-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attach values to sources coming from non char sequences #6675
Merged
manuel-alvarez-alvarez
merged 1 commit into
master
from
malvarez/iast-taint-propagation-object
Feb 19, 2024
Merged
Attach values to sources coming from non char sequences #6675
manuel-alvarez-alvarez
merged 1 commit into
master
from
malvarez/iast-taint-propagation-object
Feb 19, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 47 metrics, 7 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.31.0-SNAPSHOT~2222bf1dfa, baseline=1.31.0-SNAPSHOT~1c33411256
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.087 s) : 0, 1086833
Total [baseline] (9.267 s) : 0, 9266937
Agent [candidate] (1.082 s) : 0, 1081728
Total [candidate] (9.209 s) : 0, 9209029
section appsec
Agent [baseline] (1.175 s) : 0, 1175336
Total [baseline] (9.307 s) : 0, 9307136
Agent [candidate] (1.181 s) : 0, 1181081
Total [candidate] (9.328 s) : 0, 9328447
section iast
Agent [baseline] (1.211 s) : 0, 1211078
Total [baseline] (9.409 s) : 0, 9409011
Agent [candidate] (1.215 s) : 0, 1215311
Total [candidate] (9.414 s) : 0, 9413657
section profiling
Agent [baseline] (1.306 s) : 0, 1305645
Total [baseline] (9.484 s) : 0, 9484090
Agent [candidate] (1.308 s) : 0, 1308296
Total [candidate] (9.391 s) : 0, 9390994
gantt
title petclinic - break down per module: candidate=1.31.0-SNAPSHOT~2222bf1dfa, baseline=1.31.0-SNAPSHOT~1c33411256
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (692.009 ms) : 0, 692009
BytebuddyAgent [candidate] (688.116 ms) : 0, 688116
GlobalTracer [baseline] (299.89 ms) : 0, 299890
GlobalTracer [candidate] (299.196 ms) : 0, 299196
AppSec [baseline] (51.852 ms) : 0, 51852
AppSec [candidate] (51.479 ms) : 0, 51479
Remote Config [baseline] (709.46 µs) : 0, 709
Remote Config [candidate] (704.06 µs) : 0, 704
Telemetry [baseline] (7.838 ms) : 0, 7838
Telemetry [candidate] (7.809 ms) : 0, 7809
section appsec
BytebuddyAgent [baseline] (685.164 ms) : 0, 685164
BytebuddyAgent [candidate] (688.57 ms) : 0, 688570
GlobalTracer [baseline] (296.898 ms) : 0, 296898
GlobalTracer [candidate] (298.85 ms) : 0, 298850
AppSec [baseline] (151.538 ms) : 0, 151538
AppSec [candidate] (151.731 ms) : 0, 151731
Remote Config [baseline] (632.19 µs) : 0, 632
Remote Config [candidate] (638.917 µs) : 0, 639
Telemetry [baseline] (6.899 ms) : 0, 6899
Telemetry [candidate] (6.932 ms) : 0, 6932
section iast
BytebuddyAgent [baseline] (802.098 ms) : 0, 802098
BytebuddyAgent [candidate] (805.1 ms) : 0, 805100
GlobalTracer [baseline] (290.108 ms) : 0, 290108
GlobalTracer [candidate] (291.254 ms) : 0, 291254
AppSec [baseline] (55.553 ms) : 0, 55553
AppSec [candidate] (57.789 ms) : 0, 57789
Remote Config [baseline] (622.212 µs) : 0, 622
Remote Config [candidate] (617.6 µs) : 0, 618
Telemetry [baseline] (6.585 ms) : 0, 6585
Telemetry [candidate] (6.614 ms) : 0, 6614
IAST [baseline] (21.479 ms) : 0, 21479
IAST [candidate] (19.349 ms) : 0, 19349
section profiling
BytebuddyAgent [baseline] (686.462 ms) : 0, 686462
BytebuddyAgent [candidate] (688.491 ms) : 0, 688491
GlobalTracer [baseline] (383.678 ms) : 0, 383678
GlobalTracer [candidate] (385.668 ms) : 0, 385668
AppSec [baseline] (53.48 ms) : 0, 53480
AppSec [candidate] (53.188 ms) : 0, 53188
Remote Config [baseline] (813.34 µs) : 0, 813
Remote Config [candidate] (744.253 µs) : 0, 744
Telemetry [baseline] (7.741 ms) : 0, 7741
