add security response id with errors

Author: jandro996

dd-java-agent/appsec/src/main/java/com/datadog/appsec/blocking/BlockingServiceImpl.java

@@ -89,7 +89,7 @@ public boolean tryCommitBlockingResponse(
     log.debug("About to call block response function: {}", blockResponseFunction);
     boolean res =
         blockResponseFunction.tryCommitBlockingResponse(
-            reqCtx.getTraceSegment(), statusCode, templateType, extraHeaders);
+            reqCtx.getTraceSegment(), statusCode, templateType, extraHeaders, null);
     if (res) {
       TraceSegment traceSegment = reqCtx.getTraceSegment();
       if (traceSegment != null) {

dd-java-agent/appsec/src/main/java/com/datadog/appsec/ddwaf/WAFModule.java

@@ -464,7 +464,10 @@ public void onDataAvailable(
     }
 
     private Flow.Action.RequestBlockingAction createBlockRequestAction(
-        final ActionInfo actionInfo, final AppSecRequestContext reqCtx, final boolean isRasp, final String securityResponseId) {
+        final ActionInfo actionInfo,
+        final AppSecRequestContext reqCtx,
+        final boolean isRasp,
+        final String securityResponseId) {
       try {
         int statusCode;
         Object statusCodeObj = actionInfo.parameters.get("status_code");
@@ -482,7 +485,8 @@ private Flow.Action.RequestBlockingAction createBlockRequestAction(
         } catch (IllegalArgumentException iae) {
           log.warn("Unknown content type: {}; using auto", contentType);
         }
-        return new Flow.Action.RequestBlockingAction(statusCode, blockingContentType, null, securityResponseId);
+        return new Flow.Action.RequestBlockingAction(
+            statusCode, blockingContentType, null, securityResponseId);
       } catch (RuntimeException cce) {
         log.warn("Invalid blocking action data", cce);
         if (!isRasp) {
@@ -493,7 +497,10 @@ private Flow.Action.RequestBlockingAction createBlockRequestAction(
     }
 
     private Flow.Action.RequestBlockingAction createRedirectRequestAction(
-        final ActionInfo actionInfo, final AppSecRequestContext reqCtx, final boolean isRasp, final String securityResponseId) {
+        final ActionInfo actionInfo,
+        final AppSecRequestContext reqCtx,
+        final boolean isRasp,
+        final String securityResponseId) {
       try {
         int statusCode;
         Object statusCodeObj = actionInfo.parameters.get("status_code");
@@ -520,8 +527,7 @@ private Flow.Action.RequestBlockingAction createRedirectRequestAction(
             location = location.replace("[security_response_id]", securityResponseId);
           }
         }
-        return Flow.Action.RequestBlockingAction.forRedirect(
-            statusCode, location);
+        return Flow.Action.RequestBlockingAction.forRedirect(statusCode, location);
       } catch (RuntimeException cce) {
         log.warn("Invalid blocking action data", cce);
         if (!isRasp) {

dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/blocking/BlockingServiceImplSpecification.groovy

@@ -108,7 +108,7 @@ class BlockingServiceImplSpecification extends DDSpecification {
 
     then:
     res == true
-    1 * brf.tryCommitBlockingResponse(mts, 405, BlockingContentType.HTML, [:],) >> true
+    1 * brf.tryCommitBlockingResponse(mts, 405, BlockingContentType.HTML, [:], null) >> true
     1 * mts.effectivelyBlocked()
   }
 

dd-java-agent/instrumentation/akka/akka-http/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/AkkaBlockResponseFunction.java

@@ -55,7 +55,8 @@ public boolean tryCommitBlockingResponse(
       TraceSegment segment,
       int statusCode,
       BlockingContentType templateType,
-      Map<String, String> extraHeaders) {
+      Map<String, String> extraHeaders,
+      String securityResponseId) {
     AgentSpan agentSpan = AgentTracer.activeSpan();
     if (agentSpan == null) {
       return false;

dd-java-agent/instrumentation/grizzly/grizzly-2.0/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyDecorator.java

