Merge branch 'master' into alejandro.gonzalez/APPSEC-61873-3

Author: jandro996

.gitlab-ci.yml

@@ -406,7 +406,7 @@ config-inversion-linter:
   needs: []
   script:
     - ./gradlew --version
-    - ./gradlew logEnvVarUsages checkEnvironmentVariablesUsage checkConfigStrings
+    - ./gradlew checkConfigurations
 
 test_published_artifacts:
   extends: .gradle_build

buildSrc/src/main/kotlin/datadog/gradle/plugin/config/ConfigCheckActions.kt

@@ -0,0 +1,145 @@
+package datadog.gradle.plugin.config
+
+import com.github.javaparser.StaticJavaParser
+import com.github.javaparser.ast.Modifier
+import com.github.javaparser.ast.body.FieldDeclaration
+import com.github.javaparser.ast.body.VariableDeclarator
+import com.github.javaparser.ast.expr.Expression
+import com.github.javaparser.ast.expr.MethodCallExpr
+import com.github.javaparser.ast.expr.NameExpr
+import com.github.javaparser.ast.expr.StringLiteralExpr
+import org.gradle.api.Action
+import org.gradle.api.GradleException
+import org.gradle.api.Task
+import org.gradle.api.provider.Provider
+import org.gradle.api.tasks.SourceSetOutput
+import java.io.File
+
+/** Validates that all config definitions in the config directory are documented in supported-configurations.json. */
+internal class RegularConfigCheckAction(
+  private val mainSourceSetOutput: Provider<Provider<SourceSetOutput>>,
+  private val generatedClassName: Provider<String>,
+  private val extension: SupportedTracerConfigurations
+) : Action<Task> {
+  override fun execute(task: Task) {
+    val repoRoot = task.project.rootProject.projectDir.toPath()
+    val configDir = repoRoot.resolve("dd-trace-api/src/main/java/datadog/trace/api/config").toFile()
+
+    if (!configDir.exists()) {
+      throw GradleException("Config directory not found: ${configDir.absolutePath}")
+    }
+
+    val configFields = loadConfigFields(mainSourceSetOutput.get().get(), generatedClassName.get())
+    val supported = configFields.supported
+    val aliasMapping = configFields.aliasMapping
+
+    val violations = buildList {
+      configDir.listFiles()?.forEach { file ->
+        val fileName = file.name
+        extractStringConstants(file).forEach eachConstant@{ (fieldName, entry) ->
+          if (fieldName.endsWith("_DEFAULT")) return@eachConstant
+          val normalized = normalize(entry.value)
+          if (normalized !in supported && normalized !in aliasMapping) {
+            add("$fileName:${entry.line} -> Config '${entry.value}' normalizes to '$normalized' " +
+              "which is missing from '${extension.jsonFile.get()}'")
+          }
+        }
+      }
+    }
+
+    if (violations.isNotEmpty()) {
+      task.logger.error("\nFound config definitions not in '${extension.jsonFile.get()}':")
+      violations.forEach { task.logger.lifecycle(it) }
+      throw GradleException("Undocumented Environment Variables found. Please add the above Environment Variables to '${extension.jsonFile.get()}'.")
+    } else {
+      task.logger.info("All config strings are present in '${extension.jsonFile.get()}'.")
+    }
+  }
+}
+
+/**
+ * Validates that every `.ddprof.` config key used as a primary key in `DatadogProfilerConfig`'s
+ * static helpers also has its async-translated form (`profiling.ddprof.*` → `profiling.async.*`)
+ * documented in `supported-configurations.json`.
+ */
+internal class ProfilingConfigCheckAction(
+  private val mainSourceSetOutput: Provider<Provider<SourceSetOutput>>,
+  private val generatedClassName: Provider<String>,
+  private val extension: SupportedTracerConfigurations
