add security response id

Author: jandro996

dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/blocking/BlockingActionHelper.java

@@ -119,18 +119,13 @@ public static TemplateType determineTemplateType(
   }
 
   public static byte[] getTemplate(TemplateType type) {
-    return getTemplate(type, null);
-  }
-
-  public static byte[] getTemplate(TemplateType type, String securityResponseId) {
-    byte[] template;
     if (type == TemplateType.JSON) {
-      template = TEMPLATE_JSON;
+      return TEMPLATE_JSON;
     } else if (type == TemplateType.HTML) {
-      template = TEMPLATE_HTML;
-    } else {
-      return null;
+      return TEMPLATE_HTML;
     }
+    return null;
+  }
 
     // Use empty string when securityResponseId is not present
     String replacementValue =

dd-java-agent/agent-bootstrap/src/test/groovy/datadog/trace/bootstrap/blocking/BlockingActionHelperSpecification.groovy

@@ -213,4 +213,112 @@ class BlockingActionHelperSpecification extends DDSpecification {
     HTML         | 'template.html'  | '<body>Custom template with security_response_id: [security_response_id]</body>' | 'Custom template with security_response_id: [id]'
     JSON         | 'template.json'  | '{"error":"blocked","id":"[security_response_id]"}'                   | '"error":"blocked","id":"[id]"'
   }
+
+
+  void 'getTemplate with security_response_id replaces placeholder in HTML template'() {
+    given:
+    def securityResponseId = '12345678-1234-1234-1234-123456789abc'
+
+    when:
+    def template = BlockingActionHelper.getTemplate(HTML, securityResponseId)
+    def templateStr = new String(template, StandardCharsets.UTF_8)
+
+    then:
+    templateStr.contains("Security Response ID: ${securityResponseId}")
+    !templateStr.contains('[security_response_id]')
+  }
+
+  void 'getTemplate with security_response_id replaces placeholder in JSON template'() {
+    given:
+    def securityResponseId = '12345678-1234-1234-1234-123456789abc'
+
+    when:
+    def template = BlockingActionHelper.getTemplate(JSON, securityResponseId)
+    def templateStr = new String(template, StandardCharsets.UTF_8)
+
+    then:
+    templateStr.contains("\"security_response_id\":\"${securityResponseId}\"")
+    !templateStr.contains('[security_response_id]')
+  }
+
+  void 'getTemplate without security_response_id uses empty string in HTML template'() {
+    when:
+    def template = BlockingActionHelper.getTemplate(HTML, null)
+    def templateStr = new String(template, StandardCharsets.UTF_8)
+
+    then:
+    !templateStr.contains('[security_response_id]')
+    templateStr.contains('Security Response ID:')
+    // The placeholder is replaced with empty string
+  }
+
+  void 'getTemplate without security_response_id uses empty string in JSON template'() {
+    when:
+    def template = BlockingActionHelper.getTemplate(JSON, null)
+    def templateStr = new String(template, StandardCharsets.UTF_8)
+
+    then:
+    !templateStr.contains('[security_response_id]')
+    templateStr.contains('"security_response_id"')
+    templateStr.contains('""')  // Empty string value
+  }
+
+  void 'getTemplate with empty security_response_id uses empty string'() {
+    when:
+    def htmlTemplate = BlockingActionHelper.getTemplate(HTML, '')
+    def jsonTemplate = BlockingActionHelper.getTemplate(JSON, '')
+
+    then:
+    !new String(htmlTemplate, StandardCharsets.UTF_8).contains('[security_response_id]')
+    !new String(jsonTemplate, StandardCharsets.UTF_8).contains('[security_response_id]')
+    // Both templates have placeholders replaced with empty string
+  }
+
+  void 'getTemplate with security_response_id works with custom HTML template'() {
+    setup:
+    File tempDir = File.createTempDir('testTempDir-', '')
+    Config config = Mock(Config)
+    File tempFile = new File(tempDir, 'template.html')
+    tempFile << '<body>Custom template with security_response_id: [security_response_id]</body>'
+    def securityResponseId = 'test-block-id-123'
+
+    when:
+    BlockingActionHelper.reset(config)
+    def template = BlockingActionHelper.getTemplate(HTML, securityResponseId)
+    def templateStr = new String(template, StandardCharsets.UTF_8)
+
+    then:
+    1 * config.getAppSecHttpBlockedTemplateHtml() >> tempFile.toString()
+    1 * config.getAppSecHttpBlockedTemplateJson() >> null
+    templateStr.contains("Custom template with security_response_id: ${securityResponseId}")
+    !templateStr.contains('[security_response_id]')
+
+    cleanup:
+    BlockingActionHelper.reset(Config.get())
+    tempDir.deleteDir()
+  }
+
+  void 'getTemplate with security_response_id works with custom JSON template'() {
+    setup:
+    File tempDir = File.createTempDir('testTempDir-', '')
+    Config config = Mock(Config)
+    File tempFile = new File(tempDir, 'template.json')
+    tempFile << '{"error":"blocked","id":"[security_response_id]"}'
+    def securityResponseId = 'test-block-id-456'
+
+    when:
+    BlockingActionHelper.reset(config)
+    def template = BlockingActionHelper.getTemplate(JSON, securityResponseId)
+    def templateStr = new String(template, StandardCharsets.UTF_8)
+
+    then:
+    1 * config.getAppSecHttpBlockedTemplateHtml() >> null
+    1 * config.getAppSecHttpBlockedTemplateJson() >> tempFile.toString()
+    templateStr.contains("\"error\":\"blocked\",\"id\":\"${securityResponseId}\"")
+    !templateStr.contains('[security_response_id]')
+
+    cleanup:
+    BlockingActionHelper.reset(Config.get())
+    tempDir.deleteDir()
+  }
 }

dd-java-agent/instrumentation/grizzly/grizzly-2.0/src/main/java/datadog/trace/instrumentation/grizzly/GrizzlyBlockingHelper.java

@@ -48,6 +48,17 @@ public static boolean block(
         context);
   }
 
+  public static boolean block(
+      Request request,
+      Response response,
+      int statusCode,
+      BlockingContentType bct,
+      Map<String, String> extraHeaders,
+      String securityResponseId,
+      Context context) {
+    return block(request, response, statusCode, bct, extraHeaders, null, context);
+  }
+
   public static boolean block(
       Request request,
       Response response,