-
Notifications
You must be signed in to change notification settings - Fork 331
Expand file tree
/
Copy pathGrpcRequestMessageHandler.java
More file actions
59 lines (53 loc) · 2.22 KB
/
GrpcRequestMessageHandler.java
File metadata and controls
59 lines (53 loc) · 2.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
package com.datadog.iast;
import datadog.trace.api.gateway.Flow;
import datadog.trace.api.gateway.RequestContext;
import datadog.trace.api.gateway.RequestContextSlot;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.InstrumentationBridge;
import datadog.trace.api.iast.SourceTypes;
import datadog.trace.api.iast.propagation.PropagationModule;
import datadog.trace.api.iast.telemetry.IastMetric;
import datadog.trace.api.iast.telemetry.IastMetricCollector;
import java.util.Map;
import java.util.function.BiFunction;
import javax.annotation.Nonnull;
public class GrpcRequestMessageHandler implements BiFunction<RequestContext, Object, Flow<Void>> {
/**
* This will cover:
*
* <ul>
* <li>com.google.protobuf.GeneratedMessage
* <li>com.google.protobuf.GeneratedMessageV3
* <li>com.google.protobuf.GeneratedMessageLite
* </ul>
*/
private static final String GENERATED_MESSAGE = "com.google.protobuf.GeneratedMessage";
/** Maps map to this class that does not implement Map interface */
private static final String MAP_FIELD = "com.google.protobuf.MapField";
@Override
public Flow<Void> apply(final RequestContext ctx, final Object o) {
final PropagationModule module = InstrumentationBridge.PROPAGATION;
if (module != null && o != null) {
final IastContext iastCtx = ctx.getData(RequestContextSlot.IAST);
final byte source = SourceTypes.GRPC_BODY;
final int tainted =
module.taintObjectDeeply(
iastCtx, o, source, GrpcRequestMessageHandler::visitProtobufArtifact);
if (tainted > 0) {
IastMetricCollector.add(IastMetric.EXECUTED_SOURCE, source, tainted, iastCtx);
}
}
return Flow.ResultFlow.empty();
}
static boolean visitProtobufArtifact(@Nonnull final Class<?> kls) {
final Class<?> superClass = kls.getSuperclass();
if (superClass != null && superClass.getName().startsWith(GENERATED_MESSAGE)) {
return true; // GRPC custom messages
}
if (MAP_FIELD.equals(kls.getName())) {
return true; // a map that does not implement the map interface
}
// nested collections are safe in GRPC
return kls.isArray() || Iterable.class.isAssignableFrom(kls) || Map.class.isAssignableFrom(kls);
}
}