Add server.request.body.filenames AppSec address for Akka HTTP (#11173)

Add server.request.body.filenames support for Akka HTTP

Address review comments: always fire both body and filenames callbacks

- Fire both bodyCallback and filenamesCallback regardless of whether
  one triggers blocking, matching the canonical Tomcat/Liberty pattern.
  Previously, executeCallback threw BlockingException immediately,
  preventing filenamesCallback from running if body was blocked.
- Avoid creating the filenames ArrayList when filenamesCallback is null.
- Extract tryBlock() helper to deduplicate blocking logic shared
  between handleMultipartStrictFormData, handleStrictFormData,
  and executeCallback.

Co-authored-by: devflow.devflow-routing-intake <devflow.devflow-routing-intake@kubernetes.us1.ddbuild.io>

Author: jandro996

dd-java-agent/instrumentation/akka/akka-http/akka-http-10.0/src/baseTest/groovy/AkkaHttpServerInstrumentationTest.groovy

@@ -74,6 +74,11 @@ abstract class AkkaHttpServerInstrumentationTest extends HttpServerTest<AkkaHttp
     true
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    true
+  }
+
   @Override
   boolean testBodyJson() {
     true
@@ -223,6 +228,11 @@ abstract class AkkaHttpServerInstrumentationSyncTest extends AkkaHttpServerInstr
     false
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    false
+  }
+
   @Override
   boolean testBodyJson() {
     false
@@ -283,6 +293,11 @@ class AkkaHttpServerInstrumentationBindAndHandleTest extends AkkaHttpServerInstr
     akkaHttpVersion != '10.0.10'
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    akkaHttpVersion != '10.0.10'
+  }
+
   @Override
   boolean testBodyUrlencoded() {
     akkaHttpVersion != '10.0.10'
@@ -309,6 +324,11 @@ class AkkaHttpServerInstrumentationBindAndHandleAsyncWithRouteAsyncHandlerTest e
     akkaHttpVersion != '10.0.10'
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    akkaHttpVersion != '10.0.10'
+  }
+
   @Override
   boolean testBodyUrlencoded() {
     akkaHttpVersion != '10.0.10'

dd-java-agent/instrumentation/akka/akka-http/akka-http-10.0/src/latestDepTest/groovy/AkkaHttp102ServerInstrumentationTests.groovy

@@ -36,6 +36,11 @@ class AkkaHttp102ServerInstrumentationBindSyncTest extends AkkaHttpServerInstrum
     false
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    false
+  }
+
   @Override
   boolean testBodyJson() {
     false

dd-java-agent/instrumentation/akka/akka-http/akka-http-10.0/src/main/java/datadog/trace/instrumentation/akkahttp/appsec/UnmarshallerHelpers.java

@@ -26,6 +26,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.WeakHashMap;
 import java.util.function.BiFunction;
 import org.slf4j.Logger;
@@ -124,18 +125,10 @@ private static void executeCallback(
     Flow<Void> flow = callback.apply(reqCtx, conv);
     Flow.Action action = flow.getAction();
     if (action instanceof Flow.Action.RequestBlockingAction) {
-      Flow.Action.RequestBlockingAction rba = (Flow.Action.RequestBlockingAction) action;
-      BlockResponseFunction blockResponseFunction = reqCtx.getBlockResponseFunction();
-      if (blockResponseFunction != null) {
-        boolean success =
-            blockResponseFunction.tryCommitBlockingResponse(reqCtx.getTraceSegment(), rba);
-        if (success) {
-          if (blockResponseFunction instanceof AkkaBlockResponseFunction) {
-            AkkaBlockResponseFunction abrf = (AkkaBlockResponseFunction) blockResponseFunction;
-            abrf.setUnmarshallBlock(true);
-          }
-          throw new BlockingException("Blocked request (for " + details + ")");
-        }
+      BlockingException e =
+          tryBlock(reqCtx, (Flow.Action.RequestBlockingAction) action, "for " + details);
+      if (e != null) {
+        throw e;
       }
     }
   }
@@ -199,17 +192,28 @@ private static void handleMultipartStrictFormData(
     }
 
     CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
-    BiFunction<RequestContext, Object, Flow<Void>> callback =
+    BiFunction<RequestContext, Object, Flow<Void>> bodyCallback =
         cbp.getCallback(EVENTS.requestBodyProcessed());
-    if (callback == null) {
+    BiFunction<RequestContext, List<String>, Flow<Void>> filenamesCallback =
+        cbp.getCallback(EVENTS.requestFilesFilenames());
+    if (bodyCallback == null && filenamesCallback == null) {
       return;
     }
 