Telemetry [candidate] (9.134 ms) : 0, 9134
ProfilingAgent [baseline] (116.786 ms) : 0, 116786
ProfilingAgent [candidate] (114.442 ms) : 0, 114442
Profiling [baseline] (116.81 ms) : 0, 116810
Profiling [candidate] (114.467 ms) : 0, 114467
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 14 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.31.0-SNAPSHOT~2222bf1dfa, baseline=1.31.0-SNAPSHOT~1c33411256
dateFormat X
axisFormat %s
section baseline
no_agent (1.368 ms) : 1349, 1387
. : milestone, 1368,
appsec (1.795 ms) : 1772, 1819
. : milestone, 1795,
iast (1.555 ms) : 1531, 1578
. : milestone, 1555,
profiling (1.531 ms) : 1507, 1555
. : milestone, 1531,
tracing (1.495 ms) : 1472, 1518
. : milestone, 1495,
section candidate
no_agent (1.35 ms) : 1332, 1369
. : milestone, 1350,
appsec (1.804 ms) : 1781, 1828
. : milestone, 1804,
iast (1.539 ms) : 1515, 1562
. : milestone, 1539,
profiling (1.539 ms) : 1516, 1563
. : milestone, 1539,
tracing (1.527 ms) : 1503, 1552
. : milestone, 1527,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.31.0-SNAPSHOT~2222bf1dfa, baseline=1.31.0-SNAPSHOT~1c33411256
dateFormat X
axisFormat %s
section baseline
no_agent (376.214 µs) : 355, 398
. : milestone, 376,
iast (480.938 µs) : 461, 501
. : milestone, 481,
iast_FULL (540.9 µs) : 521, 561
. : milestone, 541,
iast_GLOBAL (514.812 µs) : 493, 537
. : milestone, 515,
iast_HARDCODED_SECRET_DISABLED (482.996 µs) : 463, 503
. : milestone, 483,
iast_INACTIVE (454.337 µs) : 433, 476
. : milestone, 454,
iast_TELEMETRY_OFF (480.509 µs) : 460, 501
. : milestone, 481,
tracing (453.895 µs) : 433, 475
. : milestone, 454,
section candidate
no_agent (370.347 µs) : 350, 391
. : milestone, 370,
iast (478.793 µs) : 458, 499
. : milestone, 479,
iast_FULL (545.023 µs) : 525, 566
. : milestone, 545,
iast_GLOBAL (508.928 µs) : 487, 530
. : milestone, 509,
iast_HARDCODED_SECRET_DISABLED (483.419 µs) : 462, 504
. : milestone, 483,
iast_INACTIVE (452.961 µs) : 432, 473
. : milestone, 453,
iast_TELEMETRY_OFF (482.748 µs) : 461, 504
. : milestone, 483,
tracing (446.794 µs) : 426, 467
. : milestone, 447,
|
manuel-alvarez-alvarez
added
the
comp: asm iast
Application Security Management (IAST)
label
Feb 12, 2024
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-taint-propagation-object
branch
from
February 14, 2024 08:49
fd02c60
to
11d6e36
Compare
jandro996
approved these changes
Feb 15, 2024
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-taint-propagation-object
branch
from
February 16, 2024 08:44
11d6e36
to
5acecd5
Compare
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-taint-propagation-object
branch
from
February 19, 2024 08:16
5acecd5
to
2222bf1
Compare
manuel-alvarez-alvarez
deleted the
malvarez/iast-taint-propagation-object
branch
February 19, 2024 13:07
jandro996
pushed a commit
that referenced
this pull request
Feb 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
The first time a tainted object is propagated where the original value comes from an object (e.g. the input stream of the body of a request), a new source is generated using the new char sequence as value.
Motivation
When tainting a non char sequence object (e.g. the InputStream of the body of a request), we set
null
as the value in the source, thisnull
gets propagated with every taint operation resulting in an evidence with anull
source value. This PR prevents thenull
from being propagated.Additional Notes
Jira ticket: [PROJ-IDENT]