Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally prevent undertow from setting http.route #6841

Merged
merged 1 commit into from Mar 27, 2024
Merged

Optionally prevent undertow from setting http.route #6841

merged 1 commit into from Mar 27, 2024

Conversation

amarziali
Copy link
Collaborator

@amarziali amarziali commented Mar 25, 2024
edited by jira bot

What Does This Do

Undertow is today setting http.route from HttpServletMapping#getMappingMatch(). There few issues with that:

  • Other servlet/application server instrumentations are not doing this hence we have an incoherent behaviour
  • It's only happening on undertow < 2.2. For more recent versions of undertow based on jakarta servlet, that's not happening
  • http.route should be set by more specific frameworks (i.e. jax-rs, spring mvc) and should not contain a part of the relative uri that can lead to high cardinality resources

This PR allows preventing undertow instrumentation from setting thehttp.route tag by explicitly setting:

  • The env DD_UNDERTOW_LEGACY_TRACING_ENABLED=false
  • The sysprop -Ddd.undertow.legacy.tracing.enabled=false

This cannot be done as an easy change this it will break the resource name.

Motivation

We received customer complaints about having servlet URI in http.route

Additional Notes

Jira ticket: AIT-10012

@amarziali amarziali requested a review from a team as a code owner March 25, 2024 16:02
@amarziali amarziali force-pushed the andrea.marziali/undertow-cleanup branch from 1ca6aa2 to 597b1e6 Compare March 25, 2024 16:30
@pr-commenter
Copy link

pr-commenter bot commented Mar 25, 2024
edited

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master andrea.marziali/undertow-cleanup
git_commit_date 1711475656 1711480878
git_commit_sha 87afba4 8c2ba35
release_version 1.32.0-SNAPSHOT~87afba42c6 1.32.0-SNAPSHOT~8c2ba354b3
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1711484398 1711484398
ci_job_id 470170353 470170353
ci_pipeline_id 30867524 30867524
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.32.0-SNAPSHOT~8c2ba354b3, baseline=1.32.0-SNAPSHOT~87afba42c6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.075 s) : 0, 1074706
Total [baseline] (10.46 s) : 0, 10459981
Agent [candidate] (1.075 s) : 0, 1074988
Total [candidate] (10.39 s) : 0, 10390392
section appsec
Agent [baseline] (1.2 s) : 0, 1200172
Total [baseline] (10.507 s) : 0, 10507494
Agent [candidate] (1.198 s) : 0, 1198229
Total [candidate] (10.508 s) : 0, 10507985
section iast
Agent [baseline] (1.209 s) : 0, 1209286
Total [baseline] (10.988 s) : 0, 10987767
Agent [candidate] (1.201 s) : 0, 1201010
Total [candidate] (10.971 s) : 0, 10971357
section profiling
Agent [baseline] (1.27 s) : 0, 1270354
Total [baseline] (10.744 s) : 0, 10743671
Agent [candidate] (1.268 s) : 0, 1268205
Total [candidate] (10.61 s) : 0, 10610303
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent appsec 1.2 s 125.465 ms (11.7%)
Agent iast 1.209 s 134.579 ms (12.5%)
Agent profiling 1.27 s 195.648 ms (18.2%)
Total tracing 10.46 s -
Total appsec 10.507 s 47.513 ms (0.5%)
Total iast 10.988 s 527.786 ms (5.0%)
Total profiling 10.744 s 283.691 ms (2.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent appsec 1.198 s 123.241 ms (11.5%)
Agent iast 1.201 s 126.022 ms (11.7%)
Agent profiling 1.268 s 193.218 ms (18.0%)
Total tracing 10.39 s -
Total appsec 10.508 s 117.593 ms (1.1%)
Total iast 10.971 s 580.964 ms (5.6%)
Total profiling 10.61 s 219.91 ms (2.1%) 
gantt
    title petclinic - break down per module: candidate=1.32.0-SNAPSHOT~8c2ba354b3, baseline=1.32.0-SNAPSHOT~87afba42c6

