DataDog · smola · Jun 26, 2023 · Jun 21, 2023 · Jun 22, 2023 · Jun 22, 2023
@@ -86,6 +86,8 @@ jobs:
           weblog: spring-boot-wildfly
         - library: java
           weblog: spring-boot-undertow
+        - library: java
+          weblog: spring-boot-payara
         - library: java
           weblog: akka-http
         - library: nodejs
@@ -746,4 +748,4 @@ jobs:
         ./build.sh -i agent
         ./build.sh golang -i weblog
     - name: Run
-      run: ./tests/fuzzer/run.sh
+      run: ./tests/fuzzer/run.sh
@@ -17,6 +17,7 @@
         "spring-boot": "1.1.0",
         "spring-boot-jetty": "1.1.0",
         "spring-boot-openliberty": "1.1.0",
+        "spring-boot-payara": "1.1.0",
         "spring-boot-wildfly": "1.1.0",
         "spring-boot-undertow": "1.1.0",
         "resteasy-netty3": "1.11.0",

@@ -17,6 +17,7 @@
         "spring-boot": "1.7.0",
         "spring-boot-jetty": "1.7.0",
         "spring-boot-openliberty": "1.7.0",
+        "spring-boot-payara": "1.7.0",
         "spring-boot-wildfly": "1.7.0",
         "spring-boot-undertow": "1.7.0",
         "resteasy-netty3": "1.11.0",

@@ -16,6 +16,7 @@
         "spring-boot": "1.1.0",
         "spring-boot-jetty": "1.1.0",
         "spring-boot-openliberty": "1.1.0",
+        "spring-boot-payara": "1.1.0",
         "spring-boot-wildfly": "1.1.0",
         "spring-boot-undertow": "1.1.0",
         "resteasy-netty3": "1.11.0",

@@ -20,6 +20,7 @@
         "spring-boot": "1.1.0",
         "spring-boot-jetty": "1.1.0",
         "spring-boot-openliberty": "1.1.0",
+        "spring-boot-payara": "1.1.0",
         "spring-boot-wildfly": "1.1.0",
         "spring-boot-undertow": "1.1.0",
         "resteasy-netty3": "1.11.0",

@@ -17,6 +17,7 @@
         "spring-boot": "0.108.0",
         "spring-boot-jetty": "0.108.0",
         "spring-boot-openliberty": "0.108.0",
+        "spring-boot-payara": "0.108.0",
         "spring-boot-wildfly": "0.108.0",
         "spring-boot-udertow": "0.108.0",
         "resteasy-netty3": "1.11.0",

@@ -35,6 +35,7 @@ def _expected_location():
         "spring-boot": "0.108.0",
         "spring-boot-jetty": "0.108.0",
         "spring-boot-openliberty": "0.108.0",
+        "spring-boot-payara": "0.108.0",
         "spring-boot-wildfly": "0.108.0",
         "spring-boot-undertow": "0.108.0",
         "resteasy-netty3": "1.11.0",

@@ -17,6 +17,7 @@
         "spring-boot": "1.7.0",
         "spring-boot-jetty": "1.7.0",
         "spring-boot-openliberty": "1.7.0",
+        "spring-boot-payara": "1.7.0",
         "spring-boot-wildfly": "1.7.0",
         "spring-boot-undertow": "1.7.0",
         "vertx3": "1.12.0",

@@ -17,6 +17,7 @@
         "spring-boot": "1.5.0",
         "spring-boot-jetty": "1.5.0",
         "spring-boot-openliberty": "1.5.0",
+        "spring-boot-payara": "1.5.0",
         "spring-boot-wildfly": "1.5.0",
         "spring-boot-undertow": "1.5.0",
         "vertx3": "1.12.0",

@@ -18,6 +18,7 @@
         "spring-boot": "1.5.0",
         "spring-boot-jetty": "1.5.0",
         "spring-boot-openliberty": "1.5.0",
+        "spring-boot-payara": "1.5.0",
         "spring-boot-wildfly": "1.5.0",
         "spring-boot-undertow": "1.5.0",
         "resteasy-netty3": "1.11.0",

