add better support for query parameters

Author: claponcet

dd-java-agent/instrumentation/aws-java/aws-java-lambda-handler-1.2/src/main/java/datadog/trace/instrumentation/aws/v1/lambda/LambdaHandlerInstrumentation.java

@@ -23,6 +23,7 @@
 import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
 import datadog.trace.bootstrap.instrumentation.api.AgentSpanContext;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
+import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
 import datadog.trace.config.inversion.ConfigHelper;
 import net.bytebuddy.asm.Advice;
 import net.bytebuddy.description.type.TypeDescription;
@@ -96,6 +97,7 @@ static AgentScope enter(
       } else {
         span = startSpan(INVOCATION_SPAN_NAME, lambdaContext);
       }
+      span.setSpanType(InternalSpanTypes.SERVERLESS);
       span.setTag("request_id", lambdaRequestId);
 
       final AgentScope scope = activateSpan(span);

dd-java-agent/instrumentation/aws-java/aws-java-lambda-handler-1.2/src/test/groovy/LambdaHandlerInstrumentationTest.groovy

@@ -1,4 +1,5 @@
 import datadog.trace.agent.test.naming.VersionedNamingTestBase
+import datadog.trace.api.DDSpanTypes
 import java.nio.charset.StandardCharsets
 import com.amazonaws.services.lambda.runtime.Context
 
@@ -30,6 +31,7 @@ abstract class LambdaHandlerInstrumentationTest extends VersionedNamingTestBase
       trace(1) {
         span {
           operationName operation()
+          spanType DDSpanTypes.SERVERLESS
           errored false
         }
       }
@@ -51,6 +53,7 @@ abstract class LambdaHandlerInstrumentationTest extends VersionedNamingTestBase
       trace(1) {
         span {
           operationName operation()
+          spanType DDSpanTypes.SERVERLESS
           errored true
           tags {
             tag "request_id", requestId

dd-trace-core/src/main/java/datadog/trace/lambda/LambdaAppSecHandler.java

@@ -26,6 +26,7 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 import java.util.function.BiFunction;
 import java.util.function.Function;
@@ -157,7 +158,9 @@ private static AgentSpanContext processAppSecRequestData(LambdaEventData eventDa
         datadog.trace.api.function.TriFunction<RequestContext, String, URIDataAdapter, Flow<Void>> methodUriCallback =
             tracer.getCallbackProvider(RequestContextSlot.APPSEC).getCallback(EVENTS.requestMethodUriRaw());
         if (methodUriCallback != null) {
-          LambdaURIDataAdapter uriAdapter = new LambdaURIDataAdapter(eventData.path);
+          // Reconstruct full path with query string for AppSec analysis
+          String fullPath = buildFullPath(eventData.path, eventData.queryParameters);
+          LambdaURIDataAdapter uriAdapter = new LambdaURIDataAdapter(fullPath);
           methodUriCallback.apply(requestContext, eventData.method, uriAdapter);
         } else {
           log.warn("requestMethodUriRaw callback is null");
@@ -235,7 +238,7 @@ private static LambdaEventData extractEventData(ByteArrayInputStream inputStream
         log.warn("Event size {} exceeds limit {} or is invalid, skipping AppSec processing",
             availableBytes, MAX_EVENT_SIZE);
         return new LambdaEventData(Collections.emptyMap(), null, null, null, null,
-            LambdaTriggerType.UNKNOWN, Collections.emptyMap(), null);
+            LambdaTriggerType.UNKNOWN, Collections.emptyMap(), Collections.emptyMap(), null);
       }
 
       StringBuilder jsonBuilder = new StringBuilder(availableBytes);
@@ -259,7 +262,7 @@ private static LambdaEventData extractEventDataFromJson(String json) {
       log.debug("Event JSON parsed successfully");
 
       if (event == null) {
-        return new LambdaEventData(Collections.emptyMap(), null, null, null, null, LambdaTriggerType.UNKNOWN, Collections.emptyMap(), null);
+        return new LambdaEventData(Collections.emptyMap(), null, null, null, null, LambdaTriggerType.UNKNOWN, Collections.emptyMap(), Collections.emptyMap(), null);
       }
 
       // Detect trigger type
@@ -284,7 +287,7 @@ private static LambdaEventData extractEventDataFromJson(String json) {
       }
     } catch (Exception e) {
       log.error("Failed to parse event data from JSON", e);
-      return new LambdaEventData(Collections.emptyMap(), null, null, null, null, LambdaTriggerType.UNKNOWN, Collections.emptyMap(), null);
+      return new LambdaEventData(Collections.emptyMap(), null, null, null, null, LambdaTriggerType.UNKNOWN, Collections.emptyMap(), Collections.emptyMap(), null);
     }
   }
 
