Add Content Security Policy and HTTP response size telemetry

Author: sarahchen6

dd-java-agent/instrumentation/servlet/request-3/src/main/java/datadog/trace/instrumentation/servlet3/RumHttpServletResponseWrapper.java

@@ -69,8 +69,40 @@ public PrintWriter getWriter() throws IOException {
     return printWriter;
   }
 
+  @Override
+  public void setHeader(String name, String value) {
+    if (name != null) {
+      String lowerName = name.toLowerCase();
+      if (lowerName.startsWith("content-security-policy")) {
+        RumInjector.getTelemetryCollector().onContentSecurityPolicyDetected();
+      } else if (lowerName.equals("content-length") && value != null) {
+        try {
+          long contentLength = Long.parseLong(value);
+          RumInjector.getTelemetryCollector().onInjectionResponseSize(contentLength);
+        } catch (NumberFormatException ignored) {
+          // ignore?
+        }
+      }
+    }
+    super.setHeader(name, value);
+  }
+
+  @Override
+  public void addHeader(String name, String value) {
+    if (name != null) {
+      String lowerName = name.toLowerCase();
+      if (lowerName.startsWith("content-security-policy")) {
+        RumInjector.getTelemetryCollector().onContentSecurityPolicyDetected();
+      }
+    }
+    super.addHeader(name, value);
+  }
+
   @Override
   public void setContentLength(int len) {
+    if (len >= 0) {
+      RumInjector.getTelemetryCollector().onInjectionResponseSize(len);
+    }
     // don't set it since we don't know if we will inject
   }
 

dd-java-agent/instrumentation/servlet/request-3/src/test/groovy/RumHttpServletResponseWrapperTest.groovy

@@ -82,4 +82,57 @@ class RumHttpServletResponseWrapperTest extends AgentTestRunner {
     then:
     1 * mockTelemetryCollector.onInjectionFailed()
   }
+
+  void 'setHeader with Content-Security-Policy reports CSP detected'() {
+    when:
+    wrapper.setHeader("Content-Security-Policy", "test")
+
+    then:
+    1 * mockTelemetryCollector.onContentSecurityPolicyDetected()
+    1 * mockResponse.setHeader("Content-Security-Policy", "test")
+  }
+
+  void 'addHeader with Content-Security-Policy-Report-Only reports CSP detected'() {
+    when:
+    wrapper.addHeader("Content-Security-Policy-Report-Only", "test")
+
+    then:
+    1 * mockTelemetryCollector.onContentSecurityPolicyDetected()
+    1 * mockResponse.addHeader("Content-Security-Policy-Report-Only", "test")
+  }
+
+  void 'setHeader with non-CSP header does not report CSP detected'() {
+    when:
+    wrapper.setHeader("X-Content-Security-Policy", "test")
+
+    then:
+    0 * mockTelemetryCollector.onContentSecurityPolicyDetected()
+    1 * mockResponse.setHeader("X-Content-Security-Policy", "test")
+  }
+
+  void 'addHeader with non-CSP header does not report CSP detected'() {
+    when:
+    wrapper.addHeader("X-Content-Security-Policy", "test")
+
+    then:
+    0 * mockTelemetryCollector.onContentSecurityPolicyDetected()
+    1 * mockResponse.addHeader("X-Content-Security-Policy", "test")
+  }
+
+  void 'setHeader with Content-Length reports response size'() {
+    when:
+    wrapper.setHeader("Content-Length", "1024")
+
+    then:
+    1 * mockTelemetryCollector.onInjectionResponseSize(1024)
+    1 * mockResponse.setHeader("Content-Length", "1024")
+  }
+
+  void 'setContentLength method reports response size'() {
+    when:
+    wrapper.setContentLength(1024)
+
+    then:
+    1 * mockTelemetryCollector.onInjectionResponseSize(1024)
+  }
 }

dd-java-agent/instrumentation/servlet/request-5/src/main/java/datadog/trace/instrumentation/servlet5/RumHttpServletResponseWrapper.java

@@ -69,8 +69,40 @@ public PrintWriter getWriter() throws IOException {
     return printWriter;
   }
 
