Waf upgrade to 1.28.0

Signed-off-by: sezen.leblay <sezen.leblay@datadoghq.com>

Author: sezen-datadog

dd-java-agent/agent-jmxfetch/integrations-core

@@ -14,7 +14,7 @@ dependencies {
   implementation project(':internal-api')
   implementation project(':communication')
   implementation project(':telemetry')
-  implementation group: 'io.sqreen', name: 'libsqreen', version: '16.0.0'
+  implementation group: 'io.sqreen', name: 'libsqreen', version: '17.1.0'
   implementation libs.moshi
 
   testImplementation libs.bytebuddy

dd-java-agent/appsec/build.gradle

@@ -39,9 +39,8 @@
 import com.datadog.ddwaf.exception.InvalidRuleSetException;
 import com.datadog.ddwaf.exception.UnclassifiedWafException;
 import com.squareup.moshi.JsonAdapter;
-import com.squareup.moshi.JsonReader;
-import com.squareup.moshi.JsonWriter;
 import com.squareup.moshi.Moshi;
+import com.squareup.moshi.Types;
 import datadog.remoteconfig.ConfigurationEndListener;
 import datadog.remoteconfig.ConfigurationPoller;
 import datadog.remoteconfig.PollingRateHinter;
@@ -53,7 +52,6 @@
 import datadog.trace.api.ConfigOrigin;
 import datadog.trace.api.ProductActivation;
 import datadog.trace.api.UserIdCollectionMode;
-import datadog.trace.api.telemetry.LogCollector;
 import datadog.trace.api.telemetry.WafMetricCollector;
 import java.io.ByteArrayInputStream;
 import java.io.FileInputStream;
@@ -68,7 +66,6 @@
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.atomic.AtomicBoolean;
-import javax.annotation.Nullable;
 import okio.Okio;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -96,25 +93,10 @@ public class AppSecConfigServiceImpl implements AppSecConfigService {
       new WAFInitializationResultReporter();
   private final WAFStatsReporter statsReporter = new WAFStatsReporter();
 
-  private static final JsonAdapter<Object> ADAPTER =
+  private static final JsonAdapter<Map<String, Object>> ADAPTER =
       new Moshi.Builder()
-          .add(
-              Double.class,
-              new JsonAdapter<Number>() {
-                @Override
-                public Number fromJson(JsonReader reader) throws IOException {
-                  double value = reader.nextDouble();
-                  long longValue = (long) value;
-                  return value % 1 == 0 ? longValue : value;
-                }
-
-                @Override
-                public void toJson(JsonWriter writer, @Nullable Number value) throws IOException {
-                  throw new UnsupportedOperationException();
-                }
-              })
           .build()
-          .adapter(Object.class);
+          .adapter(Types.newParameterizedType(Map.class, String.class, Object.class));
 
   private boolean hasUserWafConfig;
   private boolean defaultConfigActivated;
@@ -309,7 +291,6 @@ private void handleWafUpdateResultReport(String configKey, Map<String, Object> r
       }
 
       // TODO: Send diagnostics via telemetry
-      final LogCollector telemetryLogger = LogCollector.get();
 
       initReporter.setReportForPublication(wafDiagnostics);
       if (wafDiagnostics.rulesetVersion != null
@@ -488,8 +469,7 @@ private static Map<String, Object> loadDefaultWafConfig() throws IOException {
         throw new IOException("Resource " + DEFAULT_CONFIG_LOCATION + " not found");
       }
 
-      Map<String, Object> ret =
-          (Map<String, Object>) ADAPTER.fromJson(Okio.buffer(Okio.source(is)));
+      Map<String, Object> ret = ADAPTER.fromJson(Okio.buffer(Okio.source(is)));
 
       StandardizedLogging._initialConfigSourceAndLibddwafVersion(log, "<bundled config>");
       if (log.isInfoEnabled()) {
@@ -506,8 +486,7 @@ private static Map<String, Object> loadUserWafConfig(Config tracerConfig) throws
       return null;
     }
     try (InputStream is = new FileInputStream(filename)) {
-      Map<String, Object> ret =
-          (Map<String, Object>) ADAPTER.fromJson(Okio.buffer(Okio.source(is)));
+      Map<String, Object> ret = ADAPTER.fromJson(Okio.buffer(Okio.source(is)));
 
       StandardizedLogging._initialConfigSourceAndLibddwafVersion(log, filename);
       if (log.isInfoEnabled()) {

dd-java-agent/appsec/src/main/java/com/datadog/appsec/config/AppSecConfigServiceImpl.java