+) : Action<Task> {
+  override fun execute(task: Task) {
+    val repoRoot = task.project.rootProject.projectDir.toPath()
+
+    val constantMap = extractStringConstants(
+      repoRoot.resolve("dd-trace-api/src/main/java/datadog/trace/api/config/ProfilingConfig.java").toFile()
+    )
+
+    val configFields = loadConfigFields(mainSourceSetOutput.get().get(), generatedClassName.get())
+    val supported = configFields.supported
+    val aliasMapping = configFields.aliasMapping
+
+    val ddprofConfigFile = repoRoot.resolve(
+      "dd-java-agent/agent-profiling/profiling-ddprof/src/main/java/com/datadog/profiling/ddprof/DatadogProfilerConfig.java"
+    ).toFile()
+    val cu = StaticJavaParser.parse(ddprofConfigFile)
+
+    val helperMethodNames = setOf("getBoolean", "getInteger", "getLong", "getString")
+    val violations = mutableListOf<String>()
+
+    cu.findAll(MethodCallExpr::class.java).forEach { call ->
+      if (call.scope.isPresent) return@forEach
+      if (call.nameAsString !in helperMethodNames) return@forEach
+      val args = call.arguments
+      if (args.size < 2 || args[0] !is NameExpr || (args[0] as NameExpr).nameAsString != "configProvider") return@forEach
+
+      val primaryKeyEntry = resolveConstant(args[1], constantMap) ?: return@forEach
+      checkDocumented(primaryKeyEntry, supported, aliasMapping, call, violations, extension)
+    }
+
+    if (violations.isNotEmpty()) {
+      violations.forEach { task.logger.error(it) }
+      throw GradleException("Undocumented configs found in DatadogProfilerConfig. Please add the above to '${extension.jsonFile.get()}'.")
+    } else {
+      task.logger.info("All DatadogProfilerConfig configs are documented.")
+    }
+  }
+}
+
+internal data class ConstantEntry(val value: String, val line: Int)
+
+internal fun extractStringConstants(file: File): Map<String, ConstantEntry> {
+  val map = mutableMapOf<String, ConstantEntry>()
+  StaticJavaParser.parse(file).findAll(VariableDeclarator::class.java).forEach { varDecl ->
+    val field = varDecl.parentNode.map { it as? FieldDeclaration }.orElse(null) ?: return@forEach
+    if (field.hasModifiers(Modifier.Keyword.PUBLIC, Modifier.Keyword.STATIC, Modifier.Keyword.FINAL)
+      && varDecl.typeAsString == "String") {
+      val init = varDecl.initializer.orElse(null) as? StringLiteralExpr ?: return@forEach
+      val line = varDecl.range.map { it.begin.line }.orElse(-1)
+      map[varDecl.nameAsString] = ConstantEntry(init.value, line)
+    }
+  }
+  return map
+}
+
+internal fun resolveConstant(expr: Expression?, constantMap: Map<String, ConstantEntry>): ConstantEntry? = when (expr) {
+  is StringLiteralExpr -> ConstantEntry(expr.value, -1)
+  is NameExpr -> constantMap[expr.nameAsString]
+  else -> null
+}
+
+// Only check the async-translated form produced by DatadogProfilerConfig.normalizeKey.
+internal fun checkDocumented(
+  entry: ConstantEntry,
+  supported: Set<String>,
+  aliasMapping: Map<String, String>,
+  call: MethodCallExpr,
+  violations: MutableList<String>,
+  extension: SupportedTracerConfigurations
+) {
+  if (!entry.value.contains(".ddprof.")) return
+  val asyncNormalized = normalize(entry.value.replace(".ddprof.", ".async."))
+  if (asyncNormalized !in supported && asyncNormalized !in aliasMapping) {
+    val callLine = call.range.map { it.begin.line }.orElse(-1)
+    violations.add("ProfilingConfig.java:${entry.line} (DatadogProfilerConfig.java:$callLine) -> '${entry.value}' (async form) → '$asyncNormalized' is missing from '${extension.jsonFile.get()}'")
+  }
+}

