Skip to content

Commit d864b1e

Browse files
jandro996jandro996
committed
WIP
1 parent 9865275 commit d864b1e

File tree

2 files changed

+22
-15
lines changed

2 files changed

+22
-15
lines changed

dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -704,8 +704,11 @@ private NoopFlow onRequestEnded(RequestContext ctx_, IGSpanInfo spanInfo) {
704704
traceSeg.setDataTop("appsec", wrapper);
705705

706706
// Report collected request and response headers based on allow list
707-
writeRequestHeaders(traceSeg, REQUEST_HEADERS_ALLOW_LIST, ctx.getRequestHeaders());
708-
writeResponseHeaders(traceSeg, RESPONSE_HEADERS_ALLOW_LIST, ctx.getResponseHeaders());
707+
boolean collectAll = Config.get().isAppSecCollectAllHeaders();
708+
writeRequestHeaders(
709+
traceSeg, REQUEST_HEADERS_ALLOW_LIST, ctx.getRequestHeaders(), collectAll);
710+
writeResponseHeaders(
711+
traceSeg, RESPONSE_HEADERS_ALLOW_LIST, ctx.getResponseHeaders(), collectAll);
709712

710713
// Report collected stack traces
711714
List<StackTraceEvent> stackTraces = ctx.getStackTraces();
@@ -715,10 +718,11 @@ private NoopFlow onRequestEnded(RequestContext ctx_, IGSpanInfo spanInfo) {
715718

716719
} else if (hasUserInfo(traceSeg)) {
717720
// Report all collected request headers on user tracking event
718-
writeRequestHeaders(traceSeg, REQUEST_HEADERS_ALLOW_LIST, ctx.getRequestHeaders());
721+
writeRequestHeaders(traceSeg, REQUEST_HEADERS_ALLOW_LIST, ctx.getRequestHeaders(), false);
719722
} else {
720723
// Report minimum set of collected request headers
721-
writeRequestHeaders(traceSeg, DEFAULT_REQUEST_HEADERS_ALLOW_LIST, ctx.getRequestHeaders());
724+
writeRequestHeaders(
725+
traceSeg, DEFAULT_REQUEST_HEADERS_ALLOW_LIST, ctx.getRequestHeaders(), false);
722726
}
723727
// If extracted any derivatives - commit them
724728
if (!ctx.commitDerivatives(traceSeg)) {
@@ -832,29 +836,33 @@ private static boolean hasUserCollectionEvent(final TraceSegment traceSeg) {
832836
private static void writeRequestHeaders(
833837
final TraceSegment traceSeg,
834838
final Set<String> allowed,
835-
final Map<String, List<String>> headers) {
836-
writeHeaders(traceSeg, "http.request.headers.", "_dd.appsec.request.", allowed, headers);
839+
final Map<String, List<String>> headers,
840+
final boolean collectAll) {
841+
writeHeaders(
842+
traceSeg, "http.request.headers.", "_dd.appsec.request.", allowed, headers, collectAll);
837843
}
838844

839845
private static void writeResponseHeaders(
840846
final TraceSegment traceSeg,
841847
final Set<String> allowed,
842-
final Map<String, List<String>> headers) {
843-
writeHeaders(traceSeg, "http.response.headers.", "_dd.appsec.response.", allowed, headers);
848+
final Map<String, List<String>> headers,
849+
final boolean collectAll) {
850+
writeHeaders(
851+
traceSeg, "http.response.headers.", "_dd.appsec.response.", allowed, headers, collectAll);
844852
}
845853

846854
private static void writeHeaders(
847855
final TraceSegment traceSeg,
848856
final String prefix,
849857
final String discardedPrefix,
850858
final Set<String> allowed,
851-
final Map<String, List<String>> headers) {
859+
final Map<String, List<String>> headers,
860+
final boolean collectAll) {
852861

853862
if (headers == null || headers.isEmpty()) {
854863
return;
855864
}
856865

857-
final boolean collectAll = Config.get().isAppSecCollectAllHeaders();
858866
final int headerLimit = Config.get().getAppsecMaxCollectedHeaders();
859867
final Set<String> added = new HashSet<>();
860868
int excluded = 0;

dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1175,7 +1175,7 @@ class GatewayBridgeSpecification extends DDSpecification {
11751175
]
11761176
11771177
when:
1178-
GatewayBridge.writeRequestHeaders(traceSegment, allowedHeaders, headers)
1178+
GatewayBridge.writeRequestHeaders(traceSegment, allowedHeaders, headers, false)
11791179
11801180
then:
11811181
1 * traceSegment.setTagTop('http.request.headers.x-allowed-header', 'value1')
@@ -1195,7 +1195,7 @@ class GatewayBridgeSpecification extends DDSpecification {
11951195
]
11961196
11971197
when:
1198-
GatewayBridge.writeResponseHeaders(traceSegment, allowedHeaders, headers)
1198+
GatewayBridge.writeResponseHeaders(traceSegment, allowedHeaders, headers, false)
11991199
12001200
then:
12011201
1 * traceSegment.setTagTop('http.response.headers.x-allowed-header', 'value1')
@@ -1205,7 +1205,6 @@ class GatewayBridgeSpecification extends DDSpecification {
12051205
12061206
void 'test writeRequestHeaders collecting all headers '(){
12071207
setup:
1208-
injectEnvConfig('DD_APPSEC_COLLECT_ALL_HEADERS' , 'true')
12091208
injectEnvConfig('DD_APPSEC_MAX_COLLECTED_HEADERS', '4')
12101209
12111210
def allowedHeaders = ['x-allowed-header', 'x-multiple-allowed-header', 'x-always-included'] as Set
@@ -1218,7 +1217,7 @@ class GatewayBridgeSpecification extends DDSpecification {
12181217
]
12191218
12201219
when:
1221-
GatewayBridge.writeRequestHeaders(traceSegment, allowedHeaders, headers)
1220+
GatewayBridge.writeRequestHeaders(traceSegment, allowedHeaders, headers, true)
12221221
12231222
then:
12241223
1 * traceSegment.setTagTop('http.request.headers.x-allowed-header', 'value1')
@@ -1244,7 +1243,7 @@ class GatewayBridgeSpecification extends DDSpecification {
12441243
]
12451244
12461245
when:
1247-
GatewayBridge.writeResponseHeaders(traceSegment, allowedHeaders, headers)
1246+
GatewayBridge.writeResponseHeaders(traceSegment, allowedHeaders, headers, true)
12481247
12491248
then:
12501249
1 * traceSegment.setTagTop('http.response.headers.x-allowed-header', 'value1')

0 commit comments

Comments
 (0)