-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add hardcoded secrets detection #6461
Merged
jandro996
merged 23 commits into
master
from
alejandro.gonzalez/Hardcoded_Secrets_detection
Jan 25, 2024
Merged
Add hardcoded secrets detection #6461
jandro996
merged 23 commits into
master
from
alejandro.gonzalez/Hardcoded_Secrets_detection
Jan 25, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 44 metrics, 10 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.29.0-SNAPSHOT~87186eb56e, baseline=1.29.0-SNAPSHOT~20acb116be
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.069 s) : 0, 1068563
Total [baseline] (9.353 s) : 0, 9352704
Agent [candidate] (1.069 s) : 0, 1068967
Total [candidate] (9.391 s) : 0, 9391244
section appsec
Agent [baseline] (1.161 s) : 0, 1161015
Total [baseline] (9.515 s) : 0, 9515423
Agent [candidate] (1.156 s) : 0, 1155619
Total [candidate] (9.407 s) : 0, 9406956
section iast
Agent [baseline] (1.185 s) : 0, 1184800
Total [baseline] (9.642 s) : 0, 9641851
Agent [candidate] (1.181 s) : 0, 1180689
Total [candidate] (9.601 s) : 0, 9601208
section profiling
Agent [baseline] (1.283 s) : 0, 1283425
Total [baseline] (9.557 s) : 0, 9557299
Agent [candidate] (1.285 s) : 0, 1284556
Total [candidate] (9.694 s) : 0, 9693979
gantt
title petclinic - break down per module: candidate=1.29.0-SNAPSHOT~87186eb56e, baseline=1.29.0-SNAPSHOT~20acb116be
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (675.111 ms) : 0, 675111
BytebuddyAgent [candidate] (675.384 ms) : 0, 675384
GlobalTracer [baseline] (298.074 ms) : 0, 298074
GlobalTracer [candidate] (298.65 ms) : 0, 298650
AppSec [baseline] (52.325 ms) : 0, 52325
AppSec [candidate] (51.892 ms) : 0, 51892
Remote Config [baseline] (700.606 µs) : 0, 701
Remote Config [candidate] (694.426 µs) : 0, 694
Telemetry [baseline] (7.586 ms) : 0, 7586
Telemetry [candidate] (7.601 ms) : 0, 7601
section appsec
BytebuddyAgent [baseline] (671.18 ms) : 0, 671180
BytebuddyAgent [candidate] (666.988 ms) : 0, 666988
GlobalTracer [baseline] (297.419 ms) : 0, 297419
GlobalTracer [candidate] (296.714 ms) : 0, 296714
AppSec [baseline] (150.502 ms) : 0, 150502
AppSec [candidate] (150.108 ms) : 0, 150108
Remote Config [baseline] (706.176 µs) : 0, 706
Remote Config [candidate] (694.975 µs) : 0, 695
Telemetry [baseline] (6.828 ms) : 0, 6828
Telemetry [candidate] (6.773 ms) : 0, 6773
section iast
BytebuddyAgent [baseline] (779.822 ms) : 0, 779822
BytebuddyAgent [candidate] (776.672 ms) : 0, 776672
GlobalTracer [baseline] (287.672 ms) : 0, 287672
GlobalTracer [candidate] (287.238 ms) : 0, 287238
AppSec [baseline] (54.691 ms) : 0, 54691
AppSec [candidate] (53.993 ms) : 0, 53993
Remote Config [baseline] (612.556 µs) : 0, 613
Remote Config [candidate] (610.078 µs) : 0, 610
Telemetry [baseline] (7.504 ms) : 0, 7504
Telemetry [candidate] (6.688 ms) : 0, 6688
IAST [baseline] (19.974 ms) : 0, 19974
IAST [candidate] (21.11 ms) : 0, 21110
section profiling
ProfilingAgent [baseline] (123.4 ms) : 0, 123400
ProfilingAgent [candidate] (125.666 ms) : 0, 125666
BytebuddyAgent [baseline] (668.449 ms) : 0, 668449
BytebuddyAgent [candidate] (665.163 ms) : 0, 665163
GlobalTracer [baseline] (376.343 ms) : 0, 376343
GlobalTracer [candidate] (378.485 ms) : 0, 378485
AppSec [baseline] (52.246 ms) : 0, 52246
AppSec [candidate] (52.709 ms) : 0, 52709
Remote Config [baseline] (656.983 µs) : 0, 657
Remote Config [candidate] (675.609 µs) : 0, 676
Telemetry [baseline] (7.525 ms) : 0, 7525
Telemetry [candidate] (7.618 ms) : 0, 7618
Profiling [baseline] (123.424 ms) : 0, 123424
Profiling [candidate] (125.691 ms) : 0, 125691
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 16 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.29.0-SNAPSHOT~87186eb56e, baseline=1.29.0-SNAPSHOT~20acb116be
dateFormat X
axisFormat %s
section baseline
