Add unit tests for FormDataMap and BodyParserHelpers.jsValueToJavaObject

Author: jandro996

dd-java-agent/instrumentation/play/play-appsec-2.6/src/test/java/datadog/trace/instrumentation/play26/appsec/BodyParserHelpersTest.java

@@ -0,0 +1,104 @@
+package datadog.trace.instrumentation.play26.appsec;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.math.BigDecimal;
+import java.util.List;
+import java.util.Map;
+import org.junit.jupiter.api.Test;
+import play.api.libs.json.JsValue;
+
+class BodyParserHelpersTest {
+
+  private static JsValue parse(String json) {
+    return play.api.libs.json.Json$.MODULE$.parse(json);
+  }
+
+  @Test
+  void jsValueToJavaObject_nullInputReturnsNull() {
+    assertNull(BodyParserHelpers.jsValueToJavaObject(null));
+  }
+
+  @Test
+  void jsValueToJavaObject_jsNullReturnsNull() {
+    assertNull(BodyParserHelpers.jsValueToJavaObject(parse("null")));
+  }
+
+  @Test
+  void jsValueToJavaObject_string() {
+    Object result = BodyParserHelpers.jsValueToJavaObject(parse("\"hello\""));
+    assertEquals("hello", result);
+  }
+
+  @Test
+  void jsValueToJavaObject_number() {
+    Object result = BodyParserHelpers.jsValueToJavaObject(parse("42"));
+    assertTrue(result instanceof BigDecimal);
+    assertEquals(0, ((BigDecimal) result).compareTo(new BigDecimal("42")));
+  }
+
+  @Test
+  void jsValueToJavaObject_booleanTrue() {
+    Object result = BodyParserHelpers.jsValueToJavaObject(parse("true"));
+    assertEquals(Boolean.TRUE, result);
+  }
+
+  @Test
+  void jsValueToJavaObject_booleanFalse() {
+    Object result = BodyParserHelpers.jsValueToJavaObject(parse("false"));
+    assertEquals(Boolean.FALSE, result);
+  }
+
+  @Test
+  @SuppressWarnings("unchecked")
+  void jsValueToJavaObject_object() {
+    Object result = BodyParserHelpers.jsValueToJavaObject(parse("{\"key\":\"value\",\"num\":1}"));
+    assertTrue(result instanceof Map);
+    Map<String, Object> map = (Map<String, Object>) result;
+    assertEquals("value", map.get("key"));
+    assertTrue(map.get("num") instanceof BigDecimal);
+  }
+
+  @Test
+  @SuppressWarnings("unchecked")
+  void jsValueToJavaObject_array() {
+    Object result = BodyParserHelpers.jsValueToJavaObject(parse("[\"a\",\"b\",\"c\"]"));
+    assertTrue(result instanceof List);
+    List<Object> list = (List<Object>) result;
+    assertEquals(3, list.size());
+    assertEquals("a", list.get(0));
+    assertEquals("b", list.get(1));
+    assertEquals("c", list.get(2));
+  }
+
+  @Test
+  @SuppressWarnings("unchecked")
+  void jsValueToJavaObject_nestedObject() {
+    Object result =
+        BodyParserHelpers.jsValueToJavaObject(parse("{\"outer\":{\"inner\":\"deep\"}}"));
+    assertTrue(result instanceof Map);
+    Map<String, Object> outer = (Map<String, Object>) result;
+    assertTrue(outer.get("outer") instanceof Map);
+    Map<String, Object> inner = (Map<String, Object>) outer.get("outer");
+    assertEquals("deep", inner.get("inner"));
+  }
+
+  @Test
+  void jsValueToJavaObject_zeroRecursionReturnsNull() {
+    Object result = BodyParserHelpers.jsValueToJavaObject(parse("{\"key\":\"value\"}"), 0);
+    assertNull(result);
+  }
+
+  @Test
+  @SuppressWarnings("unchecked")
+  void jsValueToJavaObject_recursionLimitTruncatesNesting() {
+    // depth=1 means the object itself is converted but children are null
+    Object result = BodyParserHelpers.jsValueToJavaObject(parse("{\"a\":{\"b\":\"val\"}}"), 1);
+    assertTrue(result instanceof Map);
+    Map<String, Object> map = (Map<String, Object>) result;
+    // inner object exceeds depth so its value is null
+    assertNull(map.get("a"));
+  }
+}

dd-java-agent/instrumentation/undertow/undertow-2.0/src/test/java/datadog/trace/instrumentation/undertow/FormDataMapTest.java