@@ -339,6 +342,7 @@ static LambdaTriggerType detectTriggerType(Map<String, Object> event) {
   private static LambdaEventData extractApiGatewayV1Data(Map<String, Object> event) {
     Map<String, String> headers = extractHeaders(event.get("headers"));
     Map<String, String> pathParameters = extractPathParameters(event.get("pathParameters"));
+    Map<String, List<String>> queryParameters = extractQueryParameters(event.get("queryStringParameters"));
     Object body = extractBody(event);
 
     Map<?, ?> requestContext = (Map<?, ?>) event.get("requestContext");
@@ -352,7 +356,7 @@ private static LambdaEventData extractApiGatewayV1Data(Map<String, Object> event
       sourceIp = (String) identity.get("sourceIp");
     }
 
-    return new LambdaEventData(headers, method, path, sourceIp, null, LambdaTriggerType.API_GATEWAY_V1_REST, pathParameters, body);
+    return new LambdaEventData(headers, method, path, sourceIp, null, LambdaTriggerType.API_GATEWAY_V1_REST, pathParameters, queryParameters, body);
   }
 
   /**
@@ -361,6 +365,7 @@ private static LambdaEventData extractApiGatewayV1Data(Map<String, Object> event
   private static LambdaEventData extractApiGatewayV2HttpData(Map<String, Object> event, LambdaTriggerType triggerType) {
     Map<String, String> headers = extractHeadersWithCookies(event);
     Map<String, String> pathParameters = extractPathParameters(event.get("pathParameters"));
+    Map<String, List<String>> queryParameters = extractQueryParameters(event.get("queryStringParameters"));
     Object body = extractBody(event);
 
     Map<?, ?> requestContext = (Map<?, ?>) event.get("requestContext");
@@ -377,7 +382,7 @@ private static LambdaEventData extractApiGatewayV2HttpData(Map<String, Object> e
       sourcePort = ((Number) portObj).intValue();
     }
 
-    return new LambdaEventData(headers, method, path, sourceIp, sourcePort, triggerType, pathParameters, body);
+    return new LambdaEventData(headers, method, path, sourceIp, sourcePort, triggerType, pathParameters, queryParameters, body);
   }
 
   /**
@@ -386,6 +391,7 @@ private static LambdaEventData extractApiGatewayV2HttpData(Map<String, Object> e
   private static LambdaEventData extractApiGatewayV2WebSocketData(Map<String, Object> event) {
     Map<String, String> headers = extractHeadersWithCookies(event);
     Map<String, String> pathParameters = extractPathParameters(event.get("pathParameters"));
+    Map<String, List<String>> queryParameters = extractQueryParameters(event.get("queryStringParameters"));
     Object body = extractBody(event);
 
     Map<?, ?> requestContext = (Map<?, ?>) event.get("requestContext");
@@ -401,7 +407,7 @@ private static LambdaEventData extractApiGatewayV2WebSocketData(Map<String, Obje
       sourceIp = (String) identity.get("sourceIp");
     }
 
-    return new LambdaEventData(headers, method, path, sourceIp, null, LambdaTriggerType.API_GATEWAY_V2_WEBSOCKET, pathParameters, body);
+    return new LambdaEventData(headers, method, path, sourceIp, null, LambdaTriggerType.API_GATEWAY_V2_WEBSOCKET, pathParameters, queryParameters, body);
   }
 
   /**
@@ -437,13 +443,22 @@ private static LambdaEventData extractAlbData(Map<String, Object> event, LambdaT
     }
 
     Map<String, String> pathParameters = extractPathParameters(event.get("pathParameters"));
+
+    // ALB can have both queryStringParameters and multiValueQueryStringParameters
+    Map<String, List<String>> queryParameters;
+    if (triggerType == LambdaTriggerType.ALB_MULTI_VALUE) {
+      queryParameters = extractMultiValueQueryParameters(event.get("multiValueQueryStringParameters"));
+    } else {
+      queryParameters = extractQueryParameters(event.get("queryStringParameters"));
+    }
+
     Object body = extractBody(event);
 
     String method = (String) event.get("httpMethod");
     String path = (String) event.get("path");
     String sourceIp = headers.get("x-forwarded-for");
 
-    return new LambdaEventData(headers, method, path, sourceIp, null, triggerType, pathParameters, body);
+    return new LambdaEventData(headers, method, path, sourceIp, null, triggerType, pathParameters, queryParameters, body);
   }
 
   /**
@@ -452,6 +467,7 @@ private static LambdaEventData extractAlbData(Map<String, Object> event, LambdaT
   private static LambdaEventData extractGenericData(Map<String, Object> event) {
     Map<String, String> headers = extractHeadersWithCookies(event);
     Map<String, String> pathParameters = extractPathParameters(event.get("pathParameters"));
+    Map<String, List<String>> queryParameters = extractQueryParameters(event.get("queryStringParameters"));
     Object body = extractBody(event);
 
     String method = null;
@@ -497,7 +513,7 @@ private static LambdaEventData extractGenericData(Map<String, Object> event) {
       }
     }
 
