Add support for arrayCmd methods and more smoke tests

Author: jandro996

dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java

@@ -260,7 +260,7 @@ private Flow<Void> onNetworkConnection(RequestContext ctx_, String url) {
     }
   }
 
-  private Flow<Void> onShellCmd(RequestContext ctx_, String command) {
+  private Flow<Void> onShellCmd(RequestContext ctx_, Object command) {
     AppSecRequestContext ctx = ctx_.getData(RequestContextSlot.APPSEC);
     if (ctx == null) {
       return NoopFlow.INSTANCE;

dd-java-agent/instrumentation/java-lang/src/main/java/datadog/trace/instrumentation/java/lang/ShellCmdRaspHelper.java

@@ -26,15 +26,19 @@ private ShellCmdRaspHelper() {
   }
 
   public void beforeShellCmd(@Nonnull final String[] cmdArray) {
-    // TODO
+    shellCmd(cmdArray);
   }
 
   public void beforeShellCmd(@Nonnull final String cmd) {
+    shellCmd(cmd);
+  }
+
+  private void shellCmd(Object cmd) {
     if (!Config.get().isAppSecRaspEnabled()) {
       return;
     }
     try {
-      final BiFunction<RequestContext, String, Flow<Void>> shellCmdCallback =
+      final BiFunction<RequestContext, Object, Flow<Void>> shellCmdCallback =
           AgentTracer.get()
               .getCallbackProvider(RequestContextSlot.APPSEC)
               .getCallback(EVENTS.shellCmd());

dd-java-agent/instrumentation/java-lang/src/test/groovy/datadog/trace/instrumentation/java/lang/ShellCmdRaspHelperForkedTest.groovy

@@ -46,7 +46,6 @@ class ShellCmdRaspHelperForkedTest  extends  AgentTestRunner {
 
   @Override
   protected void configurePreAgent() {
-    injectSysConfig(IastConfig.IAST_ENABLED, 'true')
     injectSysConfig(AppSecConfig.APPSEC_ENABLED, 'true')
     injectSysConfig(AppSecConfig.APPSEC_RASP_ENABLED, 'true')
   }
@@ -67,7 +66,8 @@ class ShellCmdRaspHelperForkedTest  extends  AgentTestRunner {
     1 * listener.apply(reqCtx, expected) >> flow
 
     where:
-    args                                                            | expected
-    ['<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->'] | '<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->'
+    args                 | expected
+    ['cat etc/password'] | 'cat etc/password'
+    [['cat etc/password', 'cat etc/password'] as String[]] | ['cat etc/password', 'cat etc/password']
   }
 }

dd-smoke-tests/appsec/springboot/src/main/java/datadog/smoketest/appsec/springboot/controller/WebController.java

@@ -159,12 +159,46 @@ public ResponseEntity<String> session(final HttpServletRequest request) {
     return new ResponseEntity<>(session.getId(), HttpStatus.OK);
   }
 
+  @PostMapping("/shi/arrayCmd")
+  public String shiArrayCmd(@RequestParam("cmd") String[] arrayCmd) {
+    withProcess(() -> Runtime.getRuntime().exec(arrayCmd));
+    return "EXECUTED";
+  }
+
   @PostMapping("/shi/cmd")
   public String shiCmd(@RequestParam("cmd") String cmd) {
     withProcess(() -> Runtime.getRuntime().exec(cmd));
     return "EXECUTED";
   }
 
+  @PostMapping("/shi/arrayCmdWithParams")
+  public String shiArrayCmdWithParams(
+      @RequestParam("cmd") String[] arrayCmd, @RequestParam("params") String[] params) {
+    withProcess(() -> Runtime.getRuntime().exec(arrayCmd, params));
+    return "EXECUTED";
+  }
+
+  @PostMapping("/shi/cmdWithParams")
+  public String shiCmdWithParams(
+      @RequestParam("cmd") String cmd, @RequestParam("params") String[] params) {
+    withProcess(() -> Runtime.getRuntime().exec(cmd, params));
+    return "EXECUTED";
+  }
+
+  @PostMapping("/shi/arrayCmdWithParamsAndFile")
+  public String shiArrayCmdWithParamsAndFile(
+      @RequestParam("cmd") String[] arrayCmd, @RequestParam("params") String[] params) {
+    withProcess(() -> Runtime.getRuntime().exec(arrayCmd, params, new File("")));
+    return "EXECUTED";
+  }
+
+  @PostMapping("/shi/cmdParamsAndFile")
+  public String shiCmdParamsAndFile(
+      @RequestParam("cmd") String cmd, @RequestParam("params") String[] params) {
+    withProcess(() -> Runtime.getRuntime().exec(cmd, params, new File("")));
+    return "EXECUTED";
+  }
+
   private void withProcess(final Operation<Process> op) {
     Process process = null;
     try {

