Merge branch 'master' into mario.vidal/taint_tracking_string_buffer_set_length

Author: Mariovido

.circleci/config.continue.yml.j2

@@ -36,7 +36,7 @@ instrumentation_modules: &instrumentation_modules "dd-java-agent/instrumentation
 debugger_modules: &debugger_modules "dd-java-agent/agent-debugger|dd-java-agent/agent-bootstrap|dd-java-agent/agent-builder|internal-api|communication|dd-trace-core"
 profiling_modules: &profiling_modules "dd-java-agent/agent-profiling"
 
-default_system_tests_commit: &default_system_tests_commit 6a8c4e9ba065bc52a630051a5b7bb7a4ec84e245
+default_system_tests_commit: &default_system_tests_commit c6e54d143cfdf97b2f0a815f22f53247c119f635
 
 parameters:
   nightly:

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,61 @@
+name: "Bug Report (Low Priority)"
+description: "Create a public Bug Report. Note that these may not be addressed as it depeonds on capacity and that looking up account information will be difficult."
+title: ""
+labels: "type: bug"
+body:
+  - type: input
+    attributes:
+      label: Tracer Version(s)
+      description: "Version(s) of the tracer affected by this bug"
+      placeholder: "1.44.0"
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Java Version(s)
+      description: "Version(s) of Java (`java --version`) that you've encountered this bug with"
+      placeholder: 21.0.4
+    validations:
+      required: true
+
+  - type: dropdown
+    attributes:
+      label: JVM Vendor
+      description: "Which JVM vendor does your application use"
+      options:
+        - Oracle JDK
+        - Alibaba Dragonwell
+        - Amazon Corretto
+        - Azul Zing / Zulu
+        - BellSoft Liberica JDK
+        - Eclipse Adoptium / Temurin
+        - Eclipse OpenJ9
+        - IBM SDK / Semeru
+        - Oracle GraalVM
+        - RedHat JDK
+        - SapMachine
+        - Other (please specify in comments)
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Bug Report
+      description: Please add a clear and concise description of the bug here
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: What is the expected behavior
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Reproduction Code
+      description: Please add code here to help us reproduce the problem
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +1,8 @@
-blank_issues_enabled: true
+blank_issues_enabled: false
 contact_links:
-  - name: Bug Report
+  - name: Bug Report (High Priority)
     url: https://help.datadoghq.com/hc/en-us/requests/new?tf_1260824651490=pt_product_type:apm&tf_1900004146284=pt_apm_language:java
-    about: This option creates an expedited Bug Report via the helpdesk (no login required). This will allow us to look up your account and allows you to provide additional information in private.
-  - name: Feature Request
+    about: Create an expedited Bug Report via the helpdesk (no login required). This will allow us to look up your account and allows you to provide additional information in private.
+  - name: Feature Request (High Priority)
     url: https://help.datadoghq.com/hc/en-us/requests/new?tf_1260824651490=pt_product_type:apm&tf_1900004146284=pt_apm_language:java&tf_1260825272270=pt_apm_category_feature_request
-    about: This option creates an expedited Feature Request via the helpdesk (no login required). This helps with prioritization and allows you to provide additional information in private.
+    about: Create an expedited Feature Request via the helpdesk (no login required). This helps with prioritization and allows you to provide additional information in private.

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -0,0 +1,50 @@
+name: Feature Request (Low Priority)
+description: Create a public Feature Request. Note that these may not be addressed as it depeonds on capacity and that looking up account information will be difficult.
+title: ""
+labels: "type: feature request"
+body:
+  - type: input
+    attributes:
+      label: Library Name
+      description: "If your feature request is to add instrumentation support for a library please provide the name here"
+      placeholder: "spring-boot"
+    validations:
+      required: false
+
+  - type: input
+    attributes:
+      label: Library Version(s)
+      description: "If your feature request is to add instrumentation support for a library please provide the version you use"
+      placeholder: 1.2
+    validations:
+      required: false
+
+  - type: textarea
+    attributes:
+      label: Describe the feature you'd like
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Is your feature request related to a problem?
+      description: |
+        Please add a clear and concise description of your problem.
+        E.g. I'm unable to instrument my database queries...
+    validations:
+      required: false
+
+  - type: textarea
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered
+    validations:
+      required: false
+
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: Add any other context or screenshots about the feature request here
+    validations:
+      required: false

.github/workflows/analyze-changes.yaml

@@ -7,6 +7,11 @@ on:
     # The branches below must be a subset of the branches above
     branches: [ master ]
 
+# Cancel long-running jobs when a new commit is pushed
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   datadog-static-analyzer:
     name: Analyze changes with DataDog Static Analyzer

.github/workflows/check-pull-requests.yaml

@@ -5,6 +5,9 @@ on:
     branches:
     - master
     - release/v*
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
   check_pull_requests:
     name: Check pull requests

.github/workflows/update-download-releases.yaml

@@ -4,6 +4,8 @@ on:
     types:
       - released
   workflow_dispatch:
+concurrency: # Avoid running multiple instances to prevent asset conflicts
+  group: ${{ github.workflow }}
 jobs:
   update-releases:
     permissions:

