Fix platform-dependent String.getBytes() calls to use explicit UTF-8 charset#10671
Open
saravadeo wants to merge 3 commits intoDataDog:masterfrom
Open
Fix platform-dependent String.getBytes() calls to use explicit UTF-8 charset#10671saravadeo wants to merge 3 commits intoDataDog:masterfrom
saravadeo wants to merge 3 commits intoDataDog:masterfrom
Conversation
Author
|
Hi maintainers 👋 Could you please add the appropriate labels? I'd suggest:
Thank you! |
…charset Specify StandardCharsets.UTF_8 in String.getBytes() calls used with MessageDigest and other encoding-sensitive APIs. Without an explicit charset, getBytes() uses the platform's default charset, which can vary across systems and produce inconsistent results. Files changed: - AppSecEventTracker: user ID anonymization hash now uses UTF-8, ensuring consistent hashing across all platforms. Also resolved the TODO about MessageDigest caching with a clarifying comment referencing micro-benchmark data showing negligible overhead. - Fingerprinter: exception fingerprint hashes now use UTF-8. - JsonStreamParser: JSON byte conversion now uses UTF-8 (JSON spec). - LLMObsSpanMapper: writeUTF8() now receives actual UTF-8 bytes.
saravadeo
force-pushed
the
fix/explicit-charset-in-getbytes-calls
branch
from
8afdff4 to
0c152d3
Compare
saravadeo
requested review from
daniel-romano-DD,
evanchooly and
manuel-alvarez-alvarez
and removed request for
a team
evanchooly
approved these changes
Feb 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Specify
StandardCharsets.UTF_8inString.getBytes()calls used withMessageDigestand other encoding-sensitive APIs. Without an explicit charset,getBytes()uses the platform's default charset, which can vary across systems (e.g., UTF-8 on Linux vs Windows-1252 on older Windows) and produce inconsistent results.Changes
AppSecEventTracker.anonymize()(internal-api)userId.getBytes()→userId.getBytes(StandardCharsets.UTF_8)TODOaboutMessageDigestcaching with a clarifying comment referencing micro-benchmark data showing negligible overhead ofgetInstance()Fingerprinter(agent-debugger)getBytes()→getBytes(StandardCharsets.UTF_8)for exception fingerprint hashingJsonStreamParser(dd-trace-core)raw.getBytes()→raw.getBytes(StandardCharsets.UTF_8)— JSON is UTF-8 by specificationLLMObsSpanMapper(dd-trace-core)getKey().getBytes()→getKey().getBytes(StandardCharsets.UTF_8)— method iswriteUTF8(), so the bytes should actually be UTF-8Testing
AppSecEventTrackerSpecification,Fingerprinter,JsonStreamParser,LLMObsSpanMapper)