Split jetty-appsec-9.3 [9.3,12) into three clean modules: 9.3, 9.4, 11.0

Eliminates all reflection from the multipart filename instrumentation by
creating version-specific modules with compile-time type safety:

- jetty-appsec-9.3 [9.3,9.4): javax.servlet, uses _multiPartInputStream field
- jetty-appsec-9.4 [9.4,11.0): javax.servlet, uses _multiParts field
- jetty-appsec-11.0 [11.0,12.0): jakarta.servlet, uses _multiParts field

Each module uses muzzle references as version discriminators instead of
runtime reflection, and delegates filename extraction to a testable
MultipartHelper class with 8 Spock unit tests each.

Server test modules updated to reference the correct appsec module per
Jetty version range.

Author: jandro996

dd-java-agent/instrumentation/jetty/jetty-appsec/jetty-appsec-11.0/build.gradle

@@ -0,0 +1,24 @@
+muzzle {
+  pass {
+    group = 'org.eclipse.jetty'
+    module = 'jetty-server'
+    versions = '[11.0,12.0)'
+    assertInverse = true
+    javaVersion = 11
+  }
+}
+
+apply from: "$rootDir/gradle/java.gradle"
+
+dependencies {
+  compileOnly(group: 'org.eclipse.jetty', name: 'jetty-server', version: '11.0.0') {
+    exclude group: 'org.slf4j', module: 'slf4j-api'
+  }
+  testImplementation(group: 'org.eclipse.jetty.toolchain', name: 'jetty-jakarta-servlet-api', version: '5.0.1')
+}
+
+tasks.withType(JavaCompile).configureEach {
+  configureCompiler(it, 11, JavaVersion.VERSION_1_8)
+}
+
+// testing happens in the jetty-* modules

dd-java-agent/instrumentation/jetty/jetty-appsec/jetty-appsec-11.0/gradle.lockfile

