refactor(appsec): extract Netty file content reading to NettyFileUploadContentReader helper

jandro996 · jandro996 · commit 619e7b9a7615 · 2026-04-24T15:13:14.000+02:00
Move the in-memory/disk-backed FileUpload content reading logic out of ParseBodyAdvice
into a testable static helper class. Also fixes the partial-read risk on disk-backed
uploads (single fis.read() replaced by a loop) and broadens the catch to Exception to
handle IllegalReferenceCountException from released ByteBufs.
diff --git a/dd-java-agent/instrumentation/netty/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/HttpPostRequestDecoderInstrumentation.java b/dd-java-agent/instrumentation/netty/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/HttpPostRequestDecoderInstrumentation.java
@@ -18,16 +18,13 @@
 import datadog.trace.api.gateway.RequestContext;
 import datadog.trace.api.gateway.RequestContextSlot;
 import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
-import io.netty.buffer.ByteBuf;
 import io.netty.handler.codec.http.EmptyHttpHeaders;
 import io.netty.handler.codec.http.multipart.Attribute;
 import io.netty.handler.codec.http.multipart.FileUpload;
 import io.netty.handler.codec.http.multipart.InterfaceHttpData;
 import io.netty.handler.codec.http.multipart.InterfaceHttpPostRequestDecoder;
-import java.io.FileInputStream;
 import java.io.IOException;
 import java.lang.reflect.UndeclaredThrowableException;
-import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -74,6 +71,13 @@ public Reference[] additionalMuzzleReferences() {
     };
   }
 
+  @Override
+  public String[] helperClassNames() {
+    return new String[] {
+      packageName + ".NettyFileUploadContentReader",
+    };
+  }
+
   @Override
   public void methodAdvice(MethodTransformer transformer) {
     transformer.applyAdvice(
@@ -83,7 +87,6 @@ public void methodAdvice(MethodTransformer transformer) {
 
   @RequiresRequestContext(RequestContextSlot.APPSEC)
   static class ParseBodyAdvice {
-    private static final int MAX_CONTENT_BYTES = 4096;
     private static final int MAX_FILES_TO_INSPECT = 25;
 
