Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude oracle.j2ee from vulnerability locations #6888

Merged
merged 1 commit into from
Apr 10, 2024
Merged

Exclude oracle.j2ee from vulnerability locations #6888

merged 1 commit into from
Apr 10, 2024

Conversation

smola
Copy link
Member

@smola smola commented Apr 4, 2024
edited by jira bot
Loading

What Does This Do

Exclude oracle.j2ee.* packages from being selected as vulnerability locations.

Motivation

Additional Notes

Jira ticket: APPSEC-52409

@smola smola added the comp: asm iast Application Security Management (IAST) label Apr 4, 2024
@smola smola requested a review from a team as a code owner April 4, 2024 14:21
@pr-commenter
Copy link

pr-commenter bot commented Apr 4, 2024

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master smola/weblogic-iast-location
git_commit_date 1712235284 1712240433
git_commit_sha 734e3c5 3769a6b
release_version 1.33.0-SNAPSHOT~734e3c5998 1.33.0-SNAPSHOT~3769a6bc10
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1712243780 1712243780
ci_job_id 478183150 478183150
ci_pipeline_id 31455867 31455867
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.33.0-SNAPSHOT~3769a6bc10, baseline=1.33.0-SNAPSHOT~734e3c5998

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.088 s) : 0, 1087519
Total [baseline] (10.441 s) : 0, 10441109
Agent [candidate] (1.077 s) : 0, 1076614
Total [candidate] (10.352 s) : 0, 10351679
section appsec
Agent [baseline] (1.199 s) : 0, 1198685
Total [baseline] (10.516 s) : 0, 10515855
Agent [candidate] (1.195 s) : 0, 1195441
Total [candidate] (10.448 s) : 0, 10447848
section iast
Agent [baseline] (1.201 s) : 0, 1200646
Total [baseline] (10.752 s) : 0, 10751772
Agent [candidate] (1.2 s) : 0, 1200226
Total [candidate] (10.842 s) : 0, 10842127
section profiling
Agent [baseline] (1.27 s) : 0, 1270031
Total [baseline] (10.606 s) : 0, 10605776
Agent [candidate] (1.276 s) : 0, 1276295
Total [candidate] (10.643 s) : 0, 10643386
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.088 s -
Agent appsec 1.199 s 111.165 ms (10.2%)
Agent iast 1.201 s 113.126 ms (10.4%)
Agent profiling 1.27 s 182.511 ms (16.8%)
Total tracing 10.441 s -
Total appsec 10.516 s 74.746 ms (0.7%)
Total iast 10.752 s 310.663 ms (3.0%)
Total profiling 10.606 s 164.666 ms (1.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.077 s -
Agent appsec 1.195 s 118.827 ms (11.0%)
Agent iast 1.2 s 123.611 ms (11.5%)
Agent profiling 1.276 s 199.681 ms (18.5%)
Total tracing 10.352 s -
Total appsec 10.448 s 96.17 ms (0.9%)
Total iast 10.842 s 490.449 ms (4.7%)
Total profiling 10.643 s 291.707 ms (2.8%) 
gantt
    title petclinic - break down per module: candidate=1.33.0-SNAPSHOT~3769a6bc10, baseline=1.33.0-SNAPSHOT~734e3c5998

