From 8f3d15afccdab2c75ae42f7848fd5c506ee4cb6d Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Fri, 20 Feb 2026 12:30:39 +0100 Subject: [PATCH 1/2] Enable test for java --- manifests/java.yml | 5 ++++- .../scala/com/datadoghq/akka_http/AppSecRoutes.scala | 2 +- .../src/main/java/com/datadoghq/jersey/MyResource.java | 7 +++++-- .../java/play/app/controllers/AppSecController.scala | 1 + .../src/main/java/com/datadoghq/ratpack/Main.java | 1 + .../src/main/java/com/datadoghq/resteasy/MyResource.java | 7 +++++-- .../com/datadoghq/springbootnative/WebController.java | 7 +++++-- .../java/com/datadoghq/system_tests/springboot/App.java | 9 ++++++--- .../vertx3/src/main/java/com/datadoghq/vertx3/Main.java | 7 +++++-- .../vertx4/src/main/java/com/datadoghq/vertx4/Main.java | 7 +++++-- 10 files changed, 38 insertions(+), 15 deletions(-) diff --git a/manifests/java.yml b/manifests/java.yml index 59858e0e183..e221d99ba4e 100644 --- a/manifests/java.yml +++ b/manifests/java.yml @@ -2243,7 +2243,10 @@ manifest: tests/appsec/test_shell_execution.py::Test_ShellExecution::test_track_shell_exec: irrelevant (No method for shell execution in Java) tests/appsec/test_shell_execution.py::Test_ShellExecution::test_truncate_1st_argument: bug (APPSEC-55672) tests/appsec/test_shell_execution.py::Test_ShellExecution::test_truncate_blank_2nd_argument: bug (APPSEC-55672) - tests/appsec/test_span_tags_headers.py: bug (APPSEC-61286) + tests/appsec/test_span_tags_headers.py: + - weblog_declaration: + "*": v1.60.0-SNAPSHOT + spring-boot-3-native: irrelevant (GraalVM. Tracing support only) tests/appsec/test_suspicious_attacker_blocking.py::Test_Suspicious_Attacker_Blocking: - weblog_declaration: "*": v1.39.0 diff --git a/utils/build/docker/java/akka-http/src/main/scala/com/datadoghq/akka_http/AppSecRoutes.scala b/utils/build/docker/java/akka-http/src/main/scala/com/datadoghq/akka_http/AppSecRoutes.scala index 6a5cf7296d6..a51e67f3e02 100644 --- a/utils/build/docker/java/akka-http/src/main/scala/com/datadoghq/akka_http/AppSecRoutes.scala +++ b/utils/build/docker/java/akka-http/src/main/scala/com/datadoghq/akka_http/AppSecRoutes.scala @@ -46,7 +46,7 @@ object AppSecRoutes { val span = tracer.buildSpan("test-span").start span.setTag("test-tag", "my value") withSpan(span) { - complete("Hello world!\n") + complete(HttpEntity(ContentTypes.`text/plain(UTF-8)`, "Hello world!\n")) } } } ~ diff --git a/utils/build/docker/java/jersey-grizzly2/src/main/java/com/datadoghq/jersey/MyResource.java b/utils/build/docker/java/jersey-grizzly2/src/main/java/com/datadoghq/jersey/MyResource.java index f832aa06b91..e6f63863d1a 100644 --- a/utils/build/docker/java/jersey-grizzly2/src/main/java/com/datadoghq/jersey/MyResource.java +++ b/utils/build/docker/java/jersey-grizzly2/src/main/java/com/datadoghq/jersey/MyResource.java @@ -48,12 +48,15 @@ public class MyResource { private final CryptoExamples cryptoExamples = new CryptoExamples(); @GET - public String hello() { + public Response hello() { var tracer = GlobalTracer.get(); Span span = tracer.buildSpan("test-span").start(); span.setTag("test-tag", "my value"); try { - return "Hello world!\n"; + return Response.ok("Hello world!