wip

Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>

Author: sezen-datadog

dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java

@@ -135,6 +135,8 @@ public void init() {
     subscriptionService.registerCallback(EVENTS.requestMethodUriRaw(), this::onRequestMethodUriRaw);
     subscriptionService.registerCallback(EVENTS.requestBodyStart(), this::onRequestBodyStart);
     subscriptionService.registerCallback(EVENTS.requestBodyDone(), this::onRequestBodyDone);
+    subscriptionService.registerCallback(EVENTS.responseBodyStart(), this::onResponseBodyStart);
+    subscriptionService.registerCallback(EVENTS.responseBodyDone(), this::onResponseBodyDone);
     subscriptionService.registerCallback(
         EVENTS.requestClientSocketAddress(), this::onRequestClientSocketAddress);
     subscriptionService.registerCallback(
@@ -164,6 +166,10 @@ public void init() {
       subscriptionService.registerCallback(
           EVENTS.requestBodyProcessed(), this::onRequestBodyProcessed);
     }
+    if (additionalIGEvents.contains(EVENTS.responseBodyProcessed())) {
+      subscriptionService.registerCallback(
+          EVENTS.responseBodyProcessed(), this::onResponseBodyProcessed);
+    }
   }
 
   /**
@@ -596,6 +602,51 @@ private Flow<Void> onRequestBodyProcessed(RequestContext ctx_, Object obj) {
     }
   }
 
+  private Flow<Void> onResponseBodyProcessed(RequestContext ctx_, Object obj) {
+    AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
+    if (ctx == null) {
+      return NoopFlow.INSTANCE;
+    }
+
+    if (ctx.isConvertedResBodyPublished()) {
+      log.debug(
+          "Response body already published; will ignore new value of type {}", obj.getClass());
+      return NoopFlow.INSTANCE;
+    }
+    ctx.setConvertedResBodyPublished(true);
+
+    while (true) {
+      DataSubscriberInfo subInfo = responseBodySubInfo;
+      if (subInfo == null) {
+        subInfo = producerService.getDataSubscribers(KnownAddresses.RESPONSE_BODY_OBJECT);
+        responseBodySubInfo = subInfo;
+      }
+      if (subInfo == null || subInfo.isEmpty()) {
+        return NoopFlow.INSTANCE;
+      }
+      Object converted =
+          ObjectIntrospection.convert(
+              obj,
+              ctx,
+              () -> {
+                if (Config.get().isAppSecRaspCollectRequestBody()) {
+                  ctx_.getTraceSegment()
+                      .setTagTop("_dd.appsec.rasp.response_body_size.exceeded", true);
+                }
+              });
+      if (Config.get().isAppSecRaspCollectResponseBody()) {
+        ctx.setProcessedResponseBody(converted);
+      }
+      DataBundle bundle = new SingletonDataBundle<>(KnownAddresses.RESPONSE_BODY_OBJECT, converted);
+      try {
+        GatewayContext gwCtx = new GatewayContext(false);
+        return producerService.publishDataEvent(subInfo, ctx, bundle, gwCtx);
+      } catch (ExpiredSubscriberInfoException e) {
+        responseBodySubInfo = null;
+      }
+    }
+  }
+
   private Flow<Void> onRequestBodyDone(RequestContext ctx_, StoredBodySupplier supplier) {
     AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
     if (ctx == null || ctx.isRawReqBodyPublished()) {
@@ -627,6 +678,37 @@ private Flow<Void> onRequestBodyDone(RequestContext ctx_, StoredBodySupplier sup
     }
   }
 
+  private Flow<Void> onResponseBodyDone(RequestContext ctx_, StoredBodySupplier supplier) {
+    AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
+    if (ctx == null || ctx.isRawResBodyPublished()) {
+      return NoopFlow.INSTANCE;
+    }
+    ctx.setRawResBodyPublished(true);
+
+    while (true) {
+      DataSubscriberInfo subInfo = rawResponseBodySubInfo;
+      if (subInfo == null) {
+        subInfo = producerService.getDataSubscribers(KnownAddresses.RESPONSE_BODY_RAW);
+        rawResponseBodySubInfo = subInfo;
+      }
+      if (subInfo == null || subInfo.isEmpty()) {
+        return NoopFlow.INSTANCE;
+      }
+
+      CharSequence bodyContent = supplier.get();
+      if (bodyContent == null || bodyContent.length() == 0) {
+        return NoopFlow.INSTANCE;
+      }
+      DataBundle bundle = new SingletonDataBundle<>(KnownAddresses.RESPONSE_BODY_RAW, bodyContent);
+      try {
+        GatewayContext gwCtx = new GatewayContext(false);
+        return producerService.publishDataEvent(subInfo, ctx, bundle, gwCtx);
+      } catch (ExpiredSubscriberInfoException e) {
+        rawResponseBodySubInfo = null;
+      }
+    }
+  }
+
   private Flow<Void> onRequestPathParams(RequestContext ctx_, Map<String, ?> data) {
     AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
     if (ctx == null || ctx.isPathParamsPublished()) {
@@ -663,6 +745,16 @@ private Void onRequestBodyStart(RequestContext ctx_, StoredBodySupplier supplier
     return null;
   }
 
+  private Void onResponseBodyStart(RequestContext ctx_, StoredBodySupplier supplier) {
+    AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
+    if (ctx == null) {
+      return null;
+    }
+
+    ctx.setStoredResponseBodySupplier(supplier);
+    return null;
+  }
+
   private Flow<AppSecRequestContext> onRequestStarted() {
     if (!AppSecSystem.isActive()) {
       return RequestContextSupplier.EMPTY;

dd-java-agent/instrumentation/spring-webmvc-3.1/src/main/java/datadog/trace/instrumentation/springweb/HttpMessageConverterInstrumentation.java

