Add server.request.body.filenames support for Jersey and RESTEasy

Author: jandro996

dd-java-agent/instrumentation/jersey/jersey-2.0/src/jersey2JettyTest/groovy/datadog/trace/instrumentation/jersey2/Jersey2JettyTest.groovy

@@ -54,6 +54,11 @@ class Jersey2JettyTest extends HttpServerTest<JettyServer> {
     true
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    true
+  }
+
   @Override
   boolean testBodyJson() {
     true

dd-java-agent/instrumentation/jersey/jersey-2.0/src/jersey3JettyTest/groovy/datadog/trace/instrumentation/jersey3/Jersey3JettyTest.groovy

@@ -53,6 +53,11 @@ class Jersey3JettyTest extends HttpServerTest<JettyServer> {
     true
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    true
+  }
+
   @Override
   boolean testBodyJson() {
     true

dd-java-agent/instrumentation/jersey/jersey-appsec/jersey-appsec-2.0/src/main/java/datadog/trace/instrumentation/jersey2/MultiPartReaderServerSideInstrumentation.java

@@ -27,6 +27,7 @@
 import net.bytebuddy.asm.Advice;
 import org.glassfish.jersey.media.multipart.BodyPart;
 import org.glassfish.jersey.media.multipart.FormDataBodyPart;
+import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
 import org.glassfish.jersey.media.multipart.MultiPart;
 import org.glassfish.jersey.message.internal.MediaTypes;
 
@@ -110,6 +111,41 @@ static void after(
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
       }
+
+      BiFunction<RequestContext, List<String>, Flow<Void>> filenamesCallback =
+          cbp.getCallback(EVENTS.requestFilesFilenames());
+      if (filenamesCallback == null) {
+        return;
+      }
+      List<String> filenames = new ArrayList<>();
+      for (BodyPart bodyPart : ret.getBodyParts()) {
+        if (!(bodyPart instanceof FormDataBodyPart)) {
+          continue;
+        }
+        FormDataBodyPart dataBodyPart = (FormDataBodyPart) bodyPart;
+        FormDataContentDisposition cd = dataBodyPart.getFormDataContentDisposition();
+        if (cd == null) {
+          continue;
+        }
+        String filename = cd.getFileName();
+        if (filename != null && !filename.isEmpty()) {
+          filenames.add(filename);
+        }
+      }
+      if (filenames.isEmpty()) {
+        return;
+      }
+      Flow<Void> filenamesFlow = filenamesCallback.apply(reqCtx, filenames);
+      Flow.Action filenamesAction = filenamesFlow.getAction();
+      if (t == null && filenamesAction instanceof Flow.Action.RequestBlockingAction) {
+        Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) filenamesAction;
+        BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
+        if (blockResponseFunction != null) {
+          blockResponseFunction.tryCommitBlockingResponse(reqCtx.getTraceSegment(), rba);
+          t = new BlockingException("Blocked request (multipart file upload)");
+          reqCtx.getTraceSegment().effectivelyBlocked();
+        }
+      }
     }
   }
 }

dd-java-agent/instrumentation/jersey/jersey-appsec/jersey-appsec-3.0/src/main/java/datadog/trace/instrumentation/jersey3/MultiPartReaderServerSideInstrumentation.java

@@ -27,6 +27,7 @@
 import net.bytebuddy.asm.Advice;
 import org.glassfish.jersey.media.multipart.BodyPart;
 import org.glassfish.jersey.media.multipart.FormDataBodyPart;
+import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
 import org.glassfish.jersey.media.multipart.MultiPart;
 import org.glassfish.jersey.message.internal.MediaTypes;
 
@@ -110,6 +111,41 @@ static void after(
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
       }
+
+      BiFunction<RequestContext, List<String>, Flow<Void>> filenamesCallback =
+          cbp.getCallback(EVENTS.requestFilesFilenames());
+      if (filenamesCallback == null) {
+        return;
+      }
+      List<String> filenames = new ArrayList<>();
+      for (BodyPart bodyPart : ret.getBodyParts()) {
+        if (!(bodyPart instanceof FormDataBodyPart)) {
+          continue;
+        }
+        FormDataBodyPart dataBodyPart = (FormDataBodyPart) bodyPart;
+        FormDataContentDisposition cd = dataBodyPart.getFormDataContentDisposition();
+        if (cd == null) {
+          continue;
+        }
+        String filename = cd.getFileName();
+        if (filename != null && !filename.isEmpty()) {
+          filenames.add(filename);
+        }
+      }
+      if (filenames.isEmpty()) {
+        return;
+      }
+      Flow<Void> filenamesFlow = filenamesCallback.apply(reqCtx, filenames);
+      Flow.Action filenamesAction = filenamesFlow.getAction();
+      if (t == null && filenamesAction instanceof Flow.Action.RequestBlockingAction) {
+        Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) filenamesAction;
+        BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
+        if (blockResponseFunction != null) {
+          blockResponseFunction.tryCommitBlockingResponse(reqCtx.getTraceSegment(), rba);
+          t = new BlockingException("Blocked request (multipart file upload)");
+          reqCtx.getTraceSegment().effectivelyBlocked();
+        }
+      }
     }
   }
 }

dd-java-agent/instrumentation/resteasy/resteasy-appsec-3.0/src/main/java/datadog/trace/instrumentation/resteasy/MultipartFormDataReaderInstrumentation.java

@@ -96,6 +96,49 @@ static void after(
           reqCtx.getTraceSegment().effectivelyBlocked();
         }
       }
+
+      BiFunction<RequestContext, List<String>, Flow<Void>> filenamesCallback =
+          cbp.getCallback(EVENTS.requestFilesFilenames());
+      if (filenamesCallback == null) {
+        return;
+      }
+      List<String> filenames = new ArrayList<>();
+      for (Map.Entry<String, List<InputPart>> e : ret.getFormDataMap().entrySet()) {
+        for (InputPart inputPart : e.getValue()) {
+          List<String> cdHeaders = inputPart.getHeaders().get("Content-Disposition");
+          if (cdHeaders == null || cdHeaders.isEmpty()) {
+            continue;
+          }
+          String cd = cdHeaders.get(0);
+          for (String token : cd.split(";")) {
+            token = token.trim();
+            if (token.startsWith("filename=")) {
+              String filename = token.substring(9).trim();
+              if (filename.startsWith("\"") && filename.endsWith("\"")) {
+                filename = filename.substring(1, filename.length() - 1);
+              }
+              if (!filename.isEmpty()) {
+                filenames.add(filename);
+              }
+              break;
+            }
+          }
+        }
+      }
+      if (filenames.isEmpty()) {
+        return;
+      }
+      Flow<Void> filenamesFlow = filenamesCallback.apply(reqCtx, filenames);
+      Flow.Action filenamesAction = filenamesFlow.getAction();
+      if (t == null && filenamesAction instanceof Flow.Action.RequestBlockingAction) {
+        Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) filenamesAction;
+        BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
+        if (brf != null) {
+          brf.tryCommitBlockingResponse(reqCtx.getTraceSegment(), rba);
+          t = new BlockingException("Blocked request (multipart file upload)");
+          reqCtx.getTraceSegment().effectivelyBlocked();
+        }
+      }
     }
   }
 }