Merge branch 'master' into alejandro.gonzalez/APPSEC-61873-5-jersey-resteasy

Author: jandro996

.github/workflows/analyze-changes.yaml

@@ -20,7 +20,7 @@ jobs:
         with:
           submodules: 'recursive'
       - name: Cache Gradle dependencies
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
         with:
           path: |
             ~/.gradle/caches
@@ -30,7 +30,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -43,7 +43,7 @@ jobs:
           ./gradlew clean :dd-java-agent:shadowJar --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
 
   trivy:
     name: Analyze changes with Trivy
@@ -60,7 +60,7 @@ jobs:
           submodules: 'recursive'
 
       - name: Cache Gradle dependencies
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
         with:
           path: |
             ~/.gradle/caches
@@ -102,7 +102,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'

.github/workflows/run-system-tests.yaml

@@ -30,7 +30,7 @@ jobs:
           fetch-depth: 0
 
       - name: Cache Gradle dependencies
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
         with:
           path: |
             ~/.gradle/caches
@@ -76,7 +76,10 @@ jobs:
       scenarios_groups: tracer-release
       excluded_scenarios: APM_TRACING_E2E_OTEL,APM_TRACING_E2E_SINGLE_SPAN,PROFILING  # exclude flaky scenarios
       skip_empty_scenarios: true
-      push_to_test_optimization: false # disabled to avoid pushing to Test Optimization while API key is transitioning to system-tests
+      push_to_test_optimization: true
+    secrets:
+      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
 
   # Ensure the main job is run to completion
   check:

.gitlab-ci.yml

@@ -4,10 +4,29 @@ include:
   - local: ".gitlab/macrobenchmarks.yml"
   - local: ".gitlab/exploration-tests.yml"
   - local: ".gitlab/ci-visibility-tests.yml"
+  - project: 'DataDog/apm-reliability/apm-sdks-benchmarks'
+    file: '.gitlab/ci-java-spring-petclinic-parallel.yml'
+    ref: 'main'
+  - project: 'DataDog/apm-reliability/apm-sdks-benchmarks'
+    file: '.gitlab/ci-java-load-parallel.yml'
+    ref: 'main'
+  - project: 'DataDog/apm-reliability/apm-sdks-benchmarks'
+    file: '.gitlab/ci-java-startup-parallel.yml'
+    ref: 'main'
+  - project: 'DataDog/apm-reliability/apm-sdks-benchmarks'
+    file: '.gitlab/ci-java-dacapo-parallel.yml'
+    ref: 'main'
+  - local: ".gitlab/java-benchmark-configs.yml"
 
 stages:
   - build
   - publish
+  # These benchmarks are intended to replace the legacy benchmarks in the future
+  - java-spring-petclinic-parallel
+  - java-spring-petclinic-parallel-slo
+  - java-startup-parallel
+  - java-load-parallel
+  - java-dacapo-parallel
   - shared-pipeline
   - benchmarks
   - macrobenchmarks

.gitlab/java-benchmark-configs.yml

@@ -0,0 +1,21 @@
+# Ensure the tracer artifact publish finishes before the benchmark jobs start.
+linux-java-spring-petclinic-parallel:
+  needs: ["publish-artifacts-to-s3"]
+
+linux-java-insecure-bank-load-parallel:
+  needs: ["publish-artifacts-to-s3"]
+
+linux-java-spring-petclinic-load-parallel:
+  needs: ["publish-artifacts-to-s3"]
+
+linux-java-insecure-bank-startup-parallel:
+  needs: ["publish-artifacts-to-s3"]
+
+linux-java-spring-petclinic-startup-parallel:
+  needs: ["publish-artifacts-to-s3"]
+
+linux-java-dacapo-parallel-1:
+  needs: ["publish-artifacts-to-s3"]
+
+linux-java-dacapo-parallel-2:
+  needs: ["publish-artifacts-to-s3"]

dd-java-agent/agent-crashtracking/src/main/java/datadog/crashtracking/ConfigManager.java

@@ -12,9 +12,13 @@
 import datadog.trace.util.RandomUtils;
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
 import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.nio.charset.StandardCharsets;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import javax.annotation.Nullable;
@@ -157,8 +161,8 @@ public StoredConfig build() {
 
   private ConfigManager() {}
 
-  private static String getBaseName(Path path) {
-    String filename = path.getFileName().toString();
+  private static String getBaseName(File file) {
+    String filename = file.getName();
     int dotIndex = filename.lastIndexOf('.');
     if (dotIndex == -1) {
       return filename;
@@ -185,18 +189,20 @@ private static void writeEntry(BufferedWriter writer, CharSequence key, CharSequ
     writer.newLine();
   }
 
