feat(appsec): extend RASP callsite coverage to File-argument constructors of FileOutputStream and FileInputStream#11113
Open
feat(appsec): extend RASP callsite coverage to File-argument constructors of FileOutputStream and FileInputStream#11113
Conversation
…ctors Add RASP callsite coverage for File-argument constructors that were previously not instrumented: - FileOutputStream(File) and FileOutputStream(File, boolean): call FileIORaspHelper.INSTANCE.beforeFileWritten(file.getPath()) - FileInputStream(File): call FileIORaspHelper.INSTANCE.beforeFileLoaded(file.getPath()) No IAST changes — the File-based constructors delegate path resolution to the JVM, so IAST taint tracking via the String constructor already covers those code paths at a higher level. Tests added following the existing RASP test pattern.
jandro996
requested review from
PerfectSlayer,
claponcet and
manuel-alvarez-alvarez
and removed request for
a team
Contributor
|
Hi! 👋 Thanks for your pull request! 🎉 To help us review it, please make sure to:
If you need help, please check our contributing guidelines. |
jandro996
added
type: enhancement
BenchmarksStartupParameters
See matching parameters
SummaryFound 1 performance improvements and 0 performance regressions! Performance is the same for 57 metrics, 13 unstable metrics.
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.62.0-SNAPSHOT~4b6352131f, baseline=1.62.0-SNAPSHOT~42f154d2f6
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.055 s) : 0, 1054947
Total [baseline] (8.85 s) : 0, 8850018
Agent [candidate] (1.064 s) : 0, 1064316
Total [candidate] (8.829 s) : 0, 8829473
section iast
Agent [baseline] (1.229 s) : 0, 1229025
Total [baseline] (9.57 s) : 0, 9570462
Agent [candidate] (1.235 s) : 0, 1234753
Total [candidate] (9.562 s) : 0, 9561623
gantt
title insecure-bank - break down per module: candidate=1.62.0-SNAPSHOT~4b6352131f, baseline=1.62.0-SNAPSHOT~42f154d2f6
dateFormat X
axisFormat %s
section tracing
crashtracking [baseline] (1.232 ms) : 0, 1232
crashtracking [candidate] (1.243 ms) : 0, 1243
BytebuddyAgent [baseline] (632.272 ms) : 0, 632272
BytebuddyAgent [candidate] (636.692 ms) : 0, 636692
AgentMeter [baseline] (29.435 ms) : 0, 29435
AgentMeter [candidate] (29.686 ms) : 0, 29686
GlobalTracer [baseline] (248.418 ms) : 0, 248418
GlobalTracer [candidate] (249.902 ms) : 0, 249902
AppSec [baseline] (32.299 ms) : 0, 32299
AppSec [candidate] (32.326 ms) : 0, 32326
Debugger [baseline] (58.935 ms) : 0, 58935
Debugger [candidate] (59.002 ms) : 0, 59002
Remote Config [baseline] (592.546 µs) : 0, 593
Remote Config [candidate] (596.694 µs) : 0, 597
Telemetry [baseline] (8.029 ms) : 0, 8029
Telemetry [candidate] (8.095 ms) : 0, 8095
Flare Poller [baseline] (7.529 ms) : 0, 7529
Flare Poller [candidate] (10.567 ms) : 0, 10567
section iast
crashtracking [baseline] (1.251 ms) : 0, 1251
crashtracking [candidate] (1.236 ms) : 0, 1236
BytebuddyAgent [baseline] (804.124 ms) : 0, 804124
BytebuddyAgent [candidate] (813.417 ms) : 0, 813417
AgentMeter [baseline] (11.451 ms) : 0, 11451
AgentMeter [candidate] (11.431 ms) : 0, 11431
GlobalTracer [baseline] (240.679 ms) : 0, 240679
GlobalTracer [candidate] (238.996 ms) : 0, 238996
IAST [baseline] (26.035 ms) : 0, 26035
IAST [candidate] (30.069 ms) : 0, 30069
AppSec [baseline] (33.802 ms) : 0, 33802
AppSec [candidate] (27.422 ms) : 0, 27422
Debugger [baseline] (58.281 ms) : 0, 58281
Debugger [candidate] (64.224 ms) : 0, 64224
Remote Config [baseline] (541.995 µs) : 0, 542
Remote Config [candidate] (583.211 µs) : 0, 583
Telemetry [baseline] (13.135 ms) : 0, 13135
Telemetry [candidate] (7.857 ms) : 0, 7857
Flare Poller [baseline] (3.492 ms) : 0, 3492