@@ -17,6 +17,7 @@
         "spring-boot": "1.5.0",
         "spring-boot-jetty": "1.5.0",
         "spring-boot-openliberty": "1.5.0",
+        "spring-boot-payara": "1.5.0",
         "spring-boot-wildfly": "1.5.0",
         "spring-boot-undertow": "1.5.0",
         "vertx3": "1.12.0",

@@ -18,6 +18,7 @@
         "spring-boot": "1.5.0",
         "spring-boot-jetty": "1.5.0",
         "spring-boot-openliberty": "1.5.0",
+        "spring-boot-payara": "1.5.0",
         "spring-boot-wildfly": "1.5.0",
         "spring-boot-undertow": "1.5.0",
         "resteasy-netty3": "1.11.0",

@@ -17,6 +17,7 @@
         "spring-boot": "1.5.0",
         "spring-boot-jetty": "1.5.0",
         "spring-boot-openliberty": "1.5.0",
+        "spring-boot-payara": "1.5.0",
         "spring-boot-wildfly": "1.5.0",
         "spring-boot-undertow": "1.5.0",
         "vertx3": "1.12.0",

@@ -17,6 +17,7 @@
         "spring-boot": "1.5.0",
         "spring-boot-jetty": "1.5.0",
         "spring-boot-openliberty": "1.5.0",
+        "spring-boot-payara": "1.5.0",
         "spring-boot-wildfly": "1.5.0",
         "spring-boot-undertow": "1.5.0",
         "resteasy-netty3": "1.11.0",

@@ -15,7 +15,8 @@
 @released(dotnet="1.28.6", java="0.87.0", nodejs="2.0.0", php_appsec="0.2.1", python="1.1.0rc2.dev")
 @missing_feature(context.library == "ruby" and context.libddwaf_version is None)
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
-@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.basic
 class Test_Basic:
     """ Detect attacks on raw URI and headers with default rules """

@@ -47,6 +47,7 @@
 @scenarios.appsec_blocking
 @bug(context.library < "[email protected]", reason="Missing handler for default block action")
 @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support")
 @missing_feature(weblog_variant="akka-http", reason="Missing support")
 class Test_BlockingAddresses:
     """Test the addresses supported for blocking"""
@@ -335,6 +336,7 @@ def test_blocking_before(self):
     ruby="1.0.0",
 )
 @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support")
 @missing_feature(weblog_variant="akka-http", reason="Missing support")
 @irrelevant(context.library == "golang" and context.weblog_variant == "net-http")
 @irrelevant(context.library == "ruby" and context.weblog_variant == "rack")
@@ -389,6 +391,7 @@ def test_blocking_before(self):
     java=_released_java_blocking,
 )
 @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support")
 @missing_feature(weblog_variant="akka-http", reason="Missing support")
 @irrelevant(context.library == "golang" and context.weblog_variant == "net-http")
 class Test_Blocking_request_query:
@@ -445,6 +448,7 @@ def test_blocking_before(self):
     java=_released_java_blocking,
 )
 @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support")
 @missing_feature(weblog_variant="akka-http", reason="Missing support")
 @irrelevant(context.library == "golang" and context.weblog_variant == "net-http")
 class Test_Blocking_request_headers:
@@ -501,6 +505,7 @@ def test_blocking_before(self):
     java=_released_java_blocking,
 )
 @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support")
 @missing_feature(weblog_variant="akka-http", reason="Missing support")
 @irrelevant(context.library == "golang" and context.weblog_variant == "net-http")
 class Test_Blocking_request_cookies:
@@ -557,6 +562,7 @@ def test_blocking_before(self):
     ruby="1.0.0",
 )
 @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support")
 @missing_feature(weblog_variant="akka-http", reason="Missing support")
 @irrelevant(library="php", reason="Php does not accept url encoded entries without key")
 class Test_Blocking_request_body:
@@ -628,6 +634,7 @@ def test_blocking_before(self):
     ruby="1.10.0",
 )
 @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support")
 @missing_feature(weblog_variant="akka-http", reason="Missing support")
 @irrelevant(library="php", reason="On php it is not possible change the status code once its header is sent")
 class Test_Blocking_response_status:
@@ -665,6 +672,7 @@ def test_non_blocking(self):
     ruby="1.0.0",
 )
 @missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="Missing support")
 @missing_feature(weblog_variant="akka-http", reason="Missing support")
 @irrelevant(library="php", reason="On php it is not possible change the status code once its header is sent")
 class Test_Blocking_response_headers:

