Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update WAF bindings to 9.0.2 (fixes segmentation fault) (v1.30.x backport of #6705) #6710

Merged
merged 1 commit into from
Feb 21, 2024
Merged

Update WAF bindings to 9.0.2 (fixes segmentation fault) (v1.30.x backport of #6705) #6710

merged 1 commit into from
Feb 21, 2024

Conversation

smola
Copy link
Member

@smola smola commented Feb 21, 2024
edited by jira bot
Loading

What Does This Do

Backport of #6705

Motivation

Fix libddwaf segmentation fault in dd-trace-java v1.30.x when DD_APPSEC_ENABLED=true.

Additional Notes

Jira ticket: APPSEC-51827

@smola smola added type: bug comp: asm waf Application Security Management (WAF) labels Feb 21, 2024
@smola smola requested a review from a team as a code owner February 21, 2024 13:40
@smola smola changed the title Update WAF bindings to 9.0.2 (#6705) (v1.30.x backport) Update WAF bindings to 9.0.2 (fixes segmentation fault) (v1.30.x backport of #6705) Feb 21, 2024
@smola smola changed the base branch from master to release/v1.30.x February 21, 2024 13:41
@smola smola enabled auto-merge (squash) February 21, 2024 15:46
@smola smola force-pushed the smola/pr-6705-backport-v1.30.x branch from f2c072d to fb879df Compare February 21, 2024 16:43
@pr-commenter
Copy link

pr-commenter bot commented Feb 21, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master smola/pr-6705-backport-v1.30.x
git_commit_date 1708533893 1708533785
git_commit_sha 82bc109 fb879df
release_version 1.31.0-SNAPSHOT~82bc109a42 1.31.0-SNAPSHOT~fb879df433
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1708536766 1708536766
ci_job_id 439663315 439663315
ci_pipeline_id 28653212 28653212
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 1 performance improvements and 1 performance regressions! Performance is the same for 41 metrics, 11 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:insecure-bank:iast:Agent worse
[+210.881ms; +407.665ms] or [+2.323%; +4.491%]		 9.387s 9.077s
scenario:startup:insecure-bank:tracing:BytebuddyAgent better
[-33.884ms; -13.839ms] or [-4.903%; -2.002%]		 667.285ms 691.146ms
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.31.0-SNAPSHOT~fb879df433, baseline=1.31.0-SNAPSHOT~82bc109a42

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.083 s) : 0, 1083276
Total [baseline] (9.216 s) : 0, 9216458
Agent [candidate] (1.075 s) : 0, 1075342
Total [candidate] (9.461 s) : 0, 9461010
section appsec
Agent [baseline] (1.185 s) : 0, 1185131
Total [baseline] (9.359 s) : 0, 9359429
Agent [candidate] (1.175 s) : 0, 1174623
Total [candidate] (9.489 s) : 0, 9488997
section iast
Agent [baseline] (1.211 s) : 0, 1210625
Total [baseline] (9.41 s) : 0, 9409644
Agent [candidate] (1.186 s) : 0, 1186162
Total [candidate] (9.689 s) : 0, 9689094
section profiling
Agent [baseline] (1.29 s) : 0, 1289508
Total [baseline] (9.389 s) : 0, 9389208
Agent [candidate] (1.28 s) : 0, 1279741
Total [candidate] (9.592 s) : 0, 9591977
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.083 s -
Agent appsec 1.185 s 101.855 ms (9.4%)
Agent iast 1.211 s 127.349 ms (11.8%)
Agent profiling 1.29 s 206.232 ms (19.0%)
Total tracing 9.216 s -
Total appsec 9.359 s 142.971 ms (1.6%)
Total iast 9.41 s 193.186 ms (2.1%)
Total profiling 9.389 s 172.751 ms (1.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent appsec 1.175 s 99.281 ms (9.2%)
Agent iast 1.186 s 110.821 ms (10.3%)
Agent profiling 1.28 s 204.4 ms (19.0%)
Total tracing 9.461 s -
Total appsec 9.489 s 27.986 ms (0.3%)
Total iast 9.689 s 228.083 ms (2.4%)
Total profiling 9.592 s 130.966 ms (1.4%) 
gantt
    title petclinic - break down per module: candidate=1.31.0-SNAPSHOT~fb879df433, baseline=1.31.0-SNAPSHOT~82bc109a42

