Skip to content

Fix IAST VerifyError on custom StreamReader with super call #9075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
smola wants to merge 1 commit into from
Closed

Fix IAST VerifyError on custom StreamReader with super call #9075

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions ...rc/test/groovy/datadog/trace/instrumentation/java/io/InputStreamReaderCallSiteTest.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package datadog.trace.instrumentation.java.io

import datadog.trace.api.iast.InstrumentationBridge
import datadog.trace.api.iast.propagation.PropagationModule
import foo.bar.TestCustomInputStreamReader
import foo.bar.TestInputStreamReaderSuite

import java.nio.charset.Charset
Expand All @@ -27,4 +28,21 @@ class InputStreamReaderCallSiteTest extends BaseIoCallSiteTest{
[new ByteArrayInputStream("test".getBytes())]// Reader input
]
}

void 'test InputStreamReader.<init> with super call and parameter'(){
// XXX: Do not modify the constructor call here. Regression test for APPSEC-58131.
given:
PropagationModule iastModule = Mock(PropagationModule)
InstrumentationBridge.registerIastModule(iastModule)

when:
new TestCustomInputStreamReader(*args)

then:
1 * iastModule.taintObjectIfTainted(_ as InputStreamReader, _ as InputStream)
0 * _

where:
args << [[new ByteArrayInputStream("test".getBytes()), Charset.defaultCharset()],]
}
}
26 changes: 26 additions & 0 deletions dd-java-agent/instrumentation/java-io/src/test/java/foo/bar/TestCustomInputStreamReader.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package foo.bar;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;

public class TestCustomInputStreamReader extends InputStreamReader {

public TestCustomInputStreamReader(final InputStream in) throws IOException {
super(in);
}

public TestCustomInputStreamReader(final InputStream in, final Charset charset)
throws IOException {
// XXX: DO NOT MODIFY THIS CODE. This is testing a very specific error (APPSEC-58131).
// This caused the following error:
// VerifyError: Inconsistent stackmap frames at branch target \d
// Reason: urrent frame's stack size doesn't match stackmap.
// To trigger this, it is necessary to consume an argument after the super call.
super(in, charset);
if (charset != null) {
System.out.println("Using charset: " + charset.name());
}
}
}
Loading