fix(appsec): inspect file content even when filename is empty

jandro996 · jandro996 · commit 63cdda064c06 · 2026-04-22T15:12:43.000+02:00
diff --git a/dd-java-agent/instrumentation/commons-fileupload-1.5/src/main/java/datadog/trace/instrumentation/commons/fileupload/CommonsFileUploadAppSecInstrumentation.java b/dd-java-agent/instrumentation/commons-fileupload-1.5/src/main/java/datadog/trace/instrumentation/commons/fileupload/CommonsFileUploadAppSecInstrumentation.java
@@ -83,12 +83,12 @@ static void after(
           filenames.add(name);
         }
       }
-      if (filenames.isEmpty()) {
+      if (filenames.isEmpty() && contentCallback == null) {
         return;
       }
 
       // Fire filenames event
-      if (filenamesCallback != null) {
+      if (filenamesCallback != null && !filenames.isEmpty()) {
         Flow<Void> flow = filenamesCallback.apply(reqCtx, filenames);
         Flow.Action action = flow.getAction();
         if (action instanceof Flow.Action.RequestBlockingAction) {
diff --git a/dd-java-agent/instrumentation/commons-fileupload-1.5/src/main/java/datadog/trace/instrumentation/commons/fileupload/FileItemContentReader.java b/dd-java-agent/instrumentation/commons-fileupload-1.5/src/main/java/datadog/trace/instrumentation/commons/fileupload/FileItemContentReader.java
@@ -21,10 +21,6 @@ public static List<String> readContents(List<FileItem> fileItems) {
       if (fileItem.isFormField()) {
         continue;
       }
-      String name = fileItem.getName();
-      if (name == null || name.isEmpty()) {
-        continue;
-      }
       result.add(readContent(fileItem));
     }
     return result;
diff --git a/dd-java-agent/instrumentation/commons-fileupload-1.5/src/test/groovy/FileItemContentReaderTest.groovy b/dd-java-agent/instrumentation/commons-fileupload-1.5/src/test/groovy/FileItemContentReaderTest.groovy
@@ -63,7 +63,7 @@ class FileItemContentReaderTest extends Specification {
     result == ['content']
   }
 
-  void 'readContents skips files with null or empty name'() {
+  void 'readContents includes file parts with empty or null name'() {
     given:
     def items = [
       fileItem('content-no-name', null),
@@ -75,7 +75,7 @@ class FileItemContentReaderTest extends Specification {
     def result = FileItemContentReader.readContents(items)
 
     then:
-    result == ['content-named']
+    result == ['content-no-name', 'content-empty-name', 'content-named']
   }
 
   void 'readContents stops after MAX_FILES_TO_INSPECT files'() {

Original file line number	Diff line number	Diff line change
`@@ -83,12 +83,12 @@ static void after(`
`83`	`83`	`filenames.add(name);`
`84`	`84`	`}`
`85`	`85`	`}`
`86`		`- if (filenames.isEmpty()) {`
	`86`	`+ if (filenames.isEmpty() && contentCallback == null) {`
`87`	`87`	`return;`
`88`	`88`	`}`
`89`	`89`
`90`	`90`	`// Fire filenames event`
`91`		`- if (filenamesCallback != null) {`
	`91`	`+ if (filenamesCallback != null && !filenames.isEmpty()) {`
`92`	`92`	`Flow<Void> flow = filenamesCallback.apply(reqCtx, filenames);`
`93`	`93`	`Flow.Action action = flow.getAction();`
`94`	`94`	`if (action instanceof Flow.Action.RequestBlockingAction) {`
Original file line number	Diff line number	Diff line change
`@@ -21,10 +21,6 @@ public static List<String> readContents(List<FileItem> fileItems) {`
`21`	`21`	`if (fileItem.isFormField()) {`
`22`	`22`	`continue;`
`23`	`23`	`}`
`24`		`- String name = fileItem.getName();`
`25`		`- if (name == null \|\| name.isEmpty()) {`
`26`		`- continue;`
`27`		`- }`
`28`	`24`	`result.add(readContent(fileItem));`
`29`	`25`	`}`
`30`	`26`	`return result;`
Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ class FileItemContentReaderTest extends Specification {`
`63`	`63`	`result == ['content']`
`64`	`64`	`}`
`65`	`65`
`66`		`- void 'readContents skips files with null or empty name'() {`
	`66`	`+ void 'readContents includes file parts with empty or null name'() {`
`67`	`67`	`given:`
`68`	`68`	`def items = [`
`69`	`69`	`fileItem('content-no-name', null),`
`@@ -75,7 +75,7 @@ class FileItemContentReaderTest extends Specification {`
`75`	`75`	`def result = FileItemContentReader.readContents(items)`
`76`	`76`
`77`	`77`	`then:`
`78`		`- result == ['content-named']`
	`78`	`+ result == ['content-no-name', 'content-empty-name', 'content-named']`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`void 'readContents stops after MAX_FILES_TO_INSPECT files'() {`