Fix CI test failures for file_write RASP event

jandro996 · jandro996 · commit cff741f0e5ef · 2026-04-13T11:18:39.000+02:00
- Add FILE_WRITTEN_ID to InstrumentationGateway callback-wrapping switch so
  exceptions in fileWritten() callbacks are properly caught (fixes
  InstrumentationGatewayTest#testThrowableBlocking)
- Change rasp-930-101 smoke test rule from lfi_detector to match_regex
  operator, since lfi_detector only supports server.io.fs.file as
  resource address; match_regex on server.io.fs.file_write with
  path-traversal regex correctly detects ../../../etc/passwd patterns
diff --git a/dd-smoke-tests/appsec/springboot/src/test/groovy/datadog/smoketest/appsec/SpringBootSmokeTest.groovy b/dd-smoke-tests/appsec/springboot/src/test/groovy/datadog/smoketest/appsec/SpringBootSmokeTest.groovy
@@ -434,10 +434,11 @@ class SpringBootSmokeTest extends AbstractAppSecServerSmokeTest {
           conditions  : [
             [
               parameters: [
-                resource: [[address: 'server.io.fs.file_write']],
-                params  : [[address: 'server.request.query']],
+                inputs : [[address: 'server.io.fs.file_write']],
+                regex  : '(?:^|[/\\\\])\\.\\.[/\\\\]',
+                options: [case_sensitive: true, min_length: 4],
               ],
-              operator  : 'lfi_detector',
+              operator  : 'match_regex',
             ],
           ],
           transformers: [],
diff --git a/internal-api/src/main/java/datadog/trace/api/gateway/InstrumentationGateway.java b/internal-api/src/main/java/datadog/trace/api/gateway/InstrumentationGateway.java
@@ -4,6 +4,7 @@
 import static datadog.trace.api.gateway.Events.DATABASE_SQL_QUERY_ID;
 import static datadog.trace.api.gateway.Events.EXEC_CMD_ID;
 import static datadog.trace.api.gateway.Events.FILE_LOADED_ID;
+import static datadog.trace.api.gateway.Events.FILE_WRITTEN_ID;
 import static datadog.trace.api.gateway.Events.GRAPHQL_SERVER_REQUEST_MESSAGE_ID;
 import static datadog.trace.api.gateway.Events.GRPC_SERVER_METHOD_ID;
 import static datadog.trace.api.gateway.Events.GRPC_SERVER_REQUEST_MESSAGE_ID;
@@ -447,6 +448,7 @@ public Flow<Void> apply(RequestContext ctx, String arg) {
             };
       case DATABASE_SQL_QUERY_ID:
       case FILE_LOADED_ID:
+      case FILE_WRITTEN_ID:
       case SHELL_CMD_ID:
         return (C)
             new BiFunction<RequestContext, String, Flow<Void>>() {
