Enforce size limit on application_monitoring.yaml files (#8789)

* migrate CLIHelper to use a Map, parse system properties in key-vals

* Fix processTemplateVar logic to remove superfluous ':'

* nits: javadocs

* Move writeFileRaw helper to testutils

* Add YamlParser tests

* Revert CLIHelper to use List<String>; lazily load a Map cache for querying key-vals

* reuse logic for adding to the vm args cache

* apply github suggestions

* Move processTemplate yaml helper fns into StableConfigParser, along with tests

* Remove changes to CLIHelper; rely on System.getProperty instead

* optimize: return from processTemplate early if no {{ found

* Add more test coverage to StableConfigParserTest

* Optimize template processing to reduce use of substrings

* Introduce constants for repeated strings

* Change UNDEFINED_VALUE to empty string

* Add log messages for empty environment_variable and process_argument values in template variable

* Remove FileUtils and all its references

* initial file size limit implementation: phase 1 limit only

* Implement file size limit + tests

* remove unrelated changes

* Merge master & remove getMaxFileSizeBytes helper; give MAX_FILE_SIZE_BYTES default access

---------

Co-authored-by: Stuart McCulloch <stuart.mcculloch@datadoghq.com>

Author: mtoffl01

internal-api/src/main/java/datadog/trace/bootstrap/config/provider/StableConfigParser.java

@@ -7,6 +7,7 @@
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Collections;
 import java.util.LinkedHashMap;
@@ -21,6 +22,7 @@ public class StableConfigParser {
 
   private static final String ENVIRONMENT_VARIABLES_PREFIX = "environment_variables['";
   private static final String PROCESS_ARGUMENTS_PREFIX = "process_arguments['";
+  static final int MAX_FILE_SIZE_BYTES = 256 * 1024; // 256 KB in bytes;
   private static final String UNDEFINED_VALUE = "";
 
   /**
@@ -39,7 +41,19 @@ public class StableConfigParser {
    */
   public static StableConfigSource.StableConfig parse(String filePath) throws IOException {
     try {
-      String content = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
+      Path path = Paths.get(filePath);
+
+      // If file is over size limit, drop
+      if (Files.size(path) > MAX_FILE_SIZE_BYTES) {
+        log.warn(
+            "Configuration file {} exceeds max size {} bytes; dropping.",
+            filePath,
+            MAX_FILE_SIZE_BYTES);
+        return StableConfigSource.StableConfig.EMPTY;
+      }
+
+      String content = new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
+
       String processedContent = processTemplate(content);
       Object parsedYaml = YamlParser.parse(processedContent);
       StableConfig data = new StableConfig(parsedYaml);

internal-api/src/test/groovy/datadog/trace/bootstrap/config/provider/StableConfigParserTest.groovy

@@ -184,6 +184,50 @@ apm_configuration_rules:
     Files.delete(filePath)
   }
 
+  def "test file over max size"() {
+    when:
+    Path filePath = Files.createTempFile("testFile_", ".yaml")
+    if (filePath == null) {
+      throw new AssertionError("Failed to create test file")
+    }
+
+    // Create a file with valid contents, but bigger than MAX_FILE_SIZE_BYTES
+    String baseYaml = """
+config_id: 12345
+apm_configuration_default:
+    KEY_ONE: "value_one"
+apm_configuration_rules:
+"""
+    String builderYaml = """
+  - selectors:
+    - origin: language
+      matches: ["Java"]
+      operator: equals
+    configuration:
+      KEY_TWO: "value_two"
+"""
+    String bigYaml = baseYaml
+    while(bigYaml.size() < StableConfigParser.MAX_FILE_SIZE_BYTES) {
+      bigYaml += builderYaml
+    }
+
+    try {
+      Files.write(filePath, bigYaml.getBytes())
+    } catch (IOException e) {
+      throw new AssertionError("Failed to write to file: ${e.message}")
+    }
+
+    StableConfigSource.StableConfig cfg
+    try {
+      cfg = StableConfigParser.parse(filePath.toString())
+    } catch (Exception e) {
+      throw new AssertionError("Failed to parse the file: ${e.message}")
+    }
+
+    then:
+    cfg == StableConfigSource.StableConfig.EMPTY
+  }
+
   def "test processTemplate valid cases"() {
     when:
     if (envKey != null) {