Refactor propagation module to include two different APIs for strings and objects (#6820)

manuel-alvarez-alvarez · web-flow · commit e9eb7825b2da · 2024-04-22T16:12:20.000+02:00
diff --git a/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/PropagationModuleImpl.java b/dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/PropagationModuleImpl.java
diff --git a/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/BaseCodecModuleTest.groovy b/dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/BaseCodecModuleTest.groovy
@@ -25,7 +25,7 @@ abstract class BaseCodecModuleTest extends IastModuleImplTestBase {
     }
   }
 
-  void '#method null or empty'() {
+  void '#method null'() {
     when:
     module.&"$method".call(args.toArray())
 
@@ -35,15 +35,10 @@ abstract class BaseCodecModuleTest extends IastModuleImplTestBase {
     where:
     method              | args
     'onUrlDecode'       | ['test', 'utf-8', null]
-    'onUrlDecode'       | ['test', 'utf-8', '']
     'onStringGetBytes'  | ['test', 'utf-8', null]
-    'onStringGetBytes'  | ['test', 'utf-8', [] as byte[]]
     'onStringFromBytes' | ['test'.bytes, 0, 2, 'utf-8', null]
-    'onStringFromBytes' | ['test'.bytes, 0, 2, 'utf-8', '']
     'onBase64Encode'    | ['test'.bytes, null]
-    'onBase64Encode'    | ['test'.bytes, [] as byte[]]
     'onBase64Decode'    | ['test'.bytes, null]
-    'onBase64Decode'    | ['test'.bytes, [] as byte[]]
   }
 
   void '#method no context'() {
diff --git a/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/IastRequestContextPreparationTrait.groovy b/dd-java-agent/agent-iast/src/testFixtures/groovy/com/datadog/iast/test/IastRequestContextPreparationTrait.groovy
@@ -69,9 +69,14 @@ trait IastRequestContextPreparationTrait {
         return tainted
       }
 
-      private final static Logger LOGGER = LoggerFactory.getLogger("map tainted objects")
-      static {
-        ((ch.qos.logback.classic.Logger) LOGGER).level = ch.qos.logback.classic.Level.DEBUG
+      private final static Logger LOGGER = withLogger("map tainted objects")
+
+      private static Logger withLogger(final String name) {
+        final logger = LoggerFactory.getLogger(name)
+        if (logger instanceof ch.qos.logback.classic.Logger) {
+          ((ch.qos.logback.classic.Logger) logger).level = ch.qos.logback.classic.Level.DEBUG
+        }
+        return logger
       }
 
       private static void logTaint(Object o) {
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/PathMatcherInstrumentation.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/PathMatcherInstrumentation.java
@@ -56,24 +56,23 @@ static void onExit(
         return;
       }
 
+      scala.Tuple1 tuple = (scala.Tuple1) extractions;
+      Object value = tuple._1();
+
       PropagationModule module = InstrumentationBridge.PROPAGATION;
-      if (module == null) {
+      if (module == null || !(value instanceof String)) {
         return;
       }
-
-      scala.Tuple1 tuple = (scala.Tuple1) extractions;
-      Object value = tuple._1();
+      final String stringValue = (String) value;
 
       final IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);
 
       // in the test, 4 instances of PathMatcher$Match are created, all with the same value
-      if (module.isTainted(ctx, value)) {
+      if (module.isTainted(ctx, stringValue)) {
         return;
       }
 