Flare Poller [candidate] (3.41 ms) : 0, 3410
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.62.0-SNAPSHOT~4b6352131f, baseline=1.62.0-SNAPSHOT~42f154d2f6
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.065 s) : 0, 1065169
Total [baseline] (11.222 s) : 0, 11222394
Agent [candidate] (1.058 s) : 0, 1058007
Total [candidate] (11.102 s) : 0, 11101980
section appsec
Agent [baseline] (1.252 s) : 0, 1252160
Total [baseline] (11.229 s) : 0, 11229066
Agent [candidate] (1.27 s) : 0, 1270271
Total [candidate] (10.996 s) : 0, 10996024
section iast
Agent [baseline] (1.23 s) : 0, 1230318
Total [baseline] (11.349 s) : 0, 11349375
Agent [candidate] (1.228 s) : 0, 1228247
Total [candidate] (11.177 s) : 0, 11177277
section profiling
Agent [baseline] (1.187 s) : 0, 1187415
Total [baseline] (11.089 s) : 0, 11088984
Agent [candidate] (1.183 s) : 0, 1183114
Total [candidate] (10.987 s) : 0, 10986584
gantt
title petclinic - break down per module: candidate=1.62.0-SNAPSHOT~4b6352131f, baseline=1.62.0-SNAPSHOT~42f154d2f6
dateFormat X
axisFormat %s
section tracing
crashtracking [baseline] (1.243 ms) : 0, 1243
crashtracking [candidate] (1.222 ms) : 0, 1222
BytebuddyAgent [baseline] (637.785 ms) : 0, 637785
BytebuddyAgent [candidate] (633.474 ms) : 0, 633474
AgentMeter [baseline] (29.918 ms) : 0, 29918
AgentMeter [candidate] (29.456 ms) : 0, 29456
GlobalTracer [baseline] (251.151 ms) : 0, 251151
GlobalTracer [candidate] (249.175 ms) : 0, 249175
AppSec [baseline] (32.362 ms) : 0, 32362
AppSec [candidate] (32.389 ms) : 0, 32389
Debugger [baseline] (60.295 ms) : 0, 60295
Debugger [candidate] (60.038 ms) : 0, 60038
Remote Config [baseline] (660.172 µs) : 0, 660
Remote Config [candidate] (599.721 µs) : 0, 600
Telemetry [baseline] (8.061 ms) : 0, 8061
Telemetry [candidate] (8.044 ms) : 0, 8044
Flare Poller [baseline] (7.527 ms) : 0, 7527
Flare Poller [candidate] (7.47 ms) : 0, 7470
section appsec
crashtracking [baseline] (1.211 ms) : 0, 1211
crashtracking [candidate] (1.239 ms) : 0, 1239
BytebuddyAgent [baseline] (663.369 ms) : 0, 663369
BytebuddyAgent [candidate] (679.403 ms) : 0, 679403
AgentMeter [baseline] (12.037 ms) : 0, 12037
AgentMeter [candidate] (12.056 ms) : 0, 12056
GlobalTracer [baseline] (249.447 ms) : 0, 249447
GlobalTracer [candidate] (250.961 ms) : 0, 250961
IAST [baseline] (24.739 ms) : 0, 24739
IAST [candidate] (24.538 ms) : 0, 24538
AppSec [baseline] (186.208 ms) : 0, 186208
AppSec [candidate] (187.416 ms) : 0, 187416
Debugger [baseline] (66.195 ms) : 0, 66195
Debugger [candidate] (66.165 ms) : 0, 66165
Remote Config [baseline] (614.805 µs) : 0, 615
Remote Config [candidate] (583.296 µs) : 0, 583
Telemetry [baseline] (8.483 ms) : 0, 8483
Telemetry [candidate] (7.922 ms) : 0, 7922
Flare Poller [baseline] (3.551 ms) : 0, 3551
Flare Poller [candidate] (3.509 ms) : 0, 3509
section iast
crashtracking [baseline] (1.229 ms) : 0, 1229
crashtracking [candidate] (1.216 ms) : 0, 1216
BytebuddyAgent [baseline] (806.375 ms) : 0, 806375
BytebuddyAgent [candidate] (807.439 ms) : 0, 807439
AgentMeter [baseline] (11.526 ms) : 0, 11526
AgentMeter [candidate] (11.267 ms) : 0, 11267
GlobalTracer [baseline] (239.312 ms) : 0, 239312
GlobalTracer [candidate] (237.98 ms) : 0, 237980
IAST [baseline] (25.754 ms) : 0, 25754
IAST [candidate] (26.526 ms) : 0, 26526
AppSec [baseline] (32.947 ms) : 0, 32947
AppSec [candidate] (27.625 ms) : 0, 27625
Debugger [baseline] (59.603 ms) : 0, 59603
Debugger [candidate] (65.223 ms) : 0, 65223
Remote Config [baseline] (536.779 µs) : 0, 537
Remote Config [candidate] (513.122 µs) : 0, 513
Telemetry [baseline] (12.766 ms) : 0, 12766
Telemetry [candidate] (7.849 ms) : 0, 7849
