feat(appsec): extend RASP callsite coverage to File-argument constructors of FileOutputStream and FileInputStream#11113
Open
feat(appsec): extend RASP callsite coverage to File-argument constructors of FileOutputStream and FileInputStream#11113
Conversation
jandro996
requested review from
PerfectSlayer,
claponcet and
manuel-alvarez-alvarez
and removed request for
a team
Contributor
|
Hi! 👋 Thanks for your pull request! 🎉 To help us review it, please make sure to:
If you need help, please check our contributing guidelines. |
jandro996
added
type: enhancement
BenchmarksStartupParameters
See matching parameters
SummaryFound 3 performance improvements and 0 performance regressions! Performance is the same for 59 metrics, 9 unstable metrics.
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.62.0-SNAPSHOT~1f773383fb, baseline=1.62.0-SNAPSHOT~c99e05caca
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.063 s) : 0, 1062790
Total [baseline] (11.154 s) : 0, 11153531
Agent [candidate] (1.063 s) : 0, 1062544
Total [candidate] (11.082 s) : 0, 11081796
section appsec
Agent [baseline] (1.248 s) : 0, 1247754
Total [baseline] (11.278 s) : 0, 11278387
Agent [candidate] (1.26 s) : 0, 1260398
Total [candidate] (10.944 s) : 0, 10944481
section iast
Agent [baseline] (1.224 s) : 0, 1223941
Total [baseline] (11.347 s) : 0, 11347157
Agent [candidate] (1.228 s) : 0, 1228484
Total [candidate] (11.35 s) : 0, 11349645
section profiling
Agent [baseline] (1.184 s) : 0, 1184385
Total [baseline] (11.021 s) : 0, 11021088
Agent [candidate] (1.194 s) : 0, 1193939
Total [candidate] (11.053 s) : 0, 11052941
gantt
title petclinic - break down per module: candidate=1.62.0-SNAPSHOT~1f773383fb, baseline=1.62.0-SNAPSHOT~c99e05caca
dateFormat X
axisFormat %s
section tracing
crashtracking [baseline] (1.241 ms) : 0, 1241
crashtracking [candidate] (1.231 ms) : 0, 1231
BytebuddyAgent [baseline] (636.581 ms) : 0, 636581
BytebuddyAgent [candidate] (635.811 ms) : 0, 635811
AgentMeter [baseline] (29.667 ms) : 0, 29667
AgentMeter [candidate] (29.717 ms) : 0, 29717
GlobalTracer [baseline] (249.953 ms) : 0, 249953
GlobalTracer [candidate] (249.677 ms) : 0, 249677
AppSec [baseline] (32.312 ms) : 0, 32312
AppSec [candidate] (32.384 ms) : 0, 32384
Debugger [baseline] (59.814 ms) : 0, 59814
Debugger [candidate] (59.938 ms) : 0, 59938
Remote Config [baseline] (599.275 µs) : 0, 599
Remote Config [candidate] (601.325 µs) : 0, 601
Telemetry [baseline] (8.068 ms) : 0, 8068
Telemetry [candidate] (7.999 ms) : 0, 7999
Flare Poller [baseline] (8.261 ms) : 0, 8261
Flare Poller [candidate] (9.029 ms) : 0, 9029
section appsec
crashtracking [baseline] (1.252 ms) : 0, 1252