-      if (value instanceof String) {
-        module.taint(ctx, value, SourceTypes.REQUEST_PATH_PARAMETER);
-      }
+      module.taint(ctx, stringValue, SourceTypes.REQUEST_PATH_PARAMETER);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSingleParameterFunction.java b/dd-java-agent/instrumentation/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/iast/helpers/TaintSingleParameterFunction.java
@@ -50,11 +50,11 @@ public Tuple1<Object> apply(Tuple1<Object> v1) {
       while (iterator.hasNext()) {
         Object o = iterator.next();
         if (o instanceof String) {
-          mod.taint(ctx, o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+          mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
         }
       }
     } else if (value instanceof String) {
-      mod.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+      mod.taint(ctx, (String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
     }
 
     return v1;
diff --git a/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/helpers/TaintParametersFunction.java b/dd-java-agent/instrumentation/akka-http-10.2-iast/src/main/java/datadog/trace/instrumentation/akkahttp102/iast/helpers/TaintParametersFunction.java
@@ -41,11 +41,11 @@ public Tuple1<T> apply(Tuple1<T> v1) {
       while (iterator.hasNext()) {
         Object o = iterator.next();
         if (o instanceof String) {
-          mod.taint(ctx, o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+          mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
         }
       }
     } else if (value instanceof String) {
-      mod.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+      mod.taint(ctx, (String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
     }
 
     return v1;
diff --git a/dd-java-agent/instrumentation/java-io/src/main/java/datadog/trace/instrumentation/java/lang/StringReaderCallSite.java b/dd-java-agent/instrumentation/java-io/src/main/java/datadog/trace/instrumentation/java/lang/StringReaderCallSite.java
@@ -18,7 +18,11 @@ public static StringReader afterInit(
       @CallSite.Return @Nonnull final StringReader result) {
     final PropagationModule propagationModule = InstrumentationBridge.PROPAGATION;
     if (propagationModule != null) {
-      propagationModule.taintIfTainted(result, params[0]);
+      try {
+        propagationModule.taintIfTainted(result, params[0]);
+      } catch (Throwable e) {
+        propagationModule.onUnexpectedException("afterInit threw", e);
+      }
     }
     return result;
   }
diff --git a/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringCallSite.java b/dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/StringCallSite.java
@@ -123,7 +123,7 @@ public static String aroundJoin(
     final StringModule module = InstrumentationBridge.STRING;
     if (module != null) {
       try {
-        module.onStringJoin(result, delimiter, copy.toArray(new CharSequence[copy.size()]));
+        module.onStringJoin(result, delimiter, copy.toArray(new CharSequence[0]));
       } catch (final Throwable e) {
         module.onUnexpectedException("afterSubSequence threw", e);
       }
@@ -412,7 +412,7 @@ public static String[] afterSplit(
   public static String[] afterSplitWithLimit(
       @CallSite.This @Nonnull final String self,
       @CallSite.Argument(0) @Nonnull final String regex,
-      @CallSite.Argument(1) @Nonnull final int pos,
+      @CallSite.Argument(1) final int pos,
       @CallSite.Return @Nonnull final String[] result) {
     final StringModule module = InstrumentationBridge.STRING;
     if (module != null) {
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractParamValueExtractorInstrumentation.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractParamValueExtractorInstrumentation.java
@@ -54,7 +54,7 @@ public static void onExit(
         final PropagationModule module = InstrumentationBridge.PROPAGATION;
         if (module != null) {
           IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);
-          module.taint(ctx, result, ThreadLocalSourceType.get(), parameterName);
+          module.taint(ctx, (String) result, ThreadLocalSourceType.get(), parameterName);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractStringReaderAdvice.java b/dd-java-agent/instrumentation/jersey/src/main/java/datadog/trace/instrumentation/jersey/AbstractStringReaderAdvice.java
@@ -21,7 +21,7 @@ public static void onExit(
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
         IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);
-        module.taint(ctx, result, SourceTypes.REQUEST_PARAMETER_VALUE);
+        module.taint(ctx, (String) result, SourceTypes.REQUEST_PARAMETER_VALUE);
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JSONObjectUtilsInstrumentation.java b/dd-java-agent/instrumentation/jose-jwt/src/main/java/datadog/trace/instrumentation/josejwt/JSONObjectUtilsInstrumentation.java
@@ -56,7 +56,7 @@ public static void onEnter(
           if (value instanceof String) {
             // TODO: We could represent this source more accurately, perhaps tracking the original
             // source, or using a special name.
-            module.taint(ctx, value, SourceTypes.REQUEST_HEADER_VALUE, name);
+            module.taint(ctx, (String) value, SourceTypes.REQUEST_HEADER_VALUE, name);
           }
         }
       }
diff --git a/dd-java-agent/instrumentation/org-json/src/main/java/datadog/trace/instrumentation/json/JSONArrayInstrumentation.java b/dd-java-agent/instrumentation/org-json/src/main/java/datadog/trace/instrumentation/json/JSONArrayInstrumentation.java
@@ -14,6 +14,8 @@
 import datadog.trace.api.iast.Propagation;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import net.bytebuddy.asm.Advice;
+import org.json.JSONArray;
+import org.json.JSONObject;
 
