaintedObject(it, [] as Range[]) } - - when: 'purging the head with put' - map.put(to[0]) - to[0].clear() - map.put(to[1]) - - then: - map.size() == 1 - map.count() == 1 - - when: 'purging an element in the middle with put' - map.put(to[2]) - map.put(to[3]) - to[2].clear() - map.put(to[4]) - - then: - map.size() == 3 - map.count() == 3 - - when: 'purging the tail with get' - to[4].clear() - map.get('I am not in the map!!!') - - then: - map.size() == 2 - map.count() == 2 - } - void 'test no op implementation'() { setup: final instance = TaintedMap.NoOp.INSTANCE