DataDog
diff --git a/‎dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/IastAgentTestRunner.groovy‎
Lines changed: 5 additions & 0 deletions b/‎dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/IastAgentTestRunner.groovy‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/TaintedObjectCollection.groovy‎
Lines changed: 1 addition & 1 deletion b/‎dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/TaintedObjectCollection.groovy‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie‎
Lines changed: 0 additions & 3 deletions b/‎dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringCallSite.java‎
Lines changed: 0 additions & 143 deletions b/‎dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringCallSite.java‎
Lines changed: 0 additions & 143 deletions
diff --git a/‎dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringFullDetectionCallSite.java‎
Lines changed: 158 additions & 0 deletions b/‎dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringFullDetectionCallSite.java‎
Lines changed: 158 additions & 0 deletions
@@ -44,6 +44,11 @@ class IastAgentTestRunner extends AgentTestRunner implements IastRequestContextP
     new TaintedObjectCollection(localTaintedObjects)
   }
 
+  protected TaintedObjectCollection getTaintedObjectCollection(DDSpan span) {
+    final IastContext ctx = span.getRequestContext().getData(RequestContextSlot.IAST)
+    return new TaintedObjectCollection(ctx.getTaintedObjects())
+  }
+
   protected DDSpan runUnderIastTrace(Closure cl) {
     CallbackProvider iastCbp = TEST_TRACER.getCallbackProvider(RequestContextSlot.IAST)
     Supplier<Flow<Object>> reqStartCb = iastCbp.getCallback(Events.EVENTS.requestStarted())
 
@@ -96,7 +96,7 @@ class TaintedObjectCollection {
         return false
       }
       TaintedObject tobj = obj
-      valueMatcher.matches(tobj.get() as String) &&
+      valueMatcher.matches(tobj.get()) &&
         ranges.every { RangeMatcher rm ->
           tobj.ranges.any { range ->
             rm.matches(range)
 
@@ -195,9 +195,6 @@
 0 org.apache.http.client.methods.*
 # apache compiled jsps
 0 org.apache.jsp.*
-# Need for kafka propagation
-2 org.apache.kafka.common.serialization.ByteBufferDeserializer
-2 org.apache.kafka.common.serialization.StringDeserializer
 1 org.apiguardian.*
 1 org.aspectj.*
 1 org.attoparser.*
 
@@ -1,16 +1,11 @@
 package datadog.trace.instrumentation.java.lang;
 
-import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
-
 import datadog.trace.agent.tooling.csi.CallSite;
 import datadog.trace.api.iast.IastCallSites;
 import datadog.trace.api.iast.InstrumentationBridge;
 import datadog.trace.api.iast.Propagation;
-import datadog.trace.api.iast.propagation.CodecModule;
-import datadog.trace.api.iast.propagation.PropagationModule;
 import datadog.trace.api.iast.propagation.StringModule;
 import datadog.trace.util.stacktrace.StackUtils;
-import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Locale;
@@ -220,130 +215,6 @@ public static String afterStringConstructor(
     return result;
   }
 
