DataDog · vandonr · Oct 29, 2024 · Oct 29, 2024 · Nov 4, 2024 · Nov 5, 2024
@@ -39,6 +39,7 @@
 import datadog.trace.context.TraceScope;
 import datadog.trace.util.PidHelper;
 import datadog.trace.util.Strings;
+import datadog.trace.util.SystemUtils;
 import datadog.trace.util.throwable.FatalAgentMisconfigurationError;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.BufferedReader;
@@ -536,7 +537,7 @@ private Config(final ConfigProvider configProvider, final InstrumenterConfig ins
     this.instrumenterConfig = instrumenterConfig;
     configFileStatus = configProvider.getConfigFileStatus();
     runtimeIdEnabled = configProvider.getBoolean(RUNTIME_ID_ENABLED, true);
-    runtimeVersion = System.getProperty("java.version", "unknown");
+    runtimeVersion = SystemUtils.getPropertyOrDefault("java.version", "unknown");
 
     // Note: We do not want APiKey to be loaded from property for security reasons
     // Note: we do not use defined default here
@@ -3917,7 +3918,7 @@ private static boolean isWindowsOS() {
   }
 
   private static String getEnv(String name) {
-    String value = System.getenv(name);
+    String value = SystemUtils.tryGetEnv(name);
     if (value != null) {
       ConfigCollector.get().put(name, value, ConfigOrigin.ENV);
     }
@@ -3940,7 +3941,7 @@ private static String getProp(String name) {
   }
 
   private static String getProp(String name, String def) {
-    String value = System.getProperty(name, def);
+    String value = SystemUtils.getPropertyOrDefault(name, def);
     if (value != null) {
       ConfigCollector.get().put(name, value, ConfigOrigin.JVM_PROP);
     }
@@ -3956,7 +3957,22 @@ private static String getProp(String name, String def) {
               : ConfigProvider.getInstance(),
           InstrumenterConfig.get());
 
+  private static boolean configErrorsLogged = false;
+
   public static Config get() {
+    // checking if there are errors that we couldn't log earlier to report
+    if (!configErrorsLogged && (SystemUtils.hasEnvError || SystemUtils.hasPropertyError)) {
+      // we want to log once, but if 2 threads end up here it's not a big issue.
+      configErrorsLogged = true;
+      if (SystemUtils.hasEnvError)
+        log.warn(
+            "The Java Security Manager prevented the Datadog Tracer from accessing at least one environment variable. "
+                + "Consider granting AllPermission to the dd-java-agent jar.");
+      if (SystemUtils.hasPropertyError)
+        log.warn(
+            "The Java Security Manager prevented the Datadog Tracer from accessing at least one system property. "
+                + "Consider granting AllPermission to the dd-java-agent jar.");
+    }
     return INSTANCE;
   }
 

@@ -1,6 +1,7 @@
 package datadog.trace.api.env;
 
 import datadog.trace.api.config.GeneralConfig;
+import datadog.trace.util.SystemUtils;
 import de.thetaphi.forbiddenapis.SuppressForbidden;
 import java.io.File;
 import java.util.HashMap;
@@ -40,8 +41,8 @@ static void useFixedEnv(final Map<String, String> props) {
    * autodetection will return either the JAR filename or the java main class.
    */
   private String autodetectServiceName() {
-    String inAas = System.getenv("DD_AZURE_APP_SERVICES");
-    String siteName = System.getenv("WEBSITE_SITE_NAME");
+    String inAas = SystemUtils.tryGetEnv("DD_AZURE_APP_SERVICES");
+    String siteName = SystemUtils.tryGetEnv("WEBSITE_SITE_NAME");
 
     if (("true".equalsIgnoreCase(inAas) || "1".equals(inAas)) && siteName != null) {
       return siteName;
@@ -50,7 +51,7 @@ private String autodetectServiceName() {
     // Besides "sun.java.command" property is not an standard, all main JDKs has set this property.
     // Tested on:
     // - OracleJDK, OpenJDK, AdoptOpenJDK, IBM JDK, Azul Zulu JDK, Amazon Coretto JDK
-    return extractJarOrClass(System.getProperty("sun.java.command"));
+    return extractJarOrClass(SystemUtils.tryGetProperty("sun.java.command"));
   }
 