.gitlab-ci.yml

@@ -223,6 +223,12 @@ onboarding_tests_k8s_injection:
   parallel:
     matrix:
       - WEBLOG_VARIANT: [dd-lib-java-init-test-app]
+        SCENARIO: [K8S_LIB_INJECTION, K8S_LIB_INJECTION_UDS, K8S_LIB_INJECTION_NO_AC, K8S_LIB_INJECTION_NO_AC_UDS, K8S_LIB_INJECTION_PROFILING_DISABLED, K8S_LIB_INJECTION_PROFILING_ENABLED, K8S_LIB_INJECTION_PROFILING_OVERRIDE]
+        K8S_CLUSTER_VERSION: ['7.56.2', '7.57.0', '7.59.0']
+
+      - WEBLOG_VARIANT: [dd-djm-spark-test-app]
+        SCENARIO: [K8S_LIB_INJECTION_SPARK_DJM]
+        K8S_CLUSTER_VERSION: ['7.57.0', '7.59.0']
 
 create_key:
   stage: generate-signing-key

.gitlab/exploration-tests.yml

@@ -12,49 +12,63 @@ build-exploration-tests-image:
     - docker push $EXPLORATION_TESTS_IMAGE
 
 .common-exploration-tests: &common-exploration-tests
+  rules:
+    - if: '$POPULATE_CACHE'
+      when: never
+    - if: $CI_PIPELINE_SOURCE != "schedule"
+      changes:
+        paths:
+          - dd-java-agent/agent-debugger/**/*
+        compare_to: "master"
+      when: on_success
+    - when: manual
+      allow_failure: true
   before_script:
-    - source $HOME/.sdkman/bin/sdkman-init.sh
-    - export JAVA_HOME=$JAVA_8_HOME
-    - ./gradlew :dd-java-agent:shadowJar --no-scan
     - cp workspace/dd-java-agent/build/libs/*.jar /exploration-tests/dd-java-agent.jar
     - cp dd-java-agent/agent-debugger/exploration-tests/run-exploration-tests.sh /exploration-tests
     - cp dd-java-agent/agent-debugger/exploration-tests/exclude_*.txt /exploration-tests
     - cp dd-java-agent/agent-debugger/exploration-tests/include_*.txt /exploration-tests
+    - source $HOME/.sdkman/bin/sdkman-init.sh && cd / && sdk env
     - cd /exploration-tests
+    - java -version
   after_script:
-    - echo "$PROJECT"
-    - cd $CI_PROJECT_DIR
-    - cp /exploration-tests/$PROJECT/agent.log ${PROJECT}_agent.log
+    - cp /exploration-tests/${PROJECT}/agent.log ${PROJECT}_agent.log
     - gzip ${PROJECT}_agent.log
     - tar czf ${PROJECT}_surefire-reports.tar.gz /exploration-tests/${PROJECT}/target/surefire-reports
     - tar czf ${PROJECT}_debugger-dumps.tar.gz /tmp/debugger
   stage: exploration-tests
-  when: manual
   tags: [ "runner:main"]
-  needs: []
   image: $EXPLORATION_TESTS_IMAGE
   artifacts:
     paths:
-      - ${PROJECT}_agent.log.gz
-      - ${PROJECT}_surefire-reports.tar.gz
-      - ${PROJECT}_debugger-dumps.tar.gz
+      - "*_agent.log.gz"
+      - "*_surefire-reports.tar.gz"
+      - "*_debugger-dumps.tar.gz"
 
 exploration-tests-jsoup:
+  needs: [ build ]
+  dependencies:
+    - build
+  <<: *common-exploration-tests
   variables:
     PROJECT: jsoup
-  <<: *common-exploration-tests
   script:
-    - ./run-exploration-tests.sh "$PROJECT" "mvn verify" "include_jsoup.txt" "exclude_jsoup.txt"
-
+    - ./run-exploration-tests.sh "$PROJECT" "mvn verify" "include_${PROJECT}.txt" "exclude_${PROJECT}.txt"
 
 exploration-tests-jackson-core:
+  needs: [ build ]
+  dependencies:
+    - build
   <<: *common-exploration-tests
   variables:
     PROJECT: jackson-core
   script:
-    - ./run-exploration-tests.sh "$PROJECT" "./mvnw verify"
+    - ./run-exploration-tests.sh "$PROJECT" "mvn verify" "include_${PROJECT}.txt" "exclude_${PROJECT}.txt"
 
 exploration-tests-jackson-databind:
+  needs: [ build ]
+  dependencies:
+    - build
   <<: *common-exploration-tests
   variables:
     PROJECT: jackson-databind

SECURITY.md

@@ -1,5 +1,11 @@
-# Security
+# Security Policy
 
-## Security Vulnerabilities
+This document outlines the security policy for the Datadog Java client library (aka Java tracer) and what to do if you discover a security vulnerability in the project.
+Most notably, please do not share the details in a public forum (such as in a discussion, issue, or pull request) but instead reach out to us with the details.
+This gives us an opportunity to release a fix for others to benefit from by the time details are made public.
 
-If you have found a security issue, please contact the security team directly at security@datadoghq.com.
+## Reporting a Vulnerability
+
+If you discover a vulnerability in the Datadog Java client library (or any Datadog product for that matter) please submit details to the following email address:
+
+* [security@datadoghq.com](mailto:security@datadoghq.com)