Merge branch 'master' into alejandro.gonzalez/security-controls-metrics

Author: jandro996

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -1,6 +1,5 @@
 name: "Bug Report (Low Priority)"
 description: "Create a public Bug Report. Note that these may not be addressed as it depeonds on capacity and that looking up account information will be difficult."
-title: ""
 labels: "type: bug"
 body:
   - type: input

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -1,6 +1,5 @@
 name: Feature Request (Low Priority)
 description: Create a public Feature Request. Note that these may not be addressed as it depeonds on capacity and that looking up account information will be difficult.
-title: ""
 labels: "type: feature request"
 body:
   - type: input
@@ -15,7 +14,7 @@ body:
     attributes:
       label: Library Version(s)
       description: "If your feature request is to add instrumentation support for a library please provide the version you use"
-      placeholder: 1.2
+      placeholder: "1.2"
     validations:
       required: false
 

dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java

@@ -852,6 +852,8 @@ public void onStringBuilderSetLength(@Nonnull CharSequence self, int length) {
     Range[] newRanges = Ranges.forSubstring(0, length, rangesSelf);
     if (newRanges != null && newRanges.length > 0) {
       selfTainted.setRanges(newRanges);
+    } else {
+      selfTainted.clear();
     }
   }
 

dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy

@@ -1448,9 +1448,11 @@ class StringModuleTest extends IastModuleImplTestBase {
     0 * _
 
     where:
-    self      | length | mockCalls
-    sb("123") | 2      | 0
-    sb()      | 0      | 1
+    self       | length | mockCalls
+    sb("123")  | 2      | 0
+    sb()       | 0      | 1
+    sbf("123") | 2      | 0
+    sbf()      | 0      | 1
   }
 
   void 'onStringBuilderSetLength (#input, #length)'() {
@@ -1472,10 +1474,38 @@ class StringModuleTest extends IastModuleImplTestBase {
     taintFormat(result, taintedObject.getRanges()) == expected
 
     where:
-    input                         | length | expected
-    sb("==>0123<==")              | 3      | "==>012<=="
-    sb("0123==>456<==78")         | 5      | "0123==>4<=="
-    sb("01==>234<==5==>678<==90") | 8      | "01==>234<==5==>67<=="
+    input                          | length | expected
+    sb("==>0123<==")               | 3      | "==>012<=="
+    sb("0123==>456<==78")          | 5      | "0123==>4<=="
+    sb("01==>234<==5==>678<==90")  | 8      | "01==>234<==5==>67<=="
+    sbf("==>0123<==")              | 3      | "==>012<=="
+    sbf("0123==>456<==78")         | 5      | "0123==>4<=="
+    sbf("01==>234<==5==>678<==90") | 8      | "01==>234<==5==>67<=="
+  }
+
+  void 'onStringBuilderSetLength untainting after setLength (#input, #length)'() {
+    final taintedObjects = ctx.getTaintedObjects()
+    def self = addFromTaintFormat(taintedObjects, input)
+    if (self instanceof StringBuilder) {
+      ((StringBuilder) self).setLength(length)
+    } else if (self instanceof StringBuffer) {
+      ((StringBuffer) self).setLength(length)
+    }
+
+    when:
+    module.onStringBuilderSetLength(self, length)
+    def taintedObject = taintedObjects.get(self)
+
+    then:
+    1 * tracer.activeSpan() >> span
+    taintedObject == null
+
+    where:
+    input                  | length
+    sb("==>0123<==")       | 0
+    sb("0123==>456<==78")  | 3
+    sbf("==>0123<==")      | 0
+    sbf("0123==>456<==78") | 3
   }
 
   private static Date date(final String pattern, final String value) {

dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringBuilderCallSite.java

@@ -183,6 +183,7 @@ public static CharSequence afterSubSequence(
   }
 
   @CallSite.After("void java.lang.StringBuilder.setLength(int)")
+  @CallSite.After("void java.lang.StringBuffer.setLength(int)")
   public static void afterSetLength(
       @CallSite.This final CharSequence self, @CallSite.Argument final int length) {
     final StringModule module = InstrumentationBridge.STRING;

dd-java-agent/instrumentation/java-lang/src/test/groovy/datadog/trace/instrumentation/java/lang/StringBuilderCallSiteTest.groovy