   @SuppressForbidden

@@ -1,6 +1,7 @@
 package datadog.trace.bootstrap.config.provider;
 
 import datadog.trace.util.Strings;
+import datadog.trace.util.SystemUtils;
 import java.util.Map;
 
 public class AgentArgsInjector {
@@ -21,14 +22,14 @@ public static void injectAgentArgsConfig(Map<String, String> args) {
     }
     for (Map.Entry<String, String> e : args.entrySet()) {
       String propertyName = e.getKey();
-      String existingPropertyValue = System.getProperty(propertyName);
+      String existingPropertyValue = SystemUtils.tryGetProperty(propertyName);
       if (existingPropertyValue != null) {
         // system properties should have higher priority than agent arguments
         continue;
       }
 
       String envVarName = Strings.toEnvVar(propertyName);
-      String envVarValue = System.getenv(envVarName);
+      String envVarValue = SystemUtils.tryGetEnv(envVarName);
       if (envVarValue != null) {
         // env variables should have higher priority than agent arguments
         continue;

@@ -3,12 +3,13 @@
 import static datadog.trace.util.Strings.propertyNameToEnvironmentVariableName;
 
 import datadog.trace.api.ConfigOrigin;
+import datadog.trace.util.SystemUtils;
 
 final class EnvironmentConfigSource extends ConfigProvider.Source {
 
   @Override
   protected String get(String key) {
-    return System.getenv(propertyNameToEnvironmentVariableName(key));
+    return SystemUtils.tryGetEnv(propertyNameToEnvironmentVariableName(key));
   }
 
   @Override

@@ -19,6 +19,7 @@
 import datadog.trace.api.TracePropagationStyle;
 import datadog.trace.api.telemetry.OtelEnvMetricCollector;
 import datadog.trace.util.Strings;
+import datadog.trace.util.SystemUtils;
 import java.io.BufferedInputStream;
 import java.io.File;
 import java.io.FileInputStream;
@@ -186,9 +187,9 @@ private String getDatadogProperty(String sysProp) {
    * <p>Checks system properties and environment variables.
    */
   private static String getProperty(String sysProp) {
-    String value = System.getProperty(sysProp);
+    String value = SystemUtils.tryGetProperty(sysProp);
     if (null == value) {
-      value = System.getenv(Strings.toEnvVar(sysProp));
+      value = SystemUtils.tryGetEnv(Strings.toEnvVar(sysProp));
     }
     return value;
   }

@@ -3,12 +3,13 @@
 import static datadog.trace.util.Strings.propertyNameToSystemPropertyName;
 
 import datadog.trace.api.ConfigOrigin;
+import datadog.trace.util.SystemUtils;
 
 public final class SystemPropertiesConfigSource extends ConfigProvider.Source {
 
   @Override
   protected String get(String key) {
-    return System.getProperty(propertyNameToSystemPropertyName(key));
+    return SystemUtils.tryGetProperty(propertyNameToSystemPropertyName(key));
   }
 
   @Override

@@ -0,0 +1,44 @@
+package datadog.trace.util;
+
+public final class SystemUtils {
+  public static boolean hasEnvError = false;
+  public static boolean hasPropertyError = false;
+
+  // to be templatized with the type of thing we wanted to access and the key
+  private static final String logMessageOnSecurityError =
+      "The Java Security Manager prevented the Datadog Tracer from accessing the {} '{}'. "
+          + "Consider granting AllPermission to the dd-java-agent jar.";
+
+  private SystemUtils() {}
+
+  public static String tryGetEnv(String envVar) {
+    return getEnvOrDefault(envVar, null);
+  }
+
+  public static String getEnvOrDefault(String envVar, String defaultValue) {
+    try {
+      return System.getenv(envVar);
+    } catch (SecurityException e) {
+      hasEnvError = true;
+      return defaultValue;
+    }
+  }
+
+  public static String tryGetProperty(String property) {
+    try {
+      return System.getProperty(property);
+    } catch (SecurityException e) {
+      hasPropertyError = true;
+      return null;
+    }
+  }
+
+  public static String getPropertyOrDefault(String property, String defaultValue) {
+    try {
+      return System.getProperty(property, defaultValue);
+    } catch (SecurityException e) {
+      hasPropertyError = true;
+      return defaultValue;
+    }
+  }
+}