crashtracking [candidate] (1.227 ms) : 0, 1227
BytebuddyAgent [baseline] (661.11 ms) : 0, 661110
BytebuddyAgent [candidate] (673.71 ms) : 0, 673710
AgentMeter [baseline] (12.232 ms) : 0, 12232
AgentMeter [candidate] (12.129 ms) : 0, 12129
GlobalTracer [baseline] (248.73 ms) : 0, 248730
GlobalTracer [candidate] (248.818 ms) : 0, 248818
IAST [baseline] (24.481 ms) : 0, 24481
IAST [candidate] (24.272 ms) : 0, 24272
AppSec [baseline] (184.963 ms) : 0, 184963
AppSec [candidate] (185.235 ms) : 0, 185235
Debugger [baseline] (66.031 ms) : 0, 66031
Debugger [candidate] (66.669 ms) : 0, 66669
Remote Config [baseline] (628.309 µs) : 0, 628
Remote Config [candidate] (584.687 µs) : 0, 585
Telemetry [baseline] (8.474 ms) : 0, 8474
Telemetry [candidate] (7.915 ms) : 0, 7915
Flare Poller [baseline] (3.518 ms) : 0, 3518
Flare Poller [candidate] (3.45 ms) : 0, 3450
section iast
crashtracking [baseline] (1.224 ms) : 0, 1224
crashtracking [candidate] (1.22 ms) : 0, 1220
BytebuddyAgent [baseline] (800.346 ms) : 0, 800346
BytebuddyAgent [candidate] (807.328 ms) : 0, 807328
AgentMeter [baseline] (11.542 ms) : 0, 11542
AgentMeter [candidate] (11.388 ms) : 0, 11388
GlobalTracer [baseline] (239.351 ms) : 0, 239351
GlobalTracer [candidate] (238.199 ms) : 0, 238199
IAST [baseline] (25.796 ms) : 0, 25796
IAST [candidate] (31.456 ms) : 0, 31456
AppSec [baseline] (31.184 ms) : 0, 31184
AppSec [candidate] (27.472 ms) : 0, 27472
Debugger [baseline] (65.002 ms) : 0, 65002
Debugger [candidate] (63.803 ms) : 0, 63803
Remote Config [baseline] (539.382 µs) : 0, 539
Remote Config [candidate] (536.89 µs) : 0, 537
Telemetry [baseline] (9.305 ms) : 0, 9305
Telemetry [candidate] (7.732 ms) : 0, 7732
Flare Poller [baseline] (3.548 ms) : 0, 3548
Flare Poller [candidate] (3.406 ms) : 0, 3406
section profiling
crashtracking [baseline] (1.184 ms) : 0, 1184
crashtracking [candidate] (1.195 ms) : 0, 1195
BytebuddyAgent [baseline] (691.818 ms) : 0, 691818
BytebuddyAgent [candidate] (697.745 ms) : 0, 697745
AgentMeter [baseline] (9.157 ms) : 0, 9157
AgentMeter [candidate] (9.263 ms) : 0, 9263
GlobalTracer [baseline] (206.827 ms) : 0, 206827
GlobalTracer [candidate] (208.489 ms) : 0, 208489
AppSec [baseline] (32.681 ms) : 0, 32681
AppSec [candidate] (33.157 ms) : 0, 33157
Debugger [baseline] (65.752 ms) : 0, 65752
Debugger [candidate] (65.823 ms) : 0, 65823
Remote Config [baseline] (576.296 µs) : 0, 576
Remote Config [candidate] (644.903 µs) : 0, 645
Telemetry [baseline] (7.799 ms) : 0, 7799
Telemetry [candidate] (7.803 ms) : 0, 7803
Flare Poller [baseline] (3.547 ms) : 0, 3547
Flare Poller [candidate] (3.528 ms) : 0, 3528
ProfilingAgent [baseline] (93.851 ms) : 0, 93851
ProfilingAgent [candidate] (94.576 ms) : 0, 94576