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (690.038 ms) : 0, 690038
BytebuddyAgent [candidate] (676.925 ms) : 0, 676925
GlobalTracer [baseline] (298.468 ms) : 0, 298468
GlobalTracer [candidate] (302.654 ms) : 0, 302654
AppSec [baseline] (51.757 ms) : 0, 51757
AppSec [candidate] (52.584 ms) : 0, 52584
Remote Config [baseline] (723.064 µs) : 0, 723
Remote Config [candidate] (709.551 µs) : 0, 710
Telemetry [baseline] (7.824 ms) : 0, 7824
Telemetry [candidate] (7.711 ms) : 0, 7711
section appsec
BytebuddyAgent [baseline] (691.612 ms) : 0, 691612
BytebuddyAgent [candidate] (677.752 ms) : 0, 677752
GlobalTracer [baseline] (299.719 ms) : 0, 299719
GlobalTracer [candidate] (302.511 ms) : 0, 302511
AppSec [baseline] (151.599 ms) : 0, 151599
AppSec [candidate] (152.007 ms) : 0, 152007
Remote Config [baseline] (642.4 µs) : 0, 642
Remote Config [candidate] (642.752 µs) : 0, 643
Telemetry [baseline] (6.954 ms) : 0, 6954
Telemetry [candidate] (6.921 ms) : 0, 6921
section iast
BytebuddyAgent [baseline] (802.224 ms) : 0, 802224
BytebuddyAgent [candidate] (779.423 ms) : 0, 779423
GlobalTracer [baseline] (290.229 ms) : 0, 290229
GlobalTracer [candidate] (290.53 ms) : 0, 290530
AppSec [baseline] (54.923 ms) : 0, 54923
AppSec [candidate] (54.651 ms) : 0, 54651
Remote Config [baseline] (623.741 µs) : 0, 624
Remote Config [candidate] (604.508 µs) : 0, 605
Telemetry [baseline] (6.582 ms) : 0, 6582
Telemetry [candidate] (6.594 ms) : 0, 6594
IAST [baseline] (21.413 ms) : 0, 21413
IAST [candidate] (19.965 ms) : 0, 19965
section profiling
ProfilingAgent [baseline] (111.72 ms) : 0, 111720
ProfilingAgent [candidate] (110.491 ms) : 0, 110491
BytebuddyAgent [baseline] (678.536 ms) : 0, 678536
BytebuddyAgent [candidate] (666.817 ms) : 0, 666817
GlobalTracer [baseline] (379.37 ms) : 0, 379370
GlobalTracer [candidate] (383.139 ms) : 0, 383139
AppSec [baseline] (53.035 ms) : 0, 53035
AppSec [candidate] (51.931 ms) : 0, 51931
Remote Config [baseline] (826.693 µs) : 0, 827
Remote Config [candidate] (657.466 µs) : 0, 657
Telemetry [baseline] (10.182 ms) : 0, 10182
Telemetry [candidate] (12.045 ms) : 0, 12045
Profiling [baseline] (111.744 ms) : 0, 111744
Profiling [candidate] (110.515 ms) : 0, 110515
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-02-21T17:08:48 2024-02-21T17:27:44
git_branch master smola/pr-6705-backport-v1.30.x
git_commit_date 1708533893 1708533785
git_commit_sha 82bc109 fb879df
release_version 1.31.0-SNAPSHOT~82bc109a42 1.31.0-SNAPSHOT~fb879df433
start_time 2024-02-21T17:08:34 2024-02-21T17:27:31
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1708536766 1708536766
ci_job_id 439663315 439663315
ci_pipeline_id 28653212 28653212
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 14 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.31.0-SNAPSHOT~fb879df433, baseline=1.31.0-SNAPSHOT~82bc109a42
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.372 ms) : 1353, 1391
.   : milestone, 1372,
appsec (1.77 ms) : 1746, 1794
.   : milestone, 1770,
iast (1.548 ms) : 1524, 1571
.   : milestone, 1548,
profiling (1.528 ms) : 1502, 1553
.   : milestone, 1528,
tracing (1.534 ms) : 1511, 1557
.   : milestone, 1534,
section candidate
no_agent (1.352 ms) : 1333, 1370
.   : milestone, 1352,
appsec (1.769 ms) : 1743, 1794
.   : milestone, 1769,
iast (1.529 ms) : 1505, 1554
.   : milestone, 1529,
profiling (1.526 ms) : 1500, 1552
.   : milestone, 1526,
tracing (1.514 ms) : 1489, 1539