no_agent (1.348 ms) : 1328, 1367
. : milestone, 1348,
appsec (1.772 ms) : 1747, 1798
. : milestone, 1772,
iast (1.536 ms) : 1510, 1561
. : milestone, 1536,
profiling (1.53 ms) : 1506, 1555
. : milestone, 1530,
tracing (1.507 ms) : 1482, 1532
. : milestone, 1507,
section candidate
no_agent (1.351 ms) : 1332, 1370
. : milestone, 1351,
appsec (1.764 ms) : 1737, 1790
. : milestone, 1764,
iast (1.539 ms) : 1514, 1563
. : milestone, 1539,
profiling (1.528 ms) : 1503, 1553
. : milestone, 1528,
tracing (1.485 ms) : 1460, 1510
. : milestone, 1485,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.29.0-SNAPSHOT~87186eb56e, baseline=1.29.0-SNAPSHOT~20acb116be
dateFormat X
axisFormat %s
section baseline
no_agent (368.155 µs) : 348, 388
. : milestone, 368,
iast (478.051 µs) : 457, 499
. : milestone, 478,
iast_FULL (542.143 µs) : 521, 563
. : milestone, 542,
iast_GLOBAL (505.626 µs) : 485, 527
. : milestone, 506,
iast_HARDCODED_SECRET_DISABLED (476.666 µs) : 456, 497
. : milestone, 477,
iast_INACTIVE (444.833 µs) : 424, 466
. : milestone, 445,
iast_TELEMETRY_OFF (470.288 µs) : 450, 491
. : milestone, 470,
tracing (442.949 µs) : 422, 464
. : milestone, 443,
section candidate
no_agent (365.5 µs) : 346, 385
. : milestone, 366,
iast (472.83 µs) : 452, 493
. : milestone, 473,
iast_FULL (546.723 µs) : 526, 567
. : milestone, 547,
iast_GLOBAL (502.52 µs) : 481, 524
. : milestone, 503,
iast_HARDCODED_SECRET_DISABLED (478.006 µs) : 457, 499
. : milestone, 478,
iast_INACTIVE (466.311 µs) : 445, 488
. : milestone, 466,
iast_TELEMETRY_OFF (473.906 µs) : 453, 495
. : milestone, 474,
tracing (439.523 µs) : 419, 460
. : milestone, 440,
|
jandro996
force-pushed
the
alejandro.gonzalez/Hardcoded_Secrets_detection
branch
from
January 12, 2024 10:24
3d05c93
to
051e511
Compare
jandro996
requested review from
smola,
manuel-alvarez-alvarez,
mcculls and
nayeem-kamal
January 15, 2024 13:26
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HardcodedSecretModuleImpl.java
Outdated
Show resolved
Hide resolved
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/IastClassVisitor.java
Outdated
Show resolved
Hide resolved
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HardcodedSecretModuleImpl.java
Outdated
Show resolved
Hide resolved
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/IastClassVisitor.java
Outdated
Show resolved
Hide resolved
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/util/IastClassVisitor.java
Outdated
Show resolved
Hide resolved
...menter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/IastInstrumentation.java
Outdated
Show resolved
Hide resolved
...rc/main/java/datadog/trace/instrumentation/iastinstrumenter/IastHardcodedSecretListener.java
Outdated
Show resolved
Hide resolved
internal-api/src/main/java/datadog/trace/api/iast/secrets/HardcodedSecretMatcher.java
Show resolved
Hide resolved
...gent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/IastSecretClassReader.java
Show resolved
Hide resolved
manuel-alvarez-alvarez
approved these changes
Jan 23, 2024
...rc/main/java/datadog/trace/instrumentation/iastinstrumenter/IastHardcodedSecretListener.java
Outdated
Show resolved
Hide resolved
smola
approved these changes
Jan 24, 2024
internal-api/src/main/java/datadog/trace/api/iast/secrets/HardcodedSecretMatcher.java
Show resolved
Hide resolved
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/sink/HardcodedSecretModuleImpl.java
Show resolved
Hide resolved
… hardcoded secrets disabled
jandro996
force-pushed
the
alejandro.gonzalez/Hardcoded_Secrets_detection
branch
from
January 25, 2024 07:57
bc74e65
to
87186eb
Compare
PerfectSlayer
changed the title
Hardcoded secrets detection
Add hardcoded secrets detection
Feb 5, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Motivation
Detect hardcoded secrets in custom code
Additional Notes
Jira ticket: APPSEC-11890