@@ -266,6 +266,7 @@ class StringBuilderCallSiteTest extends AgentTestRunner {
     where:
     type      | suite                        | param         | length | expected
     "builder" | new TestStringBuilderSuite() | sb('012345')  | 5      | '01234'
+    "buffer"  | new TestStringBufferSuite()  | sbf('012345') | 5      | '01234'
   }
 
   private static class BrokenToString {

dd-java-agent/instrumentation/jboss-modules/src/main/java/datadog/trace/instrumentation/jbossmodules/ModuleInstrumentation.java

@@ -9,7 +9,7 @@
 import com.google.auto.service.AutoService;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.InstrumenterModule;
-import datadog.trace.api.naming.ClassloaderServiceNames;
+import datadog.trace.api.ClassloaderConfigurationOverrides;
 import datadog.trace.bootstrap.AgentClassLoading;
 import java.io.IOException;
 import java.io.InputStream;
@@ -164,7 +164,7 @@ public static class CaptureModuleNameAdvice {
     public static void afterConstruct(@Advice.This final Module module) {
       final String name = ModuleNameHelper.extractDeploymentName(module.getClassLoader());
       if (name != null && !name.isEmpty()) {
-        ClassloaderServiceNames.addServiceName(module.getClassLoader(), name);
+        ClassloaderConfigurationOverrides.withPinnedServiceName(module.getClassLoader(), name);
       }
     }
   }

dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/LibertyServerInstrumentation.java

@@ -16,11 +16,11 @@
 import com.ibm.wsspi.webcontainer.webapp.IWebAppDispatcherContext;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.InstrumenterModule;
+import datadog.trace.api.ClassloaderConfigurationOverrides;
 import datadog.trace.api.Config;
 import datadog.trace.api.CorrelationIdentifier;
 import datadog.trace.api.GlobalTracer;
 import datadog.trace.api.gateway.Flow;
-import datadog.trace.api.naming.ClassloaderServiceNames;
 import datadog.trace.bootstrap.ActiveSubsystems;
 import datadog.trace.bootstrap.ContextStore;
 import datadog.trace.bootstrap.InstrumentationContext;
@@ -116,7 +116,7 @@ public static class HandleRequestAdvice {
           if (webapp != null) {
             final ClassLoader cl = webapp.getClassLoader();
             if (cl != null) {
-              ClassloaderServiceNames.maybeSetToSpan(span, cl);
+              ClassloaderConfigurationOverrides.maybeEnrichSpan(span, cl);
             }
           }
         }

dd-java-agent/instrumentation/liberty-20/src/main/java/datadog/trace/instrumentation/liberty20/ThreadContextClassloaderInstrumentation.java

@@ -6,7 +6,7 @@
 import com.ibm.ws.classloading.internal.ThreadContextClassLoader;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.InstrumenterModule;
-import datadog.trace.api.naming.ClassloaderServiceNames;
+import datadog.trace.api.ClassloaderConfigurationOverrides;
 import net.bytebuddy.asm.Advice;
 
 @AutoService(InstrumenterModule.class)
@@ -40,7 +40,7 @@ public static class ThreadContextClassloaderAdvice {
     public static void afterConstruct(@Advice.This ThreadContextClassLoader self) {
       final String name = BundleNameHelper.extractDeploymentName(self);
       if (name != null && !name.isEmpty()) {
-        ClassloaderServiceNames.addServiceName(self, name);
+        ClassloaderConfigurationOverrides.withPinnedServiceName(self, name);
       }
     }
   }

dd-java-agent/instrumentation/liberty-23/src/main/java/datadog/trace/instrumentation/liberty23/LibertyServerInstrumentation.java

@@ -16,11 +16,11 @@
 import com.ibm.wsspi.webcontainer.webapp.IWebAppDispatcherContext;
 import datadog.trace.agent.tooling.Instrumenter;
 import datadog.trace.agent.tooling.InstrumenterModule;
+import datadog.trace.api.ClassloaderConfigurationOverrides;
 import datadog.trace.api.Config;
 import datadog.trace.api.CorrelationIdentifier;
 import datadog.trace.api.GlobalTracer;
 import datadog.trace.api.gateway.Flow;
-import datadog.trace.api.naming.ClassloaderServiceNames;
 import datadog.trace.bootstrap.ActiveSubsystems;
 import datadog.trace.bootstrap.ContextStore;
 import datadog.trace.bootstrap.InstrumentationContext;
@@ -118,7 +118,7 @@ public static class HandleRequestAdvice {
           if (webapp != null) {
             final ClassLoader cl = webapp.getClassLoader();
             if (cl != null) {
-              ClassloaderServiceNames.maybeSetToSpan(span, cl);
+              ClassloaderConfigurationOverrides.maybeEnrichSpan(span, cl);
             }
           }
         }