buildSrc/src/main/kotlin/datadog/gradle/plugin/config/ConfigInversionLinter.kt

@@ -1,16 +1,12 @@
 package datadog.gradle.plugin.config
 
-import com.github.javaparser.ParserConfiguration
-import com.github.javaparser.StaticJavaParser
-import com.github.javaparser.ast.CompilationUnit
 import com.github.javaparser.ast.Modifier
-import com.github.javaparser.ast.body.FieldDeclaration
-import com.github.javaparser.ast.body.VariableDeclarator
-import com.github.javaparser.ast.expr.StringLiteralExpr
 import com.github.javaparser.ast.nodeTypes.NodeWithModifiers
 import org.gradle.api.GradleException
 import org.gradle.api.Plugin
 import org.gradle.api.Project
+import org.gradle.api.Task
+import org.gradle.api.tasks.TaskProvider
 import org.gradle.api.tasks.SourceSet
 import org.gradle.api.tasks.SourceSetContainer
 import org.gradle.kotlin.dsl.getByType
@@ -20,23 +16,32 @@ import java.nio.file.Path
 class ConfigInversionLinter : Plugin<Project> {
   override fun apply(target: Project) {
     val extension = target.extensions.create("supportedTracerConfigurations", SupportedTracerConfigurations::class.java)
-    registerLogEnvVarUsages(target, extension)
-    registerCheckEnvironmentVariablesUsage(target)
-    registerCheckConfigStringsTask(target, extension)
+    val logEnvVarUsages = registerLogEnvVarUsages(target, extension)
+    val checkEnvVarUsage = registerCheckEnvironmentVariablesUsage(target)
+    val checkConfigStrings = registerCheckConfigStringsTask(target, extension)
+    val checkInstrumenterModule = registerCheckInstrumenterModuleConfigurations(target, extension)
+    val checkDecoratorAnalytics = registerCheckDecoratorAnalyticsConfigurations(target, extension)
+
+    target.tasks.register("checkConfigurations") {
+      group = "verification"
+      description = "Runs all config inversion validation checks"
+      dependsOn(logEnvVarUsages, checkEnvVarUsage, checkConfigStrings, checkInstrumenterModule, checkDecoratorAnalytics)
+    }
   }
 }
 
 // Data class for fields from generated class
-private data class LoadedConfigFields(
+data class LoadedConfigFields(
   val supported: Set<String>,
-  val aliasMapping: Map<String, String> = emptyMap()
+  val aliasMapping: Map<String, String> = emptyMap(),
+  val aliases: Map<String, List<String>> = emptyMap()
 )
 
 // Cache for fields from generated class
-private var cachedConfigFields: LoadedConfigFields? = null
+internal var cachedConfigFields: LoadedConfigFields? = null
 
 // Helper function to load fields from the generated class
-private fun loadConfigFields(
+internal fun loadConfigFields(
   mainSourceSetOutput: org.gradle.api.file.FileCollection,
   generatedClassName: String
 ): LoadedConfigFields {
@@ -55,18 +60,20 @@ private fun loadConfigFields(
 
       @Suppress("UNCHECKED_CAST")
       val aliasMappingMap = clazz.getField("ALIAS_MAPPING").get(null) as Map<String, String>
-      LoadedConfigFields(supportedSet, aliasMappingMap)
+      @Suppress("UNCHECKED_CAST")
+      val aliasesMap = clazz.getField("ALIASES").get(null) as Map<String, List<String>>
+      LoadedConfigFields(supportedSet, aliasMappingMap, aliasesMap)
     }.also { cachedConfigFields = it }
   }
 }
 
 /** Registers `logEnvVarUsages` (scan for DD_/OTEL_ tokens and fail if unsupported). */
-private fun registerLogEnvVarUsages(target: Project, extension: SupportedTracerConfigurations) {
+private fun registerLogEnvVarUsages(target: Project, extension: SupportedTracerConfigurations): TaskProvider<Task> {
   val ownerPath = extension.configOwnerPath
   val generatedFile = extension.className
 
   // token check that uses the generated class instead of JSON
-  target.tasks.register("logEnvVarUsages") {
+  return target.tasks.register("logEnvVarUsages") {
     group = "verification"
     description = "Scan Java files for DD_/OTEL_ tokens and fail if unsupported (using generated constants)"
 