Flare Poller [baseline] (3.53 ms) : 0, 3530
Flare Poller [candidate] (3.422 ms) : 0, 3422
section profiling
crashtracking [baseline] (1.187 ms) : 0, 1187
crashtracking [candidate] (1.195 ms) : 0, 1195
BytebuddyAgent [baseline] (693.761 ms) : 0, 693761
BytebuddyAgent [candidate] (691.046 ms) : 0, 691046
AgentMeter [baseline] (9.096 ms) : 0, 9096
AgentMeter [candidate] (9.139 ms) : 0, 9139
GlobalTracer [baseline] (207.218 ms) : 0, 207218
GlobalTracer [candidate] (207.186 ms) : 0, 207186
AppSec [baseline] (32.877 ms) : 0, 32877
AppSec [candidate] (32.726 ms) : 0, 32726
Debugger [baseline] (65.695 ms) : 0, 65695
Debugger [candidate] (65.346 ms) : 0, 65346
Remote Config [baseline] (577.761 µs) : 0, 578
Remote Config [candidate] (573.511 µs) : 0, 574
Telemetry [baseline] (7.801 ms) : 0, 7801
Telemetry [candidate] (7.77 ms) : 0, 7770
Flare Poller [baseline] (3.572 ms) : 0, 3572
Flare Poller [candidate] (3.577 ms) : 0, 3577
ProfilingAgent [baseline] (94.043 ms) : 0, 94043
ProfilingAgent [candidate] (93.472 ms) : 0, 93472
Profiling [baseline] (94.603 ms) : 0, 94603
Profiling [candidate] (94.034 ms) : 0, 94034
LoadParameters
See matching parameters
SummaryFound 1 performance improvements and 1 performance regressions! Performance is the same for 19 metrics, 15 unstable metrics.
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~4b6352131f, baseline=1.62.0-SNAPSHOT~42f154d2f6
dateFormat X
axisFormat %s
section baseline
no_agent (1.237 ms) : 1224, 1249
. : milestone, 1237,
iast (3.333 ms) : 3286, 3380
. : milestone, 3333,
iast_FULL (6.007 ms) : 5946, 6068
. : milestone, 6007,
iast_GLOBAL (3.672 ms) : 3609, 3736
. : milestone, 3672,
profiling (2.249 ms) : 2227, 2272
. : milestone, 2249,
tracing (1.833 ms) : 1818, 1848
. : milestone, 1833,
section candidate
no_agent (1.229 ms) : 1217, 1241
. : milestone, 1229,
iast (3.191 ms) : 3145, 3236
. : milestone, 3191,
iast_FULL (5.999 ms) : 5938, 6060
. : milestone, 5999,
iast_GLOBAL (3.762 ms) : 3699, 3825
. : milestone, 3762,
profiling (2.379 ms) : 2355, 2402
. : milestone, 2379,
tracing (1.92 ms) : 1903, 1936
. : milestone, 1920,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~4b6352131f, baseline=1.62.0-SNAPSHOT~42f154d2f6
dateFormat X
axisFormat %s
section baseline
no_agent (17.985 ms) : 17806, 18164
. : milestone, 17985,
appsec (18.498 ms) : 18313, 18682
. : milestone, 18498,
code_origins (18.073 ms) : 17894, 18252
. : milestone, 18073,
iast (18.15 ms) : 17971, 18329
. : milestone, 18150,
profiling (19.421 ms) : 19224, 19618
. : milestone, 19421,
tracing (17.933 ms) : 17757, 18110
. : milestone, 17933,
section candidate
no_agent (17.985 ms) : 17805, 18165
. : milestone, 17985,
appsec (18.559 ms) : 18373, 18745
. : milestone, 18559,
code_origins (18.085 ms) : 17904, 18267
. : milestone, 18085,
iast (18.43 ms) : 18248, 18613
. : milestone, 18430,
profiling (19.35 ms) : 19154, 19546
. : milestone, 19350,
tracing (18.981 ms) : 18791, 19171
. : milestone, 18981,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~4b6352131f, baseline=1.62.0-SNAPSHOT~42f154d2f6
dateFormat X
axisFormat %s
section baseline
no_agent (1.496 ms) : 1485, 1508
. : milestone, 1496,
appsec (3.836 ms) : 3610, 4062
. : milestone, 3836,
iast (2.281 ms) : 2211, 2350
. : milestone, 2281,
iast_GLOBAL (2.332 ms) : 2262, 2402
. : milestone, 2332,
profiling (2.117 ms) : 2061, 2172
. : milestone, 2117,
tracing (2.104 ms) : 2050, 2159
. : milestone, 2104,
section candidate
no_agent (1.489 ms) : 1477, 1500
. : milestone, 1489,
appsec (3.825 ms) : 3603, 4047
. : milestone, 3825,
iast (2.284 ms) : 2214, 2354
. : milestone, 2284,
iast_GLOBAL (2.33 ms) : 2260, 2400
. : milestone, 2330,
