DataDog · NachoEchevarria · Jan 18, 2024 · Nov 3, 2023 · Nov 6, 2023 · Nov 6, 2023
@@ -17,7 +17,7 @@ internal static partial class IastInstrumentedSinksExtensions
     /// The number of members in the enum.
     /// This is a non-distinct count of defined names.
     /// </summary>
-    public const int Length = 17;
+    public const int Length = 18;
 
     /// <summary>
     /// Returns the string representation of the <see cref="Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks"/> value.
@@ -47,6 +47,7 @@ public static string ToStringFast(this Datadog.Trace.Telemetry.Metrics.MetricTag
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing => "vulnerability_type:xcontenttype_header_missing",
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation => "vulnerability_type:trust_boundary_violation",
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing => "vulnerability_type:hsts_header_missing",
+            Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection => "vulnerability_type:header_injection",
             _ => value.ToString(),
         };
 
@@ -77,6 +78,7 @@ public static Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks[]
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing,
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation,
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing,
+            Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection,
         };
 
     /// <summary>
@@ -107,6 +109,7 @@ public static string[] GetNames()
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing),
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation),
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing),
+            nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection),
         };
 
     /// <summary>
@@ -137,5 +140,6 @@ public static string[] GetDescriptions()
             "vulnerability_type:xcontenttype_header_missing",
             "vulnerability_type:trust_boundary_violation",
             "vulnerability_type:hsts_header_missing",
+            "vulnerability_type:header_injection",
         };
 }
@@ -11,7 +11,7 @@
 namespace Datadog.Trace.Telemetry;
 internal partial class MetricsTelemetryCollector
 {
-    private const int CountLength = 329;
+    private const int CountLength = 330;
 
     /// <summary>
     /// Creates the buffer for the <see cref="Datadog.Trace.Telemetry.Metrics.Count" /> values.
@@ -380,7 +380,8 @@ private static AggregatedMetric[] GetCountBuffer()
             new(new[] { "vulnerability_type:xcontenttype_header_missing" }),
             new(new[] { "vulnerability_type:trust_boundary_violation" }),
             new(new[] { "vulnerability_type:hsts_header_missing" }),
-            // request.tainted, index = 328
+            new(new[] { "vulnerability_type:header_injection" }),
+            // request.tainted, index = 329
             new(null),
         };
 
@@ -390,7 +391,7 @@ private static AggregatedMetric[] GetCountBuffer()
     /// It is equal to the cardinality of the tag combinations (or 1 if there are no tags)
     /// </summary>
     private static int[] CountEntryCounts { get; }
-        = new int[]{ 4, 64, 1, 3, 4, 2, 2, 4, 1, 1, 1, 22, 3, 2, 4, 4, 1, 22, 3, 2, 44, 6, 1, 64, 1, 22, 3, 1, 1, 5, 12, 1, 17, 1, };
+        = new int[]{ 4, 64, 1, 3, 4, 2, 2, 4, 1, 1, 1, 22, 3, 2, 4, 4, 1, 22, 3, 2, 44, 6, 1, 64, 1, 22, 3, 1, 1, 5, 12, 1, 18, 1, };
 
     public void RecordCountLogCreated(Datadog.Trace.Telemetry.Metrics.MetricTags.LogLevel tag, int increment = 1)
     {
@@ -582,6 +583,6 @@ public void RecordCountIastExecutedSinks(Datadog.Trace.Telemetry.Metrics.MetricT
 
     public void RecordCountIastRequestTainted(int increment = 1)
     {
-        Interlocked.Add(ref _buffer.Count[328], increment);
+        Interlocked.Add(ref _buffer.Count[329], increment);
     }
 }
@@ -17,7 +17,7 @@ internal static partial class IastInstrumentedSinksExtensions
     /// The number of members in the enum.
     /// This is a non-distinct count of defined names.
     /// </summary>
-    public const int Length = 17;
+    public const int Length = 18;
 
     /// <summary>
     /// Returns the string representation of the <see cref="Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks"/> value.
@@ -47,6 +47,7 @@ public static string ToStringFast(this Datadog.Trace.Telemetry.Metrics.MetricTag
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing => "vulnerability_type:xcontenttype_header_missing",
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation => "vulnerability_type:trust_boundary_violation",
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing => "vulnerability_type:hsts_header_missing",
+            Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection => "vulnerability_type:header_injection",
             _ => value.ToString(),
         };
 
@@ -77,6 +78,7 @@ public static Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks[]
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing,
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation,
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing,
+            Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection,
         };
 
     /// <summary>
@@ -107,6 +109,7 @@ public static string[] GetNames()
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing),
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation),
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing),
+            nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection),
         };
 
     /// <summary>
@@ -137,5 +140,6 @@ public static string[] GetDescriptions()
             "vulnerability_type:xcontenttype_header_missing",
             "vulnerability_type:trust_boundary_violation",
             "vulnerability_type:hsts_header_missing",
+            "vulnerability_type:header_injection",
         };
 }
@@ -11,7 +11,7 @@
 namespace Datadog.Trace.Telemetry;
 internal partial class MetricsTelemetryCollector
 {
-    private const int CountLength = 329;
+    private const int CountLength = 330;
 