@@ -0,0 +1,141 @@
+package datadog.trace.instrumentation.undertow;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import io.undertow.server.handlers.form.FormData;
+import io.undertow.util.HeaderMap;
+import java.io.File;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayDeque;
+import java.util.Collection;
+import java.util.Deque;
+import java.util.Map;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+
+class FormDataMapTest {
+
+  @TempDir Path tempDir;
+
+  @Test
+  void textFieldIsIncluded() {
+    FormData fd = new FormData(10);
+    fd.add("name", "John");
+    FormDataMap map = new FormDataMap(fd);
+
+    assertTrue(map.containsKey("name"));
+    Collection<String> values = map.get("name");
+    assertEquals(1, values.size());
+    assertTrue(values.contains("John"));
+  }
+
+  @Test
+  void multipleTextValuesForSameKey() {
+    FormData fd = new FormData(10);
+    fd.add("tag", "foo");
+    fd.add("tag", "bar");
+    FormDataMap map = new FormDataMap(fd);
+
+    Collection<String> values = map.get("tag");
+    assertEquals(2, values.size());
+    assertTrue(values.contains("foo"));
+    assertTrue(values.contains("bar"));
+  }
+
+  @Test
+  void diskFileIsExcluded() throws IOException {
+    Path file = Files.createTempFile(tempDir, "upload", ".txt");
+    FormData fd = new FormData(10);
+    fd.add("upload", file, "evil.php", new HeaderMap());
+    FormDataMap map = new FormDataMap(fd);
+
+    assertTrue(map.containsKey("upload"));
+    assertTrue(map.get("upload").isEmpty());
+  }
+
+  @Test
+  void inMemoryFileIsExcluded() throws Exception {
+    // In undertow 2.2+, isFile() returns false for in-memory uploads, but getFileName() is still
+    // set. Verify our check (getFileName() == null) correctly excludes these uploads too.
+    FormData fd = new FormData(10);
+    addInMemoryFileValue(fd, "file", "evil.php");
+    FormDataMap map = new FormDataMap(fd);
+
+    assertTrue(map.containsKey("file"));
+    assertTrue(map.get("file").isEmpty());
+  }
+
+  @Test
+  void mixedTextAndFileFields() throws IOException {
+    Path file = Files.createTempFile(tempDir, "upload", ".txt");
+    FormData fd = new FormData(10);
+    fd.add("name", "John");
+    fd.add("email", "john@example.com");
+    fd.add("upload", file, "evil.php", new HeaderMap());
+    FormDataMap map = new FormDataMap(fd);
+
+    assertEquals(3, map.size());
+    assertTrue(map.get("name").contains("John"));
+    assertTrue(map.get("email").contains("john@example.com"));
+    assertTrue(map.get("upload").isEmpty());
+  }
+
+  @Test
+  void emptyFormData() {
+    FormData fd = new FormData(10);
+    FormDataMap map = new FormDataMap(fd);
+
+    assertTrue(map.isEmpty());
+    assertEquals(0, map.size());
+  }
+
+  @SuppressWarnings("unchecked")
+  private static void addInMemoryFileValue(FormData fd, String name, String filename)
+      throws Exception {
+    Field valuesField = FormData.class.getDeclaredField("values");
+    valuesField.setAccessible(true);
+    Map<String, Deque<FormData.FormValue>> values =
+        (Map<String, Deque<FormData.FormValue>>) valuesField.get(fd);
+
+    FormData.FormValue inMemory =
+        new FormData.FormValue() {
+          @Override
+          public String getValue() {
+            return "";
+          }
+
+          @Override
+          public boolean isFile() {
+            return false;
+          }
+
+          @Override
+          public String getFileName() {
+            return filename;
+          }
+
+          @Override
+          public Path getPath() {
+            return null;
+          }
+
+          @Override
+          public File getFile() {
+            return null;
+          }
+
+          @Override
+          public HeaderMap getHeaders() {
+            return null;
+          }
+        };
+
+    Deque<FormData.FormValue> deque = new ArrayDeque<>();
+    deque.add(inMemory);
+    values.put(name, deque);
+  }
+}