profiling (2.108 ms) : 2053, 2163
. : milestone, 2108,
tracing (2.093 ms) : 2039, 2147
. : milestone, 2093,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~4b6352131f, baseline=1.62.0-SNAPSHOT~42f154d2f6
dateFormat X
axisFormat %s
section baseline
no_agent (14.98 s) : 14980000, 14980000
. : milestone, 14980000,
appsec (14.972 s) : 14972000, 14972000
. : milestone, 14972000,
iast (18.312 s) : 18312000, 18312000
. : milestone, 18312000,
iast_GLOBAL (17.909 s) : 17909000, 17909000
. : milestone, 17909000,
profiling (14.967 s) : 14967000, 14967000
. : milestone, 14967000,
tracing (15.092 s) : 15092000, 15092000
. : milestone, 15092000,
section candidate
no_agent (14.778 s) : 14778000, 14778000
. : milestone, 14778000,
appsec (14.808 s) : 14808000, 14808000
. : milestone, 14808000,
iast (18.597 s) : 18597000, 18597000
. : milestone, 18597000,
iast_GLOBAL (18.292 s) : 18292000, 18292000
. : milestone, 18292000,
profiling (15.328 s) : 15328000, 15328000
. : milestone, 15328000,
tracing (14.981 s) : 14981000, 14981000
. : milestone, 14981000,
|
…, RandomAccessFile, Files.* and FileChannel Extends RASP callsite instrumentation (APPSEC-61874) beyond FileInputStream/FileOutputStream to all remaining Java file I/O APIs that were not covered. No IAST changes. New callsites: - FileReaderCallSite: FileReader(String/File) + Java 11+ Charset variants → beforeFileLoaded - FileWriterCallSite: FileWriter(String/File/boolean) + Java 11+ Charset variants → beforeFileWritten - RandomAccessFileCallSite: RandomAccessFile(String/File, mode) → beforeFileLoaded for "r", both beforeFileLoaded + beforeFileWritten for "rw"/"rws"/"rwd" - FilesCallSite: all Files.* read and write methods (newOutputStream, copy(IS,Path), write, writeString, newBufferedWriter, move, newInputStream, readAllBytes, readAllLines, readString, newBufferedReader, lines) - FileChannelCallSite: FileChannel.open(Path, ...) → fires both read and write callbacks Extended callsites: - PathCallSite: add resolve(Path) and resolveSibling(Path) → beforeFileLoaded - PathsCallSite: add Path.of(String[], URI) (Java 11+) → beforeFileLoaded FileIORaspHelper: add beforeRandomAccessFileOpened(path, mode) helper Relates to #11084 and #11113
Adds a java11Test source set that compiles with --release 11 and runs only on JDK 11+. Tests cover the Java 11-only overloads that were instrumented but previously untestable from Java 8 sources: - FileReader(String/File, Charset) constructors - FileWriter(String/File, Charset[, boolean]) constructors - Files.writeString(Path, CharSequence, [Charset,] OpenOption...) - Files.readString(Path[, Charset]) - Path.of(String, String[]) and Path.of(URI) static methods Build configuration uses ext.java11TestMinJavaVersionForTests so the testJvmConstraints plugin skips the suite on pre-11 JVMs.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 468e83facb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
…tions FileChannel.open() with READ-only options was incorrectly triggering the fileWritten callback, which could cause false positives in the zipslip rule (dog-920-110) when a read-only channel open with a traversal path coincided with a multipart zip upload in the same request. Split beforeOpen into two overload-specific methods so the OpenOption arguments can be inspected at the call site, mirroring the existing pattern in beforeRandomAccessFileOpened. Also fix a latent bug in AdviceGeneratorImpl: .sorted() without a comparator on ArgumentSpecification (which does not implement Comparable) would ClassCastException when an advice method captures a strict subset of a target method's arguments. Fixed with Comparator.comparingInt.