     /// <summary>
     /// Creates the buffer for the <see cref="Datadog.Trace.Telemetry.Metrics.Count" /> values.
@@ -380,7 +380,8 @@ private static AggregatedMetric[] GetCountBuffer()
             new(new[] { "vulnerability_type:xcontenttype_header_missing" }),
             new(new[] { "vulnerability_type:trust_boundary_violation" }),
             new(new[] { "vulnerability_type:hsts_header_missing" }),
-            // request.tainted, index = 328
+            new(new[] { "vulnerability_type:header_injection" }),
+            // request.tainted, index = 329
             new(null),
         };
 
@@ -390,7 +391,7 @@ private static AggregatedMetric[] GetCountBuffer()
     /// It is equal to the cardinality of the tag combinations (or 1 if there are no tags)
     /// </summary>
     private static int[] CountEntryCounts { get; }
-        = new int[]{ 4, 64, 1, 3, 4, 2, 2, 4, 1, 1, 1, 22, 3, 2, 4, 4, 1, 22, 3, 2, 44, 6, 1, 64, 1, 22, 3, 1, 1, 5, 12, 1, 17, 1, };
+        = new int[]{ 4, 64, 1, 3, 4, 2, 2, 4, 1, 1, 1, 22, 3, 2, 4, 4, 1, 22, 3, 2, 44, 6, 1, 64, 1, 22, 3, 1, 1, 5, 12, 1, 18, 1, };
 
     public void RecordCountLogCreated(Datadog.Trace.Telemetry.Metrics.MetricTags.LogLevel tag, int increment = 1)
     {
@@ -582,6 +583,6 @@ public void RecordCountIastExecutedSinks(Datadog.Trace.Telemetry.Metrics.MetricT
 
     public void RecordCountIastRequestTainted(int increment = 1)
     {
-        Interlocked.Add(ref _buffer.Count[328], increment);
+        Interlocked.Add(ref _buffer.Count[329], increment);
     }
 }
@@ -17,7 +17,7 @@ internal static partial class IastInstrumentedSinksExtensions
     /// The number of members in the enum.
     /// This is a non-distinct count of defined names.
     /// </summary>
-    public const int Length = 17;
+    public const int Length = 18;
 
     /// <summary>
     /// Returns the string representation of the <see cref="Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks"/> value.
@@ -47,6 +47,7 @@ public static string ToStringFast(this Datadog.Trace.Telemetry.Metrics.MetricTag
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing => "vulnerability_type:xcontenttype_header_missing",
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation => "vulnerability_type:trust_boundary_violation",
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing => "vulnerability_type:hsts_header_missing",
+            Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection => "vulnerability_type:header_injection",
             _ => value.ToString(),
         };
 
@@ -77,6 +78,7 @@ public static Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks[]
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing,
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation,
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing,
+            Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection,
         };
 
     /// <summary>
@@ -107,6 +109,7 @@ public static string[] GetNames()
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing),
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation),
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing),
+            nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection),
         };
 
     /// <summary>
@@ -137,5 +140,6 @@ public static string[] GetDescriptions()
             "vulnerability_type:xcontenttype_header_missing",
             "vulnerability_type:trust_boundary_violation",
             "vulnerability_type:hsts_header_missing",
+            "vulnerability_type:header_injection",
         };
 }
@@ -11,7 +11,7 @@
 namespace Datadog.Trace.Telemetry;
 internal partial class MetricsTelemetryCollector
 {
-    private const int CountLength = 329;
+    private const int CountLength = 330;
 
     /// <summary>
     /// Creates the buffer for the <see cref="Datadog.Trace.Telemetry.Metrics.Count" /> values.
@@ -380,7 +380,8 @@ private static AggregatedMetric[] GetCountBuffer()
             new(new[] { "vulnerability_type:xcontenttype_header_missing" }),
             new(new[] { "vulnerability_type:trust_boundary_violation" }),
             new(new[] { "vulnerability_type:hsts_header_missing" }),
-            // request.tainted, index = 328
+            new(new[] { "vulnerability_type:header_injection" }),
+            // request.tainted, index = 329
             new(null),
         };
 