 @AutoService(InstrumenterModule.class)
 public class JSONArrayInstrumentation extends InstrumenterModule.Iast
@@ -60,15 +62,18 @@ public static class GetAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
     @Propagation
     public static void afterMethod(@Advice.This Object self, @Advice.Return final Object result) {
-      if (result instanceof Integer
-          || result instanceof Long
-          || result instanceof Double
-          || result instanceof Boolean) {
+      boolean isString = result instanceof String;
+      boolean isJson = !isString && (result instanceof JSONObject || result instanceof JSONArray);
+      if (!isString && !isJson) {
         return;
       }
       final PropagationModule iastModule = InstrumentationBridge.PROPAGATION;
-      if (iastModule != null && result != null && result instanceof String) {
-        iastModule.taintIfTainted(result, self);
+      if (iastModule != null) {
+        if (isString) {
+          iastModule.taintIfTainted((String) result, self);
+        } else {
+          iastModule.taintIfTainted(result, self);
+        }
       }
     }
   }
@@ -77,15 +82,18 @@ public static class OptAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
     @Propagation
     public static void afterMethod(@Advice.This Object self, @Advice.Return final Object result) {
-      if (result instanceof Integer
-          || result instanceof Long
-          || result instanceof Double
-          || result instanceof Boolean) {
+      boolean isString = result instanceof String;
+      boolean isJson = !isString && (result instanceof JSONObject || result instanceof JSONArray);
+      if (!isString && !isJson) {
         return;
       }
       final PropagationModule iastModule = InstrumentationBridge.PROPAGATION;
-      if (iastModule != null && result != null) {
-        iastModule.taintIfTainted(result, self);
+      if (iastModule != null) {
+        if (isString) {
+          iastModule.taintIfTainted((String) result, self);
+        } else {
+          iastModule.taintIfTainted(result, self);
+        }
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/org-json/src/main/java/datadog/trace/instrumentation/json/JSONObjectInstrumentation.java b/dd-java-agent/instrumentation/org-json/src/main/java/datadog/trace/instrumentation/json/JSONObjectInstrumentation.java
@@ -14,6 +14,8 @@
 import datadog.trace.api.iast.Propagation;
 import datadog.trace.api.iast.propagation.PropagationModule;
 import net.bytebuddy.asm.Advice;
+import org.json.JSONArray;
+import org.json.JSONObject;
 
