Merge branch 'master' into ban/appsec-inband-poc-master

owendavisco · Dec 20, 2021 · 534b02e · 534b02e
2 parents 84e01df + 3cbc257
commit 534b02e
Show file tree

Hide file tree

Showing 28 changed files with 11,049 additions and 5,614 deletions.
diff --git a/.githooks/pre-commit b/.githooks/pre-commit
@@ -12,3 +12,6 @@ if ! ./gradlew spotlessCheck; then
   echo ""
   exit 1
 fi
+
+# Run Groovy code check
+./gradlew codenarcTest -PskipTests
diff --git a/dd-java-agent/agent-jmxfetch/agent-jmxfetch.gradle b/dd-java-agent/agent-jmxfetch/agent-jmxfetch.gradle
@@ -4,7 +4,7 @@ plugins {
 apply from: "$rootDir/gradle/java.gradle"
 
 dependencies {
-  api('com.datadoghq:jmxfetch:0.44.1') {
+  api('com.datadoghq:jmxfetch:0.44.5') {
     exclude group: 'org.apache.logging.log4j', module: 'log4j-slf4j-impl'
     exclude group: 'org.apache.logging.log4j', module: 'log4j-core'
     exclude group: 'org.slf4j', module: 'slf4j-api'

diff --git a/...async/src/test/java/com/datadog/profiling/auxiliary/async/AuxiliaryAsyncProfilerTest.java b/...async/src/test/java/com/datadog/profiling/auxiliary/async/AuxiliaryAsyncProfilerTest.java
@@ -86,7 +86,7 @@ void testStartCmd(boolean cpu, boolean alloc, boolean memleak) {
     String cmd = profiler.cmdStartProfiling(targetFile);
 
     if (profiler.enabledModes().contains(ProfilingMode.CPU)) {
-      assertTrue(cmd.contains("event=itimer"));
+      assertTrue(cmd.contains("event=cpu"));
     }
     if (profiler.enabledModes().contains(ProfilingMode.ALLOCATION)) {
       assertTrue(cmd.contains("alloc="));

diff --git a/dd-java-agent/appsec/appsec.gradle b/dd-java-agent/appsec/appsec.gradle
@@ -128,6 +128,8 @@ ext {
     'com.datadog.appsec.config.AppSecConfigServiceImpl.SubscribeFleetServiceRunnable.1',
     'com.datadog.appsec.util.StandardizedLogging',
     'com.datadog.appsec.util.AbortStartupException',
+    'com.datadog.appsec.config.AppSecConfig.AppSecConfigV1',
+    'com.datadog.appsec.config.AppSecConfig.AppSecConfigV2',
   ]
   excludedClassesBranchCoverage = [
     'com.datadog.appsec.gateway.GatewayBridge',

diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfig.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfig.java
@@ -1,44 +1,52 @@
 package com.datadog.appsec.config;
 
-import com.datadog.appsec.util.Generated;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.Moshi;
+import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
-public class AppSecConfig {
+public interface AppSecConfig {
 
-  private static final JsonAdapter<AppSecConfig> ADAPTER =
-      new Moshi.Builder().build().adapter(AppSecConfig.class);
+  Moshi MOSHI = new Moshi.Builder().build();
+  JsonAdapter<AppSecConfigV1> ADAPTER_V1 = MOSHI.adapter(AppSecConfigV1.class);
+  JsonAdapter<AppSecConfigV2> ADAPTER_V2 = MOSHI.adapter(AppSecConfigV2.class);
 
-  private String version;
-  private List<Rule> rules;
+  String getVersion();
 
-  // We need to keep original raw config because DDWAF can't consume custom objects
-  // Remove rawConfig when DDWAF will be able to get any object
-  private Map<String, Object> rawConfig;
+  List<Rule> getRules();
 
-  private AppSecConfig() {}
+  Map<String, Object> getRawConfig();
 
-  static AppSecConfig createFromMap(Map<String, Object> rawConfig) {
-    AppSecConfig config = ADAPTER.fromJsonValue(rawConfig);
-    if (config == null) {
+  static AppSecConfig valueOf(Map<String, Object> rawConfig) throws IOException {
+    if (rawConfig == null) {
       return null;
     }
-    config.rawConfig = rawConfig;
-    return config;
-  }
 
