feat(appsec): instrument Files.copy(Path,Path) and Files.copy(Path,OutputStream) for RASP

Files.copy(Path source, Path target, CopyOption[]) was missing from FilesCallSite:
- fires beforeFileLoaded(source) for LFI detection on the source path
- fires beforeFileWritten(target) for write detection on the target path

Files.copy(Path source, OutputStream out) was also missing:
- fires beforeFileLoaded(source) for LFI detection on the source path

Author: jandro996

dd-java-agent/instrumentation/java/java-io-1.8/src/main/java/datadog/trace/instrumentation/java/lang/FilesCallSite.java

@@ -43,6 +43,19 @@ public static void beforeCopyFromStream(@CallSite.Argument(1) @Nullable final Pa
     }
   }
 
+  @CallSite.Before(
+      "java.nio.file.Path java.nio.file.Files.copy(java.nio.file.Path, java.nio.file.Path, java.nio.file.CopyOption[])")
+  public static void beforeCopyPathToPath(
+      @CallSite.Argument(0) @Nullable final Path source,
+      @CallSite.Argument(1) @Nullable final Path target) {
+    if (source != null) {
+      FileIORaspHelper.INSTANCE.beforeFileLoaded(source.toString());
+    }
+    if (target != null) {
+      FileIORaspHelper.INSTANCE.beforeFileWritten(target.toString());
+    }
+  }
+
   @CallSite.Before(
       "java.nio.file.Path java.nio.file.Files.move(java.nio.file.Path, java.nio.file.Path, java.nio.file.CopyOption[])")
   public static void beforeMove(@CallSite.Argument(1) @Nullable final Path target) {
@@ -51,6 +64,13 @@ public static void beforeMove(@CallSite.Argument(1) @Nullable final Path target)
     }
   }
 
+  @CallSite.Before("long java.nio.file.Files.copy(java.nio.file.Path, java.io.OutputStream)")
+  public static void beforeCopyToStream(@CallSite.Argument(0) @Nullable final Path source) {
+    if (source != null) {
+      FileIORaspHelper.INSTANCE.beforeFileLoaded(source.toString());
+    }
+  }
+
   // ===================== READ =====================
 
   @CallSite.Before(

dd-java-agent/instrumentation/java/java-io-1.8/src/test/groovy/datadog/trace/instrumentation/java/io/FilesCallSiteTest.groovy

@@ -102,6 +102,35 @@ class FilesCallSiteTest extends BaseIoRaspCallSiteTest {
     1 * helper.beforeFileWritten(path.toString())
   }
 
+  void 'test RASP Files.copy path to path fires beforeFileLoaded on source and beforeFileWritten on target'() {
+    setup:
+    final helper = Mock(FileIORaspHelper)
+    FileIORaspHelper.INSTANCE = helper
+    final source = newFile('test_rasp_copy_src.txt').toPath()
+    final target = temporaryFolder.resolve('test_rasp_copy_path_dst.txt')
+
+    when:
+    TestFilesSuite.copyPathToPath(source, target)
+
+    then:
+    1 * helper.beforeFileLoaded(source.toString())
+    1 * helper.beforeFileWritten(target.toString())
+  }
+
+  void 'test RASP Files.copy path to OutputStream fires beforeFileLoaded on source'() {
+    setup:
+    final helper = Mock(FileIORaspHelper)
+    FileIORaspHelper.INSTANCE = helper
+    final source = newFile('test_rasp_copy_stream_src.txt').toPath()
+
+    when:
+    TestFilesSuite.copyToStream(source, new ByteArrayOutputStream())
+
+    then:
+    1 * helper.beforeFileLoaded(source.toString())
+    0 * helper.beforeFileWritten(_)
+  }
+
   void 'test RASP Files.move'() {
     setup:
     final helper = Mock(FileIORaspHelper)

dd-java-agent/instrumentation/java/java-io-1.8/src/test/java/foo/bar/TestFilesSuite.java

@@ -57,6 +57,15 @@ public static BufferedWriter newBufferedWriterDefaultCharset(
     return Files.newBufferedWriter(path, options);
   }
 
+  public static Path copyPathToPath(
+      final Path source, final Path target, final CopyOption... options) throws IOException {
+    return Files.copy(source, target, options);
+  }
+
+  public static long copyToStream(final Path source, final OutputStream out) throws IOException {
+    return Files.copy(source, out);
+  }
+
   public static Path move(final Path source, final Path target, final CopyOption... options)
       throws IOException {
     return Files.move(source, target);