\n") + .header("Content-Type", "text/plain") + .header("Content-Length", "13") + .build(); } finally { span.finish(); } diff --git a/utils/build/docker/java/play/app/controllers/AppSecController.scala b/utils/build/docker/java/play/app/controllers/AppSecController.scala index 0b773ce1ec1..714356cced4 100644 --- a/utils/build/docker/java/play/app/controllers/AppSecController.scala +++ b/utils/build/docker/java/play/app/controllers/AppSecController.scala @@ -36,6 +36,7 @@ class AppSecController @Inject()(cc: MessagesControllerComponents, ws: WSClient, span.setTag("test-tag", "my value") withSpan(span) { Results.Ok("Hello world!\n") + .withHeaders("Content-Type" -> "text/plain", "Content-Length" -> "13") } } diff --git a/utils/build/docker/java/ratpack/src/main/java/com/datadoghq/ratpack/Main.java b/utils/build/docker/java/ratpack/src/main/java/com/datadoghq/ratpack/Main.java index 3c4c65faaf7..43db8be2adc 100644 --- a/utils/build/docker/java/ratpack/src/main/java/com/datadoghq/ratpack/Main.java +++ b/utils/build/docker/java/ratpack/src/main/java/com/datadoghq/ratpack/Main.java @@ -108,6 +108,7 @@ public static void main(String[] args) throws Exception { Span span = tracer.buildSpan("test-span").start(); span.setTag("test-tag", "my value"); try { + ctx.getResponse().getHeaders().set("Content-Length", "13"); ctx.getResponse().send("text/plain", "Hello world!\n"); } finally { span.finish(); diff --git a/utils/build/docker/java/resteasy-netty3/src/main/java/com/datadoghq/resteasy/MyResource.java b/utils/build/docker/java/resteasy-netty3/src/main/java/com/datadoghq/resteasy/MyResource.java index fbafdb82d48..60681694e5d 100644 --- a/utils/build/docker/java/resteasy-netty3/src/main/java/com/datadoghq/resteasy/MyResource.java +++ b/utils/build/docker/java/resteasy-netty3/src/main/java/com/datadoghq/resteasy/MyResource.java @@ -47,12 +47,15 @@ public class MyResource { private final CryptoExamples cryptoExamples = new CryptoExamples(); @GET - public String hello() { + public Response hello() { var tracer = GlobalTracer.get(); Span span = tracer.buildSpan("test-span").start(); span.setTag("test-tag", "my value"); try { - return "Hello world!\n"; + return Response.ok("Hello world!\n") + .header("Content-Type", "text/plain") + .header("Content-Length", "13") + .build(); } finally { span.finish(); } diff --git a/utils/build/docker/java/spring-boot-3-native/src/main/java/com/datadoghq/springbootnative/WebController.java b/utils/build/docker/java/spring-boot-3-native/src/main/java/com/datadoghq/springbootnative/WebController.java index 8cbbccd24bb..17abb0e05d3 100644 --- a/utils/build/docker/java/spring-boot-3-native/src/main/java/com/datadoghq/springbootnative/WebController.java +++ b/utils/build/docker/java/spring-boot-3-native/src/main/java/com/datadoghq/springbootnative/WebController.java @@ -38,8 +38,11 @@ public class WebController { private static final Logger logger = LoggerFactory.getLogger(App.class); @RequestMapping("/") - String home() { - return "Hello world!\n"; + ResponseEntity home() { + return ResponseEntity.ok() + .contentType(MediaType.TEXT_PLAIN) + .contentLength(13) + .body("Hello world!\n"); } @RequestMapping("/healthcheck") diff --git a/utils/build/docker/java/spring-boot/src/main/java/com/datadoghq/system_tests/springboot/App.java b/utils/build/docker/java/spring-boot/src/main/java/com/datadoghq/system_tests/springboot/App.java index 6b75783ae67..4f24582c605 100644 --- a/utils/build/docker/java/spring-boot/src/main/java/com/datadoghq/system_tests/springboot/App.java +++ b/utils/build/docker/java/spring-boot/src/main/java/com/datadoghq/system_tests/springboot/App.java @@ -147,12 +147,15 @@ public class App { int PRODUCE_CONSUME_THREAD_TIMEOUT = 5000; @RequestMapping("/") - String home(HttpServletResponse response) { + ResponseEntity home() { // open liberty set this header to en-US by default, it breaks the APPSEC-BLOCKING scenario // if a java engineer knows how to remove this? // waiting for that, just set a random value - response.setHeader("Content-Language", "not-set"); - return "Hello world!