-    return new LambdaEventData(headers, method, path, sourceIp, null, LambdaTriggerType.UNKNOWN, pathParameters, body);
+    return new LambdaEventData(headers, method, path, sourceIp, null, LambdaTriggerType.UNKNOWN, pathParameters, queryParameters, body);
   }
 
   /**
@@ -540,6 +556,87 @@ private static Map<String, String> extractPathParameters(Object pathParamsObj) {
     return pathParams;
   }
 
+  /**
+   * Helper method to extract query parameters from event.
+   * Converts Map<String, String> to Map<String, List<String>> format expected by AppSec.
+   */
+  private static Map<String, List<String>> extractQueryParameters(Object queryParamsObj) {
+    Map<String, List<String>> result = new java.util.HashMap<>();
+    if (queryParamsObj instanceof Map) {
+      Map<?, ?> rawMap = (Map<?, ?>) queryParamsObj;
+      for (Map.Entry<?, ?> entry : rawMap.entrySet()) {
+        if (entry.getKey() != null && entry.getValue() != null) {
+          String key = String.valueOf(entry.getKey());
+          String value = String.valueOf(entry.getValue());
+          result.put(key, java.util.Collections.singletonList(value));
+        }
+      }
+    }
+    log.debug("Extracted {} query parameters", result.size());
+    return result;
+  }
+
+  /**
+   * Helper method to extract multi-value query parameters (used by ALB).
+   * Handles Map<String, List<String>> format directly.
+   */
+  private static Map<String, List<String>> extractMultiValueQueryParameters(Object queryParamsObj) {
+    Map<String, List<String>> result = new java.util.HashMap<>();
+    if (queryParamsObj instanceof Map) {
+      Map<?, ?> rawMap = (Map<?, ?>) queryParamsObj;
+      for (Map.Entry<?, ?> entry : rawMap.entrySet()) {
+        if (entry.getKey() != null && entry.getValue() != null) {
+          String key = String.valueOf(entry.getKey());
+          if (entry.getValue() instanceof java.util.List) {
+            java.util.List<?> values = (java.util.List<?>) entry.getValue();
+            java.util.List<String> stringValues = new java.util.ArrayList<>();
+            for (Object value : values) {
+              if (value != null) {
+                stringValues.add(String.valueOf(value));
+              }
+            }
+            result.put(key, stringValues);
+          } else {
+            result.put(key, java.util.Collections.singletonList(String.valueOf(entry.getValue())));
+          }
+        }
+      }
+    }
+    log.debug("Extracted {} multi-value query parameters", result.size());
+    return result;
+  }
+
+  /**
+   * Helper method to build full path including query string.
+   * Lambda events provide path and query parameters separately, so we need to reconstruct
+   * the full URI for AppSec to parse.
+   */
+  private static String buildFullPath(String path, Map<String, List<String>> queryParameters) {
+    if (queryParameters == null || queryParameters.isEmpty()) {
+      return path;
+    }
+
+    StringBuilder fullPath = new StringBuilder(path);
+    fullPath.append('?');
+
+    boolean first = true;
+    for (Map.Entry<String, List<String>> entry : queryParameters.entrySet()) {
+      String key = entry.getKey();
+      for (String value : entry.getValue()) {
+        if (!first) {
+          fullPath.append('&');
+        }
+        first = false;
+        fullPath.append(key);
+        if (value != null) {
+          fullPath.append('=').append(value);
+        }
+      }
+    }
+
+    return fullPath.toString();
+  }
+
   /**
    * Helper method to extract and merge headers with cookies array from event.
    * API Gateway v2 provides a separate 'cookies' array that should be merged with headers.
@@ -689,16 +786,18 @@ static class LambdaEventData {
     final Integer sourcePort;
     final LambdaTriggerType triggerType;
     final Map<String, String> pathParameters;
+    final Map<String, List<String>> queryParameters;
     final Object body;
 
-    LambdaEventData(Map<String, String> headers, String method, String path, String sourceIp, Integer sourcePort, LambdaTriggerType triggerType, Map<String, String> pathParameters, Object body) {
+    LambdaEventData(Map<String, String> headers, String method, String path, String sourceIp, Integer sourcePort, LambdaTriggerType triggerType, Map<String, String> pathParameters, Map<String, List<String>> queryParameters, Object body) {
       this.headers = headers;
       this.method = method;
       this.path = path;
       this.sourceIp = sourceIp;
       this.sourcePort = sourcePort;
       this.triggerType = triggerType;
       this.pathParameters = pathParameters;
+      this.queryParameters = queryParameters;
       this.body = body;
     }
   }

dd-trace-core/src/test/groovy/datadog/trace/lambda/LambdaAppSecHandlerTest.groovy

@@ -2,6 +2,7 @@ package datadog.trace.lambda
 
 import datadog.trace.api.Config
 import datadog.trace.api.function.TriConsumer
+import datadog.trace.api.function.TriFunction
 import datadog.trace.api.gateway.CallbackProvider
 import datadog.trace.api.gateway.Flow
 import datadog.trace.api.gateway.RequestContext