[ASM][IAST] Support manual JSON deserialisation (Newtonsoft.Json) (#5238

) * Add Newtonsoft.Json (non -working yet) * Refactor the tainting proces + add tests * Add the JToken Parse aspect + test * Rename Aspects class + Duck orignal method call * Add integration test * Fix nullability * Fix compilation issue for netfx * Change JSON formatting in ParseTests * Fix a test json format * Refactor NewtonsoftJsonAspects to static constructor
DataDog · Mar 11, 2024 · 2b95f46 · 2b95f46
1 parent 0d511f9
commit 2b95f46
Show file tree

Hide file tree

Showing 17 changed files with 642 additions and 1 deletion.
diff --git a/...net461/Datadog.Trace.SourceGenerators/AspectsDefinitionsGenerator/AspectsDefinitions.g.cs b/...net461/Datadog.Trace.SourceGenerators/AspectsDefinitionsGenerator/AspectsDefinitions.g.cs
@@ -42,6 +42,10 @@ internal static partial class AspectDefinitions
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoDatabase::RunCommandAsync(MongoDB.Driver.Command`1<!!0>,MongoDB.Driver.ReadPreference,System.Threading.CancellationToken)\",\"\",[2],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoCollectionExtensions::Find(MongoDB.Driver.IMongoCollection`1<!!0>,MongoDB.Driver.FilterDefinition`1<!!0>,MongoDB.Driver.FindOptions)\",\"\",[1],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoCollectionExtensions::FindAsync(MongoDB.Driver.IMongoCollection`1<!!0>,MongoDB.Driver.FilterDefinition`1<!!0>,MongoDB.Driver.FindOptions`2<!!0,!!0>,System.Threading.CancellationToken)\",\"\",[2],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
+"[AspectClass(\"Newtonsoft.Json\",[None],Propagation,[])] Datadog.Trace.Iast.Aspects.Newtonsoft.Json.NewtonsoftJsonAspects",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JObject::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseObject(System.String)",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JArray::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseArray(System.String)",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JToken::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseToken(System.String)",
 "[AspectClass(\"System,System.Runtime\",[StringOptimization],Propagation,[])] Datadog.Trace.Iast.Aspects.System.UriAspect",
 "  [AspectCtorReplace(\"System.Uri::.ctor(System.String)\",\"\",[0],[False],[StringLiteral_1],Default,[])] Init(System.String)",
 "  [AspectCtorReplace(\"System.Uri::.ctor(System.Uri,System.String,System.Boolean)\",\"\",[0],[False],[None],Default,[])] Init(System.Uri,System.String,System.Boolean)",

diff --git a/...net6.0/Datadog.Trace.SourceGenerators/AspectsDefinitionsGenerator/AspectsDefinitions.g.cs b/...net6.0/Datadog.Trace.SourceGenerators/AspectsDefinitionsGenerator/AspectsDefinitions.g.cs
@@ -52,6 +52,10 @@ internal static partial class AspectDefinitions
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoDatabase::RunCommandAsync(MongoDB.Driver.Command`1<!!0>,MongoDB.Driver.ReadPreference,System.Threading.CancellationToken)\",\"\",[2],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoCollectionExtensions::Find(MongoDB.Driver.IMongoCollection`1<!!0>,MongoDB.Driver.FilterDefinition`1<!!0>,MongoDB.Driver.FindOptions)\",\"\",[1],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoCollectionExtensions::FindAsync(MongoDB.Driver.IMongoCollection`1<!!0>,MongoDB.Driver.FilterDefinition`1<!!0>,MongoDB.Driver.FindOptions`2<!!0,!!0>,System.Threading.CancellationToken)\",\"\",[2],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
+"[AspectClass(\"Newtonsoft.Json\",[None],Propagation,[])] Datadog.Trace.Iast.Aspects.Newtonsoft.Json.NewtonsoftJsonAspects",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JObject::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseObject(System.String)",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JArray::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseArray(System.String)",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JToken::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseToken(System.String)",
 "[AspectClass(\"System,System.Runtime\",[StringOptimization],Propagation,[])] Datadog.Trace.Iast.Aspects.System.UriAspect",
 "  [AspectCtorReplace(\"System.Uri::.ctor(System.String)\",\"\",[0],[False],[StringLiteral_1],Default,[])] Init(System.String)",
 "  [AspectCtorReplace(\"System.Uri::.ctor(System.Uri,System.String,System.Boolean)\",\"\",[0],[False],[None],Default,[])] Init(System.Uri,System.String,System.Boolean)",

