From 86be898629902a9eea79ffa336f950fbcf617be1 Mon Sep 17 00:00:00 2001
From: Valentin Zakharov <valentin.zakharov1@gmail.com>
Date: Fri, 14 Jun 2024 13:37:32 +0200
Subject: [PATCH] Check for circular references

---
 .../datadog/appsec/gateway/GatewayBridge.java  |  4 +++-
 .../datadog/appsec/util/ObjectFlattener.java   |  9 +++++++--
 .../util/ObjectFlattenerSpecification.groovy   | 18 ++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java
index 8b11ccd60e4..cfb1c0cdfa4 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java
@@ -170,7 +170,9 @@ public void init() {
                 StackTraceCollection stackTraceCollection = ctx.transferStackTracesCollection();
                 if (stackTraceCollection != null) {
                   Object flatStruct = ObjectFlattener.flatten(stackTraceCollection);
-                  traceSeg.setMetaStructTop("_dd.stack", flatStruct);
+                  if (flatStruct != null) {
+                    traceSeg.setMetaStructTop("_dd.stack", flatStruct);
+                  }
                 }
 
               } else if (hasUserTrackingEvent(traceSeg)) {
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/util/ObjectFlattener.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/util/ObjectFlattener.java
index f43ecfafae3..eba802e1976 100644
--- a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/util/ObjectFlattener.java
+++ b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/util/ObjectFlattener.java
@@ -1,6 +1,7 @@
 package com.datadog.appsec.util;
 
 import com.squareup.moshi.JsonAdapter;
+import com.squareup.moshi.JsonDataException;
 import com.squareup.moshi.Moshi;
 
 /**
@@ -18,9 +19,13 @@ public class ObjectFlattener {
    *
    * @param obj the object to flatten
    * @return the flattened object as a Map, or the original object if it's a primitive type or a
-   *     Collection or a Map. Returns null if the input object is null.
+   *     Collection or a Map. Returns null if the input object is null or if it cannot be flattened.
    */
   public static Object flatten(Object obj) {
-    return JSON_ADAPTER.toJsonValue(obj);
+    try {
+      return JSON_ADAPTER.toJsonValue(obj);
+    } catch (JsonDataException e) {
+      return null;
+    }
   }
 }
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/util/ObjectFlattenerSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/util/ObjectFlattenerSpecification.groovy
index c12bcb592d8..180c0323562 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/util/ObjectFlattenerSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/util/ObjectFlattenerSpecification.groovy
@@ -91,6 +91,19 @@ class ObjectFlattenerSpecification extends DDSpecification {
     result.map.key1 == [nestedKey: "nestedValue"]
   }
 
+  def "flatten should handle circular references"() {
+    given:
+    def circular = new Circular()
+    circular.name = "circular"
+    circular.circular = circular
+
+    when:
+    def result = ObjectFlattener.flatten(circular)
+
+    then:
+    result == null
+  }
+
   private static class TestObject {
     String name
     int value
@@ -108,4 +121,9 @@ class ObjectFlattenerSpecification extends DDSpecification {
       this.nestedValue = nestedValue
     }
   }
+
+  private static class Circular {
+    String name
+    Circular circular
+  }
 }