@@ -34,7 +34,6 @@
 import datadog.trace.api.ProductActivation;
 import datadog.trace.api.ProductTraceSource;
 import datadog.trace.api.gateway.Flow;
-import datadog.trace.api.sampling.PrioritySampling;
 import datadog.trace.api.telemetry.LogCollector;
 import datadog.trace.api.telemetry.WafMetricCollector;
 import datadog.trace.api.time.SystemTimeSource;
@@ -53,7 +52,6 @@
 import java.lang.reflect.UndeclaredThrowableException;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
@@ -81,8 +79,6 @@ public class WAFModule implements AppSecModule {
 
   private static final JsonAdapter<List<WAFResultData>> RES_JSON_ADAPTER;
 
-  private static final Map<String, ActionInfo> DEFAULT_ACTIONS;
-
   private static final String EXPLOIT_DETECTED_MSG = "Exploit detected";
   private boolean init = true;
   private String rulesetVersion;
@@ -118,12 +114,6 @@ private CtxAndAddresses(Collection<Address<?>> addressesOfInterest, WafHandle ct
     Moshi moshi = new Moshi.Builder().build();
     RES_JSON_ADAPTER = moshi.adapter(Types.newParameterizedType(List.class, WAFResultData.class));
 
-    Map<String, Object> actionParams = new HashMap<>();
-    actionParams.put("status_code", 403);
-    actionParams.put("type", "auto");
-    actionParams.put("grpc_status_code", 10);
-    DEFAULT_ACTIONS =
-        Collections.singletonMap("block", new ActionInfo("block_request", actionParams));
     createLimitsObject();
   }
 
@@ -441,9 +431,6 @@ public void onDataAvailable(
         }
       }
 
-      reqCtx.setKeepType(
-          resultWithData.keep ? PrioritySampling.USER_KEEP : PrioritySampling.USER_DROP);
-
       if (resultWithData.attributes != null && !resultWithData.attributes.isEmpty()) {
         reqCtx.reportDerivatives(resultWithData.attributes);
       }

dd-java-agent/appsec/src/main/java/com/datadog/appsec/ddwaf/WAFModule.java

@@ -13,7 +13,6 @@
 import datadog.trace.api.Config;
 import datadog.trace.api.http.StoredBodySupplier;
 import datadog.trace.api.internal.TraceSegment;
-import datadog.trace.api.sampling.PrioritySampling;
 import datadog.trace.util.stacktrace.StackTraceEvent;
 import java.io.Closeable;
 import java.util.*;
@@ -147,7 +146,6 @@ public class AppSecRequestContext implements DataBundle, Closeable {
 
   private volatile boolean keepOpenForApiSecurityPostProcessing;
   private volatile Long apiSecurityEndpointHash;
-  private volatile byte keepType = PrioritySampling.SAMPLER_KEEP;
 
   private static final AtomicIntegerFieldUpdater<AppSecRequestContext> WAF_TIMEOUTS_UPDATER =
       AtomicIntegerFieldUpdater.newUpdater(AppSecRequestContext.class, "wafTimeouts");
@@ -363,14 +361,6 @@ public Long getApiSecurityEndpointHash() {
     return this.apiSecurityEndpointHash;
   }
 
-  public void setKeepType(byte keepType) {
-    this.keepType = keepType;
-  }
-
-  public byte getKeepType() {
-    return this.keepType;
-  }
-
   void addRequestHeader(String name, String value) {
     if (finishedRequestHeaders) {
       throw new IllegalStateException("Request headers were said to be finished before");

dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/AppSecRequestContext.java

@@ -5,7 +5,6 @@
 import static com.datadog.appsec.gateway.AppSecRequestContext.DEFAULT_REQUEST_HEADERS_ALLOW_LIST;
 import static com.datadog.appsec.gateway.AppSecRequestContext.REQUEST_HEADERS_ALLOW_LIST;
 import static com.datadog.appsec.gateway.AppSecRequestContext.RESPONSE_HEADERS_ALLOW_LIST;
-import static datadog.trace.bootstrap.instrumentation.api.Tags.SAMPLING_PRIORITY;
 
 import com.datadog.appsec.AppSecSystem;
 import com.datadog.appsec.api.security.ApiSecuritySampler;
@@ -750,9 +749,6 @@ private NoopFlow onRequestEnded(RequestContext ctx_, IGSpanInfo spanInfo) {
 
       // If detected any events - mark span at appsec.event
       if (!collectedEvents.isEmpty()) {
-        // Set asm keep in case that root span was not available when events are detected
-        traceSeg.setTagTop(Tags.ASM_KEEP, true);
-        traceSeg.setTagTop(SAMPLING_PRIORITY, ctx.getKeepType());
         traceSeg.setTagTop(Tags.PROPAGATED_TRACE_SOURCE, ProductTraceSource.ASM);
         traceSeg.setTagTop("appsec.event", true);
         traceSeg.setTagTop("network.client.ip", ctx.getPeerAddress());