@@ -89,7 +89,8 @@ public boolean tryCommitBlockingResponse(
         TraceSegment segment,
         int statusCode,
         BlockingContentType templateType,
-        Map<String, String> extraHeaders) {
+        Map<String, String> extraHeaders,
+        String securityResponseId) {
       AgentSpan agentSpan = AgentTracer.get().activeSpan();
       if (agentSpan == null) {
         log.warn("Can't block: no active span");

dd-java-agent/instrumentation/grizzly/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyDecorator.java

@@ -180,7 +180,8 @@ public boolean tryCommitBlockingResponse(
         TraceSegment segment,
         int statusCode,
         BlockingContentType templateType,
-        Map<String, String> extraHeaders) {
+        Map<String, String> extraHeaders,
+        String securityResponseId) {
       if (ctx == null) {
         return false;
       }

dd-java-agent/instrumentation/grizzly/grizzly-http-2.3.20/src/main/java/datadog/trace/instrumentation/grizzlyhttp232/GrizzlyHttpBlockingHelper.java

@@ -139,7 +139,8 @@ public static boolean block(
       int statusCode,
       BlockingContentType templateType,
       Map<String, String> extraHeaders,
-      TraceSegment segment) {
+      TraceSegment segment,
+      String securityResponseId) {
     if (ENCODE_HTTP_PACKET == null) {
       return false;
     }
@@ -166,7 +167,7 @@ public static boolean block(
           BlockingActionHelper.determineTemplateType(templateType, acceptHeader);
 
       httpResponse.setHeader("Content-type", BlockingActionHelper.getContentType(type));
-      byte[] template = BlockingActionHelper.getTemplate(type);
+      byte[] template = BlockingActionHelper.getTemplate(type, securityResponseId);
       httpResponse.setContentLength(template.length);
       httpContent =
           HttpContent.builder(httpResponse).content(HeapBuffer.wrap(template)).last(true).build();

dd-java-agent/instrumentation/jetty/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockResponseFunction.java

@@ -19,9 +19,10 @@ public boolean tryCommitBlockingResponse(
       TraceSegment segment,
       int statusCode,
       BlockingContentType templateType,
-      Map<String, String> extraHeaders) {
+      Map<String, String> extraHeaders,
+      String securityResponseId) {
     Response response = request.getResponse();
     return JettyBlockingHelper.block(
-        segment, request, response, statusCode, templateType, extraHeaders);
+        segment, request, response, statusCode, templateType, extraHeaders, securityResponseId);
   }
 }

dd-java-agent/instrumentation/jetty/jetty-common/src/main/java/datadog/trace/instrumentation/jetty/JettyBlockingHelper.java

@@ -186,7 +186,7 @@ public static boolean block(
             BlockingActionHelper.determineTemplateType(bct, acceptHeader);
         response.setCharacterEncoding("utf-8");
         response.setHeader("Content-type", BlockingActionHelper.getContentType(type));
-        byte[] template = BlockingActionHelper.getTemplate(type);
+        byte[] template = BlockingActionHelper.getTemplate(type, securityResponseId);
 
         if (!response.isWriting()) {
           response.setHeader("Content-length", Integer.toString(template.length));

dd-java-agent/instrumentation/jetty/jetty-server/jetty-server-10.0/src/main/java11/datadog/trace/instrumentation/jetty10/JettyOnCommitBlockingHelper.java

@@ -54,7 +54,7 @@ public static boolean block(
         BlockingActionHelper.TemplateType type =
             BlockingActionHelper.determineTemplateType(bct, acceptHeader);
         putHeader(fields, "Content-type", BlockingActionHelper.getContentType(type));
-        byte[] template = BlockingActionHelper.getTemplate(type);
+        byte[] template = BlockingActionHelper.getTemplate(type, securityResponseId);
         putHeader(fields, "Content-length", Integer.toString(template.length));
 
         info = new MetaData.Response(request.getHttpVersion(), statusCode, fields, template.length);