.   : milestone, 1514,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.372 ms [1.353 ms, 1.391 ms] -
appsec 1.77 ms [1.746 ms, 1.794 ms] 398.228 µs (29.0%)
iast 1.548 ms [1.524 ms, 1.571 ms] 175.933 µs (12.8%)
profiling 1.528 ms [1.502 ms, 1.553 ms] 155.98 µs (11.4%)
tracing 1.534 ms [1.511 ms, 1.557 ms] 162.518 µs (11.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.352 ms [1.333 ms, 1.37 ms] -
appsec 1.769 ms [1.743 ms, 1.794 ms] 417.018 µs (30.9%)
iast 1.529 ms [1.505 ms, 1.554 ms] 177.438 µs (13.1%)
profiling 1.526 ms [1.5 ms, 1.552 ms] 174.2 µs (12.9%)
tracing 1.514 ms [1.489 ms, 1.539 ms] 162.391 µs (12.0%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.31.0-SNAPSHOT~fb879df433, baseline=1.31.0-SNAPSHOT~82bc109a42
    dateFormat X
    axisFormat %s
section baseline
no_agent (368.074 µs) : 348, 388
.   : milestone, 368,
iast (483.106 µs) : 463, 504
.   : milestone, 483,
iast_FULL (549.023 µs) : 528, 570
.   : milestone, 549,
iast_GLOBAL (506.167 µs) : 486, 527
.   : milestone, 506,
iast_HARDCODED_SECRET_DISABLED (486.824 µs) : 466, 508
.   : milestone, 487,
iast_INACTIVE (452.805 µs) : 432, 474
.   : milestone, 453,
iast_TELEMETRY_OFF (480.332 µs) : 460, 501
.   : milestone, 480,
tracing (450.23 µs) : 430, 471
.   : milestone, 450,
section candidate
no_agent (376.698 µs) : 355, 398
.   : milestone, 377,
iast (472.835 µs) : 452, 493
.   : milestone, 473,
iast_FULL (539.833 µs) : 519, 560
.   : milestone, 540,
iast_GLOBAL (490.233 µs) : 470, 511
.   : milestone, 490,
iast_HARDCODED_SECRET_DISABLED (481.437 µs) : 461, 502
.   : milestone, 481,
iast_INACTIVE (451.907 µs) : 431, 473
.   : milestone, 452,
iast_TELEMETRY_OFF (477.181 µs) : 456, 498
.   : milestone, 477,
tracing (445.348 µs) : 425, 466
.   : milestone, 445,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 368.074 µs [347.905 µs, 388.243 µs] -
iast 483.106 µs [462.624 µs, 503.587 µs] 115.032 µs (31.3%)
iast_FULL 549.023 µs [528.279 µs, 569.768 µs] 180.949 µs (49.2%)
iast_GLOBAL 506.167 µs [485.808 µs, 526.525 µs] 138.093 µs (37.5%)
iast_HARDCODED_SECRET_DISABLED 486.824 µs [466.105 µs, 507.542 µs] 118.75 µs (32.3%)
iast_INACTIVE 452.805 µs [431.834 µs, 473.777 µs] 84.731 µs (23.0%)
iast_TELEMETRY_OFF 480.332 µs [459.722 µs, 500.941 µs] 112.258 µs (30.5%)
tracing 450.23 µs [429.541 µs, 470.918 µs] 82.156 µs (22.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 376.698 µs [355.348 µs, 398.047 µs] -
iast 472.835 µs [452.206 µs, 493.463 µs] 96.137 µs (25.5%)
iast_FULL 539.833 µs [519.169 µs, 560.497 µs] 163.136 µs (43.3%)
iast_GLOBAL 490.233 µs [469.814 µs, 510.652 µs] 113.535 µs (30.1%)
iast_HARDCODED_SECRET_DISABLED 481.437 µs [460.57 µs, 502.304 µs] 104.739 µs (27.8%)
iast_INACTIVE 451.907 µs [431.134 µs, 472.68 µs] 75.21 µs (20.0%)
iast_TELEMETRY_OFF 477.181 µs [456.244 µs, 498.118 µs] 100.483 µs (26.7%)
tracing 445.348 µs [424.692 µs, 466.004 µs] 68.65 µs (18.2%)

@smola smola merged commit bf3858b into release/v1.30.x Feb 21, 2024
71 checks passed
@smola smola deleted the smola/pr-6705-backport-v1.30.x branch February 21, 2024 17:48
@smola smola added this to the 1.30.1 milestone Feb 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ValentinZakharov ValentinZakharov ValentinZakharov approved these changes

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm waf Application Security Management (WAF) type: bug
Projects
None yet
Milestone
1.30.1
Development

Successfully merging this pull request may close these issues.
2 participants
@smola @ValentinZakharov