@@ -11,7 +11,7 @@
 if context.library == "cpp":
     pytestmark = pytest.mark.skip("not relevant")
 
-if context.weblog_variant == "akka-http":
+if context.weblog_variant in ("akka-http", "spring-boot-payara"):
     pytestmark = pytest.mark.skip("missing feature: No AppSec support")
 
 

@@ -10,6 +10,9 @@
 if context.library == "cpp":
     pytestmark = pytest.mark.skip("not relevant")
 
+if context.weblog_variant == "spring-boot-payara":
+    pytestmark = pytest.mark.skip("missing feature: No AppSec support")
+
 
 _is_spring_native_weblog = re.fullmatch(r"spring-.+native", context.weblog_variant) is not None
 

@@ -9,7 +9,7 @@
 if context.library == "cpp":
     pytestmark = pytest.mark.skip("not relevant")
 
-if context.weblog_variant == "akka-http":
+if context.weblog_variant in ("akka-http", "spring-boot-payara"):
     pytestmark = pytest.mark.skip("missing feature: No AppSec support")
 
 # get the default log output

@@ -28,7 +28,8 @@
 @released(golang={"gin": "1.37.0", "echo": "1.36.0", "*": "1.34.0"})
 @bug(library="[email protected]", reason="a PR was not included in the release")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
-@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.basic
 class Test_StatusCode:
     """Appsec reports good status code"""
@@ -69,7 +70,8 @@ def check_http_code(span, appsec_data):
 )
 @released(dotnet="1.30.0", java="0.98.1", nodejs="2.0.0", php_appsec="0.3.0", python=PYTHON_RELEASE_GA_1_1)
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
-@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.good
 @missing_feature(
     True, reason="Bug on system test: with the runner on the host, we do not have the real IP from weblog POV"
@@ -116,7 +118,8 @@ def validator(span, appsec_data):
 @flaky(context.library <= "[email protected]")
 @bug(library="[email protected]", reason="a PR was not included in the release")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
-@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.good
 class Test_Info:
     """Environment (production, staging) from DD_ENV variable"""
@@ -152,7 +155,8 @@ def _check_service(span, appsec_data):
 @missing_feature(context.library == "ruby" and context.libddwaf_version is None)
 @bug(library="[email protected]", reason="a PR was not included in the release")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
-@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.good
 class Test_RequestHeaders:
     """Request Headers for IP resolution"""
@@ -190,6 +194,7 @@ def test_http_request_headers(self):
 
 
 @coverage.basic
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
 class Test_TagsFromRule:
     """Tags (Category & event type) from the rule"""
@@ -210,6 +215,7 @@ def test_basic(self):
 
 
 @coverage.basic
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
 class Test_AttackTimestamp:
     """Attack timestamp"""

@@ -28,6 +28,7 @@
 @released(nodejs="2.0.0", php_appsec="0.1.0", ruby="0.54.2")
 @bug(library="[email protected]", reason="a PR was not included in the release")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
 @missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.good
 class Test_RetainTraces:
@@ -73,7 +74,8 @@ def validate_appsec_event_span_tags(span):
 @released(dotnet="1.29.0", java="0.104.0", nodejs="2.0.0")
 @released(php_appsec="0.1.0", python="0.58.5", ruby="0.54.2")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
-@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.good
 class Test_AppSecEventSpanTags:
     """AppSec correctly fill span tags."""
@@ -168,7 +170,8 @@ def validator(span):
 @released(golang="1.38.0", dotnet="2.7.0", java="0.113.0", nodejs="2.6.0")
 @released(php_appsec="0.3.0", python=PYTHON_RELEASE_GA_1_1, ruby="1.0.0")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
-@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.good
 class Test_AppSecObfuscator:
     """AppSec obfuscates sensitive data."""
@@ -332,7 +335,8 @@ def validate_appsec_span_tags(span, appsec_data):  # pylint: disable=unused-argu
 @released(golang="1.37.0" if context.weblog_variant == "gin" else "1.36.2")
 @released(nodejs="2.0.0", java="0.102.0")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
-@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.good
 class Test_CollectRespondHeaders:
     """AppSec should collect some headers for http.response and store them in span tags."""