Profiling [baseline] (94.403 ms) : 0, 94403
Profiling [candidate] (95.134 ms) : 0, 95134
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.62.0-SNAPSHOT~1f773383fb, baseline=1.62.0-SNAPSHOT~c99e05caca
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.055 s) : 0, 1055191
Total [baseline] (8.863 s) : 0, 8863145
Agent [candidate] (1.057 s) : 0, 1056968
Total [candidate] (8.823 s) : 0, 8822714
section iast
Agent [baseline] (1.223 s) : 0, 1222752
Total [baseline] (9.531 s) : 0, 9530742
Agent [candidate] (1.232 s) : 0, 1232459
Total [candidate] (9.569 s) : 0, 9569280
gantt
title insecure-bank - break down per module: candidate=1.62.0-SNAPSHOT~1f773383fb, baseline=1.62.0-SNAPSHOT~c99e05caca
dateFormat X
axisFormat %s
section tracing
crashtracking [baseline] (1.232 ms) : 0, 1232
crashtracking [candidate] (1.226 ms) : 0, 1226
BytebuddyAgent [baseline] (632.536 ms) : 0, 632536
BytebuddyAgent [candidate] (633.4 ms) : 0, 633400
AgentMeter [baseline] (29.55 ms) : 0, 29550
AgentMeter [candidate] (29.75 ms) : 0, 29750
GlobalTracer [baseline] (248.086 ms) : 0, 248086
GlobalTracer [candidate] (249.35 ms) : 0, 249350
AppSec [baseline] (32.342 ms) : 0, 32342
AppSec [candidate] (32.504 ms) : 0, 32504
Debugger [baseline] (59.236 ms) : 0, 59236
Debugger [candidate] (59.299 ms) : 0, 59299
Remote Config [baseline] (600.899 µs) : 0, 601
Remote Config [candidate] (601.13 µs) : 0, 601
Telemetry [baseline] (8.797 ms) : 0, 8797
Telemetry [candidate] (8.123 ms) : 0, 8123
Flare Poller [baseline] (6.681 ms) : 0, 6681
Flare Poller [candidate] (6.577 ms) : 0, 6577
section iast
crashtracking [baseline] (1.236 ms) : 0, 1236
crashtracking [candidate] (1.226 ms) : 0, 1226
BytebuddyAgent [baseline] (800.764 ms) : 0, 800764
BytebuddyAgent [candidate] (809.984 ms) : 0, 809984
AgentMeter [baseline] (11.523 ms) : 0, 11523
AgentMeter [candidate] (11.422 ms) : 0, 11422
GlobalTracer [baseline] (238.507 ms) : 0, 238507
GlobalTracer [candidate] (239.274 ms) : 0, 239274
IAST [baseline] (26.484 ms) : 0, 26484
IAST [candidate] (29.144 ms) : 0, 29144
AppSec [baseline] (30.612 ms) : 0, 30612
AppSec [candidate] (27.648 ms) : 0, 27648
Debugger [baseline] (63.999 ms) : 0, 63999
Debugger [candidate] (64.258 ms) : 0, 64258
Remote Config [baseline] (539.098 µs) : 0, 539
Remote Config [candidate] (548.217 µs) : 0, 548
Telemetry [baseline] (9.295 ms) : 0, 9295
Telemetry [candidate] (7.814 ms) : 0, 7814
Flare Poller [baseline] (3.555 ms) : 0, 3555
Flare Poller [candidate] (3.43 ms) : 0, 3430
LoadParameters
See matching parameters
SummaryFound 1 performance improvements and 2 performance regressions! Performance is the same for 18 metrics, 15 unstable metrics.