diff --git a/...app3.1/Datadog.Trace.SourceGenerators/AspectsDefinitionsGenerator/AspectsDefinitions.g.cs b/...app3.1/Datadog.Trace.SourceGenerators/AspectsDefinitionsGenerator/AspectsDefinitions.g.cs
@@ -52,6 +52,10 @@ internal static partial class AspectDefinitions
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoDatabase::RunCommandAsync(MongoDB.Driver.Command`1<!!0>,MongoDB.Driver.ReadPreference,System.Threading.CancellationToken)\",\"\",[2],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoCollectionExtensions::Find(MongoDB.Driver.IMongoCollection`1<!!0>,MongoDB.Driver.FilterDefinition`1<!!0>,MongoDB.Driver.FindOptions)\",\"\",[1],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoCollectionExtensions::FindAsync(MongoDB.Driver.IMongoCollection`1<!!0>,MongoDB.Driver.FilterDefinition`1<!!0>,MongoDB.Driver.FindOptions`2<!!0,!!0>,System.Threading.CancellationToken)\",\"\",[2],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
+"[AspectClass(\"Newtonsoft.Json\",[None],Propagation,[])] Datadog.Trace.Iast.Aspects.Newtonsoft.Json.NewtonsoftJsonAspects",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JObject::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseObject(System.String)",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JArray::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseArray(System.String)",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JToken::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseToken(System.String)",
 "[AspectClass(\"System,System.Runtime\",[StringOptimization],Propagation,[])] Datadog.Trace.Iast.Aspects.System.UriAspect",
 "  [AspectCtorReplace(\"System.Uri::.ctor(System.String)\",\"\",[0],[False],[StringLiteral_1],Default,[])] Init(System.String)",
 "  [AspectCtorReplace(\"System.Uri::.ctor(System.Uri,System.String,System.Boolean)\",\"\",[0],[False],[None],Default,[])] Init(System.Uri,System.String,System.Boolean)",

diff --git a/...ard2.0/Datadog.Trace.SourceGenerators/AspectsDefinitionsGenerator/AspectsDefinitions.g.cs b/...ard2.0/Datadog.Trace.SourceGenerators/AspectsDefinitionsGenerator/AspectsDefinitions.g.cs
@@ -52,6 +52,10 @@ internal static partial class AspectDefinitions
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoDatabase::RunCommandAsync(MongoDB.Driver.Command`1<!!0>,MongoDB.Driver.ReadPreference,System.Threading.CancellationToken)\",\"\",[2],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoCollectionExtensions::Find(MongoDB.Driver.IMongoCollection`1<!!0>,MongoDB.Driver.FilterDefinition`1<!!0>,MongoDB.Driver.FindOptions)\",\"\",[1],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
 "  [AspectMethodInsertBefore(\"MongoDB.Driver.IMongoCollectionExtensions::FindAsync(MongoDB.Driver.IMongoCollection`1<!!0>,MongoDB.Driver.FilterDefinition`1<!!0>,MongoDB.Driver.FindOptions`2<!!0,!!0>,System.Threading.CancellationToken)\",\"\",[2],[False],[None],Default,[])] AnalyzeCommand(System.Object)",
+"[AspectClass(\"Newtonsoft.Json\",[None],Propagation,[])] Datadog.Trace.Iast.Aspects.Newtonsoft.Json.NewtonsoftJsonAspects",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JObject::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseObject(System.String)",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JArray::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseArray(System.String)",
+"  [AspectMethodReplace(\"Newtonsoft.Json.Linq.JToken::Parse(System.String)\",\"\",[0],[False],[None],Default,[])] ParseToken(System.String)",
 "[AspectClass(\"System,System.Runtime\",[StringOptimization],Propagation,[])] Datadog.Trace.Iast.Aspects.System.UriAspect",
 "  [AspectCtorReplace(\"System.Uri::.ctor(System.String)\",\"\",[0],[False],[StringLiteral_1],Default,[])] Init(System.String)",
 "  [AspectCtorReplace(\"System.Uri::.ctor(System.Uri,System.String,System.Boolean)\",\"\",[0],[False],[None],Default,[])] Init(System.Uri,System.String,System.Boolean)",