\n"; + return ResponseEntity.ok() + .contentType(MediaType.TEXT_PLAIN) + .header("Content-Language", "not-set") + .contentLength(13) + .body("Hello world!\n"); } @RequestMapping("/healthcheck") diff --git a/utils/build/docker/java/vertx3/src/main/java/com/datadoghq/vertx3/Main.java b/utils/build/docker/java/vertx3/src/main/java/com/datadoghq/vertx3/Main.java index 9819a3bad6c..fd9b776fef1 100644 --- a/utils/build/docker/java/vertx3/src/main/java/com/datadoghq/vertx3/Main.java +++ b/utils/build/docker/java/vertx3/src/main/java/com/datadoghq/vertx3/Main.java @@ -69,13 +69,16 @@ public static void main(String[] args) { Router router = Router.router(vertx); router.get("/") - .produces("text/plain") .handler(ctx -> { var tracer = GlobalTracer.get(); Span span = tracer.buildSpan("test-span").start(); span.setTag("test-tag", "my value"); try { - ctx.response().setStatusCode(200).end("Hello world!\n"); + ctx.response() + .setStatusCode(200) + .putHeader("Content-Type", "text/plain") + .putHeader("Content-Length", "13") + .end("Hello world!\n"); } finally { span.finish(); } diff --git a/utils/build/docker/java/vertx4/src/main/java/com/datadoghq/vertx4/Main.java b/utils/build/docker/java/vertx4/src/main/java/com/datadoghq/vertx4/Main.java index 3530a5c0fc5..c23225cffd1 100644 --- a/utils/build/docker/java/vertx4/src/main/java/com/datadoghq/vertx4/Main.java +++ b/utils/build/docker/java/vertx4/src/main/java/com/datadoghq/vertx4/Main.java @@ -71,13 +71,16 @@ public static void main(String[] args) { Router router = Router.router(vertx); router.get("/") - .produces("text/plain") .handler(ctx -> { var tracer = GlobalTracer.get(); Span span = tracer.buildSpan("test-span").start(); span.setTag("test-tag", "my value"); try { - ctx.response().setStatusCode(200).end("Hello world!\n"); + ctx.response() + .setStatusCode(200) + .putHeader("Content-Type", "text/plain") + .putHeader("Content-Length", "13") + .end("Hello world!\n"); } finally { span.finish(); } From 94201e57602ce3b9699d20b3b70da14807476e8a Mon Sep 17 00:00:00 2001 From: "alejandro.gonzalez" Date: Wed, 25 Feb 2026 16:36:14 +0100 Subject: [PATCH 2/2] add bugs --- manifests/java.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/manifests/java.yml b/manifests/java.yml index 64d9715e3c1..84fb8073000 100644 --- a/manifests/java.yml +++ b/manifests/java.yml @@ -2247,6 +2247,19 @@ manifest: - weblog_declaration: "*": v1.60.0-SNAPSHOT spring-boot-3-native: irrelevant (GraalVM. Tracing support only) + tests/appsec/test_span_tags_headers.py::Test_Headers_Event_Blocking: + - weblog_declaration: + "*": v1.60.0-SNAPSHOT + akka-http: bug (APPSEC-61447) + play: bug (APPSEC-61447) + ratpack: bug (APPSEC-61447) + resteasy-netty: bug (APPSEC-61447) + spring-boot-3-native: irrelevant (GraalVM. Tracing support only) + spring-boot-jetty: bug (APPSEC-61447) + spring-boot-undertow: bug (APPSEC-61447) + spring-boot-wildfly: bug (APPSEC-61447) + vertx3: bug (APPSEC-61447) + vertx4: bug (APPSEC-61447) tests/appsec/test_suspicious_attacker_blocking.py::Test_Suspicious_Attacker_Blocking: - weblog_declaration: "*": v1.39.0