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (685.489 ms) : 0, 685489
BytebuddyAgent [candidate] (684.67 ms) : 0, 684670
GlobalTracer [baseline] (296.954 ms) : 0, 296954
GlobalTracer [candidate] (298.189 ms) : 0, 298189
AppSec [baseline] (49.355 ms) : 0, 49355
AppSec [candidate] (49.245 ms) : 0, 49245
Remote Config [baseline] (1.048 ms) : 0, 1048
Remote Config [candidate] (1.044 ms) : 0, 1044
Telemetry [baseline] (7.515 ms) : 0, 7515
Telemetry [candidate] (7.484 ms) : 0, 7484
section appsec
BytebuddyAgent [baseline] (694.295 ms) : 0, 694295
BytebuddyAgent [candidate] (693.1 ms) : 0, 693100
GlobalTracer [baseline] (291.823 ms) : 0, 291823
GlobalTracer [candidate] (291.333 ms) : 0, 291333
AppSec [baseline] (153.473 ms) : 0, 153473
AppSec [candidate] (153.636 ms) : 0, 153636
Remote Config [baseline] (610.179 µs) : 0, 610
Remote Config [candidate] (603.225 µs) : 0, 603
Telemetry [baseline] (6.794 ms) : 0, 6794
Telemetry [candidate] (6.745 ms) : 0, 6745
IAST [baseline] (18.702 ms) : 0, 18702
IAST [candidate] (18.62 ms) : 0, 18620
section iast
BytebuddyAgent [baseline] (801.388 ms) : 0, 801388
BytebuddyAgent [candidate] (795.084 ms) : 0, 795084
GlobalTracer [baseline] (290.481 ms) : 0, 290481
GlobalTracer [candidate] (289.93 ms) : 0, 289930
AppSec [baseline] (49.278 ms) : 0, 49278
AppSec [candidate] (50.122 ms) : 0, 50122
Remote Config [baseline] (592.938 µs) : 0, 593
Remote Config [candidate] (580.242 µs) : 0, 580
Telemetry [baseline] (7.421 ms) : 0, 7421
Telemetry [candidate] (6.673 ms) : 0, 6673
IAST [baseline] (25.405 ms) : 0, 25405
IAST [candidate] (24.203 ms) : 0, 24203
section profiling
BytebuddyAgent [baseline] (678.174 ms) : 0, 678174
BytebuddyAgent [candidate] (676.904 ms) : 0, 676904
GlobalTracer [baseline] (381.941 ms) : 0, 381941
GlobalTracer [candidate] (381.029 ms) : 0, 381029
AppSec [baseline] (50.058 ms) : 0, 50058
AppSec [candidate] (49.882 ms) : 0, 49882
Remote Config [baseline] (882.354 µs) : 0, 882
Remote Config [candidate] (904.908 µs) : 0, 905
Telemetry [baseline] (7.448 ms) : 0, 7448
Telemetry [candidate] (7.448 ms) : 0, 7448
ProfilingAgent [baseline] (95.409 ms) : 0, 95409
ProfilingAgent [candidate] (95.741 ms) : 0, 95741
Profiling [baseline] (95.433 ms) : 0, 95433
Profiling [candidate] (95.765 ms) : 0, 95765
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.32.0-SNAPSHOT~8c2ba354b3, baseline=1.32.0-SNAPSHOT~87afba42c6