-  public List<Rule> getRules() {
-    return rules;
-  }
+    String version = String.valueOf(rawConfig.get("version"));
+    if (version == null) {
+      throw new IOException("Unable deserialize raw json config");
+    }
+
+    // For version 1.x
+    if (version.startsWith("1.")) {
+      AppSecConfigV1 config = ADAPTER_V1.fromJsonValue(rawConfig);
+      config.rawConfig = rawConfig;
+      return config;
+    }
+
+    // For version 2.x
+    if (version.startsWith("2.")) {
+      AppSecConfigV2 config = ADAPTER_V2.fromJsonValue(rawConfig);
+      config.rawConfig = rawConfig;
+      return config;
+    }
 
-  public Map<String, Object> getRawConfig() {
-    return rawConfig;
+    throw new IOException("Config version '" + version + "' is not supported");
   }
 
-  public static class Rule {
+  class Rule {
     private String id;
     private String name;
     private Map<String, String> tags;
@@ -58,20 +66,77 @@ public Map<String, String> getTags() {
     }
   }
 
-  @Generated
-  @Override
-  public boolean equals(Object o) {
-    if (this == o) return true;
-    if (o == null || getClass() != o.getClass()) return false;
-    AppSecConfig config = (AppSecConfig) o;
-    return Objects.equals(version, config.version)
-        && Objects.equals(rules, config.rules)
-        && Objects.equals(rawConfig, config.rawConfig);
+  class AppSecConfigV1 implements AppSecConfig {
+
+    private String version;
+    private List<Rule> events;
+    private Map<String, Object> rawConfig;
+
+    @Override
+    public String getVersion() {
+      return null;
+    }
+
+    @Override
+    public List<Rule> getRules() {
+      return events;
+    }
+
+    @Override
+    public Map<String, Object> getRawConfig() {
+      return rawConfig;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+      if (this == o) return true;
+      if (o == null || getClass() != o.getClass()) return false;
+      AppSecConfigV1 that = (AppSecConfigV1) o;
+      return Objects.equals(version, that.version)
+          && Objects.equals(events, that.events)
+          && Objects.equals(rawConfig, that.rawConfig);
+    }
+
+    @Override
+    public int hashCode() {
+      return Objects.hash(version, events, rawConfig);
+    }
   }
 
-  @Generated
-  @Override
-  public int hashCode() {
-    return Objects.hash(version, rules, rawConfig);
+  class AppSecConfigV2 implements AppSecConfig {
+
+    private String version;
+    private List<Rule> rules;
+    private Map<String, Object> rawConfig;
+
+    @Override
+    public String getVersion() {
+      return null;
+    }
+
+    @Override
+    public List<Rule> getRules() {
+      return rules;
+    }
+
+    @Override
+    public Map<String, Object> getRawConfig() {
+      return rawConfig;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+      if (this == o) return true;
+      if (o == null || getClass() != o.getClass()) return false;
+      AppSecConfigV2 that = (AppSecConfigV2) o;
+      return Objects.equals(version, that.version)
+          && Objects.equals(rules, that.rules)
+          && Objects.equals(rawConfig, that.rawConfig);
+    }
+
+    @Override
+    public int hashCode() {
+      return Objects.hash(version, rules, rawConfig);
+    }
   }
 }
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java
@@ -113,14 +113,19 @@ private static Map<String, AppSecConfig> deserializeConfig(BufferedSource src)
       throw new IOException("Unable deserialize Json config");
     }
 
+    if (rawConfig.containsKey("version")) {
+      // in case if we have single config simulate multi-config structure
+      rawConfig = Collections.singletonMap("waf", rawConfig);
+    }
+
     Map<String, AppSecConfig> ret = new LinkedHashMap<>();
     for (Map.Entry<String, Object> entry : rawConfig.entrySet()) {
       String key = entry.getKey();
       Object value = entry.getValue();
       if (!(value instanceof Map)) {
         throw new IOException("Expect config to be a map");
       }
-      ret.put(key, AppSecConfig.createFromMap((Map<String, Object>) value));
+      ret.put(key, AppSecConfig.valueOf((Map<String, Object>) value));
     }
     return ret;
   }