Fix tests related to IAST source values

dd-java-agent/instrumentation/akka-http-10.0/src/iastTest/groovy/datadog/trace/instrumentation/akkahttp/iast/IastAkkaTest.groovy

@@ -13,7 +13,6 @@ import spock.lang.Shared
 import java.nio.charset.StandardCharsets
 
 import static org.hamcrest.Matchers.greaterThan
-import static org.hamcrest.Matchers.nullValue
 
 class IastAkkaTest extends IastRequestTestRunner {
   @Shared
@@ -340,7 +339,7 @@ class IastAkkaTest extends IastRequestTestRunner {
     then:
     toc.hasTaintedObject {
       value 'var1=foo&var1=bar&var2=a+b+c'
-      range 0, 28, source(SourceTypes.REQUEST_QUERY, null, null)
+      range 0, 28, source(SourceTypes.REQUEST_QUERY, null, 'var1=foo&var1=bar&var2=a+b+c')
     }
     toc.hasTaintedObject {
       value 'var1'
@@ -486,14 +485,16 @@ class IastAkkaTest extends IastRequestTestRunner {
   }
 
   void 'json request — #variant variant'() {
+    given:
+    final json =  '''{
+        "var1": "foo",
+        "var2": ["foo2", "foo2"]
+      }'''
+
     when:
     String url = buildUrl "iast/$variant"
     def request = new Builder().url(url).post(
-      RequestBody.create(MediaType.get("application/json"), '''{
-        "var1": "foo",
-        "var2": ["foo2", "foo2"]
-      }'''.getBytes(StandardCharsets.US_ASCII))
-      ).build()
+      RequestBody.create(MediaType.get("application/json"), json.getBytes(StandardCharsets.US_ASCII))).build()
     def response = client.newCall(request).execute()
     def respBody = response.body().string()
 
@@ -505,21 +506,22 @@ class IastAkkaTest extends IastRequestTestRunner {
     def toc = finReqTaintedObjects
 
     then:
+    // source values take the value of the full body as it's converted to string at TaintFutureHelper
     toc.hasTaintedObject {
       value 'var1'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1', nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1', json)
     }
     toc.hasTaintedObject {
       value 'var2'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2', nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2', json)
     }
     toc.hasTaintedObject {
       value 'foo'
-      range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1', nullValue())
+      range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1', json)
     }
     toc.hasTaintedObject {
       value 'foo2'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2', nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2', json)
     }
 
     where:

dd-java-agent/instrumentation/pekko-http-1.0/src/iastTest/groovy/datadog/trace/instrumentation/pekkohttp/iast/IastPekkoTest.groovy

@@ -13,7 +13,6 @@ import spock.lang.Shared
 import java.nio.charset.StandardCharsets
 
 import static org.hamcrest.Matchers.greaterThan
-import static org.hamcrest.Matchers.nullValue
 
 class IastPekkoTest extends IastRequestTestRunner {
   @Shared
@@ -340,7 +339,7 @@ class IastPekkoTest extends IastRequestTestRunner {
     then:
     toc.hasTaintedObject {
       value 'var1=foo&var1=bar&var2=a+b+c'
-      range 0, 28, source(SourceTypes.REQUEST_QUERY, null, null)
+      range 0, 28, source(SourceTypes.REQUEST_QUERY, null, 'var1=foo&var1=bar&var2=a+b+c')
     }
     toc.hasTaintedObject {
       value 'var1'
@@ -486,14 +485,16 @@ class IastPekkoTest extends IastRequestTestRunner {
   }
 
   void 'json request — #variant variant'() {
+    given:
+    final json =  '''{
+        "var1": "foo",
+        "var2": ["foo2", "foo2"]
+      }'''
+
     when:
     String url = buildUrl "iast/$variant"
     def request = new Builder().url(url).post(
-      RequestBody.create(MediaType.get("application/json"), '''{
-        "var1": "foo",
-        "var2": ["foo2", "foo2"]
-      }'''.getBytes(StandardCharsets.US_ASCII))
-      ).build()
+      RequestBody.create(MediaType.get("application/json"), json.getBytes(StandardCharsets.US_ASCII))).build()
     def response = client.newCall(request).execute()
     def respBody = response.body().string()
 
@@ -505,21 +506,22 @@ class IastPekkoTest extends IastRequestTestRunner {
     def toc = finReqTaintedObjects
 
     then:
+    // source values take the value of the full body as it's converted to string at TaintFutureHelper
     toc.hasTaintedObject {
       value 'var1'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1', nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1', json)
     }
     toc.hasTaintedObject {
       value 'var2'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2', nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2', json)
     }
     toc.hasTaintedObject {
       value 'foo'
-      range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1', nullValue())
+      range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1', json)
     }
     toc.hasTaintedObject {
       value 'foo2'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2', nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2', json)
     }
 
     where:

dd-java-agent/instrumentation/spring-webflux-5/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux/server/IastWebFluxTest.groovy

@@ -24,7 +24,6 @@ import org.springframework.web.reactive.config.WebFluxConfigurer
 import java.nio.charset.StandardCharsets
 
 import static org.hamcrest.Matchers.equalToIgnoringCase
-import static org.hamcrest.Matchers.nullValue
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = [Application])
 class IastWebFluxTest extends IastRequestTestRunner {
@@ -275,21 +274,22 @@ class IastWebFluxTest extends IastRequestTestRunner {
     def toc = finReqTaintedObjects
 
     then:
+    // source values take the value of the current object as the body is never converted to a CharSequence
     toc.hasTaintedObject {
       value 'var1'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1',  nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1',  'var1')
     }
     toc.hasTaintedObject {
       value 'var2'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  'var2')
     }
     toc.hasTaintedObject {
       value 'foo'
-      range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1',  nullValue())
+      range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1',  'foo')
     }
     toc.hasTaintedObject {
       value 'foo2'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  'foo2')
     }
   }
 }

dd-java-agent/instrumentation/spring-webflux-6/src/iastTest/groovy/datadog/trace/instrumentation/springwebflux6/server/IastWebFluxTest.groovy

@@ -25,7 +25,6 @@ import org.springframework.web.reactive.config.WebFluxConfigurer
 import java.nio.charset.StandardCharsets
 
 import static org.hamcrest.Matchers.equalToIgnoringCase
-import static org.hamcrest.Matchers.nullValue
 
 @SpringBootTest(
 properties = "spring.main.web-application-type=reactive",
@@ -278,21 +277,22 @@ class IastWebFluxTest extends IastRequestTestRunner {
     def toc = finReqTaintedObjects
 
     then:
+    // source values take the value of the current object as the body is never converted to a CharSequence
     toc.hasTaintedObject {
       value 'var1'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1',  nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var1',  'var1')
     }
     toc.hasTaintedObject {
       value 'var2'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  'var2')
     }
     toc.hasTaintedObject {
       value 'foo'
-      range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1',  nullValue())
+      range 0, 3, source(SourceTypes.REQUEST_BODY, 'var1',  'foo')
     }
     toc.hasTaintedObject {
       value 'foo2'
-      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  nullValue())
+      range 0, 4, source(SourceTypes.REQUEST_BODY, 'var2',  'foo2')
     }
   }
 }