wip

jandro996 · jandro996 · commit 1bf7e1973cb9 · 2026-03-17T10:19:04.000+01:00
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/ObjectIntrospection.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/ObjectIntrospection.java
@@ -302,15 +302,13 @@ private static Object doConversion(Object obj, int depth, State state) {
             log.error("Unable to get field value", e);
             // TODO: Use invalid object
           }
-        } else {
-          // This field is inaccessible (Strongly Encapsulated Internal class on Java 9+).
-          // Skip it and continue with the remaining fields — other accessible fields on the
-          // same object may still contain useful data for WAF inspection. Do NOT call
-          // obj.toString() here: JDK internal toString() representations (e.g.
-          // "class java.lang.Object") can match legitimate WAF phrase_match rules and
-          // produce false positives (e.g. crs-944-130 java_code_injection).
-          continue;
         }
+        // This field is inaccessible (Strongly Encapsulated Internal class on Java 9+).
+        // Skip it and continue with the remaining fields — other accessible fields on the
+        // same object may still contain useful data for WAF inspection. Do NOT call
+        // obj.toString() here: JDK internal toString() representations (e.g.
+        // "class java.lang.Object") can match legitimate WAF phrase_match rules and
+        // produce false positives (e.g. crs-944-130 java_code_injection).
       }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -302,15 +302,13 @@ private static Object doConversion(Object obj, int depth, State state) {`
`302`	`302`	`log.error("Unable to get field value", e);`
`303`	`303`	`// TODO: Use invalid object`
`304`	`304`	`}`
`305`		`- } else {`
`306`		`- // This field is inaccessible (Strongly Encapsulated Internal class on Java 9+).`
`307`		`- // Skip it and continue with the remaining fields — other accessible fields on the`
`308`		`- // same object may still contain useful data for WAF inspection. Do NOT call`
`309`		`- // obj.toString() here: JDK internal toString() representations (e.g.`
`310`		`- // "class java.lang.Object") can match legitimate WAF phrase_match rules and`
`311`		`- // produce false positives (e.g. crs-944-130 java_code_injection).`
`312`		`- continue;`
`313`	`305`	`}`
	`306`	`+ // This field is inaccessible (Strongly Encapsulated Internal class on Java 9+).`
	`307`	`+ // Skip it and continue with the remaining fields — other accessible fields on the`
	`308`	`+ // same object may still contain useful data for WAF inspection. Do NOT call`
	`309`	`+ // obj.toString() here: JDK internal toString() representations (e.g.`
	`310`	`+ // "class java.lang.Object") can match legitimate WAF phrase_match rules and`
	`311`	`+ // produce false positives (e.g. crs-944-130 java_code_injection).`
`314`	`312`	`}`
`315`	`313`	`}`
`316`	`314`