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~1f773383fb, baseline=1.62.0-SNAPSHOT~c99e05caca
dateFormat X
axisFormat %s
section baseline
no_agent (18.177 ms) : 17994, 18359
. : milestone, 18177,
appsec (18.671 ms) : 18483, 18858
. : milestone, 18671,
code_origins (18.089 ms) : 17915, 18264
. : milestone, 18089,
iast (17.864 ms) : 17691, 18038
. : milestone, 17864,
profiling (18.527 ms) : 18347, 18707
. : milestone, 18527,
tracing (17.927 ms) : 17752, 18102
. : milestone, 17927,
section candidate
no_agent (19.735 ms) : 19536, 19933
. : milestone, 19735,
appsec (18.904 ms) : 18716, 19093
. : milestone, 18904,
code_origins (18.589 ms) : 18402, 18776
. : milestone, 18589,
iast (17.92 ms) : 17741, 18100
. : milestone, 17920,
profiling (19.498 ms) : 19299, 19698
. : milestone, 19498,
tracing (17.661 ms) : 17486, 17836
. : milestone, 17661,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~1f773383fb, baseline=1.62.0-SNAPSHOT~c99e05caca
dateFormat X
axisFormat %s
section baseline
no_agent (1.248 ms) : 1237, 1260
. : milestone, 1248,
iast (3.444 ms) : 3395, 3493
. : milestone, 3444,
iast_FULL (6.01 ms) : 5949, 6071
. : milestone, 6010,
iast_GLOBAL (3.762 ms) : 3694, 3831
. : milestone, 3762,
profiling (2.277 ms) : 2255, 2300
. : milestone, 2277,
tracing (1.88 ms) : 1864, 1896
. : milestone, 1880,
section candidate
no_agent (1.289 ms) : 1275, 1302
. : milestone, 1289,
iast (3.287 ms) : 3241, 3333
. : milestone, 3287,
iast_FULL (6.103 ms) : 6041, 6166
. : milestone, 6103,
iast_GLOBAL (3.8 ms) : 3746, 3854
. : milestone, 3800,
profiling (2.453 ms) : 2429, 2476
. : milestone, 2453,
tracing (1.975 ms) : 1958, 1991
. : milestone, 1975,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~1f773383fb, baseline=1.62.0-SNAPSHOT~c99e05caca
dateFormat X
axisFormat %s
section baseline
no_agent (1.484 ms) : 1472, 1495
. : milestone, 1484,
appsec (3.828 ms) : 3607, 4049
. : milestone, 3828,
iast (2.264 ms) : 2195, 2333
. : milestone, 2264,
iast_GLOBAL (2.308 ms) : 2238, 2377
. : milestone, 2308,
profiling (2.085 ms) : 2030, 2139
. : milestone, 2085,
tracing (2.074 ms) : 2020, 2127
. : milestone, 2074,
section candidate
no_agent (1.483 ms) : 1472, 1495
. : milestone, 1483,
appsec (3.827 ms) : 3603, 4050
. : milestone, 3827,
iast (2.272 ms) : 2203, 2341
. : milestone, 2272,
iast_GLOBAL (2.311 ms) : 2241, 2381
. : milestone, 2311,
profiling (2.086 ms) : 2032, 2140
. : milestone, 2086,
tracing (2.078 ms) : 2025, 2132
. : milestone, 2078,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~1f773383fb, baseline=1.62.0-SNAPSHOT~c99e05caca
dateFormat X
axisFormat %s
section baseline
no_agent (15.41 s) : 15410000, 15410000
. : milestone, 15410000,
appsec (15.065 s) : 15065000, 15065000
. : milestone, 15065000,
iast (18.283 s) : 18283000, 18283000
. : milestone, 18283000,
iast_GLOBAL (18.065 s) : 18065000, 18065000
. : milestone, 18065000,
profiling (14.793 s) : 14793000, 14793000
. : milestone, 14793000,
tracing (14.774 s) : 14774000, 14774000
. : milestone, 14774000,
section candidate
no_agent (15.003 s) : 15003000, 15003000
. : milestone, 15003000,
appsec (14.892 s) : 14892000, 14892000
. : milestone, 14892000,
iast (18.544 s) : 18544000, 18544000
. : milestone, 18544000,
iast_GLOBAL (18.035 s) : 18035000, 18035000
. : milestone, 18035000,
profiling (15.466 s) : 15466000, 15466000
. : milestone, 15466000,
tracing (15.019 s) : 15019000, 15019000
. : milestone, 15019000,
|
jandro996
added a commit
that referenced
this pull request
Apr 14, 2026
…, RandomAccessFile, Files.* and FileChannel Extends RASP callsite instrumentation (APPSEC-61874) beyond FileInputStream/FileOutputStream to all remaining Java file I/O APIs that were not covered. No IAST changes. New callsites: - FileReaderCallSite: FileReader(String/File) + Java 11+ Charset variants → beforeFileLoaded - FileWriterCallSite: FileWriter(String/File/boolean) + Java 11+ Charset variants → beforeFileWritten - RandomAccessFileCallSite: RandomAccessFile(String/File, mode) → beforeFileLoaded for "r", both beforeFileLoaded + beforeFileWritten for "rw"/"rws"/"rwd" - FilesCallSite: all Files.* read and write methods (newOutputStream, copy(IS,Path), write, writeString, newBufferedWriter, move, newInputStream, readAllBytes, readAllLines, readString, newBufferedReader, lines) - FileChannelCallSite: FileChannel.open(Path, ...) → fires both read and write callbacks Extended callsites: - PathCallSite: add resolve(Path) and resolveSibling(Path) → beforeFileLoaded - PathsCallSite: add Path.of(String[], URI) (Java 11+) → beforeFileLoaded FileIORaspHelper: add beforeRandomAccessFileOpened(path, mode) helper Relates to #11084 and #11113
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 468e83facb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
jandro996
commented
Apr 15, 2026
Member
Author
There was a problem hiding this comment.