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (681.758 ms) : 0, 681758
BytebuddyAgent [candidate] (674.043 ms) : 0, 674043
GlobalTracer [baseline] (312.465 ms) : 0, 312465
GlobalTracer [candidate] (310.44 ms) : 0, 310440
AppSec [baseline] (50.035 ms) : 0, 50035
AppSec [candidate] (49.48 ms) : 0, 49480
Remote Config [baseline] (668.093 µs) : 0, 668
Remote Config [candidate] (660.866 µs) : 0, 661
Telemetry [baseline] (7.711 ms) : 0, 7711
Telemetry [candidate] (7.651 ms) : 0, 7651
section appsec
BytebuddyAgent [baseline] (695.946 ms) : 0, 695946
BytebuddyAgent [candidate] (694.258 ms) : 0, 694258
GlobalTracer [baseline] (291.574 ms) : 0, 291574
GlobalTracer [candidate] (291.369 ms) : 0, 291369
AppSec [baseline] (149.81 ms) : 0, 149810
AppSec [candidate] (149.331 ms) : 0, 149331
IAST [baseline] (18.877 ms) : 0, 18877
IAST [candidate] (18.759 ms) : 0, 18759
Remote Config [baseline] (610.304 µs) : 0, 610
Remote Config [candidate] (609.107 µs) : 0, 609
Telemetry [baseline] (7.429 ms) : 0, 7429
Telemetry [candidate] (6.794 ms) : 0, 6794
section iast
BytebuddyAgent [baseline] (796.647 ms) : 0, 796647
BytebuddyAgent [candidate] (794.669 ms) : 0, 794669
GlobalTracer [baseline] (287.386 ms) : 0, 287386
GlobalTracer [candidate] (289.094 ms) : 0, 289094
AppSec [baseline] (48.723 ms) : 0, 48723
AppSec [candidate] (49.639 ms) : 0, 49639
IAST [baseline] (24.561 ms) : 0, 24561
IAST [candidate] (24.53 ms) : 0, 24530
Remote Config [baseline] (584.67 µs) : 0, 585
Remote Config [candidate] (588.724 µs) : 0, 589
Telemetry [baseline] (8.097 ms) : 0, 8097
Telemetry [candidate] (7.378 ms) : 0, 7378
section profiling
BytebuddyAgent [baseline] (679.746 ms) : 0, 679746
BytebuddyAgent [candidate] (681.551 ms) : 0, 681551
GlobalTracer [baseline] (380.169 ms) : 0, 380169
GlobalTracer [candidate] (382.656 ms) : 0, 382656
AppSec [baseline] (50.162 ms) : 0, 50162
AppSec [candidate] (50.388 ms) : 0, 50388
Remote Config [baseline] (722.168 µs) : 0, 722
Remote Config [candidate] (716.079 µs) : 0, 716
Telemetry [baseline] (7.436 ms) : 0, 7436
Telemetry [candidate] (7.571 ms) : 0, 7571
ProfilingAgent [baseline] (95.181 ms) : 0, 95181
ProfilingAgent [candidate] (96.943 ms) : 0, 96943
Profiling [baseline] (95.204 ms) : 0, 95204
Profiling [candidate] (96.967 ms) : 0, 96967
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.33.0-SNAPSHOT~3769a6bc10, baseline=1.33.0-SNAPSHOT~734e3c5998

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.074 s) : 0, 1073712
Total [baseline] (8.553 s) : 0, 8553101
Agent [candidate] (1.075 s) : 0, 1075114
Total [candidate] (8.556 s) : 0, 8556481
section iast
Agent [baseline] (1.2 s) : 0, 1200083
Total [baseline] (9.056 s) : 0, 9056334
Agent [candidate] (1.199 s) : 0, 1198849
Total [candidate] (8.993 s) : 0, 8993389
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.208 s) : 0, 1207810
Total [baseline] (9.021 s) : 0, 9021170
Agent [candidate] (1.197 s) : 0, 1197350
Total [candidate] (9.002 s) : 0, 9001747
section iast_TELEMETRY_OFF
Agent [baseline] (1.196 s) : 0, 1195794
Total [baseline] (9.032 s) : 0, 9031734
Agent [candidate] (1.205 s) : 0, 1204548
Total [candidate] (9.033 s) : 0, 9033324
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.074 s -
Agent iast 1.2 s 126.371 ms (11.8%)
Agent iast_HARDCODED_SECRET_DISABLED 1.208 s 134.098 ms (12.5%)
Agent iast_TELEMETRY_OFF 1.196 s 122.082 ms (11.4%)
Total tracing 8.553 s -
Total iast 9.056 s 503.233 ms (5.9%)
Total iast_HARDCODED_SECRET_DISABLED 9.021 s 468.07 ms (5.5%)
Total iast_TELEMETRY_OFF 9.032 s 478.634 ms (5.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.075 s -
Agent iast 1.199 s 123.735 ms (11.5%)
Agent iast_HARDCODED_SECRET_DISABLED 1.197 s 122.236 ms (11.4%)
Agent iast_TELEMETRY_OFF 1.205 s 129.434 ms (12.0%)
Total tracing 8.556 s -
Total iast 8.993 s 436.908 ms (5.1%)
Total iast_HARDCODED_SECRET_DISABLED 9.002 s 445.266 ms (5.2%)
Total iast_TELEMETRY_OFF 9.033 s 476.843 ms (5.6%) 
gantt
    title insecure-bank - break down per module: candidate=1.33.0-SNAPSHOT~3769a6bc10, baseline=1.33.0-SNAPSHOT~734e3c5998