@@ -127,8 +134,8 @@ private fun registerLogEnvVarUsages(target: Project, extension: SupportedTracerC
 }
 
 /** Registers `checkEnvironmentVariablesUsage` (forbid EnvironmentVariables.get(...)). */
-private fun registerCheckEnvironmentVariablesUsage(project: Project) {
-  project.tasks.register("checkEnvironmentVariablesUsage") {
+private fun registerCheckEnvironmentVariablesUsage(project: Project): TaskProvider<Task> {
+  return project.tasks.register("checkEnvironmentVariablesUsage") {
     group = "verification"
     description = "Scans src/main/java for direct usages of EnvironmentVariables.get(...)"
 
@@ -166,19 +173,19 @@ private fun registerCheckEnvironmentVariablesUsage(project: Project) {
 }
 
 // Helper functions for checking Config Strings
-private fun normalize(configValue: String) =
+internal fun normalize(configValue: String) =
   "DD_" + configValue.uppercase().replace("-", "_").replace(".", "_")
 
 // Checking "public" "static" "final"
-private fun NodeWithModifiers<*>.hasModifiers(vararg mods: Modifier.Keyword) =
+internal fun NodeWithModifiers<*>.hasModifiers(vararg mods: Modifier.Keyword) =
   mods.all { hasModifier(it) }
 
 /** Registers `checkConfigStrings` to validate config definitions against documented supported configurations. */
-private fun registerCheckConfigStringsTask(project: Project, extension: SupportedTracerConfigurations) {
+private fun registerCheckConfigStringsTask(project: Project, extension: SupportedTracerConfigurations): TaskProvider<Task> {
   val ownerPath = extension.configOwnerPath
   val generatedFile = extension.className
 
-  project.tasks.register("checkConfigStrings") {
+  return project.tasks.register("checkConfigStrings") {
     group = "verification"
     description = "Validates that all config definitions in `dd-trace-api/src/main/java/datadog/trace/api/config` exist in `metadata/supported-configurations.json`"
 
@@ -190,61 +197,58 @@ private fun registerCheckConfigStringsTask(project: Project, extension: Supporte
     }
     inputs.files(mainSourceSetOutput)
 
-    doLast {
-      val repoRoot: Path = project.rootProject.projectDir.toPath()
-      val configDir = repoRoot.resolve("dd-trace-api/src/main/java/datadog/trace/api/config").toFile()
+    doLast("regular-config-check", RegularConfigCheckAction(mainSourceSetOutput, generatedFile, extension))
+    doLast("profiling-config-check", ProfilingConfigCheckAction(mainSourceSetOutput, generatedFile, extension))
+  }
+}
 
-      if (!configDir.exists()) {
-        throw GradleException("Config directory not found: ${configDir.absolutePath}")
-      }
 
-      val configFields = loadConfigFields(mainSourceSetOutput.get().get(), generatedFile.get())
-      val supported = configFields.supported
-      val aliasMapping = configFields.aliasMapping
+/** Registers `checkInstrumenterModuleConfigurations` to verify each InstrumenterModule's integration name has proper entries in SUPPORTED and ALIASES. */
+private fun registerCheckInstrumenterModuleConfigurations(project: Project, extension: SupportedTracerConfigurations): TaskProvider<CheckInstrumenterModuleConfigTask> {
+  val ownerPath = extension.configOwnerPath
+  val generatedFile = extension.className
 
-      var parserConfig = ParserConfiguration()
-      parserConfig.setLanguageLevel(ParserConfiguration.LanguageLevel.JAVA_8)
+  return project.tasks.register("checkInstrumenterModuleConfigurations", CheckInstrumenterModuleConfigTask::class.java) {
+    group = "verification"
+    description = "Validates that InstrumenterModule integration names have corresponding entries in SUPPORTED and ALIASES"
 