-  public static void writeConfigToPath(Path scriptPath, String... additionalEntries) {
-    String cfgFileName = getBaseName(scriptPath) + PID_PREFIX + PidHelper.getPid() + ".cfg";
-    Path cfgPath = scriptPath.resolveSibling(cfgFileName);
-    writeConfigToFile(Config.get(), cfgPath, additionalEntries);
+  public static void writeConfigToPath(File scriptFile, String... additionalEntries) {
+    String cfgFileName = getBaseName(scriptFile) + PID_PREFIX + PidHelper.getPid() + ".cfg";
+    File cfgFile = new File(scriptFile.getParentFile(), cfgFileName);
+    writeConfigToFile(Config.get(), cfgFile, additionalEntries);
   }
 
   // @VisibleForTesting
-  static void writeConfigToFile(Config config, Path cfgPath, String... additionalEntries) {
+  static void writeConfigToFile(Config config, File cfgFile, String... additionalEntries) {
     final WellKnownTags wellKnownTags = config.getWellKnownTags();
 
-    LOGGER.debug("Writing config file: {}", cfgPath);
-    try (BufferedWriter bw = Files.newBufferedWriter(cfgPath)) {
+    LOGGER.debug("Writing config file: {}", cfgFile);
+    try (BufferedWriter bw =
+        new BufferedWriter(
+            new OutputStreamWriter(new FileOutputStream(cfgFile), StandardCharsets.UTF_8))) {
       for (int i = 0; i < additionalEntries.length; i += 2) {
         writeEntry(bw, additionalEntries[i], additionalEntries[i + 1]);
       }
@@ -217,27 +223,21 @@ static void writeConfigToFile(Config config, Path cfgPath, String... additionalE
               new Thread(
                   AGENT_THREAD_GROUP,
                   () -> {
-                    try {
-                      LOGGER.debug("Deleting config file: {}", cfgPath);
-                      Files.deleteIfExists(cfgPath);
-                    } catch (IOException e) {
-                      LOGGER.warn(SEND_TELEMETRY, "Failed deleting config file: {}", cfgPath, e);
-                    }
+                    LOGGER.debug("Deleting config file: {}", cfgFile);
+                    cfgFile.delete();
                   }));
-      LOGGER.debug("Config file written: {}", cfgPath);
+      LOGGER.debug("Config file written: {}", cfgFile);
     } catch (IOException e) {
-      LOGGER.warn(SEND_TELEMETRY, "Failed writing config file: {}", cfgPath);
-      try {
-        Files.deleteIfExists(cfgPath);
-      } catch (IOException ignored) {
-        // ignore
-      }
+      LOGGER.warn(SEND_TELEMETRY, "Failed writing config file: {}", cfgFile);
+      cfgFile.delete(); // best-effort cleanup; failure is acceptable here
     }
   }
 
   @Nullable
-  public static StoredConfig readConfig(Config config, Path scriptPath) {
-    try (final BufferedReader reader = Files.newBufferedReader(scriptPath)) {
+  public static StoredConfig readConfig(Config config, File scriptFile) {
+    try (final BufferedReader reader =
+        new BufferedReader(
+            new InputStreamReader(new FileInputStream(scriptFile), StandardCharsets.UTF_8))) {
       final StoredConfig.Builder cfgBuilder = new StoredConfig.Builder(config);
       String line;
       while ((line = reader.readLine()) != null) {
@@ -284,7 +284,7 @@ public static StoredConfig readConfig(Config config, Path scriptPath) {
       }
       return cfgBuilder.build();
     } catch (Throwable t) {
-      LOGGER.error("Failed to read config file: {}", scriptPath, t);
+      LOGGER.error("Failed to read config file: {}", scriptFile, t);
     }
     return null;
   }

dd-java-agent/agent-crashtracking/src/main/java/datadog/crashtracking/CrashUploaderScriptInitializer.java

@@ -2,27 +2,23 @@
 
 import static datadog.crashtracking.ConfigManager.writeConfigToPath;
 import static datadog.crashtracking.Initializer.LOG;
-import static datadog.crashtracking.Initializer.RWXRWXRWX;
-import static datadog.crashtracking.Initializer.R_XR_XR_X;
 import static datadog.crashtracking.Initializer.findAgentJar;
 import static datadog.crashtracking.Initializer.getCrashUploaderTemplate;
 import static datadog.trace.api.telemetry.LogCollector.SEND_TELEMETRY;
-import static java.nio.file.attribute.PosixFilePermissions.asFileAttribute;
-import static java.nio.file.attribute.PosixFilePermissions.fromString;
 import static java.util.Locale.ROOT;
 
 import datadog.environment.SystemProperties;
 import datadog.trace.util.PidHelper;
 import datadog.trace.util.Strings;
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.nio.file.FileAlreadyExistsException;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
+import java.io.OutputStreamWriter;
+import java.nio.charset.StandardCharsets;
 
 public final class CrashUploaderScriptInitializer {
   private static final String SETUP_FAILURE_MESSAGE = "Crash tracking will not work properly.";
@@ -54,71 +50,78 @@ static void initialize(String onErrorVal, String onErrorFile, String javacorePat
       return;
     }
 