-  @CallSite.After("void java.lang.String.<init>(byte[])")
-  public static String afterByteArrayCtor(
-      @CallSite.AllArguments @Nonnull final Object[] params,
-      @CallSite.Return @Nonnull final String result) {
-    final CodecModule module = InstrumentationBridge.CODEC;
-    try {
-      if (module != null) {
-        final byte[] bytes = (byte[]) params[0];
-        if (bytes != null) {
-          module.onStringFromBytes(bytes, 0, bytes.length, null, result);
-        }
-      }
-    } catch (final Throwable e) {
-      module.onUnexpectedException("afterByteArrayCtor threw", e);
-    }
-    return result;
-  }
-
-  @CallSite.After("void java.lang.String.<init>(byte[], java.lang.String)")
-  @CallSite.After("void java.lang.String.<init>(byte[], java.nio.charset.Charset)")
-  public static String afterByteArrayCtor2(
-      @CallSite.AllArguments @Nonnull final Object[] params,
-      @CallSite.Return @Nonnull final String result) {
-    final CodecModule module = InstrumentationBridge.CODEC;
-    try {
-      if (module != null) {
-        final byte[] bytes = (byte[]) params[0];
-        if (bytes != null) {
-          final String charset =
-              params[1] instanceof Charset ? ((Charset) params[1]).name() : (String) params[1];
-          module.onStringFromBytes(bytes, 0, bytes.length, charset, result);
-        }
-      }
-    } catch (final Throwable e) {
-      module.onUnexpectedException("afterByteArrayCtor2 threw", e);
-    }
-    return result;
-  }
-
-  @CallSite.After("void java.lang.String.<init>(byte[], int, int)")
-  public static String afterByteArrayCtor3(
-      @CallSite.AllArguments @Nonnull final Object[] params,
-      @CallSite.Return @Nonnull final String result) {
-    final CodecModule module = InstrumentationBridge.CODEC;
-    try {
-      if (module != null) {
-        final byte[] bytes = (byte[]) params[0];
-        if (bytes != null) {
-          module.onStringFromBytes(bytes, (int) params[1], (int) params[2], null, result);
-        }
-      }
-    } catch (final Throwable e) {
-      module.onUnexpectedException("afterByteArrayCtor3 threw", e);
-    }
-    return result;
-  }
-
-  @CallSite.After("void java.lang.String.<init>(byte[], int, int, java.lang.String)")
-  @CallSite.After("void java.lang.String.<init>(byte[], int, int, java.nio.charset.Charset)")
-  public static String afterByteArrayCtor4(
-      @CallSite.AllArguments @Nonnull final Object[] params,
-      @CallSite.Return @Nonnull final String result) {
-    final CodecModule module = InstrumentationBridge.CODEC;
-    try {
-      if (module != null) {
-        final byte[] bytes = (byte[]) params[0];
-        if (bytes != null) {
-          final String charset =
-              params[3] instanceof Charset ? ((Charset) params[3]).name() : (String) params[3];
-          module.onStringFromBytes(bytes, (int) params[1], (int) params[2], charset, result);
-        }
-      }
-    } catch (final Throwable e) {
-      module.onUnexpectedException("afterByteArrayCtor4 threw", e);
-    }
-    return result;
-  }
-
-  @CallSite.After("byte[] java.lang.String.getBytes()")
-  public static byte[] afterGetBytes(
-      @CallSite.This @Nonnull final String self, @CallSite.Return @Nonnull final byte[] result) {
-    final CodecModule module = InstrumentationBridge.CODEC;
-    try {
-      if (module != null) {
-        module.onStringGetBytes(self, null, result);
-      }
-    } catch (final Throwable e) {
-      module.onUnexpectedException("afterGetBytes threw", e);
-    }
-    return result;
-  }
-
-  @CallSite.After("byte[] java.lang.String.getBytes(java.lang.String)")
-  public static byte[] afterGetBytes(
-      @CallSite.This @Nonnull final String self,
-      @CallSite.Argument @Nullable final String encoding,
-      @CallSite.Return @Nonnull final byte[] result) {
-    final CodecModule module = InstrumentationBridge.CODEC;
-    try {
-      if (module != null) {
-        module.onStringGetBytes(self, encoding, result);
-      }
-    } catch (final Throwable e) {
-      module.onUnexpectedException("afterGetBytes threw", e);
-    }
-    return result;
-  }
-
-  @CallSite.After("byte[] java.lang.String.getBytes(java.nio.charset.Charset)")
-  public static byte[] afterGetBytes(
-      @CallSite.This @Nonnull final String self,
-      @CallSite.Argument @Nullable final Charset encoding,
-      @CallSite.Return @Nonnull final byte[] result) {
-    final CodecModule module = InstrumentationBridge.CODEC;
-    try {
-      if (module != null) {
-        module.onStringGetBytes(self, encoding == null ? null : encoding.name(), result);
-      }
-    } catch (final Throwable e) {
-      module.onUnexpectedException("afterGetBytes threw", e);
-    }
-    return result;
-  }
-
   @CallSite.After("java.lang.String java.lang.String.format(java.lang.String, java.lang.Object[])")
   public static String afterFormat(
       @CallSite.Argument(0) @Nullable final String pattern,
@@ -378,20 +249,6 @@ public static String afterFormat(
     return result;
   }
 