-    // conversion to map string -> list of string
     java.lang.Iterable<akka.http.javadsl.model.Multipart.FormData.BodyPart.Strict> strictParts =
         st.getStrictParts();
     Map<String, List<String>> conv = new HashMap<>();
+    List<String> filenames = filenamesCallback != null ? new ArrayList<>() : null;
     for (akka.http.javadsl.model.Multipart.FormData.BodyPart.Strict part : strictParts) {
+      Optional<String> filenameOpt = part.getFilename();
+      if (filenames != null && filenameOpt.isPresent() && !filenameOpt.get().isEmpty()) {
+        filenames.add(filenameOpt.get());
+      }
+
+      if (bodyCallback == null) {
+        continue;
+      }
+
       akka.http.javadsl.model.HttpEntity.Strict entity = part.getEntity();
       if (!(entity instanceof HttpEntity.Strict)) {
         continue;
@@ -232,8 +236,33 @@ private static void handleMultipartStrictFormData(
       curStrings.add(s);
     }
 
-    // callback execution
-    executeCallback(reqCtx, callback, conv, "multipartFormDataUnmarshaller");
+    BlockingException pendingBlock = null;
+    if (bodyCallback != null) {
+      Flow<Void> flow = bodyCallback.apply(reqCtx, conv);
+      Flow.Action action = flow.getAction();
+      if (action instanceof Flow.Action.RequestBlockingAction) {
+        pendingBlock =
+            tryBlock(
+                reqCtx,
+                (Flow.Action.RequestBlockingAction) action,
+                "multipartFormDataUnmarshaller");
+      }
+    }
+
+    if (filenamesCallback != null && filenames != null && !filenames.isEmpty()) {
+      Flow<Void> flow = filenamesCallback.apply(reqCtx, filenames);
+      if (pendingBlock == null) {
+        Flow.Action action = flow.getAction();
+        if (action instanceof Flow.Action.RequestBlockingAction) {
+          pendingBlock =
+              tryBlock(reqCtx, (Flow.Action.RequestBlockingAction) action, "multipart file upload");
+        }
+      }
+    }
+
+    if (pendingBlock != null) {
+      throw pendingBlock;
+    }
   }
 
   public static Unmarshaller<HttpEntity, String> transformStringUnmarshaller(
@@ -387,8 +416,13 @@ public static Unmarshaller<HttpEntity, StrictForm> transformStrictFormUnmarshall
   }
 
   private static void handleStrictFormData(StrictForm sf) {
+    CallbackProvider cbp = AgentTracer.get().getCallbackProvider(RequestContextSlot.APPSEC);
+    BiFunction<RequestContext, List<String>, Flow<Void>> filenamesCb =
+        cbp.getCallback(EVENTS.requestFilesFilenames());
+
     Iterator<Tuple2<String, StrictForm.Field>> iterator = sf.fields().iterator();
     Map<String, List<String>> conv = new HashMap<>();
+    List<String> filenames = filenamesCb != null ? new ArrayList<>() : null;
     while (iterator.hasNext()) {
       Tuple2<String, StrictForm.Field> next = iterator.next();
       String fieldName = next._1();
@@ -413,9 +447,15 @@ private static void handleStrictFormData(StrictForm sf) {
         strings.add((String) strictFieldValue);
       } else if (strictFieldValue
           instanceof akka.http.scaladsl.model.Multipart$FormData$BodyPart$Strict) {
-        HttpEntity.Strict sentity =
-            ((akka.http.scaladsl.model.Multipart$FormData$BodyPart$Strict) strictFieldValue)
-                .entity();
+        akka.http.scaladsl.model.Multipart$FormData$BodyPart$Strict bodyPart =
+            (akka.http.scaladsl.model.Multipart$FormData$BodyPart$Strict) strictFieldValue;
+        if (filenames != null) {
+          Optional<String> filenameOpt = bodyPart.getFilename();
+          if (filenameOpt.isPresent() && !filenameOpt.get().isEmpty()) {
+            filenames.add(filenameOpt.get());
+          }
+        }
+        HttpEntity.Strict sentity = bodyPart.entity();
         String s =
             sentity
                 .getData()
@@ -425,7 +465,34 @@ private static void handleStrictFormData(StrictForm sf) {
       }
     }
 