dd-smoke-tests/appsec/springboot/src/test/groovy/datadog/smoketest/appsec/SpringBootSmokeTest.groovy

@@ -531,8 +531,17 @@ class SpringBootSmokeTest extends AbstractAppSecServerSmokeTest {
 
   void 'rasp blocks on SHI'() {
     when:
-    String url = "http://localhost:${httpPort}/shi/cmd"
-    final body = new FormBody.Builder().add("cmd", "cat etc/password").build()
+    String url = "http://localhost:${httpPort}/shi/"+endpoint
+    def formBuilder = new FormBody.Builder()
+    for (s in cmd) {
+      formBuilder.add("cmd", s)
+    }
+    if (params != null) {
+      for (s in params) {
+        formBuilder.add("params", s)
+      }
+    }
+    final body = formBuilder.build()
     def request = new Request.Builder()
       .url(url)
       .post(body)
@@ -561,6 +570,15 @@ class SpringBootSmokeTest extends AbstractAppSecServerSmokeTest {
       }
     }
     assert trigger != null, 'test trigger not found'
+
+    where:
+    endpoint   | cmd | params
+    'cmd'      | ['cat etc/password'] | null
+    'arrayCmd' | ['cat etc/password', 'cat etc/password'] | null
+    'cmdWithParams'      | ['cat etc/password'] | ['param']
+    'arrayCmdWithParams' | ['cat etc/password', 'cat etc/password'] | ['param']
+    'cmdParamsAndFile'      | ['cat etc/password'] | ['param']
+    'arrayCmdWithParamsAndFile' | ['cat etc/password', 'cat etc/password'] | ['param']
   }
 
 }

internal-api/src/main/java/datadog/trace/api/gateway/Events.java

@@ -313,10 +313,9 @@ public EventType<TriFunction<RequestContext, UserIdCollectionMode, String, Flow<
   @SuppressWarnings("rawtypes")
   private static final EventType SHELL_CMD = new ET<>("shell.cmd", SHELL_CDM_ID);
 
-  /** A I/O network URL */
   @SuppressWarnings("unchecked")
-  public EventType<BiFunction<RequestContext, String, Flow<Void>>> shellCmd() {
-    return (EventType<BiFunction<RequestContext, String, Flow<Void>>>) SHELL_CMD;
+  public EventType<BiFunction<RequestContext, Object, Flow<Void>>> shellCmd() {
+    return (EventType<BiFunction<RequestContext, Object, Flow<Void>>>) SHELL_CMD;
   }
 
   static final int MAX_EVENTS = nextId.get();

internal-api/src/main/java/datadog/trace/api/gateway/InstrumentationGateway.java

@@ -419,7 +419,6 @@ public Flow<Void> apply(RequestContext ctx, String arg) {
       case DATABASE_SQL_QUERY_ID:
       case NETWORK_CONNECTION_ID:
       case FILE_LOADED_ID:
-      case SHELL_CDM_ID:
         return (C)
             new BiFunction<RequestContext, String, Flow<Void>>() {
               @Override
@@ -433,6 +432,20 @@ public Flow<Void> apply(RequestContext ctx, String arg) {
                 }
               }
             };
+      case SHELL_CDM_ID:
+        return (C)
+            new BiFunction<RequestContext, Object, Flow<Void>>() {
+              @Override
+              public Flow<Void> apply(RequestContext ctx, Object arg) {
+                try {
+                  return ((BiFunction<RequestContext, Object, Flow<Void>>) callback)
+                      .apply(ctx, arg);
+                } catch (Throwable t) {
+                  log.warn("Callback for {} threw.", eventType, t);
+                  return Flow.ResultFlow.empty();
+                }
+              }
+            };
       default:
         log.warn("Unwrapped callback for {}", eventType);
         return callback;