@manuel-alvarez-alvarez I'm going to move this to a separated PR but I want your thoughts about this before do it
Member
Author
There was a problem hiding this comment.
I've created this PR to fix it
#11130
I've also make changes to avoid the issue in this PR, if we add all the parameters to the callsite it works
Contributor
PerfectSlayer
left a comment
PerfectSlayer
left a comment
There was a problem hiding this comment.
🎯 suggestion: As the java-io-1.8 instrumentation looks only related to security libraries, I would recommend renaming it an -appsec (or similar) suffix and taking ownership in the CODEOWNERS file
Member
Author
Thanks for the suggestion! The module predates this PR and already contains IAST call sites alongside the RASP ones we added, so an -appsec suffix would be slightly misleading. If you still think the change is needed after the clarification, I’m happy to go ahead and make it 😃 |
…ctors Add RASP callsite coverage for File-argument constructors that were previously not instrumented: - FileOutputStream(File) and FileOutputStream(File, boolean): call FileIORaspHelper.INSTANCE.beforeFileWritten(file.getPath()) - FileInputStream(File): call FileIORaspHelper.INSTANCE.beforeFileLoaded(file.getPath()) No IAST changes — the File-based constructors delegate path resolution to the JVM, so IAST taint tracking via the String constructor already covers those code paths at a higher level. Tests added following the existing RASP test pattern.
…, RandomAccessFile, Files.* and FileChannel Extends RASP callsite instrumentation (APPSEC-61874) beyond FileInputStream/FileOutputStream to all remaining Java file I/O APIs that were not covered. No IAST changes. New callsites: - FileReaderCallSite: FileReader(String/File) + Java 11+ Charset variants → beforeFileLoaded - FileWriterCallSite: FileWriter(String/File/boolean) + Java 11+ Charset variants → beforeFileWritten - RandomAccessFileCallSite: RandomAccessFile(String/File, mode) → beforeFileLoaded for "r", both beforeFileLoaded + beforeFileWritten for "rw"/"rws"/"rwd" - FilesCallSite: all Files.* read and write methods (newOutputStream, copy(IS,Path), write, writeString, newBufferedWriter, move, newInputStream, readAllBytes, readAllLines, readString, newBufferedReader, lines) - FileChannelCallSite: FileChannel.open(Path, ...) → fires both read and write callbacks Extended callsites: - PathCallSite: add resolve(Path) and resolveSibling(Path) → beforeFileLoaded - PathsCallSite: add Path.of(String[], URI) (Java 11+) → beforeFileLoaded FileIORaspHelper: add beforeRandomAccessFileOpened(path, mode) helper Relates to #11084 and #11113
Adds a java11Test source set that compiles with --release 11 and runs only on JDK 11+. Tests cover the Java 11-only overloads that were instrumented but previously untestable from Java 8 sources: - FileReader(String/File, Charset) constructors - FileWriter(String/File, Charset[, boolean]) constructors - Files.writeString(Path, CharSequence, [Charset,] OpenOption...) - Files.readString(Path[, Charset]) - Path.of(String, String[]) and Path.of(URI) static methods Build configuration uses ext.java11TestMinJavaVersionForTests so the testJvmConstraints plugin skips the suite on pre-11 JVMs.
