From 619f329c92b947cf5f2931c5ae8cfbb719511218 Mon Sep 17 00:00:00 2001
From: "alejandro.gonzalez" <alejandro.gonzalez@datadoghq.com>
Date: Thu, 16 Jan 2025 16:05:48 +0100
Subject: [PATCH 1/4] Exclude false positive weak randomness from
 com.facebook.presto.*.RetryDriver and io.trino

---
 .../instrumentation/iastinstrumenter/iast_exclusion.trie      | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
index 964fe367963..11f31ae1200 100644
--- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
+++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
@@ -116,6 +116,8 @@
 1 com.thoughtworks.*
 1 com.typesafe.*
 1 com.zaxxer.*
+# APPSEC-56331
+1 com.facebook.presto.hive.RetryDriver
 1 commonj.work.*
 1 cryptix.*
 # Avoid weak random in dev.failsafe.internal.RetryPolicyExecutor
@@ -142,6 +144,8 @@
 1 io.r2dbc.*
 1 io.reactivex.*
 1 io.smallrye.*
+# APPSEC-56331
+1 io.trino.*
 1 io.springfox.*
 1 io.swagger.*
 1 io.undertow.*

From e884a9c01eb5ae652946a8b8714cc415b0ce0f9f Mon Sep 17 00:00:00 2001
From: "alejandro.gonzalez" <alejandro.gonzalez@datadoghq.com>
Date: Thu, 16 Jan 2025 17:15:55 +0100
Subject: [PATCH 2/4] Add more exclusions

---
 .../instrumentation/iastinstrumenter/iast_exclusion.trie  | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
index 11f31ae1200..819e58521bc 100644
--- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
+++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
@@ -92,6 +92,8 @@
 1 com.liferay.*
 1 com.lowagie.*
 1 com.mchange.*
+# APPSEC-56323
+1 com.microsoft.azure.storage.RetryExponentialRetry
 1 com.mongodb.*
 1 com.mysql.*
 1 com.neo4j.*
@@ -118,6 +120,7 @@
 1 com.zaxxer.*
 # APPSEC-56331
 1 com.facebook.presto.hive.RetryDriver
+1 com.facebook.presto.verifier.retry.RetryDriver
 1 commonj.work.*
 1 cryptix.*
 # Avoid weak random in dev.failsafe.internal.RetryPolicyExecutor
@@ -131,6 +134,8 @@
 1 io.dropwizard.*
 2 io.ebean.*
 2 io.ebeaninternal.*
+# APPSEC-56322
+1 io.fabric8.kubernetes.client.informers.impl.cache.Reflector
 1 io.github.lukehutch.fastclasspathscanner.*
 1 io.grpc.*
 1 io.leangen.geantyref.*
@@ -145,7 +150,8 @@
 1 io.reactivex.*
 1 io.smallrye.*
 # APPSEC-56331
-1 io.trino.*
+1 io.trino.plugin.hive.metastore.thrift.RetryDriver
+1 io.trino.hdfs.s3.RetryDriver
 1 io.springfox.*
 1 io.swagger.*
 1 io.undertow.*

From 31612e88ea4aac8f47627f4930fc7ccf4fd0ba8b Mon Sep 17 00:00:00 2001
From: "alejandro.gonzalez" <alejandro.gonzalez@datadoghq.com>
Date: Fri, 17 Jan 2025 16:07:46 +0100
Subject: [PATCH 3/4] change order

---
 .../trace/instrumentation/iastinstrumenter/iast_exclusion.trie  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
index 819e58521bc..45440c4374f 100644
--- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
+++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
@@ -150,8 +150,8 @@
 1 io.reactivex.*
 1 io.smallrye.*
 # APPSEC-56331
-1 io.trino.plugin.hive.metastore.thrift.RetryDriver
 1 io.trino.hdfs.s3.RetryDriver
+1 io.trino.plugin.hive.metastore.thrift.RetryDriver
 1 io.springfox.*
 1 io.swagger.*
 1 io.undertow.*

From cd2d6b5a6be19e35f152ca15a94b5ee62a843e33 Mon Sep 17 00:00:00 2001
From: "alejandro.gonzalez" <alejandro.gonzalez@datadoghq.com>
Date: Mon, 20 Jan 2025 08:59:56 +0100
Subject: [PATCH 4/4] change order

---
 .../instrumentation/iastinstrumenter/iast_exclusion.trie      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
index 45440c4374f..e3ef2739905 100644
--- a/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
+++ b/dd-java-agent/instrumentation/iast-instrumenter/src/main/resources/datadog/trace/instrumentation/iastinstrumenter/iast_exclusion.trie
@@ -149,11 +149,11 @@
 1 io.r2dbc.*
 1 io.reactivex.*
 1 io.smallrye.*
+1 io.springfox.*
+1 io.swagger.*
 # APPSEC-56331
 1 io.trino.hdfs.s3.RetryDriver
 1 io.trino.plugin.hive.metastore.thrift.RetryDriver
-1 io.springfox.*
-1 io.swagger.*
 1 io.undertow.*
 1 io.vertx.*
 # https://github.com/tsegismont/vertx-musicstore