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (672.713 ms) : 0, 672713
BytebuddyAgent [candidate] (673.103 ms) : 0, 673103
GlobalTracer [baseline] (308.802 ms) : 0, 308802
GlobalTracer [candidate] (309.77 ms) : 0, 309770
AppSec [baseline] (49.493 ms) : 0, 49493
AppSec [candidate] (49.631 ms) : 0, 49631
Remote Config [baseline] (668.525 µs) : 0, 669
Remote Config [candidate] (665.491 µs) : 0, 665
Telemetry [baseline] (7.63 ms) : 0, 7630
Telemetry [candidate] (7.636 ms) : 0, 7636
section iast
BytebuddyAgent [baseline] (794.367 ms) : 0, 794367
BytebuddyAgent [candidate] (794.266 ms) : 0, 794266
GlobalTracer [baseline] (289.597 ms) : 0, 289597
GlobalTracer [candidate] (288.498 ms) : 0, 288498
AppSec [baseline] (49.679 ms) : 0, 49679
AppSec [candidate] (49.985 ms) : 0, 49985
IAST [baseline] (23.959 ms) : 0, 23959
IAST [candidate] (22.914 ms) : 0, 22914
Remote Config [baseline] (586.63 µs) : 0, 587
Remote Config [candidate] (580.46 µs) : 0, 580
Telemetry [baseline] (7.525 ms) : 0, 7525
Telemetry [candidate] (8.149 ms) : 0, 8149
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (800.68 ms) : 0, 800680
BytebuddyAgent [candidate] (793.12 ms) : 0, 793120
GlobalTracer [baseline] (290.252 ms) : 0, 290252
GlobalTracer [candidate] (288.41 ms) : 0, 288410
AppSec [baseline] (50.337 ms) : 0, 50337
AppSec [candidate] (49.906 ms) : 0, 49906
IAST [baseline] (23.176 ms) : 0, 23176
IAST [candidate] (22.87 ms) : 0, 22870
Remote Config [baseline] (601.029 µs) : 0, 601
Remote Config [candidate] (596.921 µs) : 0, 597
Telemetry [baseline] (8.163 ms) : 0, 8163
Telemetry [candidate] (8.058 ms) : 0, 8058
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (792.01 ms) : 0, 792010
BytebuddyAgent [candidate] (797.423 ms) : 0, 797423
GlobalTracer [baseline] (288.061 ms) : 0, 288061
GlobalTracer [candidate] (290.392 ms) : 0, 290392
AppSec [baseline] (48.013 ms) : 0, 48013
AppSec [candidate] (49.19 ms) : 0, 49190
IAST [baseline] (25.409 ms) : 0, 25409
IAST [candidate] (25.02 ms) : 0, 25020
Remote Config [baseline] (574.932 µs) : 0, 575
Remote Config [candidate] (582.662 µs) : 0, 583
Telemetry [baseline] (7.296 ms) : 0, 7296
Telemetry [candidate] (7.325 ms) : 0, 7325
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-04-04T14:48:39 2024-04-04T15:10:37
git_branch master smola/weblogic-iast-location
git_commit_date 1712235284 1712240433
git_commit_sha 734e3c5 3769a6b
release_version 1.33.0-SNAPSHOT~734e3c5998 1.33.0-SNAPSHOT~3769a6bc10
start_time 2024-04-04T14:48:26 2024-04-04T15:10:24
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1712243780 1712243780
ci_job_id 478183150 478183150
ci_pipeline_id 31455867 31455867
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.33.0-SNAPSHOT~3769a6bc10, baseline=1.33.0-SNAPSHOT~734e3c5998
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.345 ms) : 1326, 1365
.   : milestone, 1345,
appsec (1.718 ms) : 1693, 1743
.   : milestone, 1718,
appsec_no_iast (1.711 ms) : 1687, 1735
.   : milestone, 1711,
iast (1.477 ms) : 1454, 1501
.   : milestone, 1477,
profiling (1.542 ms) : 1517, 1567
.   : milestone, 1542,
tracing (1.487 ms) : 1463, 1511
.   : milestone, 1487,
section candidate
no_agent (1.339 ms) : 1319, 1358
.   : milestone, 1339,
appsec (1.728 ms) : 1704, 1752
.   : milestone, 1728,
appsec_no_iast (1.734 ms) : 1710, 1758
.   : milestone, 1734,
iast (1.494 ms) : 1471, 1517
.   : milestone, 1494,
profiling (1.507 ms) : 1483, 1531
.   : milestone, 1507,
tracing (1.456 ms) : 1432, 1480