jandro996
commented
Apr 15, 2026
Member
Author
There was a problem hiding this comment.
@manuel-alvarez-alvarez I'm going to move this to a separated PR but I want your thoughts about this before do it
Member
Author
There was a problem hiding this comment.
I've created this PR to fix it
#11130
I've also make changes to avoid the issue in this PR, if we add all the parameters to the callsite it works
… partial-arg path beforeOpenSet previously captured only 2 of 3 arguments, triggering the partial-argument code path in AdviceGeneratorImpl which calls Stream.sorted() without a comparator on ArgumentSpecification (not Comparable). Adding the unused FileAttribute[] third parameter makes the capture complete and sequential, so isPositionalArguments() returns false and the sorted() path is never entered.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What Does This Do
Extends RASP callsite coverage for Java file I/O APIs. All new callsites are RASP-only — no IAST changes, since
File-based andPath-based constructors delegate path resolution to the JVM, and IAST tainttracking via the
Stringconstructors already covers those code paths.New callsites
FileReaderCallSite→beforeFileLoadedFileReader(String),FileReader(File)FileReader(String, Charset),FileReader(File, Charset)(Java 11+)FileWriterCallSite→beforeFileWrittenFileWriter(String),FileWriter(String, boolean),FileWriter(File),FileWriter(File, boolean)FileWriter(String, Charset),FileWriter(String, Charset, boolean),FileWriter(File, Charset),FileWriter(File, Charset, boolean)(Java 11+)RandomAccessFileCallSite→beforeFileLoadedfor mode"r"; bothbeforeFileLoaded+beforeFileWrittenfor"rw"/"rws"/"rwd"RandomAccessFile(String, String),RandomAccessFile(File, String)FilesCallSitebeforeFileWritten:Files.newOutputStream,Files.write(bytes),Files.write(lines, charset),Files.write(lines),Files.newBufferedWriter(path, charset),Files.newBufferedWriter(path),Files.copy(InputStream, Path, ...),Files.moveFiles.writeString(path, seq),Files.writeString(path, seq, charset)beforeFileLoaded:Files.newInputStream,Files.readAllBytes,Files.readAllLines(path, charset),Files.readAllLines(path),Files.newBufferedReader(path, charset),Files.newBufferedReader(path),Files.lines(path, charset),Files.lines(path)Files.readString(path),Files.readString(path, charset)FileChannelCallSite→ bothbeforeFileLoaded+beforeFileWritten(channel mode is determined at runtime, not statically)FileChannel.open(Path, OpenOption[]),FileChannel.open(Path, Set<OpenOption>, FileAttribute[])Extended callsites
FileInputStreamCallSite(extends #11084) — addedFileInputStream(File)→beforeFileLoadedFileOutputStreamCallSite(extends #11084) — addedFileOutputStream(File),FileOutputStream(File, boolean)→beforeFileWrittenPathCallSite— addedPath.resolve(Path),Path.resolveSibling(Path)→beforeFileLoadedPathsCallSite— addedPath.of(String, String[]),Path.of(URI)(Java 11+) →beforeFileLoadedAdditional Notes
Contributor Checklist
type:and (comp:orinst:) labels in addition to any other useful labelsclose,fix, or any linking keywords when referencing an issueUse
solvesinstead, and assign the PR milestone to the issueJira Ticket: APPSEC-61874