-  @CallSite.After("char[] java.lang.String.toCharArray()")
-  public static char[] afterToCharArray(
-      @CallSite.This @Nonnull final String self, @CallSite.Return @Nonnull final char[] result) {
-    final PropagationModule module = InstrumentationBridge.PROPAGATION;
-    if (module != null) {
-      try {
-        module.taintObjectIfTainted(result, self, true, NOT_MARKED);
-      } catch (final Throwable e) {
-        module.onUnexpectedException("afterToCharArray threw", e);
-      }
-    }
-    return result;
-  }
-
   @CallSite.After("java.lang.String[] java.lang.String.split(java.lang.String)")
   public static String[] afterSplit(
       @CallSite.This @Nonnull final String self,
 
@@ -0,0 +1,158 @@
+package datadog.trace.instrumentation.java.lang;
+
+import static datadog.trace.api.iast.VulnerabilityMarks.NOT_MARKED;
+
+import datadog.trace.agent.tooling.csi.CallSite;
+import datadog.trace.api.iast.IastCallSites;
+import datadog.trace.api.iast.InstrumentationBridge;
+import datadog.trace.api.iast.Propagation;
+import datadog.trace.api.iast.propagation.CodecModule;
+import datadog.trace.api.iast.propagation.PropagationModule;
+import java.nio.charset.Charset;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+@Propagation
+@CallSite(
+    spi = IastCallSites.class,
+    enabled = {"datadog.trace.api.iast.IastEnabledChecks", "isFullDetection"})
+public class StringFullDetectionCallSite {
+
+  @CallSite.After("void java.lang.String.<init>(byte[])")
+  public static String afterByteArrayCtor(
+      @CallSite.AllArguments @Nonnull final Object[] params,
+      @CallSite.Return @Nonnull final String result) {
+    final CodecModule module = InstrumentationBridge.CODEC;
+    try {
+      if (module != null) {
+        final byte[] bytes = (byte[]) params[0];
+        if (bytes != null) {
+          module.onStringFromBytes(bytes, 0, bytes.length, null, result);
+        }
+      }
+    } catch (final Throwable e) {
+      module.onUnexpectedException("afterByteArrayCtor threw", e);
+    }
+    return result;
+  }
+
+  @CallSite.After("void java.lang.String.<init>(byte[], java.lang.String)")
+  @CallSite.After("void java.lang.String.<init>(byte[], java.nio.charset.Charset)")
+  public static String afterByteArrayCtor2(
+      @CallSite.AllArguments @Nonnull final Object[] params,
+      @CallSite.Return @Nonnull final String result) {
+    final CodecModule module = InstrumentationBridge.CODEC;
+    try {
+      if (module != null) {
+        final byte[] bytes = (byte[]) params[0];
+        if (bytes != null) {
+          final String charset =
+              params[1] instanceof Charset ? ((Charset) params[1]).name() : (String) params[1];
+          module.onStringFromBytes(bytes, 0, bytes.length, charset, result);
+        }
+      }
+    } catch (final Throwable e) {
+      module.onUnexpectedException("afterByteArrayCtor2 threw", e);
+    }
+    return result;
+  }
+
+  @CallSite.After("void java.lang.String.<init>(byte[], int, int)")
+  public static String afterByteArrayCtor3(
+      @CallSite.AllArguments @Nonnull final Object[] params,
+      @CallSite.Return @Nonnull final String result) {
+    final CodecModule module = InstrumentationBridge.CODEC;
+    try {
+      if (module != null) {
+        final byte[] bytes = (byte[]) params[0];
+        if (bytes != null) {
+          module.onStringFromBytes(bytes, (int) params[1], (int) params[2], null, result);
+        }
+      }
+    } catch (final Throwable e) {
+      module.onUnexpectedException("afterByteArrayCtor3 threw", e);