@@ -23,7 +23,7 @@
 if context.library == "cpp":
     pytestmark = pytest.mark.skip("not relevant")
 
-if context.weblog_variant == "akka-http":
+if context.weblog_variant in ("akka-http", "spring-boot-payara"):
     pytestmark = pytest.mark.skip("missing feature: No AppSec support")
 
 

@@ -8,7 +8,7 @@
 if context.library == "cpp":
     pytestmark = pytest.mark.skip("not relevant")
 
-if context.weblog_variant == "akka-http":
+if context.weblog_variant in ("akka-http", "spring-boot-payara"):
     pytestmark = pytest.mark.skip("missing feature: No AppSec support")
 
 _CUR_DIR = os.path.dirname(os.path.abspath(__file__))

@@ -11,7 +11,7 @@
 if context.library == "cpp":
     pytestmark = pytest.mark.skip("not relevant")
 
-if context.weblog_variant == "akka-http":
+if context.weblog_variant in ("akka-http", "spring-boot-payara"):
     pytestmark = pytest.mark.skip("missing feature: No AppSec support")
 
 

@@ -13,7 +13,7 @@
 if context.library == "cpp":
     pytestmark = pytest.mark.skip("not relevant")
 
-if context.weblog_variant == "akka-http":
+if context.weblog_variant in ("akka-http", "spring-boot-payara"):
     pytestmark = pytest.mark.skip("missing feature: No AppSec support")
 
 

@@ -13,7 +13,7 @@
 if context.library == "cpp":
     pytestmark = pytest.mark.skip("not relevant")
 
-if context.weblog_variant == "akka-http":
+if context.weblog_variant in ("akka-http", "spring-boot-payara"):
     pytestmark = pytest.mark.skip("missing feature: No AppSec support")
 
 

@@ -75,6 +75,13 @@
         "spring.handler": "spring-web-controller",
         "servlet.response": "java-web-servlet-response",
     },
+    "spring-boot-payara": {
+        "servlet.request": "java-web-servlet",
+        "hsqldb.query": "java-jdbc-statement",
+        "servlet.forward": "java-web-servlet-dispatcher",
+        "spring.handler": "spring-web-controller",
+        "servlet.response": "java-web-servlet-response",
+    },
     "resteasy-netty3": {"netty.request": ["netty", "jax-rs"], "jax-rs.request": "jax-rs-controller",},
     "akka-http": "akka-http-server",
     "rails": {

@@ -31,6 +31,7 @@ def setup_method_trace(self):
         self.trace_request = weblog.trace("/waf", data=None)
 
     @irrelevant(library="php", reason="Trace method does not reach php-land")
+    @bug(weblog_variant="spring-boot-payara", reason="This weblog variant is currently not accepting TRACE")
     def test_method_trace(self):
         interfaces.library.add_span_tag_validation(request=self.trace_request, tags={"http.method": "TRACE"})
 
@@ -174,7 +175,8 @@ def test_route(self):
 @released(dotnet="2.26.0", golang="1.46.0", java="0.114.0")
 @released(nodejs="3.6.0", php_appsec="0.4.4", python="1.5.0", ruby="1.10.1")
 @missing_feature(weblog_variant="akka-http", reason="No AppSec support")
-@missing_feature(context.weblog_variant == "spring-boot-3-native", reason="GraalVM. Tracing support only")
+@missing_feature(weblog_variant="spring-boot-payara", reason="No AppSec support")
+@missing_feature(weblog_variant="spring-boot-3-native", reason="GraalVM. Tracing support only")
 @coverage.basic
 class Test_StandardTagsClientIp:
     """Tests to verify that libraries annotate spans with correct http.client_ip tags"""

@@ -0,0 +1,4 @@
+#!/bin/sh
+set -eu
+# shellcheck disable=SC2086
+exec java -Xmx362m -javaagent:/app/dd-java-agent.jar -jar /app/payara-micro.jar --deploy /app/app.war ${APP_EXTRA_ARGS:-}