WIP

DataDog · Feb 25, 2025 · 8a40c8b · 8a40c8b
1 parent d91bcda
commit 8a40c8b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/tests/test_library_logs.py b/tests/test_library_logs.py
@@ -65,6 +65,9 @@ def test_java_telemetry_logs(self):
             # APPSEC-56726
             re.escape("Attempt to replace context value for {}"),
         ]
+        if context.weblog_variant == "spring-boot-openliberty":
+            # XXX: Ticket pending
+            allowed_patterns.append(re.escape("JMXFetch internal TaskProcessor error invoking concurrent tasks: "))
         if context.weblog_variant == "spring-boot-wildfly":
             # APPSEC-56111
             allowed_patterns.append(re.escape("Failed to determine dependency for uri {}"))

diff --git a/...cker/java/spring-boot/src/main/java/com/datadoghq/system_tests/springboot/AppSecIast.java b/...cker/java/spring-boot/src/main/java/com/datadoghq/system_tests/springboot/AppSecIast.java
@@ -4,6 +4,7 @@
 import io.opentracing.Span;
 import io.opentracing.util.GlobalTracer;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -149,7 +150,7 @@ public String insecureForward(final ServletRequest request, final HttpServletRes
         return "redirect";
     }
 
-    @PostMapping("/sqli/test_insecure")
+    @PostMapping(value = "/sqli/test_insecure", produces = MediaType.APPLICATION_JSON_VALUE)
     Object insecureSql(final ServletRequest request) {
         final Span span = GlobalTracer.get().activeSpan();
         if (span != null) {
@@ -160,7 +161,7 @@ Object insecureSql(final ServletRequest request) {
         return sqlExamples.insecureSql(username, password);
     }
 
-    @PostMapping("/sqli/test_secure")
+    @PostMapping(value = "/sqli/test_secure", produces = MediaType.APPLICATION_JSON_VALUE)
     Object secureSql(final ServletRequest request) {
         final Span span = GlobalTracer.get().activeSpan();
         if (span != null) {
@@ -391,13 +392,13 @@ void scSanitizeConfigured(final ServletRequest request,  final ServletResponse r
         cmdExamples.insecureCmd(sanitized);
     }
 
-    @PostMapping("/sc/s/not-configured")
+    @PostMapping(value = "/sc/s/not-configured", produces = MediaType.APPLICATION_JSON_VALUE)
     Object scSanitizeSqli(final ServletRequest request,  final ServletResponse response) throws IOException {
         String sanitized = SecurityControlUtil.sanitize(request.getParameter("param"));
         return sqlExamples.insecureSql(sanitized, "password");
     }
 
-    @PostMapping("/sc/s/all")
+    @PostMapping(value = "/sc/s/all", produces = MediaType.APPLICATION_JSON_VALUE)
     Object scSanitizeForAllVulns(final ServletRequest request,  final ServletResponse response) throws IOException {
         String sanitized = SecurityControlUtil.sanitizeForAllVulns(request.getParameter("param"));
         return sqlExamples.insecureSql(sanitized, "password");