 @AutoService(InstrumenterModule.class)
 public class JSONObjectInstrumentation extends InstrumenterModule.Iast
@@ -62,15 +64,18 @@ public static class GetAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
     @Propagation
     public static void afterMethod(@Advice.This Object self, @Advice.Return final Object result) {
-      if (result instanceof Integer
-          || result instanceof Long
-          || result instanceof Double
-          || result instanceof Boolean) {
+      boolean isString = result instanceof String;
+      boolean isJson = !isString && (result instanceof JSONObject || result instanceof JSONArray);
+      if (!isString && !isJson) {
         return;
       }
       final PropagationModule iastModule = InstrumentationBridge.PROPAGATION;
-      if (iastModule != null && result != null) {
-        iastModule.taintIfTainted(result, self);
+      if (iastModule != null) {
+        if (isString) {
+          iastModule.taintIfTainted((String) result, self);
+        } else {
+          iastModule.taintIfTainted(result, self);
+        }
       }
     }
   }
@@ -79,15 +84,18 @@ public static class OptAdvice {
     @Advice.OnMethodExit(suppress = Throwable.class)
     @Propagation
     public static void afterMethod(@Advice.This Object self, @Advice.Return final Object result) {
-      if (result instanceof Integer
-          || result instanceof Long
-          || result instanceof Double
-          || result instanceof Boolean) {
+      boolean isString = result instanceof String;
+      boolean isJson = !isString && (result instanceof JSONObject || result instanceof JSONArray);
+      if (!isString && !isJson) {
         return;
       }
       final PropagationModule iastModule = InstrumentationBridge.PROPAGATION;
-      if (iastModule != null && result != null) {
-        iastModule.taintIfTainted(result, self);
+      if (iastModule != null) {
+        if (isString) {
+          iastModule.taintIfTainted((String) result, self);
+        } else {
+          iastModule.taintIfTainted(result, self);
+        }
       }
     }
   }
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/PathMatcherInstrumentation.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/PathMatcherInstrumentation.java
@@ -56,24 +56,23 @@ static void onExit(
         return;
       }
 
+      scala.Tuple1 tuple = (scala.Tuple1) extractions;
+      Object value = tuple._1();
+
       PropagationModule module = InstrumentationBridge.PROPAGATION;
-      if (module == null) {
+      if (module == null || !(value instanceof String)) {
         return;
       }
+      final String stringValue = (String) value;
 
-      scala.Tuple1 tuple = (scala.Tuple1) extractions;
-      Object value = tuple._1();
-
-      IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);
+      final IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);
 
       // in the test, 4 instances of PathMatcher$Match are created, all with the same value
-      if (module.isTainted(ctx, value)) {
+      if (module.isTainted(ctx, stringValue)) {
         return;
       }
 
-      if (value instanceof String) {
-        module.taint(ctx, value, SourceTypes.REQUEST_PATH_PARAMETER);
-      }
+      module.taint(ctx, stringValue, SourceTypes.REQUEST_PATH_PARAMETER);
     }
   }
 }
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintParametersFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintParametersFunction.java
@@ -44,11 +44,11 @@ public Tuple1<T> apply(Tuple1<T> v1) {
       while (iterator.hasNext()) {
         Object o = iterator.next();
         if (o instanceof String) {
-          mod.taint(ctx, o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+          mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
         }
       }
     } else if (value instanceof String) {
-      mod.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+      mod.taint(ctx, (String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
     }
 
     return v1;
diff --git a/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintSingleParameterFunction.java b/dd-java-agent/instrumentation/pekko-http-1.0/src/main/java/datadog/trace/instrumentation/pekkohttp/iast/helpers/TaintSingleParameterFunction.java
@@ -51,11 +51,11 @@ public Tuple1<Object> apply(Tuple1<Object> v1) {
       while (iterator.hasNext()) {
         Object o = iterator.next();
         if (o instanceof String) {
-          mod.taint(ctx, o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+          mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
         }
       }
     } else if (value instanceof String) {
-      mod.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+      mod.taint(ctx, (String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
     }
 