-    handleArbitraryPostData(conv, "HttpEntity -> StrictForm unmarshaller");
+    BlockingException pendingBlock = null;
+    try {
+      handleArbitraryPostData(conv, "HttpEntity -> StrictForm unmarshaller");
+    } catch (BlockingException e) {
+      pendingBlock = e;
+    }
+
+    if (filenamesCb != null && filenames != null && !filenames.isEmpty()) {
+      AgentSpan span = activeSpan();
+      RequestContext reqCtx;
+      if (span != null
+          && (reqCtx = span.getRequestContext()) != null
+          && reqCtx.getData(RequestContextSlot.APPSEC) != null) {
+        Flow<Void> flow = filenamesCb.apply(reqCtx, filenames);
+        if (pendingBlock == null) {
+          Flow.Action action = flow.getAction();
+          if (action instanceof Flow.Action.RequestBlockingAction) {
+            pendingBlock =
+                tryBlock(
+                    reqCtx, (Flow.Action.RequestBlockingAction) action, "multipart file upload");
+          }
+        }
+      }
+    }
+
+    if (pendingBlock != null) {
+      throw pendingBlock;
+    }
   }
 
   private static Object tryConvertingScalaContainers(Object obj, int depth) {
@@ -473,6 +540,22 @@ private static void handleArbitraryPostData(Object o, String source) {
     executeCallback(reqCtx, callback, o, source);
   }
 
+  private static BlockingException tryBlock(
+      RequestContext reqCtx, Flow.Action.RequestBlockingAction rba, String details) {
+    BlockResponseFunction brf = reqCtx.getBlockResponseFunction();
+    if (brf == null) {
+      return null;
+    }
+    boolean success = brf.tryCommitBlockingResponse(reqCtx.getTraceSegment(), rba);
+    if (!success) {
+      return null;
+    }
+    if (brf instanceof AkkaBlockResponseFunction) {
+      ((AkkaBlockResponseFunction) brf).setUnmarshallBlock(true);
+    }
+    return new BlockingException("Blocked request (" + details + ")");
+  }
+
   private static void handleException(Exception e, String logMessage) {
     if (e instanceof BlockingException) {
       throw (BlockingException) e;

dd-java-agent/instrumentation/akka/akka-http/akka-http-10.6/src/test/groovy/AkkaHttp102ServerInstrumentationTests.groovy

@@ -36,6 +36,11 @@ class AkkaHttp102ServerInstrumentationBindSyncTest extends AkkaHttpServerInstrum
     false
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    false
+  }
+
   @Override
   boolean testBodyJson() {
     false

dd-java-agent/instrumentation/akka/akka-http/akka-http-10.6/src/test/groovy/AkkaHttpServerInstrumentationTest.groovy

@@ -75,6 +75,11 @@ abstract class AkkaHttpServerInstrumentationTest extends HttpServerTest<AkkaHttp
     true
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    true
+  }
+
   @Override
   boolean testBodyJson() {
     true
@@ -223,6 +228,11 @@ abstract class AkkaHttpServerInstrumentationSyncTest extends AkkaHttpServerInstr
     false
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    false
+  }
+
   @Override
   boolean testBodyJson() {
     false
@@ -279,6 +289,11 @@ class AkkaHttpServerInstrumentationBindAndHandleTest extends AkkaHttpServerInstr
     true
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    true
+  }
+
   @Override
   boolean testBodyUrlencoded() {
     true
@@ -305,6 +320,11 @@ class AkkaHttpServerInstrumentationBindAndHandleAsyncWithRouteAsyncHandlerTest e
     true
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    true
+  }
+
   @Override
   boolean testBodyUrlencoded() {
     true

dd-java-agent/instrumentation/spring/spring-webmvc/spring-webmvc-3.1/src/latestDepTest/groovy/test/boot/SpringBootBasedTest.groovy

@@ -109,6 +109,11 @@ class SpringBootBasedTest extends HttpServerTest<ConfigurableApplicationContext>
     true
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    true
+  }
+
   @Override
   boolean testBodyJson() {
     true

dd-java-agent/instrumentation/spring/spring-webmvc/spring-webmvc-3.1/src/test/groovy/test/boot/SpringBootBasedTest.groovy

@@ -119,6 +119,11 @@ class SpringBootBasedTest extends HttpServerTest<ConfigurableApplicationContext>
     true
   }
 
+  @Override
+  boolean testBodyFilenames() {
+    true
+  }
+
   @Override
   boolean testBodyJson() {
     true