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.073 s) : 0, 1073002
Total [baseline] (8.594 s) : 0, 8594424
Agent [candidate] (1.077 s) : 0, 1077488
Total [candidate] (8.579 s) : 0, 8578560
section iast
Agent [baseline] (1.209 s) : 0, 1209191
Total [baseline] (9.123 s) : 0, 9123221
Agent [candidate] (1.202 s) : 0, 1201863
Total [candidate] (9.111 s) : 0, 9110955
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.205 s) : 0, 1204678
Total [baseline] (9.092 s) : 0, 9092304
Agent [candidate] (1.203 s) : 0, 1202584
Total [candidate] (9.122 s) : 0, 9121857
section iast_TELEMETRY_OFF
Agent [baseline] (1.21 s) : 0, 1210137
Total [baseline] (9.11 s) : 0, 9110203
Agent [candidate] (1.216 s) : 0, 1215953
Total [candidate] (9.086 s) : 0, 9086469
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.073 s -
Agent iast 1.209 s 136.19 ms (12.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.205 s 131.676 ms (12.3%)
Agent iast_TELEMETRY_OFF 1.21 s 137.135 ms (12.8%)
Total tracing 8.594 s -
Total iast 9.123 s 528.797 ms (6.2%)
Total iast_HARDCODED_SECRET_DISABLED 9.092 s 497.881 ms (5.8%)
Total iast_TELEMETRY_OFF 9.11 s 515.78 ms (6.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.077 s -
Agent iast 1.202 s 124.375 ms (11.5%)
Agent iast_HARDCODED_SECRET_DISABLED 1.203 s 125.096 ms (11.6%)
Agent iast_TELEMETRY_OFF 1.216 s 138.465 ms (12.9%)
Total tracing 8.579 s -
Total iast 9.111 s 532.395 ms (6.2%)
Total iast_HARDCODED_SECRET_DISABLED 9.122 s 543.297 ms (6.3%)
Total iast_TELEMETRY_OFF 9.086 s 507.909 ms (5.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.32.0-SNAPSHOT~8c2ba354b3, baseline=1.32.0-SNAPSHOT~87afba42c6

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (684.612 ms) : 0, 684612
BytebuddyAgent [candidate] (686.458 ms) : 0, 686458
GlobalTracer [baseline] (296.45 ms) : 0, 296450
GlobalTracer [candidate] (298.429 ms) : 0, 298429
AppSec [baseline] (49.113 ms) : 0, 49113
AppSec [candidate] (49.484 ms) : 0, 49484
Remote Config [baseline] (1.084 ms) : 0, 1084
Remote Config [candidate] (1.068 ms) : 0, 1068
Telemetry [baseline] (7.514 ms) : 0, 7514
Telemetry [candidate] (7.523 ms) : 0, 7523
section iast
BytebuddyAgent [baseline] (801.048 ms) : 0, 801048
BytebuddyAgent [candidate] (795.225 ms) : 0, 795225
GlobalTracer [baseline] (290.238 ms) : 0, 290238
GlobalTracer [candidate] (289.881 ms) : 0, 289881
AppSec [baseline] (47.968 ms) : 0, 47968
AppSec [candidate] (49.779 ms) : 0, 49779
Remote Config [baseline] (582.039 µs) : 0, 582
Remote Config [candidate] (599.293 µs) : 0, 599
Telemetry [baseline] (7.413 ms) : 0, 7413
Telemetry [candidate] (7.49 ms) : 0, 7490
IAST [baseline] (27.277 ms) : 0, 27277
IAST [candidate] (24.449 ms) : 0, 24449
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (798.469 ms) : 0, 798469
BytebuddyAgent [candidate] (795.483 ms) : 0, 795483
GlobalTracer [baseline] (290.412 ms) : 0, 290412
GlobalTracer [candidate] (290.392 ms) : 0, 290392
AppSec [baseline] (51.64 ms) : 0, 51640
AppSec [candidate] (49.182 ms) : 0, 49182
Remote Config [baseline] (599.222 µs) : 0, 599
Remote Config [candidate] (583.919 µs) : 0, 584
Telemetry [baseline] (6.709 ms) : 0, 6709
Telemetry [candidate] (7.397 ms) : 0, 7397
IAST [baseline] (22.258 ms) : 0, 22258
IAST [candidate] (25.057 ms) : 0, 25057
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (801.594 ms) : 0, 801594
BytebuddyAgent [candidate] (804.63 ms) : 0, 804630
GlobalTracer [baseline] (292.299 ms) : 0, 292299
GlobalTracer [candidate] (294.353 ms) : 0, 294353
AppSec [baseline] (51.196 ms) : 0, 51196
AppSec [candidate] (49.834 ms) : 0, 49834
Remote Config [baseline] (575.58 µs) : 0, 576
Remote Config [candidate] (590.559 µs) : 0, 591
Telemetry [baseline] (7.232 ms) : 0, 7232
Telemetry [candidate] (8.096 ms) : 0, 8096
IAST [baseline] (22.412 ms) : 0, 22412
IAST [candidate] (23.434 ms) : 0, 23434