@@ -0,0 +1,127 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+cafe.cryptography:curve25519-elisabeth:0.1.0=testRuntimeClasspath
+cafe.cryptography:ed25519-elisabeth:0.1.0=testRuntimeClasspath
+ch.qos.logback:logback-classic:1.2.13=testCompileClasspath,testRuntimeClasspath
+ch.qos.logback:logback-core:1.2.13=testCompileClasspath,testRuntimeClasspath
+com.blogspot.mydailyjava:weak-lock-free:0.17=buildTimeInstrumentationPlugin,compileClasspath,muzzleTooling,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+com.datadoghq.okhttp3:okhttp:3.12.15=testCompileClasspath,testRuntimeClasspath
+com.datadoghq.okio:okio:1.17.6=testCompileClasspath,testRuntimeClasspath
+com.datadoghq:dd-instrument-java:0.0.3=buildTimeInstrumentationPlugin,compileClasspath,muzzleBootstrap,muzzleTooling,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+com.datadoghq:dd-javac-plugin-client:0.2.2=buildTimeInstrumentationPlugin,compileClasspath,muzzleBootstrap,muzzleTooling,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+com.datadoghq:java-dogstatsd-client:4.4.3=testRuntimeClasspath
+com.datadoghq:sketches-java:0.8.3=testRuntimeClasspath
+com.github.javaparser:javaparser-core:3.25.6=codenarc
+com.github.jnr:jffi:1.3.14=testRuntimeClasspath
+com.github.jnr:jnr-a64asm:1.0.0=testRuntimeClasspath
+com.github.jnr:jnr-constants:0.10.4=testRuntimeClasspath
+com.github.jnr:jnr-enxio:0.32.19=testRuntimeClasspath
+com.github.jnr:jnr-ffi:2.2.18=testRuntimeClasspath
+com.github.jnr:jnr-posix:3.1.21=testRuntimeClasspath
+com.github.jnr:jnr-unixsocket:0.38.24=testRuntimeClasspath
+com.github.jnr:jnr-x86asm:1.0.2=testRuntimeClasspath
+com.github.spotbugs:spotbugs-annotations:4.9.8=compileClasspath,spotbugs,testCompileClasspath,testRuntimeClasspath
+com.github.spotbugs:spotbugs:4.9.8=spotbugs
+com.github.stephenc.jcip:jcip-annotations:1.0-1=spotbugs
+com.google.auto.service:auto-service-annotations:1.1.1=annotationProcessor,compileClasspath,testAnnotationProcessor,testCompileClasspath
+com.google.auto.service:auto-service:1.1.1=annotationProcessor,testAnnotationProcessor
+com.google.auto:auto-common:1.2.1=annotationProcessor,testAnnotationProcessor
+com.google.code.findbugs:jsr305:3.0.2=annotationProcessor,compileClasspath,spotbugs,testAnnotationProcessor,testCompileClasspath,testRuntimeClasspath
+com.google.code.gson:gson:2.13.2=spotbugs
+com.google.errorprone:error_prone_annotations:2.18.0=annotationProcessor,testAnnotationProcessor
+com.google.errorprone:error_prone_annotations:2.41.0=spotbugs
+com.google.guava:failureaccess:1.0.1=annotationProcessor,testAnnotationProcessor
+com.google.guava:guava:20.0=testCompileClasspath,testRuntimeClasspath
+com.google.guava:guava:32.0.1-jre=annotationProcessor,testAnnotationProcessor
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava=annotationProcessor,testAnnotationProcessor
+com.google.j2objc:j2objc-annotations:2.8=annotationProcessor,testAnnotationProcessor
+com.google.re2j:re2j:1.7=testRuntimeClasspath
+com.squareup.moshi:moshi:1.11.0=testCompileClasspath,testRuntimeClasspath
+com.squareup.okhttp3:logging-interceptor:3.12.12=testCompileClasspath,testRuntimeClasspath
+com.squareup.okhttp3:okhttp:3.12.12=testCompileClasspath,testRuntimeClasspath
+com.squareup.okio:okio:1.17.5=testCompileClasspath,testRuntimeClasspath
+com.thoughtworks.qdox:qdox:1.12.1=codenarc
+commons-fileupload:commons-fileupload:1.5=testCompileClasspath,testRuntimeClasspath
+commons-io:commons-io:2.11.0=testCompileClasspath,testRuntimeClasspath
+commons-io:commons-io:2.20.0=spotbugs
+de.thetaphi:forbiddenapis:3.10=compileClasspath
+io.leangen.geantyref:geantyref:1.3.16=testRuntimeClasspath
+io.sqreen:libsqreen:17.3.0=testRuntimeClasspath
+javax.servlet:javax.servlet-api:3.1.0=testCompileClasspath,testRuntimeClasspath
+jaxen:jaxen:2.0.0=spotbugs
+junit:junit:4.13.2=testRuntimeClasspath
+net.bytebuddy:byte-buddy-agent:1.18.3=buildTimeInstrumentationPlugin,compileClasspath,muzzleTooling,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+net.bytebuddy:byte-buddy:1.18.3=buildTimeInstrumentationPlugin,compileClasspath,muzzleTooling,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+net.java.dev.jna:jna-platform:5.8.0=testRuntimeClasspath
+net.java.dev.jna:jna:5.8.0=testRuntimeClasspath
+net.sf.saxon:Saxon-HE:12.9=spotbugs
+org.apache.ant:ant-antlr:1.10.14=codenarc
+org.apache.ant:ant-junit:1.10.14=codenarc
+org.apache.bcel:bcel:6.11.0=spotbugs
+org.apache.commons:commons-lang3:3.19.0=spotbugs
+org.apache.commons:commons-text:1.14.0=spotbugs
+org.apache.logging.log4j:log4j-api:2.25.2=spotbugs
+org.apache.logging.log4j:log4j-core:2.25.2=spotbugs
+org.apiguardian:apiguardian-api:1.1.2=testCompileClasspath
+org.checkerframework:checker-qual:3.33.0=annotationProcessor,testAnnotationProcessor
+org.codehaus.groovy:groovy-ant:3.0.23=codenarc