diff --git a/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/ICanParse.cs b/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/ICanParse.cs
@@ -0,0 +1,13 @@
+// <copyright file="ICanParse.cs" company="Datadog">
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc.
+// </copyright>
+
+#nullable enable
+
+namespace Datadog.Trace.Iast.Aspects.Newtonsoft.Json;
+
+internal interface ICanParse
+{
+    object Parse(string json);
+}
diff --git a/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/IJObject.cs b/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/IJObject.cs
@@ -0,0 +1,15 @@
+// <copyright file="IJObject.cs" company="Datadog">
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc.
+// </copyright>
+
+#nullable enable
+
+using System.Collections.Generic;
+
+namespace Datadog.Trace.Iast.Aspects.Newtonsoft.Json;
+
+internal interface IJObject
+{
+    public IEnumerable<object> Properties();
+}
diff --git a/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/IJToken.cs b/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/IJToken.cs
@@ -0,0 +1,13 @@
+// <copyright file="IJToken.cs" company="Datadog">
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc.
+// </copyright>
+
+#nullable enable
+
+namespace Datadog.Trace.Iast.Aspects.Newtonsoft.Json;
+
+internal interface IJToken
+{
+    public JTokenTypeProxy Type { get; }
+}
diff --git a/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/IJValue.cs b/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/IJValue.cs
@@ -0,0 +1,15 @@
+// <copyright file="IJValue.cs" company="Datadog">
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc.
+// </copyright>
+
+#nullable enable
+
+namespace Datadog.Trace.Iast.Aspects.Newtonsoft.Json;
+
+internal interface IJValue
+{
+    object Value { get; } // as an interface because in a struct it would fail with an AmbiguousMatchException
+
+    JTokenTypeProxy Type { get; }
+}
diff --git a/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/JPropertyStruct.cs b/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/JPropertyStruct.cs
@@ -0,0 +1,16 @@
+// <copyright file="JPropertyStruct.cs" company="Datadog">
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc.
+// </copyright>
+
+#nullable enable
+
+using Datadog.Trace.DuckTyping;
+
+namespace Datadog.Trace.Iast.Aspects.Newtonsoft.Json;
+
+[DuckCopy]
+internal struct JPropertyStruct
+{
+    public object Value;
+}
diff --git a/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/JTokenTypeProxy.cs b/tracer/src/Datadog.Trace/Iast/Aspects/Newtonsoft.Json/JTokenTypeProxy.cs
@@ -0,0 +1,101 @@
+// <copyright file="JTokenTypeProxy.cs" company="Datadog">
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache 2 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2017 Datadog, Inc.
+// </copyright>
+
+#nullable enable
+
+namespace Datadog.Trace.Iast.Aspects.Newtonsoft.Json;
+
+internal enum JTokenTypeProxy
+{
+    /// <summary>
+    /// No token type has been set.
+    /// </summary>
+    None = 0,
+
+    /// <summary>
+    /// A JSON object.
+    /// </summary>
+    Object = 1,
+
+    /// <summary>
+    /// A JSON array.
+    /// </summary>
+    Array = 2,
+
+    /// <summary>
+    /// A JSON constructor.
+    /// </summary>
+    Constructor = 3,
+
+    /// <summary>
+    /// A JSON object property.
+    /// </summary>
+    Property = 4,
+
+    /// <summary>
+    /// A comment.
+    /// </summary>
+    Comment = 5,
+
+    /// <summary>
+    /// An integer value.
+    /// </summary>
+    Integer = 6,
+
+    /// <summary>
+    /// A float value.
+    /// </summary>
+    Float = 7,
+
+    /// <summary>
+    /// A string value.
+    /// </summary>
+    String = 8,
+
+    /// <summary>
+    /// A boolean value.
+    /// </summary>
+    Boolean = 9,
+
+    /// <summary>
+    /// A null value.
+    /// </summary>
+    Null = 10,
+
+    /// <summary>
+    /// An undefined value.
+    /// </summary>
+    Undefined = 11,
+
+    /// <summary>
+    /// A date value.
+    /// </summary>
+    Date = 12,
+
+    /// <summary>
+    /// A raw JSON value.
+    /// </summary>
+    Raw = 13,
+
+    /// <summary>
+    /// A collection of bytes value.
+    /// </summary>
+    Bytes = 14,
+
+    /// <summary>
+    /// A Guid value.
+    /// </summary>
+    Guid = 15,
+
+    /// <summary>
+    /// A Uri value.
+    /// </summary>
+    Uri = 16,
+
+    /// <summary>
+    /// A TimeSpan value.
+    /// </summary>
+    TimeSpan = 17
+}