-    Path scriptPath = Paths.get(onErrorVal.replace(" %p", ""));
+    File scriptFile = new File(onErrorVal.replace(" %p", ""));
     boolean isDDCrashUploader =
-        scriptPath.getFileName().toString().toLowerCase(ROOT).contains("dd_crash_uploader");
-    if (isDDCrashUploader && !copyCrashUploaderScript(scriptPath, onErrorFile, agentJar)) {
+        scriptFile.getName().toLowerCase(ROOT).contains("dd_crash_uploader");
+    if (isDDCrashUploader && !copyCrashUploaderScript(scriptFile, onErrorFile, agentJar)) {
       return;
     }
 
     if (javacorePath != null && !javacorePath.isEmpty()) {
-      writeConfigToPath(scriptPath, "agent", agentJar, "javacore_path", javacorePath);
+      writeConfigToPath(scriptFile, "agent", agentJar, "javacore_path", javacorePath);
     } else {
-      writeConfigToPath(scriptPath, "agent", agentJar, "hs_err", onErrorFile);
+      writeConfigToPath(scriptFile, "agent", agentJar, "hs_err", onErrorFile);
     }
   }
 
   private static boolean copyCrashUploaderScript(
-      Path scriptPath, String onErrorFile, String agentJar) {
-    Path scriptDirectory = scriptPath.getParent();
-    try {
-      Files.createDirectories(scriptDirectory, asFileAttribute(fromString(RWXRWXRWX)));
-    } catch (UnsupportedOperationException e) {
-      LOG.warn(
-          SEND_TELEMETRY,
-          "Unsupported permissions '" + RWXRWXRWX + "' for {}. " + SETUP_FAILURE_MESSAGE,
-          scriptDirectory);
-      return false;
-    } catch (FileAlreadyExistsException ignored) {
-      // can be safely ignored; if the folder exists we will just reuse it
-      if (!Files.isWritable(scriptDirectory)) {
+      File scriptFile, String onErrorFile, String agentJar) {
+    File scriptDirectory = scriptFile.getParentFile();
+    if (!scriptDirectory.exists()) {
+      if (!scriptDirectory.mkdirs()) {
         LOG.warn(
-            SEND_TELEMETRY, "Read only directory {}. " + SETUP_FAILURE_MESSAGE, scriptDirectory);
+            SEND_TELEMETRY,
+            "Failed to create writable crash tracking script folder {}. " + SETUP_FAILURE_MESSAGE,
+            scriptDirectory);
         return false;
       }
-    } catch (IOException e) {
-      LOG.warn(
-          SEND_TELEMETRY,
-          "Failed to create writable crash tracking script folder {}. " + SETUP_FAILURE_MESSAGE,
-          scriptDirectory);
+      boolean permissionFailure = false;
+      permissionFailure |= !scriptDirectory.setReadable(true, false);
+      permissionFailure |= !scriptDirectory.setWritable(true, false);
+      permissionFailure |= !scriptDirectory.setExecutable(true, false);
+      if (permissionFailure) {
+        LOG.warn(
+            SEND_TELEMETRY,
+            "Failed to set permissions on crash tracking script folder {}. {}",
+            scriptDirectory,
+            SETUP_FAILURE_MESSAGE);
+      }
+    }
+    if (!scriptDirectory.canWrite()) {
+      LOG.warn(SEND_TELEMETRY, "Read only directory {}. " + SETUP_FAILURE_MESSAGE, scriptDirectory);
       return false;
     }
     try {
-      LOG.debug("Writing crash uploader script: {}", scriptPath);
-      writeCrashUploaderScript(getCrashUploaderTemplate(), scriptPath, agentJar, onErrorFile);
+      LOG.debug("Writing crash uploader script: {}", scriptFile);
+      writeCrashUploaderScript(getCrashUploaderTemplate(), scriptFile, agentJar, onErrorFile);
     } catch (IOException e) {
       LOG.warn(
           SEND_TELEMETRY,
           "Failed to copy crash tracking script {}. " + SETUP_FAILURE_MESSAGE,
-          scriptPath);
+          scriptFile);
       return false;
     }
     return true;
   }
 
   private static void writeCrashUploaderScript(
-      InputStream template, Path scriptPath, String execClass, String crashFile)
+      InputStream template, File scriptFile, String execClass, String crashFile)
       throws IOException {
-    if (!Files.exists(scriptPath)) {
+    if (!scriptFile.exists()) {
       try (BufferedReader br = new BufferedReader(new InputStreamReader(template));
-          BufferedWriter bw = Files.newBufferedWriter(scriptPath)) {
+          BufferedWriter bw =
+              new BufferedWriter(
+                  new OutputStreamWriter(
+                      new FileOutputStream(scriptFile), StandardCharsets.UTF_8))) {
         String line;
         while ((line = br.readLine()) != null) {
           bw.write(template(line, execClass, crashFile));
           bw.newLine();
         }
       }
-      Files.setPosixFilePermissions(scriptPath, fromString(R_XR_XR_X));
+      scriptFile.setReadable(true, false);
+      scriptFile.setWritable(false, false);
+      scriptFile.setExecutable(true, false);
     }
   }