+  @Override
+  public void setHeader(String name, String value) {
+    if (name != null) {
+      String lowerName = name.toLowerCase();
+      if (lowerName.startsWith("content-security-policy")) {
+        RumInjector.getTelemetryCollector().onContentSecurityPolicyDetected();
+      } else if (lowerName.equals("content-length") && value != null) {
+        try {
+          long contentLength = Long.parseLong(value);
+          RumInjector.getTelemetryCollector().onInjectionResponseSize(contentLength);
+        } catch (NumberFormatException ignored) {
+          // ignore?
+        }
+      }
+    }
+    super.setHeader(name, value);
+  }
+
+  @Override
+  public void addHeader(String name, String value) {
+    if (name != null) {
+      String lowerName = name.toLowerCase();
+      if (lowerName.startsWith("content-security-policy")) {
+        RumInjector.getTelemetryCollector().onContentSecurityPolicyDetected();
+      }
+    }
+    super.addHeader(name, value);
+  }
+
   @Override
   public void setContentLength(int len) {
+    if (len >= 0) {
+      RumInjector.getTelemetryCollector().onInjectionResponseSize(len);
+    }
     // don't set it since we don't know if we will inject
   }
 

dd-java-agent/instrumentation/servlet/request-5/src/test/groovy/RumHttpServletResponseWrapperTest.groovy

@@ -82,4 +82,57 @@ class RumHttpServletResponseWrapperTest extends AgentTestRunner {
     then:
     1 * mockTelemetryCollector.onInjectionFailed()
   }
+
+  void 'setHeader with Content-Security-Policy reports CSP detected'() {
+    when:
+    wrapper.setHeader("Content-Security-Policy", "test")
+
+    then:
+    1 * mockTelemetryCollector.onContentSecurityPolicyDetected()
+    1 * mockResponse.setHeader("Content-Security-Policy", "test")
+  }
+
+  void 'addHeader with Content-Security-Policy-Report-Only reports CSP detected'() {
+    when:
+    wrapper.addHeader("Content-Security-Policy-Report-Only", "test")
+
+    then:
+    1 * mockTelemetryCollector.onContentSecurityPolicyDetected()
+    1 * mockResponse.addHeader("Content-Security-Policy-Report-Only", "test")
+  }
+
+  void 'setHeader with non-CSP header does not report CSP detected'() {
+    when:
+    wrapper.setHeader("X-Content-Security-Policy", "test")
+
+    then:
+    0 * mockTelemetryCollector.onContentSecurityPolicyDetected()
+    1 * mockResponse.setHeader("X-Content-Security-Policy", "test")
+  }
+
+  void 'addHeader with non-CSP header does not report CSP detected'() {
+    when:
+    wrapper.addHeader("X-Content-Security-Policy", "test")
+
+    then:
+    0 * mockTelemetryCollector.onContentSecurityPolicyDetected()
+    1 * mockResponse.addHeader("X-Content-Security-Policy", "test")
+  }
+
+  void 'setHeader with Content-Length reports response size'() {
+    when:
+    wrapper.setHeader("Content-Length", "1024")
+
+    then:
+    1 * mockTelemetryCollector.onInjectionResponseSize(1024)
+    1 * mockResponse.setHeader("Content-Length", "1024")
+  }
+
+  void 'setContentLength method reports response size'() {
+    when:
+    wrapper.setContentLength(1024)
+
+    then:
+    1 * mockTelemetryCollector.onInjectionResponseSize(1024)
+  }
 }

internal-api/src/main/java/datadog/trace/api/rum/RumInjectorMetrics.java

@@ -23,6 +23,7 @@ public class RumInjectorMetrics implements RumTelemetryCollector {
   private final AtomicLong injectionSucceed = new AtomicLong();
   private final AtomicLong injectionFailed = new AtomicLong();
   private final AtomicLong injectionSkipped = new AtomicLong();
+  private final AtomicLong contentSecurityPolicyDetected = new AtomicLong();
 
   private final StatsDClient statsd;
   private final long interval;
@@ -61,6 +62,17 @@ public void onInjectionSkipped() {
     injectionSkipped.incrementAndGet();
   }
 
+  @Override
+  public void onContentSecurityPolicyDetected() {
+    contentSecurityPolicyDetected.incrementAndGet();
+  }
+
+  @Override
+  public void onInjectionResponseSize(long bytes) {
+    // report distribution metric immediately
+    statsd.distribution("rum.injection.response.bytes", bytes, NO_TAGS);
+  }
+
   public void close() {
     if (null != cancellation) {
       cancellation.cancel();
@@ -73,12 +85,14 @@ public String summary() {
         + "\ninjectionFailed="
         + injectionFailed.get()
         + "\ninjectionSkipped="
-        + injectionSkipped.get();
+        + injectionSkipped.get()
+        + "\ncontentSecurityPolicyDetected="
+        + contentSecurityPolicyDetected.get();
   }
 
   private static class Flush implements AgentTaskScheduler.Task<RumInjectorMetrics> {
 
-    private final long[] previousCounts = new long[3]; // one per counter
+    private final long[] previousCounts = new long[4]; // one per counter
     private int countIndex;
 