@@ -137,20 +137,9 @@ public static void before(
         return;
       }
 
-      // TODO: A dedicated responseBodyProcessed event should be added to the Events class
-      // For now, we're using requestBodyProcessed as a placeholder, but this is not semantically
-      // correct
-      // The proper solution would be to:
-      // 1. Add RESPONSE_BODY_PROCESSED_ID = 26 to Events.java
-      // 2. Add corresponding responseBodyProcessed() method to Events.java
-      // 3. Update GatewayBridge to handle the new event type
-      // 4. Replace the callback below with the proper responseBodyProcessed event
-
       CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
       BiFunction<RequestContext, Object, Flow<Void>> callback =
-          cbp.getCallback(
-              EVENTS
-                  .requestBodyProcessed()); // TEMPORARY: Using requestBodyProcessed as placeholder
+          cbp.getCallback(EVENTS.responseBodyProcessed());
       if (callback == null) {
         return;
       }

internal-api/src/main/java/datadog/trace/api/gateway/Events.java

@@ -312,6 +312,40 @@ public EventType<BiFunction<RequestContext, String, Flow<Void>>> shellCmd() {
     return (EventType<BiFunction<RequestContext, String, Flow<Void>>>) SHELL_CMD;
   }
 
+  static final int RESPONSE_BODY_START_ID = 26;
+
+  @SuppressWarnings("rawtypes")
+  private static final EventType RESPONSE_BODY_START =
+      new ET<>("response.body.started", RESPONSE_BODY_START_ID);
+  /** The response body has started being read */
+  @SuppressWarnings("unchecked")
+  public EventType<BiFunction<RequestContext, StoredBodySupplier, Void>> responseBodyStart() {
+    return (EventType<BiFunction<RequestContext, StoredBodySupplier, Void>>) RESPONSE_BODY_START;
+  }
+
+  static final int RESPONSE_BODY_DONE_ID = 27;
+
+  @SuppressWarnings("rawtypes")
+  private static final EventType RESPONSE_BODY_DONE =
+      new ET<>("response.body.done", RESPONSE_BODY_DONE_ID);
+  /** The response body is done being read */
+  @SuppressWarnings("unchecked")
+  public EventType<BiFunction<RequestContext, StoredBodySupplier, Flow<Void>>> responseBodyDone() {
+    return (EventType<BiFunction<RequestContext, StoredBodySupplier, Flow<Void>>>)
+        RESPONSE_BODY_DONE;
+  }
+
+  static final int RESPONSE_BODY_CONVERTED_ID = 28;
+
+  @SuppressWarnings("rawtypes")
+  private static final EventType RESPONSE_BODY_CONVERTED =
+      new ET<>("response.body.converted", RESPONSE_BODY_CONVERTED_ID);
+  /** The response body has been converted by the framework */
+  @SuppressWarnings("unchecked")
+  public EventType<BiFunction<RequestContext, Object, Flow<Void>>> responseBodyProcessed() {
+    return (EventType<BiFunction<RequestContext, Object, Flow<Void>>>) RESPONSE_BODY_CONVERTED;
+  }
+
   static final int MAX_EVENTS = nextId.get();
 
   private static final class ET<T> extends EventType<T> {

internal-api/src/main/java/datadog/trace/api/gateway/InstrumentationGateway.java

@@ -22,6 +22,9 @@
 import static datadog.trace.api.gateway.Events.REQUEST_PATH_PARAMS_ID;
 import static datadog.trace.api.gateway.Events.REQUEST_SESSION_ID;
 import static datadog.trace.api.gateway.Events.REQUEST_STARTED_ID;
+import static datadog.trace.api.gateway.Events.RESPONSE_BODY_CONVERTED_ID;
+import static datadog.trace.api.gateway.Events.RESPONSE_BODY_DONE_ID;
+import static datadog.trace.api.gateway.Events.RESPONSE_BODY_START_ID;
 import static datadog.trace.api.gateway.Events.RESPONSE_HEADER_DONE_ID;
 import static datadog.trace.api.gateway.Events.RESPONSE_HEADER_ID;
 import static datadog.trace.api.gateway.Events.RESPONSE_STARTED_ID;
@@ -316,6 +319,7 @@ public boolean equals(Object obj) {
               }
             };
       case REQUEST_BODY_START_ID:
+      case RESPONSE_BODY_START_ID:
         return (C)
             new BiFunction<RequestContext, StoredBodySupplier, Void>() {
               @Override
@@ -330,6 +334,7 @@ public Void apply(RequestContext ctx, StoredBodySupplier storedBodySupplier) {
               }
             };
       case REQUEST_BODY_DONE_ID:
+      case RESPONSE_BODY_DONE_ID:
         return (C)
             new BiFunction<RequestContext, StoredBodySupplier, Flow<Void>>() {
               @Override
@@ -346,6 +351,7 @@ public Flow<Void> apply(RequestContext ctx, StoredBodySupplier storedBodySupplie
       case GRPC_SERVER_REQUEST_MESSAGE_ID:
       case GRAPHQL_SERVER_REQUEST_MESSAGE_ID:
       case REQUEST_BODY_CONVERTED_ID:
+      case RESPONSE_BODY_CONVERTED_ID:
         return (C)
             new BiFunction<RequestContext, Object, Flow<Void>>() {
               @Override