test(appsec): add unit tests for readContent truncation in CommonsFileUploadAppSecModule

jandro996 · jandro996 · commit dfe31cead163 · 2026-04-17T09:36:35.000+02:00
diff --git a/dd-java-agent/instrumentation/commons-fileupload-1.5/src/main/java/datadog/trace/instrumentation/commons/fileupload/CommonsFileUploadAppSecModule.java b/dd-java-agent/instrumentation/commons-fileupload-1.5/src/main/java/datadog/trace/instrumentation/commons/fileupload/CommonsFileUploadAppSecModule.java
@@ -114,20 +114,7 @@ static void after(
         if (name == null || name.isEmpty()) {
           continue;
         }
-        String content = "";
-        try {
-          InputStream is = fileItem.getInputStream();
-          byte[] buf = new byte[MAX_FILE_CONTENT_BYTES];
-          int total = 0;
-          int n;
-          while (total < MAX_FILE_CONTENT_BYTES
-              && (n = is.read(buf, total, MAX_FILE_CONTENT_BYTES - total)) != -1) {
-            total += n;
-          }
-          content = new String(buf, 0, total, StandardCharsets.ISO_8859_1);
-        } catch (IOException ignored) {
-        }
-        filesContent.add(content);
+        filesContent.add(readContent(fileItem));
       }
       if (filesContent.isEmpty()) {
         return;
@@ -144,5 +131,21 @@ static void after(
         }
       }
     }
+
+    static String readContent(FileItem fileItem) {
+      try {
+        InputStream is = fileItem.getInputStream();
+        byte[] buf = new byte[MAX_FILE_CONTENT_BYTES];
+        int total = 0;
+        int n;
+        while (total < MAX_FILE_CONTENT_BYTES
+            && (n = is.read(buf, total, MAX_FILE_CONTENT_BYTES - total)) != -1) {
+          total += n;
+        }
+        return new String(buf, 0, total, StandardCharsets.ISO_8859_1);
+      } catch (IOException ignored) {
+        return "";
+      }
+    }
   }
 }
diff --git a/dd-java-agent/instrumentation/commons-fileupload-1.5/src/test/groovy/CommonsFileUploadAppSecModuleTest.groovy b/dd-java-agent/instrumentation/commons-fileupload-1.5/src/test/groovy/CommonsFileUploadAppSecModuleTest.groovy
@@ -0,0 +1,64 @@
+import datadog.trace.instrumentation.commons.fileupload.CommonsFileUploadAppSecModule
+import org.apache.commons.fileupload.FileItem
+import spock.lang.Specification
+
+class CommonsFileUploadAppSecModuleTest extends Specification {
+
+  def "readContent returns full content when smaller than limit"() {
+    given:
+    def content = 'Hello, World!'
+    def item = fileItem(content)
+
+    expect:
+    CommonsFileUploadAppSecModule.ParseRequestAdvice.readContent(item) == content
+  }
+
+  def "readContent truncates content to MAX_FILE_CONTENT_BYTES"() {
+    given:
+    def largeContent = 'X' * (CommonsFileUploadAppSecModule.ParseRequestAdvice.MAX_FILE_CONTENT_BYTES + 500)
+    def item = fileItem(largeContent)
+
+    when:
+    def result = CommonsFileUploadAppSecModule.ParseRequestAdvice.readContent(item)
+
+    then:
+    result.length() == CommonsFileUploadAppSecModule.ParseRequestAdvice.MAX_FILE_CONTENT_BYTES
+    result == 'X' * CommonsFileUploadAppSecModule.ParseRequestAdvice.MAX_FILE_CONTENT_BYTES
+  }
+
+  def "readContent returns empty string when getInputStream throws"() {
+    given:
+    FileItem item = Stub(FileItem)
+    item.getInputStream() >> { throw new IOException('simulated error') }
+
+    expect:
+    CommonsFileUploadAppSecModule.ParseRequestAdvice.readContent(item) == ''
+  }
+
+  def "readContent returns empty string for empty content"() {
+    given:
+    def item = fileItem('')
+
+    expect:
+    CommonsFileUploadAppSecModule.ParseRequestAdvice.readContent(item) == ''
+  }
+
+  def "readContent reads exactly MAX_FILE_CONTENT_BYTES when content equals the limit"() {
+    given:
+    def content = 'A' * CommonsFileUploadAppSecModule.ParseRequestAdvice.MAX_FILE_CONTENT_BYTES
+    def item = fileItem(content)
+
+    when:
+    def result = CommonsFileUploadAppSecModule.ParseRequestAdvice.readContent(item)
+
+    then:
+    result.length() == CommonsFileUploadAppSecModule.ParseRequestAdvice.MAX_FILE_CONTENT_BYTES
+    result == content
+  }
+
+  private FileItem fileItem(String content) {
+    FileItem item = Stub(FileItem)
+    item.getInputStream() >> new ByteArrayInputStream(content.getBytes('ISO-8859-1'))
+    return item
+  }
+}