@@ -390,7 +391,7 @@ private static AggregatedMetric[] GetCountBuffer()
     /// It is equal to the cardinality of the tag combinations (or 1 if there are no tags)
     /// </summary>
     private static int[] CountEntryCounts { get; }
-        = new int[]{ 4, 64, 1, 3, 4, 2, 2, 4, 1, 1, 1, 22, 3, 2, 4, 4, 1, 22, 3, 2, 44, 6, 1, 64, 1, 22, 3, 1, 1, 5, 12, 1, 17, 1, };
+        = new int[]{ 4, 64, 1, 3, 4, 2, 2, 4, 1, 1, 1, 22, 3, 2, 4, 4, 1, 22, 3, 2, 44, 6, 1, 64, 1, 22, 3, 1, 1, 5, 12, 1, 18, 1, };
 
     public void RecordCountLogCreated(Datadog.Trace.Telemetry.Metrics.MetricTags.LogLevel tag, int increment = 1)
     {
@@ -582,6 +583,6 @@ public void RecordCountIastExecutedSinks(Datadog.Trace.Telemetry.Metrics.MetricT
 
     public void RecordCountIastRequestTainted(int increment = 1)
     {
-        Interlocked.Add(ref _buffer.Count[328], increment);
+        Interlocked.Add(ref _buffer.Count[329], increment);
     }
 }
@@ -17,7 +17,7 @@ internal static partial class IastInstrumentedSinksExtensions
     /// The number of members in the enum.
     /// This is a non-distinct count of defined names.
     /// </summary>
-    public const int Length = 17;
+    public const int Length = 18;
 
     /// <summary>
     /// Returns the string representation of the <see cref="Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks"/> value.
@@ -47,6 +47,7 @@ public static string ToStringFast(this Datadog.Trace.Telemetry.Metrics.MetricTag
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing => "vulnerability_type:xcontenttype_header_missing",
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation => "vulnerability_type:trust_boundary_violation",
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing => "vulnerability_type:hsts_header_missing",
+            Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection => "vulnerability_type:header_injection",
             _ => value.ToString(),
         };
 
@@ -77,6 +78,7 @@ public static Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks[]
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing,
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation,
             Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing,
+            Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection,
         };
 
     /// <summary>
@@ -107,6 +109,7 @@ public static string[] GetNames()
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.XContentTypeHeaderMissing),
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.TrustBoundaryViolation),
             nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HstsHeaderMissing),
+            nameof(Datadog.Trace.Telemetry.Metrics.MetricTags.IastInstrumentedSinks.HeaderInjection),
         };
 
     /// <summary>
@@ -137,5 +140,6 @@ public static string[] GetDescriptions()
             "vulnerability_type:xcontenttype_header_missing",
             "vulnerability_type:trust_boundary_violation",
             "vulnerability_type:hsts_header_missing",
+            "vulnerability_type:header_injection",
         };
 }
@@ -11,7 +11,7 @@
 namespace Datadog.Trace.Telemetry;
 internal partial class MetricsTelemetryCollector
 {
-    private const int CountLength = 329;
+    private const int CountLength = 330;
 
     /// <summary>
     /// Creates the buffer for the <see cref="Datadog.Trace.Telemetry.Metrics.Count" /> values.
@@ -380,7 +380,8 @@ private static AggregatedMetric[] GetCountBuffer()
             new(new[] { "vulnerability_type:xcontenttype_header_missing" }),
             new(new[] { "vulnerability_type:trust_boundary_violation" }),
             new(new[] { "vulnerability_type:hsts_header_missing" }),
-            // request.tainted, index = 328
+            new(new[] { "vulnerability_type:header_injection" }),
+            // request.tainted, index = 329
             new(null),
         };
 
@@ -390,7 +391,7 @@ private static AggregatedMetric[] GetCountBuffer()
     /// It is equal to the cardinality of the tag combinations (or 1 if there are no tags)
     /// </summary>
     private static int[] CountEntryCounts { get; }
-        = new int[]{ 4, 64, 1, 3, 4, 2, 2, 4, 1, 1, 1, 22, 3, 2, 4, 4, 1, 22, 3, 2, 44, 6, 1, 64, 1, 22, 3, 1, 1, 5, 12, 1, 17, 1, };
+        = new int[]{ 4, 64, 1, 3, 4, 2, 2, 4, 1, 1, 1, 22, 3, 2, 4, 4, 1, 22, 3, 2, 44, 6, 1, 64, 1, 22, 3, 1, 1, 5, 12, 1, 18, 1, };
 
     public void RecordCountLogCreated(Datadog.Trace.Telemetry.Metrics.MetricTags.LogLevel tag, int increment = 1)
     {
@@ -582,6 +583,6 @@ public void RecordCountIastExecutedSinks(Datadog.Trace.Telemetry.Metrics.MetricT
 
     public void RecordCountIastRequestTainted(int increment = 1)
     {
-        Interlocked.Add(ref _buffer.Count[328], increment);
+        Interlocked.Add(ref _buffer.Count[329], increment);
     }
 }
@@ -96,8 +96,10 @@ private static void AnalyzeCookie(string cookieHeaderValue, IntegrationId integr
     {
         if (!IsExcluded(cookieHeaderValue))
         {
-            var cookieHeader = SetCookieHeaderValue.Parse(cookieHeaderValue);
-            ReportVulnerabilities(integrationId, cookieHeader);
+            if (SetCookieHeaderValue.TryParse(cookieHeaderValue, out var cookieHeader))
+            {
+                ReportVulnerabilities(integrationId, cookieHeader);
+            }
         }
     }