     return v1;
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/CookieParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/CookieParamInjectorAdvice.java
@@ -28,11 +28,11 @@ public static void onExit(
           Collection<?> collection = (Collection<?>) result;
           for (Object o : collection) {
             if (o instanceof String) {
-              module.taint(ctx, o, SourceTypes.REQUEST_COOKIE_VALUE, paramName);
+              module.taint(ctx, (String) o, SourceTypes.REQUEST_COOKIE_VALUE, paramName);
             }
           }
         } else {
-          module.taint(ctx, result, SourceTypes.REQUEST_COOKIE_VALUE, paramName);
+          module.taint(ctx, (String) result, SourceTypes.REQUEST_COOKIE_VALUE, paramName);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/FormParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/FormParamInjectorAdvice.java
@@ -28,11 +28,11 @@ public static void onExit(
           Collection<?> collection = (Collection<?>) result;
           for (Object o : collection) {
             if (o instanceof String) {
-              module.taint(ctx, o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+              module.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
             }
           }
         } else {
-          module.taint(ctx, result, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
+          module.taint(ctx, (String) result, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/HeaderParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/HeaderParamInjectorAdvice.java
@@ -23,20 +23,16 @@ public static void onExit(
     if (result instanceof String || result instanceof Collection) {
       final PropagationModule module = InstrumentationBridge.PROPAGATION;
       if (module != null) {
-        try {
-          IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);
-          if (result instanceof Collection) {
-            Collection<?> collection = (Collection<?>) result;
-            for (Object o : collection) {
-              if (o instanceof String) {
-                module.taint(ctx, o, SourceTypes.REQUEST_HEADER_VALUE, paramName);
-              }
+        IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);
+        if (result instanceof Collection) {
+          Collection<?> collection = (Collection<?>) result;
+          for (Object o : collection) {
+            if (o instanceof String) {
+              module.taint(ctx, (String) o, SourceTypes.REQUEST_HEADER_VALUE, paramName);
             }
-          } else {
-            module.taint(ctx, result, SourceTypes.REQUEST_HEADER_VALUE, paramName);
           }
-        } catch (final Throwable e) {
-          module.onUnexpectedException("HeaderParamInjectorAdvice.onExit threw", e);
+        } else {
+          module.taint(ctx, (String) result, SourceTypes.REQUEST_HEADER_VALUE, paramName);
         }
       }
     }
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/PathParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/PathParamInjectorAdvice.java
diff --git a/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/QueryParamInjectorAdvice.java b/dd-java-agent/instrumentation/resteasy-appsec/src/main/java/datadog/trace/instrumentation/resteasy/QueryParamInjectorAdvice.java
diff --git a/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/HttpServletResponseInstrumentation.java b/dd-java-agent/instrumentation/servlet-common/src/main/java/datadog/trace/instrumentation/servlet/HttpServletResponseInstrumentation.java
diff --git a/dd-java-agent/instrumentation/spring-core/src/main/java/datadog/trace/instrumentation/springcore/StreamUtilsInstrumentation.java b/dd-java-agent/instrumentation/spring-core/src/main/java/datadog/trace/instrumentation/springcore/StreamUtilsInstrumentation.java
diff --git a/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/BufferInstrumentation.java b/dd-java-agent/instrumentation/vertx-web-3.4/src/main/java/datadog/trace/instrumentation/vertx_3_4/core/BufferInstrumentation.java
diff --git a/internal-api/src/main/java/datadog/trace/api/iast/propagation/PropagationModule.java b/internal-api/src/main/java/datadog/trace/api/iast/propagation/PropagationModule.java