…tions FileChannel.open() with READ-only options was incorrectly triggering the fileWritten callback, which could cause false positives in the zipslip rule (dog-920-110) when a read-only channel open with a traversal path coincided with a multipart zip upload in the same request. Split beforeOpen into two overload-specific methods so the OpenOption arguments can be inspected at the call site, mirroring the existing pattern in beforeRandomAccessFileOpened. Also fix a latent bug in AdviceGeneratorImpl: .sorted() without a comparator on ArgumentSpecification (which does not implement Comparable) would ClassCastException when an advice method captures a strict subset of a target method's arguments. Fixed with Comparator.comparingInt.
… partial-arg path beforeOpenSet previously captured only 2 of 3 arguments, triggering the partial-argument code path in AdviceGeneratorImpl which calls Stream.sorted() without a comparator on ArgumentSpecification (not Comparable). Adding the unused FileAttribute[] third parameter makes the capture complete and sequential, so isPositionalArguments() returns false and the sorted() path is never entered.
jandro996
force-pushed
the
alejandro.gonzalez/APPSEC-61874_2
branch
from
4b63521 to
1f77338
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What Does This Do
Extends RASP callsite coverage for Java file I/O APIs. All new callsites are RASP-only — no IAST changes, since
File-based andPath-based constructors delegate path resolution to the JVM, and IAST tainttracking via the
Stringconstructors already covers those code paths.New callsites
FileReaderCallSite→beforeFileLoadedFileReader(String),FileReader(File)FileReader(String, Charset),FileReader(File, Charset)(Java 11+)FileWriterCallSite→beforeFileWrittenFileWriter(String),FileWriter(String, boolean),FileWriter(File),FileWriter(File, boolean)FileWriter(String, Charset),FileWriter(String, Charset, boolean),FileWriter(File, Charset),FileWriter(File, Charset, boolean)(Java 11+)RandomAccessFileCallSite→beforeFileLoadedfor mode"r"; bothbeforeFileLoaded+beforeFileWrittenfor"rw"/"rws"/"rwd"RandomAccessFile(String, String),RandomAccessFile(File, String)FilesCallSitebeforeFileWritten:Files.newOutputStream,Files.write(bytes),Files.write(lines, charset),Files.write(lines),Files.newBufferedWriter(path, charset),Files.newBufferedWriter(path),Files.copy(InputStream, Path, ...),Files.moveFiles.writeString(path, seq),Files.writeString(path, seq, charset)beforeFileLoaded:Files.newInputStream,Files.readAllBytes,Files.readAllLines(path, charset),Files.readAllLines(path),Files.newBufferedReader(path, charset),Files.newBufferedReader(path),Files.lines(path, charset),Files.lines(path)Files.readString(path),Files.readString(path, charset)FileChannelCallSite→ bothbeforeFileLoaded+beforeFileWritten(channel mode is determined at runtime, not statically)FileChannel.open(Path, OpenOption[]),FileChannel.open(Path, Set<OpenOption>, FileAttribute[])Extended callsites
FileInputStreamCallSite(extends #11084) — addedFileInputStream(File)→beforeFileLoadedFileOutputStreamCallSite(extends #11084) — addedFileOutputStream(File),FileOutputStream(File, boolean)→beforeFileWrittenPathCallSite— addedPath.resolve(Path),Path.resolveSibling(Path)→beforeFileLoadedPathsCallSite— addedPath.of(String, String[]),Path.of(URI)(Java 11+) →beforeFileLoadedAdditional Notes
Contributor Checklist
type:and (comp:orinst:) labels in addition to any other useful labelsclose,fix, or any linking keywords when referencing an issueUse
solvesinstead, and assign the PR milestone to the issueJira Ticket: APPSEC-61874