+    }
+    return result;
+  }
+
+  @CallSite.After("void java.lang.String.<init>(byte[], int, int, java.lang.String)")
+  @CallSite.After("void java.lang.String.<init>(byte[], int, int, java.nio.charset.Charset)")
+  public static String afterByteArrayCtor4(
+      @CallSite.AllArguments @Nonnull final Object[] params,
+      @CallSite.Return @Nonnull final String result) {
+    final CodecModule module = InstrumentationBridge.CODEC;
+    try {
+      if (module != null) {
+        final byte[] bytes = (byte[]) params[0];
+        if (bytes != null) {
+          final String charset =
+              params[3] instanceof Charset ? ((Charset) params[3]).name() : (String) params[3];
+          module.onStringFromBytes(bytes, (int) params[1], (int) params[2], charset, result);
+        }
+      }
+    } catch (final Throwable e) {
+      module.onUnexpectedException("afterByteArrayCtor4 threw", e);
+    }
+    return result;
+  }
+
+  @CallSite.After("byte[] java.lang.String.getBytes()")
+  public static byte[] afterGetBytes(
+      @CallSite.This @Nonnull final String self, @CallSite.Return @Nonnull final byte[] result) {
+    final CodecModule module = InstrumentationBridge.CODEC;
+    try {
+      if (module != null) {
+        module.onStringGetBytes(self, null, result);
+      }
+    } catch (final Throwable e) {
+      module.onUnexpectedException("afterGetBytes threw", e);
+    }
+    return result;
+  }
+
+  @CallSite.After("byte[] java.lang.String.getBytes(java.lang.String)")
+  public static byte[] afterGetBytes(
+      @CallSite.This @Nonnull final String self,
+      @CallSite.Argument @Nullable final String encoding,
+      @CallSite.Return @Nonnull final byte[] result) {
+    final CodecModule module = InstrumentationBridge.CODEC;
+    try {
+      if (module != null) {
+        module.onStringGetBytes(self, encoding, result);
+      }
+    } catch (final Throwable e) {
+      module.onUnexpectedException("afterGetBytes threw", e);
+    }
+    return result;
+  }
+
+  @CallSite.After("byte[] java.lang.String.getBytes(java.nio.charset.Charset)")
+  public static byte[] afterGetBytes(
+      @CallSite.This @Nonnull final String self,
+      @CallSite.Argument @Nullable final Charset encoding,
+      @CallSite.Return @Nonnull final byte[] result) {
+    final CodecModule module = InstrumentationBridge.CODEC;
+    try {
+      if (module != null) {
+        module.onStringGetBytes(self, encoding == null ? null : encoding.name(), result);
+      }
+    } catch (final Throwable e) {
+      module.onUnexpectedException("afterGetBytes threw", e);
+    }
+    return result;
+  }
+
+  @CallSite.After("char[] java.lang.String.toCharArray()")
+  public static char[] afterToCharArray(
+      @CallSite.This @Nonnull final String self, @CallSite.Return @Nonnull final char[] result) {
+    final PropagationModule module = InstrumentationBridge.PROPAGATION;
+    if (module != null) {
+      try {
+        module.taintObjectIfTainted(result, self, true, NOT_MARKED);
+      } catch (final Throwable e) {
+        module.onUnexpectedException("afterToCharArray threw", e);
+      }
+    }
+    return result;
+  }
+}
Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ class TaintedObjectCollection {`
`96`	`96`	`return false`
`97`	`97`	`}`
`98`	`98`	`TaintedObject tobj = obj`
`99`		`- valueMatcher.matches(tobj.get() as String) &&`
	`99`	`+ valueMatcher.matches(tobj.get()) &&`
`100`	`100`	`ranges.every { RangeMatcher rm ->`
`101`	`101`	`tobj.ranges.any { range ->`
`102`	`102`	`rm.matches(range)`