-      StaticJavaParser.setConfiguration(parserConfig)
+    mainSourceSetOutput.from(ownerPath.map {
+      project.project(it)
+        .extensions.getByType<SourceSetContainer>()
+        .named(SourceSet.MAIN_SOURCE_SET_NAME)
+        .map { main -> main.output }
+    })
+    instrumentationFiles.from(project.fileTree(project.rootProject.projectDir) {
+      include("dd-java-agent/instrumentation/**/src/main/java/**/*.java")
+    })
+    generatedClassName.set(generatedFile)
+    errorHeader.set("\nFound InstrumenterModule integration names with missing SUPPORTED/ALIASES entries:")
+    errorMessage.set("InstrumenterModule integration names are missing from SUPPORTED or ALIASES in '${extension.jsonFile.get()}'.")
+    successMessage.set("All InstrumenterModule integration names have proper SUPPORTED and ALIASES entries.")
+  }
+}
 
-      val violations = buildList {
-        configDir.listFiles()?.forEach { file ->
-          val fileName = file.name
-          val cu: CompilationUnit = StaticJavaParser.parse(file)
-
-          cu.findAll(VariableDeclarator::class.java).forEach { varDecl ->
-            varDecl.parentNode
-              .map { it as? FieldDeclaration }
-              .ifPresent { field ->
-                if (field.hasModifiers(Modifier.Keyword.PUBLIC, Modifier.Keyword.STATIC, Modifier.Keyword.FINAL) &&
-                  varDecl.typeAsString == "String") {
-
-                  val fieldName = varDecl.nameAsString
-                  if (fieldName.endsWith("_DEFAULT")) return@ifPresent
-                  val init = varDecl.initializer.orElse(null) ?: return@ifPresent
-
-                  if (init !is StringLiteralExpr) return@ifPresent
-                  val rawValue = init.value
-
-                  val normalized = normalize(rawValue)
-                  if (normalized !in supported && normalized !in aliasMapping) {
-                    val line = varDecl.range.map { it.begin.line }.orElse(1)
-                    add("$fileName:$line -> Config '$rawValue' normalizes to '$normalized' " +
-                        "which is missing from '${extension.jsonFile.get()}'")
-                  }
-                }
-              }
-          }
-        }
-      }
+/** Registers `checkDecoratorAnalyticsConfigurations` to verify each BaseDecorator subclass's instrumentationNames have proper analytics entries in SUPPORTED and ALIASES. */
+private fun registerCheckDecoratorAnalyticsConfigurations(project: Project, extension: SupportedTracerConfigurations): TaskProvider<CheckDecoratorAnalyticsConfigTask> {
+  val ownerPath = extension.configOwnerPath
+  val generatedFile = extension.className
 
-      if (violations.isNotEmpty()) {
-        logger.error("\nFound config definitions not in '${extension.jsonFile.get()}':")
-        violations.forEach { logger.lifecycle(it) }
-        throw GradleException("Undocumented Environment Variables found. Please add the above Environment Variables to '${extension.jsonFile.get()}'.")
-      } else {
-        logger.info("All config strings are present in '${extension.jsonFile.get()}'.")
-      }
-    }
+  return project.tasks.register("checkDecoratorAnalyticsConfigurations", CheckDecoratorAnalyticsConfigTask::class.java) {
+    group = "verification"
+    description = "Validates that Decorator instrumentationNames have corresponding analytics entries in SUPPORTED and ALIASES"
+
+    mainSourceSetOutput.from(ownerPath.map {
+      project.project(it)
+        .extensions.getByType<SourceSetContainer>()
+        .named(SourceSet.MAIN_SOURCE_SET_NAME)
+        .map { main -> main.output }
+    })
+    instrumentationFiles.from(project.fileTree(project.rootProject.projectDir) {
+      include("dd-java-agent/instrumentation/**/src/main/java/**/*.java")
+    })
+    generatedClassName.set(generatedFile)
+    errorHeader.set("\nFound Decorator instrumentationNames with missing analytics SUPPORTED/ALIASES entries:")
+    errorMessage.set("Decorator instrumentationNames are missing analytics entries from SUPPORTED or ALIASES in '${extension.jsonFile.get()}'.")
+    successMessage.set("All Decorator instrumentationNames have proper analytics SUPPORTED and ALIASES entries.")
   }
 }