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-03-26T19:52:06 2024-03-26T20:14:12
git_branch master andrea.marziali/undertow-cleanup
git_commit_date 1711475656 1711480878
git_commit_sha 87afba4 8c2ba35
release_version 1.32.0-SNAPSHOT~87afba42c6 1.32.0-SNAPSHOT~8c2ba354b3
start_time 2024-03-26T19:51:53 2024-03-26T20:13:59
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1711484398 1711484398
ci_job_id 470170353 470170353
ci_pipeline_id 30867524 30867524
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.32.0-SNAPSHOT~8c2ba354b3, baseline=1.32.0-SNAPSHOT~87afba42c6
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.361 ms) : 1341, 1381
.   : milestone, 1361,
appsec (1.751 ms) : 1727, 1776
.   : milestone, 1751,
appsec_no_iast (1.728 ms) : 1704, 1753
.   : milestone, 1728,
iast (1.524 ms) : 1501, 1548
.   : milestone, 1524,
profiling (1.498 ms) : 1473, 1523
.   : milestone, 1498,
tracing (1.486 ms) : 1461, 1510
.   : milestone, 1486,
section candidate
no_agent (1.344 ms) : 1325, 1364
.   : milestone, 1344,
appsec (1.734 ms) : 1709, 1759
.   : milestone, 1734,
appsec_no_iast (1.728 ms) : 1703, 1752
.   : milestone, 1728,
iast (1.491 ms) : 1468, 1514
.   : milestone, 1491,
profiling (1.494 ms) : 1469, 1519
.   : milestone, 1494,
tracing (1.478 ms) : 1453, 1503
.   : milestone, 1478,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.361 ms [1.341 ms, 1.381 ms] -
appsec 1.751 ms [1.727 ms, 1.776 ms] 390.242 µs (28.7%)
appsec_no_iast 1.728 ms [1.704 ms, 1.753 ms] 367.371 µs (27.0%)
iast 1.524 ms [1.501 ms, 1.548 ms] 163.389 µs (12.0%)
profiling 1.498 ms [1.473 ms, 1.523 ms] 137.097 µs (10.1%)
tracing 1.486 ms [1.461 ms, 1.51 ms] 124.404 µs (9.1%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.344 ms [1.325 ms, 1.364 ms] -
appsec 1.734 ms [1.709 ms, 1.759 ms] 389.62 µs (29.0%)
appsec_no_iast 1.728 ms [1.703 ms, 1.752 ms] 383.198 µs (28.5%)
iast 1.491 ms [1.468 ms, 1.514 ms] 146.451 µs (10.9%)
profiling 1.494 ms [1.469 ms, 1.519 ms] 149.503 µs (11.1%)
tracing 1.478 ms [1.453 ms, 1.503 ms] 133.596 µs (9.9%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.32.0-SNAPSHOT~8c2ba354b3, baseline=1.32.0-SNAPSHOT~87afba42c6
    dateFormat X
    axisFormat %s
section baseline
no_agent (368.758 µs) : 349, 388
.   : milestone, 369,
iast (477.03 µs) : 457, 498
.   : milestone, 477,
iast_FULL (544.252 µs) : 524, 565
.   : milestone, 544,
iast_GLOBAL (499.892 µs) : 479, 520
.   : milestone, 500,
iast_HARDCODED_SECRET_DISABLED (481.997 µs) : 461, 503
.   : milestone, 482,
iast_INACTIVE (448.623 µs) : 428, 469
.   : milestone, 449,
iast_TELEMETRY_OFF (479.235 µs) : 458, 500
.   : milestone, 479,
tracing (450.564 µs) : 430, 471
.   : milestone, 451,
section candidate
no_agent (374.955 µs) : 355, 395
.   : milestone, 375,
