feat(rasp): instrument FileOutputStream/FileInputStream(File) constructors

Add RASP callsite coverage for File-argument constructors that were
previously not instrumented:

- FileOutputStream(File) and FileOutputStream(File, boolean): call
  FileIORaspHelper.INSTANCE.beforeFileWritten(file.getPath())
- FileInputStream(File): call
  FileIORaspHelper.INSTANCE.beforeFileLoaded(file.getPath())

No IAST changes — the File-based constructors delegate path resolution
to the JVM, so IAST taint tracking via the String constructor already
covers those code paths at a higher level.

Tests added following the existing RASP test pattern.

Author: jandro996

dd-java-agent/instrumentation/java/java-io-1.8/src/main/java/datadog/trace/instrumentation/java/lang/FileInputStreamCallSite.java

@@ -7,6 +7,7 @@
 import datadog.trace.api.iast.Sink;
 import datadog.trace.api.iast.VulnerabilityTypes;
 import datadog.trace.api.iast.sink.PathTraversalModule;
+import java.io.File;
 import javax.annotation.Nullable;
 
 @Sink(VulnerabilityTypes.PATH_TRAVERSAL)
@@ -23,6 +24,13 @@ public static void beforeConstructor(@CallSite.Argument @Nullable final String p
     }
   }
 
+  @CallSite.Before("void java.io.FileInputStream.<init>(java.io.File)")
+  public static void beforeConstructorFile(@CallSite.Argument @Nullable final File file) {
+    if (file != null) {
+      raspCallback(file.getPath());
+    }
+  }
+
   private static void iastCallback(String path) {
     final PathTraversalModule module = InstrumentationBridge.PATH_TRAVERSAL;
     if (module != null) {

dd-java-agent/instrumentation/java/java-io-1.8/src/main/java/datadog/trace/instrumentation/java/lang/FileOutputStreamCallSite.java

@@ -7,6 +7,7 @@
 import datadog.trace.api.iast.Sink;
 import datadog.trace.api.iast.VulnerabilityTypes;
 import datadog.trace.api.iast.sink.PathTraversalModule;
+import java.io.File;
 import javax.annotation.Nullable;
 
 @Sink(VulnerabilityTypes.PATH_TRAVERSAL)
@@ -24,6 +25,14 @@ public static void beforeConstructor(@CallSite.Argument(0) @Nullable final Strin
     }
   }
 
+  @CallSite.Before("void java.io.FileOutputStream.<init>(java.io.File)")
+  @CallSite.Before("void java.io.FileOutputStream.<init>(java.io.File, boolean)")
+  public static void beforeConstructorFile(@CallSite.Argument(0) @Nullable final File file) {
+    if (file != null) {
+      raspCallback(file.getPath());
+    }
+  }
+
   private static void iastCallback(String path) {
     final PathTraversalModule module = InstrumentationBridge.PATH_TRAVERSAL;
     if (module != null) {

dd-java-agent/instrumentation/java/java-io-1.8/src/test/groovy/datadog/trace/instrumentation/java/io/FileInputStreamCallSiteTest.groovy

@@ -32,4 +32,17 @@ class FileInputStreamCallSiteTest extends BaseIoRaspCallSiteTest {
     then:
     1 * helper.beforeFileLoaded(path)
   }
+
+  void 'test RASP new file input stream with file'() {
+    setup:
+    final helper = Mock(FileIORaspHelper)
+    FileIORaspHelper.INSTANCE = helper
+    final file = newFile('test_rasp_file.txt')
+
+    when:
+    TestFileInputStreamSuite.newFileInputStream(file)
+
+    then:
+    1 * helper.beforeFileLoaded(file.path)
+  }
 }

dd-java-agent/instrumentation/java/java-io-1.8/src/test/groovy/datadog/trace/instrumentation/java/io/FileOutputStreamCallSiteTest.groovy

@@ -60,4 +60,30 @@ class FileOutputStreamCallSiteTest extends BaseIoRaspCallSiteTest {
     then:
     1 * helper.beforeFileWritten(path)
   }
+
+  void 'test RASP new file output stream with file'() {
+    setup:
+    final helper = Mock(FileIORaspHelper)
+    FileIORaspHelper.INSTANCE = helper
+    final file = newFile('test_rasp_file_1.txt')
+
+    when:
+    TestFileOutputStreamSuite.newFileOutputStream(file)
+
+    then:
+    1 * helper.beforeFileWritten(file.path)
+  }
+
+  void 'test RASP new file output stream with file and append'() {
+    setup:
+    final helper = Mock(FileIORaspHelper)
+    FileIORaspHelper.INSTANCE = helper
+    final file = newFile('test_rasp_file_2.txt')
+
+    when:
+    TestFileOutputStreamSuite.newFileOutputStream(file, false)
+
+    then:
+    1 * helper.beforeFileWritten(file.path)
+  }
 }

dd-java-agent/instrumentation/java/java-io-1.8/src/test/java/foo/bar/TestFileInputStreamSuite.java

@@ -1,5 +1,6 @@
 package foo.bar;
 
+import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 
@@ -8,4 +9,8 @@ public class TestFileInputStreamSuite {
   public static FileInputStream newFileInputStream(final String path) throws FileNotFoundException {
     return new FileInputStream(path);
   }
+
+  public static FileInputStream newFileInputStream(final File file) throws FileNotFoundException {
+    return new FileInputStream(file);
+  }
 }

dd-java-agent/instrumentation/java/java-io-1.8/src/test/java/foo/bar/TestFileOutputStreamSuite.java

@@ -1,5 +1,6 @@
 package foo.bar;
 
+import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 
@@ -14,4 +15,13 @@ public static FileOutputStream newFileOutputStream(final String path, final bool
       throws FileNotFoundException {
     return new FileOutputStream(path, append);
   }
+
+  public static FileOutputStream newFileOutputStream(final File file) throws FileNotFoundException {
+    return new FileOutputStream(file);
+  }
+
+  public static FileOutputStream newFileOutputStream(final File file, final boolean append)
+      throws FileNotFoundException {
+    return new FileOutputStream(file, append);
+  }
 }