.   : milestone, 1456,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.345 ms [1.326 ms, 1.365 ms] -
appsec 1.718 ms [1.693 ms, 1.743 ms] 372.677 µs (27.7%)
appsec_no_iast 1.711 ms [1.687 ms, 1.735 ms] 365.468 µs (27.2%)
iast 1.477 ms [1.454 ms, 1.501 ms] 131.893 µs (9.8%)
profiling 1.542 ms [1.517 ms, 1.567 ms] 196.636 µs (14.6%)
tracing 1.487 ms [1.463 ms, 1.511 ms] 141.339 µs (10.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.339 ms [1.319 ms, 1.358 ms] -
appsec 1.728 ms [1.704 ms, 1.752 ms] 389.16 µs (29.1%)
appsec_no_iast 1.734 ms [1.71 ms, 1.758 ms] 395.297 µs (29.5%)
iast 1.494 ms [1.471 ms, 1.517 ms] 155.152 µs (11.6%)
profiling 1.507 ms [1.483 ms, 1.531 ms] 168.235 µs (12.6%)
tracing 1.456 ms [1.432 ms, 1.48 ms] 117.148 µs (8.8%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.33.0-SNAPSHOT~3769a6bc10, baseline=1.33.0-SNAPSHOT~734e3c5998
    dateFormat X
    axisFormat %s
section baseline
no_agent (366.69 µs) : 347, 386
.   : milestone, 367,
iast (476.177 µs) : 454, 498
.   : milestone, 476,
iast_FULL (537.509 µs) : 516, 559
.   : milestone, 538,
iast_GLOBAL (496.152 µs) : 475, 518
.   : milestone, 496,
iast_HARDCODED_SECRET_DISABLED (473.651 µs) : 452, 495
.   : milestone, 474,
iast_INACTIVE (442.675 µs) : 422, 463
.   : milestone, 443,
iast_TELEMETRY_OFF (471.578 µs) : 451, 492
.   : milestone, 472,
tracing (444.271 µs) : 424, 465
.   : milestone, 444,
section candidate
no_agent (365.979 µs) : 346, 386
.   : milestone, 366,
iast (476.939 µs) : 456, 498
.   : milestone, 477,
iast_FULL (535.683 µs) : 514, 557
.   : milestone, 536,
iast_GLOBAL (503.574 µs) : 482, 525
.   : milestone, 504,
iast_HARDCODED_SECRET_DISABLED (473.253 µs) : 452, 494
.   : milestone, 473,
iast_INACTIVE (444.084 µs) : 424, 464
.   : milestone, 444,
iast_TELEMETRY_OFF (466.592 µs) : 446, 487
.   : milestone, 467,
tracing (447.072 µs) : 426, 468
.   : milestone, 447,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 366.69 µs [347.262 µs, 386.119 µs] -
iast 476.177 µs [454.122 µs, 498.232 µs] 109.487 µs (29.9%)
iast_FULL 537.509 µs [516.489 µs, 558.529 µs] 170.819 µs (46.6%)
iast_GLOBAL 496.152 µs [474.557 µs, 517.748 µs] 129.462 µs (35.3%)
iast_HARDCODED_SECRET_DISABLED 473.651 µs [452.447 µs, 494.855 µs] 106.96 µs (29.2%)
iast_INACTIVE 442.675 µs [422.251 µs, 463.098 µs] 75.984 µs (20.7%)
iast_TELEMETRY_OFF 471.578 µs [450.937 µs, 492.22 µs] 104.888 µs (28.6%)
tracing 444.271 µs [423.509 µs, 465.034 µs] 77.581 µs (21.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 365.979 µs [346.287 µs, 385.671 µs] -
iast 476.939 µs [455.881 µs, 497.997 µs] 110.96 µs (30.3%)
iast_FULL 535.683 µs [514.146 µs, 557.221 µs] 169.704 µs (46.4%)
iast_GLOBAL 503.574 µs [482.277 µs, 524.871 µs] 137.595 µs (37.6%)
iast_HARDCODED_SECRET_DISABLED 473.253 µs [452.076 µs, 494.429 µs] 107.274 µs (29.3%)
iast_INACTIVE 444.084 µs [423.676 µs, 464.493 µs] 78.105 µs (21.3%)
iast_TELEMETRY_OFF 466.592 µs [446.163 µs, 487.022 µs] 100.613 µs (27.5%)
tracing 447.072 µs [426.452 µs, 467.692 µs] 81.093 µs (22.2%)

@smola smola merged commit 1ff19ea into master Apr 10, 2024
79 checks passed
@smola smola deleted the smola/weblogic-iast-location branch April 10, 2024 07:37
@github-actions github-actions bot added this to the 1.33.0 milestone Apr 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@jandro996 jandro996 Awaiting requested review from jandro996 jandro996 is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST)
Projects
None yet
Milestone
1.33.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@smola @manuel-alvarez-alvarez