change to .trie

jandro996 · jandro996 · commit e06a2e39ebf2 · 2026-03-17T10:50:29.000+01:00
diff --git a/dd-java-agent/appsec/build.gradle b/dd-java-agent/appsec/build.gradle
@@ -9,6 +9,7 @@ plugins {
 
 apply from: "$rootDir/gradle/java.gradle"
 apply from: "$rootDir/gradle/version.gradle"
+apply from: "$rootDir/gradle/tries.gradle"
 
 dependencies {
   api libs.slf4j
@@ -29,6 +30,14 @@ dependencies {
   testImplementation libs.jackson.databind
 }
 
+tasks.named("compileJava", JavaCompile) {
+  dependsOn("generateClassNameTries")
+}
+
+tasks.named("sourcesJar", Jar) {
+  dependsOn("generateClassNameTries")
+}
+
 tasks.named("shadowJar", ShadowJar) {
   exclude '**/*-dbgsym.zip'
   dependencies deps.excludeShared
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/ObjectIntrospection.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/event/data/ObjectIntrospection.java
@@ -16,40 +16,18 @@
 import java.lang.reflect.Modifier;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public final class ObjectIntrospection {
 
   private static final Logger log = LoggerFactory.getLogger(ObjectIntrospection.class);
 
-  /**
-   * Field types excluded from object introspection. Covers Groovy meta-fields and logging framework
-   * loggers — both introduce deep, cyclic, or sensitive object graphs that are irrelevant for WAF
-   * inspection and can trigger false positives (e.g. crs-944-130).
-   */
-  private static final Set<String> EXCLUDED_FIELD_TYPES;
-
-  static {
-    final Set<String> types = new HashSet<>();
-    types.add("groovy.lang.MetaClass");
-    types.add("org.slf4j.Logger");
-    types.add("org.apache.logging.log4j.Logger");
-    types.add("org.apache.logging.log4j.core.Logger");
-    types.add("java.util.logging.Logger");
-    types.add("org.apache.commons.logging.Log");
-    types.add("ch.qos.logback.classic.Logger");
-    EXCLUDED_FIELD_TYPES = Collections.unmodifiableSet(types);
-  }
-
   private static final Method trySetAccessible;
 
   static {
@@ -309,7 +287,7 @@ private static Object doConversion(Object obj, int depth, State state) {
         if (Modifier.isStatic(f.getModifiers())) {
           continue;
         }
-        if (EXCLUDED_FIELD_TYPES.contains(f.getType().getName())) {
+        if (IntrospectionExcludedTypesTrie.apply(f.getType().getName()) >= 1) {
           continue;
         }
         String name = f.getName();
diff --git a/dd-java-agent/appsec/src/main/resources/com/datadog/appsec/event/data/introspection_excluded_types.trie b/dd-java-agent/appsec/src/main/resources/com/datadog/appsec/event/data/introspection_excluded_types.trie
@@ -0,0 +1,15 @@
+# Generates 'IntrospectionExcludedTypesTrie.java'
+
+# Field types excluded from ObjectIntrospection to avoid deep/cyclic traversals
+# that could trigger WAF false positives (e.g. crs-944-130 java_code_injection).
+# 1 = exclude this field type
+
+# -------- Groovy --------
+1 groovy.lang.MetaClass
+
+# -------- Logging frameworks --------
+1 ch.qos.logback.*
+1 java.util.logging.Logger
+1 org.apache.commons.logging.Log
+1 org.apache.logging.log4j.*
+1 org.slf4j.*