Original file line number	Diff line number	Diff line change
`@@ -56,24 +56,23 @@ static void onExit(`
`56`	`56`	`return;`
`57`	`57`	`}`
`58`	`58`
	`59`	`+ scala.Tuple1 tuple = (scala.Tuple1) extractions;`
	`60`	`+ Object value = tuple._1();`
	`61`	`+`
`59`	`62`	`PropagationModule module = InstrumentationBridge.PROPAGATION;`
`60`		`- if (module == null) {`
	`63`	`+ if (module == null \|\| !(value instanceof String)) {`
`61`	`64`	`return;`
`62`	`65`	`}`
`63`		`-`
`64`		`- scala.Tuple1 tuple = (scala.Tuple1) extractions;`
`65`		`- Object value = tuple._1();`
	`66`	`+ final String stringValue = (String) value;`
`66`	`67`
`67`	`68`	`final IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);`
`68`	`69`
`69`	`70`	`// in the test, 4 instances of PathMatcher$Match are created, all with the same value`
`70`		`- if (module.isTainted(ctx, value)) {`
	`71`	`+ if (module.isTainted(ctx, stringValue)) {`
`71`	`72`	`return;`
`72`	`73`	`}`
`73`	`74`
`74`		`- if (value instanceof String) {`
`75`		`- module.taint(ctx, value, SourceTypes.REQUEST_PATH_PARAMETER);`
`76`		`- }`
	`75`	`+ module.taint(ctx, stringValue, SourceTypes.REQUEST_PATH_PARAMETER);`
`77`	`76`	`}`
`78`	`77`	`}`
`79`	`78`	`}`
Original file line number	Diff line number	Diff line change
`@@ -50,11 +50,11 @@ public Tuple1<Object> apply(Tuple1<Object> v1) {`
`50`	`50`	`while (iterator.hasNext()) {`
`51`	`51`	`Object o = iterator.next();`
`52`	`52`	`if (o instanceof String) {`
`53`		`- mod.taint(ctx, o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);`
	`53`	`+ mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);`
`54`	`54`	`}`
`55`	`55`	`}`
`56`	`56`	`} else if (value instanceof String) {`
`57`		`- mod.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);`
	`57`	`+ mod.taint(ctx, (String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`return v1;`
Original file line number	Diff line number	Diff line change
`@@ -41,11 +41,11 @@ public Tuple1<T> apply(Tuple1<T> v1) {`
`41`	`41`	`while (iterator.hasNext()) {`
`42`	`42`	`Object o = iterator.next();`
`43`	`43`	`if (o instanceof String) {`
`44`		`- mod.taint(ctx, o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);`
	`44`	`+ mod.taint(ctx, (String) o, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`	`} else if (value instanceof String) {`
`48`		`- mod.taint(ctx, value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);`
	`48`	`+ mod.taint(ctx, (String) value, SourceTypes.REQUEST_PARAMETER_VALUE, paramName);`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`return v1;`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,11 @@ public static StringReader afterInit(`
`18`	`18`	`@CallSite.Return @Nonnull final StringReader result) {`
`19`	`19`	`final PropagationModule propagationModule = InstrumentationBridge.PROPAGATION;`
`20`	`20`	`if (propagationModule != null) {`
`21`		`- propagationModule.taintIfTainted(result, params[0]);`
	`21`	`+ try {`
	`22`	`+ propagationModule.taintIfTainted(result, params[0]);`
	`23`	`+ } catch (Throwable e) {`
	`24`	`+ propagationModule.onUnexpectedException("afterInit threw", e);`
	`25`	`+ }`
`22`	`26`	`}`
`23`	`27`	`return result;`
`24`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public static void onExit(`
`54`	`54`	`final PropagationModule module = InstrumentationBridge.PROPAGATION;`
`55`	`55`	`if (module != null) {`
`56`	`56`	`IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);`
`57`		`- module.taint(ctx, result, ThreadLocalSourceType.get(), parameterName);`
	`57`	`+ module.taint(ctx, (String) result, ThreadLocalSourceType.get(), parameterName);`
`58`	`58`	`}`
`59`	`59`	`}`
`60`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ public static void onExit(`
`21`	`21`	`final PropagationModule module = InstrumentationBridge.PROPAGATION;`
`22`	`22`	`if (module != null) {`
`23`	`23`	`IastContext ctx = reqCtx.getData(RequestContextSlot.IAST);`
`24`		`- module.taint(ctx, result, SourceTypes.REQUEST_PARAMETER_VALUE);`
	`24`	`+ module.taint(ctx, (String) result, SourceTypes.REQUEST_PARAMETER_VALUE);`
`25`	`25`	`}`
`26`	`26`	`}`
`27`	`27`	`}`