+org.codehaus.groovy:groovy-docgenerator:3.0.23=codenarc
+org.codehaus.groovy:groovy-groovydoc:3.0.23=codenarc
+org.codehaus.groovy:groovy-json:3.0.23=codenarc
+org.codehaus.groovy:groovy-json:3.0.25=testCompileClasspath,testRuntimeClasspath
+org.codehaus.groovy:groovy-templates:3.0.23=codenarc
+org.codehaus.groovy:groovy-xml:3.0.23=codenarc
+org.codehaus.groovy:groovy:3.0.23=codenarc
+org.codehaus.groovy:groovy:3.0.25=testCompileClasspath,testRuntimeClasspath
+org.codenarc:CodeNarc:3.7.0=codenarc
+org.dom4j:dom4j:2.2.0=spotbugs
+org.eclipse.jetty.toolchain:jetty-jakarta-servlet-api:5.0.1=compileClasspath,testCompileClasspath,testRuntimeClasspath
+org.eclipse.jetty:jetty-http:11.0.0=compileClasspath
+org.eclipse.jetty:jetty-io:11.0.0=compileClasspath
+org.eclipse.jetty:jetty-server:11.0.0=compileClasspath
+org.eclipse.jetty:jetty-util:11.0.0=compileClasspath
+org.gmetrics:GMetrics:2.1.0=codenarc
+org.hamcrest:hamcrest-core:1.3=testRuntimeClasspath
+org.hamcrest:hamcrest:3.0=testCompileClasspath,testRuntimeClasspath
+org.jctools:jctools-core-jdk11:4.0.6=testRuntimeClasspath
+org.jctools:jctools-core:4.0.6=testRuntimeClasspath
+org.junit.jupiter:junit-jupiter-api:5.14.1=testCompileClasspath,testRuntimeClasspath
+org.junit.jupiter:junit-jupiter-engine:5.14.1=testRuntimeClasspath
+org.junit.jupiter:junit-jupiter-params:5.14.1=testCompileClasspath,testRuntimeClasspath
+org.junit.jupiter:junit-jupiter:5.14.1=testCompileClasspath,testRuntimeClasspath
+org.junit.platform:junit-platform-commons:1.14.1=testCompileClasspath,testRuntimeClasspath
+org.junit.platform:junit-platform-engine:1.14.1=testCompileClasspath,testRuntimeClasspath
+org.junit.platform:junit-platform-launcher:1.14.1=testRuntimeClasspath
+org.junit.platform:junit-platform-runner:1.14.1=testRuntimeClasspath
+org.junit.platform:junit-platform-suite-api:1.14.1=testRuntimeClasspath
+org.junit.platform:junit-platform-suite-commons:1.14.1=testRuntimeClasspath
+org.junit:junit-bom:5.14.0=spotbugs
+org.junit:junit-bom:5.14.1=testCompileClasspath,testRuntimeClasspath
+org.mockito:mockito-core:4.4.0=testRuntimeClasspath
+org.objenesis:objenesis:3.3=testCompileClasspath,testRuntimeClasspath
+org.opentest4j:opentest4j:1.3.0=testCompileClasspath,testRuntimeClasspath
+org.ow2.asm:asm-analysis:9.7.1=testRuntimeClasspath
+org.ow2.asm:asm-analysis:9.9=spotbugs
+org.ow2.asm:asm-commons:9.9=spotbugs
+org.ow2.asm:asm-commons:9.9.1=testRuntimeClasspath
+org.ow2.asm:asm-tree:9.9=spotbugs
+org.ow2.asm:asm-tree:9.9.1=testRuntimeClasspath
+org.ow2.asm:asm-util:9.7.1=testRuntimeClasspath
+org.ow2.asm:asm-util:9.9=spotbugs
+org.ow2.asm:asm:9.9=spotbugs
+org.ow2.asm:asm:9.9.1=buildTimeInstrumentationPlugin,compileClasspath,muzzleTooling,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+org.slf4j:jcl-over-slf4j:1.7.30=testCompileClasspath,testRuntimeClasspath
+org.slf4j:jul-to-slf4j:1.7.30=testCompileClasspath,testRuntimeClasspath
+org.slf4j:log4j-over-slf4j:1.7.30=testCompileClasspath,testRuntimeClasspath
+org.slf4j:slf4j-api:1.7.30=buildTimeInstrumentationPlugin,compileClasspath,muzzleBootstrap,muzzleTooling,runtimeClasspath
+org.slf4j:slf4j-api:1.7.32=testCompileClasspath,testRuntimeClasspath
+org.slf4j:slf4j-api:2.0.17=spotbugs,spotbugsSlf4j
+org.slf4j:slf4j-simple:2.0.17=spotbugsSlf4j
+org.snakeyaml:snakeyaml-engine:2.9=buildTimeInstrumentationPlugin,muzzleTooling,runtimeClasspath,testRuntimeClasspath
+org.spockframework:spock-bom:2.4-groovy-3.0=testCompileClasspath,testRuntimeClasspath
+org.spockframework:spock-core:2.4-groovy-3.0=testCompileClasspath,testRuntimeClasspath
+org.tabletest:tabletest-junit:1.2.1=testCompileClasspath,testRuntimeClasspath
+org.tabletest:tabletest-parser:1.2.0=testCompileClasspath,testRuntimeClasspath
+org.xmlresolver:xmlresolver:5.3.3=spotbugs
+empty=spotbugsPlugins

dd-java-agent/instrumentation/jetty/jetty-appsec/jetty-appsec-11.0/src/main/java/datadog/trace/instrumentation/jetty11/MultipartHelper.java

@@ -0,0 +1,32 @@
+package datadog.trace.instrumentation.jetty11;
+
+import jakarta.servlet.http.Part;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+
+public class MultipartHelper {
+
+  private MultipartHelper() {}
+
+  /**
+   * Extracts non-null, non-empty filenames from a collection of multipart {@link Part}s using
+   * {@link Part#getSubmittedFileName()} (Servlet 5.0+, Jetty 11.x).
+   *
+   * @return list of filenames; never {@code null}, may be empty
+   */
+  public static List<String> extractFilenames(Collection<Part> parts) {
+    if (parts == null || parts.isEmpty()) {
+      return Collections.emptyList();
+    }
+    List<String> filenames = new ArrayList<>();
+    for (Part part : parts) {
+      String name = part.getSubmittedFileName();
+      if (name != null && !name.isEmpty()) {
+        filenames.add(name);
+      }
+    }
+    return filenames;
+  }
+}