     @Advice.OnMethodExit(suppress = Throwable.class, onThrowable = Throwable.class)
@@ -139,25 +142,7 @@ static void after(
             filenames.add(filename);
           }
           if (contentCb != null && filesContent.size() < MAX_FILES_TO_INSPECT) {
-            String contentStr = "";
-            try {
-              if (fileUpload.isInMemory()) {
-                ByteBuf buf = fileUpload.getByteBuf();
-                int length = Math.min(MAX_CONTENT_BYTES, buf.readableBytes());
-                byte[] bytes = new byte[length];
-                buf.getBytes(buf.readerIndex(), bytes);
-                contentStr = new String(bytes, StandardCharsets.ISO_8859_1);
-              } else {
-                byte[] bytes = new byte[MAX_CONTENT_BYTES];
-                int read;
-                try (FileInputStream fis = new FileInputStream(fileUpload.getFile())) {
-                  read = fis.read(bytes);
-                }
-                contentStr = new String(bytes, 0, read < 0 ? 0 : read, StandardCharsets.ISO_8859_1);
-              }
-            } catch (IOException ignored) {
-            }
-            filesContent.add(contentStr);
+            filesContent.add(NettyFileUploadContentReader.readContent(fileUpload));
           }
         }
       }
diff --git a/dd-java-agent/instrumentation/netty/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/NettyFileUploadContentReader.java b/dd-java-agent/instrumentation/netty/netty-4.1/src/main/java/datadog/trace/instrumentation/netty41/NettyFileUploadContentReader.java
@@ -0,0 +1,38 @@
+package datadog.trace.instrumentation.netty41;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.handler.codec.http.multipart.FileUpload;
+import java.io.FileInputStream;
+import java.nio.charset.StandardCharsets;
+
+/** Reads uploaded file content from a Netty {@link FileUpload} for WAF inspection. */
+public final class NettyFileUploadContentReader {
+  public static final int MAX_CONTENT_BYTES = 4096;
+
+  public static String readContent(FileUpload fileUpload) {
+    try {
+      if (fileUpload.isInMemory()) {
+        ByteBuf buf = fileUpload.getByteBuf();
+        int length = Math.min(MAX_CONTENT_BYTES, buf.readableBytes());
+        byte[] bytes = new byte[length];
+        buf.getBytes(buf.readerIndex(), bytes);
+        return new String(bytes, StandardCharsets.ISO_8859_1);
+      } else {
+        byte[] bytes = new byte[MAX_CONTENT_BYTES];
+        int total = 0;
+        int n;
+        try (FileInputStream fis = new FileInputStream(fileUpload.getFile())) {
+          while (total < MAX_CONTENT_BYTES
+              && (n = fis.read(bytes, total, MAX_CONTENT_BYTES - total)) != -1) {
+            total += n;
+          }
+        }
+        return new String(bytes, 0, total, StandardCharsets.ISO_8859_1);
+      }
+    } catch (Exception ignored) {
+      return "";
+    }
+  }
+
+  private NettyFileUploadContentReader() {}
+}
diff --git a/dd-java-agent/instrumentation/netty/netty-4.1/src/test/groovy/NettyFileUploadContentReaderTest.groovy b/dd-java-agent/instrumentation/netty/netty-4.1/src/test/groovy/NettyFileUploadContentReaderTest.groovy
@@ -0,0 +1,141 @@
+import datadog.trace.instrumentation.netty41.NettyFileUploadContentReader
+import io.netty.buffer.Unpooled
+import io.netty.handler.codec.http.multipart.FileUpload
+import spock.lang.Specification
+import spock.lang.TempDir
+
+import java.nio.charset.StandardCharsets
+import java.nio.file.Path
+
+class NettyFileUploadContentReaderTest extends Specification {
+
+  @TempDir
+  Path tempDir
+
+  // --- in-memory path ---
+
+  void 'readContent returns content from in-memory FileUpload'() {
+    given:
+    def upload = inMemoryUpload('hello world')
+
+    expect:
+    NettyFileUploadContentReader.readContent(upload) == 'hello world'
+  }
+
+  void 'readContent truncates in-memory content at MAX_CONTENT_BYTES'() {
+    given:
+    def upload = inMemoryUpload('X' * inputSize)
+
+    when:
+    def result = NettyFileUploadContentReader.readContent(upload)
+
+    then:
+    result.length() == expectedSize
+
+    where:
+    inputSize                                              | expectedSize
+    13                                                     | 13
+    NettyFileUploadContentReader.MAX_CONTENT_BYTES - 1    | NettyFileUploadContentReader.MAX_CONTENT_BYTES - 1
+    NettyFileUploadContentReader.MAX_CONTENT_BYTES        | NettyFileUploadContentReader.MAX_CONTENT_BYTES
+    NettyFileUploadContentReader.MAX_CONTENT_BYTES + 500  | NettyFileUploadContentReader.MAX_CONTENT_BYTES
+  }
+
+  void 'readContent returns empty string for empty in-memory content'() {
+    given:
+    def upload = inMemoryUpload('')
+
+    expect:
+    NettyFileUploadContentReader.readContent(upload) == ''
+  }
+
+  void 'readContent does not advance readerIndex of the underlying ByteBuf'() {
+    given:
+    def content = 'sensitive data'
+    def upload = inMemoryUpload(content)
+    def buf = upload.getByteBuf()
+    def indexBefore = buf.readerIndex()
+
+    when:
+    NettyFileUploadContentReader.readContent(upload)
+
+    then:
+    buf.readerIndex() == indexBefore
+  }
+
+  // --- disk-backed path ---
+
+  void 'readContent returns content from disk-backed FileUpload'() {
+    given:
+    def upload = diskBackedUpload('hello from disk')
+
+    expect:
+    NettyFileUploadContentReader.readContent(upload) == 'hello from disk'
+  }
+
+  void 'readContent truncates disk-backed content at MAX_CONTENT_BYTES'() {
+    given:
+    def upload = diskBackedUpload('Y' * inputSize)
+
+    when:
+    def result = NettyFileUploadContentReader.readContent(upload)
+
+    then:
+    result.length() == expectedSize
+
+    where:
+    inputSize                                              | expectedSize
+    13                                                     | 13
+    NettyFileUploadContentReader.MAX_CONTENT_BYTES - 1    | NettyFileUploadContentReader.MAX_CONTENT_BYTES - 1
+    NettyFileUploadContentReader.MAX_CONTENT_BYTES        | NettyFileUploadContentReader.MAX_CONTENT_BYTES
+    NettyFileUploadContentReader.MAX_CONTENT_BYTES + 500  | NettyFileUploadContentReader.MAX_CONTENT_BYTES
+  }
+
+  void 'readContent returns empty string for empty disk-backed file'() {
+    given:
+    def upload = diskBackedUpload('')
+
+    expect:
+    NettyFileUploadContentReader.readContent(upload) == ''
+  }
+
+  // --- error handling ---
+
+  void 'readContent returns empty string when getByteBuf throws'() {
+    given:
+    FileUpload upload = Stub(FileUpload)
+    upload.isInMemory() >> true
+    upload.getByteBuf() >> { throw new RuntimeException('simulated error') }
+
+    expect:
+    NettyFileUploadContentReader.readContent(upload) == ''
+  }
+
+  void 'readContent returns empty string when getFile throws'() {
+    given:
+    FileUpload upload = Stub(FileUpload)
+    upload.isInMemory() >> false
+    upload.getFile() >> { throw new IOException('simulated error') }
+
+    expect:
+    NettyFileUploadContentReader.readContent(upload) == ''
+  }
+
+  // --- helpers ---
+
+  private FileUpload inMemoryUpload(String content) {
+    def buf = Unpooled.copiedBuffer(content, StandardCharsets.ISO_8859_1)
+    FileUpload upload = Stub(FileUpload)
+    upload.isInMemory() >> true
+    upload.getByteBuf() >> buf
+    return upload
+  }
+
+  private FileUpload diskBackedUpload(String content) {
+    def file = tempDir.resolve('upload.bin').toFile()
+    file.bytes = content.getBytes(StandardCharsets.ISO_8859_1)
+    FileUpload upload = Stub(FileUpload)
+    upload.isInMemory() >> false
+    upload.getFile() >> file
+    return upload
+  }
+}