iast (476.524 µs) : 455, 498
.   : milestone, 477,
iast_FULL (546.957 µs) : 526, 568
.   : milestone, 547,
iast_GLOBAL (499.778 µs) : 479, 520
.   : milestone, 500,
iast_HARDCODED_SECRET_DISABLED (484.374 µs) : 463, 505
.   : milestone, 484,
iast_INACTIVE (451.539 µs) : 431, 472
.   : milestone, 452,
iast_TELEMETRY_OFF (475.663 µs) : 454, 497
.   : milestone, 476,
tracing (451.344 µs) : 430, 473
.   : milestone, 451,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 368.758 µs [349.255 µs, 388.261 µs] -
iast 477.03 µs [456.508 µs, 497.551 µs] 108.271 µs (29.4%)
iast_FULL 544.252 µs [523.634 µs, 564.871 µs] 175.494 µs (47.6%)
iast_GLOBAL 499.892 µs [479.4 µs, 520.383 µs] 131.133 µs (35.6%)
iast_HARDCODED_SECRET_DISABLED 481.997 µs [461.206 µs, 502.788 µs] 113.239 µs (30.7%)
iast_INACTIVE 448.623 µs [428.091 µs, 469.155 µs] 79.865 µs (21.7%)
iast_TELEMETRY_OFF 479.235 µs [458.345 µs, 500.124 µs] 110.477 µs (30.0%)
tracing 450.564 µs [430.25 µs, 470.878 µs] 81.806 µs (22.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 374.955 µs [355.333 µs, 394.577 µs] -
iast 476.524 µs [455.404 µs, 497.643 µs] 101.568 µs (27.1%)
iast_FULL 546.957 µs [526.104 µs, 567.811 µs] 172.002 µs (45.9%)
iast_GLOBAL 499.778 µs [479.275 µs, 520.28 µs] 124.822 µs (33.3%)
iast_HARDCODED_SECRET_DISABLED 484.374 µs [463.485 µs, 505.263 µs] 109.419 µs (29.2%)
iast_INACTIVE 451.539 µs [430.971 µs, 472.107 µs] 76.584 µs (20.4%)
iast_TELEMETRY_OFF 475.663 µs [454.364 µs, 496.963 µs] 100.708 µs (26.9%)
tracing 451.344 µs [429.845 µs, 472.843 µs] 76.389 µs (20.4%)

nayeem-kamal
nayeem-kamal approved these changes Mar 26, 2024
View reviewed changes
Copy link
Contributor

@nayeem-kamal nayeem-kamal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a small comment but this LGTM

@amarziali amarziali force-pushed the andrea.marziali/undertow-cleanup branch from 597b1e6 to 8c2ba35 Compare March 26, 2024 19:24
@amarziali amarziali enabled auto-merge (squash) March 26, 2024 19:27
@amarziali amarziali merged commit 07789b4 into master Mar 27, 2024
80 checks passed
@amarziali amarziali deleted the andrea.marziali/undertow-cleanup branch March 27, 2024 08:22
@github-actions github-actions bot added this to the 1.32.0 milestone Mar 27, 2024
@PerfectSlayer PerfectSlayer added the inst: others All other instrumentations label Apr 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nayeem-kamal nayeem-kamal nayeem-kamal approved these changes

@dougqh dougqh Awaiting requested review from dougqh dougqh was automatically assigned from DataDog/apm-java

Assignees
No one assigned
Labels
inst: others All other instrumentations
Projects
None yet
Milestone
1.32.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@amarziali @nayeem-kamal @PerfectSlayer