     @Override
@@ -88,6 +102,11 @@ public void run(RumInjectorMetrics target) {
         reportIfChanged(target.statsd, "rum.injection.succeed", target.injectionSucceed, NO_TAGS);
         reportIfChanged(target.statsd, "rum.injection.failed", target.injectionFailed, NO_TAGS);
         reportIfChanged(target.statsd, "rum.injection.skipped", target.injectionSkipped, NO_TAGS);
+        reportIfChanged(
+            target.statsd,
+            "rum.injection.content_security_policy",
+            target.contentSecurityPolicyDetected,
+            NO_TAGS);
       } catch (ArrayIndexOutOfBoundsException e) {
         log.warn(
             "previousCounts array needs resizing to at least {}, was {}",

internal-api/src/main/java/datadog/trace/api/rum/RumTelemetryCollector.java

@@ -18,6 +18,12 @@ public void onInjectionFailed() {}
         @Override
         public void onInjectionSkipped() {}
 
+        @Override
+        public void onContentSecurityPolicyDetected() {}
+
+        @Override
+        public void onInjectionResponseSize(long bytes) {}
+
         @Override
         public void close() {}
 
@@ -38,6 +44,12 @@ default void start() {}
   // call when RUM injection is skipped
   void onInjectionSkipped();
 
+  // call when a Content Security Policy header is detected
+  void onContentSecurityPolicyDetected();
+
+  // call to get the response size (in bytes) before RUM injection
+  void onInjectionResponseSize(long bytes);
+
   default void close() {}
 
   // human-readable summary of the current health metrics

internal-api/src/test/groovy/datadog/trace/api/rum/RumInjectorMetricsTest.groovy

@@ -67,22 +67,55 @@ class RumInjectorMetricsTest extends Specification {
     metrics.close()
   }
 
+  def "test onContentSecurityPolicyDetected"() {
+    setup:
+    def latch = new CountDownLatch(1)
+    def metrics = new RumInjectorMetrics(new Latched(statsD, latch), 10, TimeUnit.MILLISECONDS)
+    metrics.start()
+
+    when:
+    metrics.onContentSecurityPolicyDetected()
+    latch.await(5, TimeUnit.SECONDS)
+
+    then:
+    1 * statsD.count('rum.injection.content_security_policy', 1, _)
+    0 * _
+
+    cleanup:
+    metrics.close()
+  }
+
+  def "test onInjectionResponseSize with multiple sizes"() {
+    when:
+    metrics.onInjectionResponseSize(512)
+    metrics.onInjectionResponseSize(2048)
+    metrics.onInjectionResponseSize(256)
+
+    then:
+    1 * statsD.distribution('rum.injection.response.bytes', 512, _)
+    1 * statsD.distribution('rum.injection.response.bytes', 2048, _)
+    1 * statsD.distribution('rum.injection.response.bytes', 256, _)
+    0 * _
+  }
+
   def "test flushing multiple events"() {
     setup:
-    def latch = new CountDownLatch(3) // expecting 3 metric types
+    def latch = new CountDownLatch(4) // expecting 4 metric types
     def metrics = new RumInjectorMetrics(new Latched(statsD, latch), 10, TimeUnit.MILLISECONDS)
     metrics.start()
 
     when:
     metrics.onInjectionSucceed()
     metrics.onInjectionFailed()
     metrics.onInjectionSkipped()
+    metrics.onContentSecurityPolicyDetected()
     latch.await(5, TimeUnit.SECONDS)
 
     then:
     1 * statsD.count('rum.injection.succeed', 1, _)
     1 * statsD.count('rum.injection.failed', 1, _)
     1 * statsD.count('rum.injection.skipped', 1, _)
+    1 * statsD.count('rum.injection.content_security_policy', 1, _)
     0 * _
 
     cleanup:
@@ -105,6 +138,7 @@ class RumInjectorMetricsTest extends Specification {
     // should not be called since they have delta of 0
     0 * statsD.count('rum.injection.failed', _, _)
     0 * statsD.count('rum.injection.skipped', _, _)
+    0 * statsD.count('rum.injection.content_security_policy', _, _)
     0 * _
 
     cleanup:
@@ -119,12 +153,15 @@ class RumInjectorMetricsTest extends Specification {
     metrics.onInjectionFailed()
     metrics.onInjectionSucceed()
     metrics.onInjectionSkipped()
+    metrics.onContentSecurityPolicyDetected()
+    metrics.onContentSecurityPolicyDetected()
     def summary = metrics.summary()
 
     then:
     summary.contains("injectionSucceed=3")
     summary.contains("injectionFailed=2")
     summary.contains("injectionSkipped=1")
+    summary.contains("contentSecurityPolicyDetected=2")
     0 * _
   }
 
@@ -136,6 +173,7 @@ class RumInjectorMetricsTest extends Specification {
     summary.contains("injectionSucceed=0")
     summary.contains("injectionFailed=0")
     summary.contains("injectionSkipped=0")
+    summary.contains("contentSecurityPolicyDetected=0")
     0 * _
   }