Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to disable IAST instrumenter for anonymous classes #6898

Merged
merged 3 commits into from
Apr 30, 2024
Merged

Add option to disable IAST instrumenter for anonymous classes #6898

merged 3 commits into from
Apr 30, 2024

Conversation

manuel-alvarez-alvarez
Copy link
Contributor

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Apr 10, 2024
edited

What Does This Do

Adds a new property to disable the instrumentation of anonymous classes when using IAST (enabled by default), can be set via VM parameter or environment:

  • VM parameter: -Ddd.iast.anonymous-classes.enabled=false
  • Environment: DD_IAST_ANONYMOUS_CLASSES_ENABLED=false

Motivation

Support for the enclosed flags in the bytecode has some quirks, transforming those classes by IAST might introduce bugs in some libraries like mybatis that make use of those flags.

Additional Notes

Jira ticket: SCRS-882

@manuel-alvarez-alvarez manuel-alvarez-alvarez added type: bug comp: asm iast Application Security Management (IAST) labels Apr 10, 2024
@pr-commenter
Copy link

pr-commenter bot commented Apr 10, 2024
edited

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-disable-enclosed-classes
git_commit_date 1714466677 1714467036
git_commit_sha d3eae46 9c5129c
release_version 1.34.0-SNAPSHOT~d3eae46967 1.34.0-SNAPSHOT~9c5129c96b
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1714469677 1714469677
ci_job_id 500520084 500520084
ci_pipeline_id 33231573 33231573
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.34.0-SNAPSHOT~9c5129c96b, baseline=1.34.0-SNAPSHOT~d3eae46967

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.083 s) : 0, 1082828
Total [baseline] (10.415 s) : 0, 10415175
Agent [candidate] (1.084 s) : 0, 1083813
Total [candidate] (10.406 s) : 0, 10405803
section appsec
Agent [baseline] (1.197 s) : 0, 1197152
Total [baseline] (10.489 s) : 0, 10489100
Agent [candidate] (1.19 s) : 0, 1190260
Total [candidate] (10.47 s) : 0, 10469604
section iast
Agent [baseline] (1.2 s) : 0, 1200434
Total [baseline] (10.747 s) : 0, 10746757
Agent [candidate] (1.207 s) : 0, 1207064
Total [candidate] (10.73 s) : 0, 10730089
section profiling
Agent [baseline] (1.269 s) : 0, 1268671
Total [baseline] (10.605 s) : 0, 10605450
Agent [candidate] (1.27 s) : 0, 1269763
Total [candidate] (10.6 s) : 0, 10600402
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.083 s -
Agent appsec 1.197 s 114.324 ms (10.6%)
Agent iast 1.2 s 117.606 ms (10.9%)
Agent profiling 1.269 s 185.843 ms (17.2%)
Total tracing 10.415 s -
Total appsec 10.489 s 73.925 ms (0.7%)
Total iast 10.747 s 331.582 ms (3.2%)
Total profiling 10.605 s 190.275 ms (1.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent appsec 1.19 s 106.447 ms (9.8%)
Agent iast 1.207 s 123.251 ms (11.4%)
Agent profiling 1.27 s 185.949 ms (17.2%)
Total tracing 10.406 s -
Total appsec 10.47 s 63.801 ms (0.6%)
Total iast 10.73 s 324.286 ms (3.1%)
Total profiling 10.6 s 194.599 ms (1.9%) 
gantt
    title petclinic - break down per module: candidate=1.34.0-SNAPSHOT~9c5129c96b, baseline=1.34.0-SNAPSHOT~d3eae46967

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (678.139 ms) : 0, 678139
BytebuddyAgent [candidate] (678.28 ms) : 0, 678280
GlobalTracer [baseline] (311.81 ms) : 0, 311810
GlobalTracer [candidate] (312.799 ms) : 0, 312799
AppSec [baseline] (49.918 ms) : 0, 49918
AppSec [candidate] (49.787 ms) : 0, 49787
Remote Config [baseline] (669.257 µs) : 0, 669
Remote Config [candidate] (665.633 µs) : 0, 666
Telemetry [baseline] (7.708 ms) : 0, 7708
Telemetry [candidate] (7.626 ms) : 0, 7626
section appsec
BytebuddyAgent [baseline] (700.91 ms) : 0, 700910
BytebuddyAgent [candidate] (696.1 ms) : 0, 696100
GlobalTracer [baseline] (293.359 ms) : 0, 293359
GlobalTracer [candidate] (291.941 ms) : 0, 291941
AppSec [baseline] (149.825 ms) : 0, 149825
AppSec [candidate] (149.37 ms) : 0, 149370
Remote Config [baseline] (623.157 µs) : 0, 623
Remote Config [candidate] (618.249 µs) : 0, 618
Telemetry [baseline] (8.201 ms) : 0, 8201
Telemetry [candidate] (8.146 ms) : 0, 8146
IAST [baseline] (19.194 ms) : 0, 19194
IAST [candidate] (19.25 ms) : 0, 19250
section iast
BytebuddyAgent [baseline] (795.29 ms) : 0, 795290
BytebuddyAgent [candidate] (799.669 ms) : 0, 799669
GlobalTracer [baseline] (288.421 ms) : 0, 288421
GlobalTracer [candidate] (289.984 ms) : 0, 289984
AppSec [baseline] (53.676 ms) : 0, 53676
AppSec [candidate] (50.488 ms) : 0, 50488
Remote Config [baseline] (556.711 µs) : 0, 557
Remote Config [candidate] (1.311 ms) : 0, 1311
Telemetry [baseline] (6.63 ms) : 0, 6630
Telemetry [candidate] (6.703 ms) : 0, 6703
IAST [baseline] (21.576 ms) : 0, 21576
IAST [candidate] (24.331 ms) : 0, 24331
section profiling
ProfilingAgent [baseline] (95.324 ms) : 0, 95324
ProfilingAgent [candidate] (95.919 ms) : 0, 95919
BytebuddyAgent [baseline] (678.572 ms) : 0, 678572
BytebuddyAgent [candidate] (678.29 ms) : 0, 678290
GlobalTracer [baseline] (380.002 ms) : 0, 380002
GlobalTracer [candidate] (380.535 ms) : 0, 380535
AppSec [baseline] (50.263 ms) : 0, 50263
AppSec [candidate] (50.281 ms) : 0, 50281
Remote Config [baseline] (716.556 µs) : 0, 717
Remote Config [candidate] (708.711 µs) : 0, 709
Telemetry [baseline] (7.462 ms) : 0, 7462
Telemetry [candidate] (7.463 ms) : 0, 7463
Profiling [baseline] (95.348 ms) : 0, 95348
Profiling [candidate] (95.944 ms) : 0, 95944
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.34.0-SNAPSHOT~9c5129c96b, baseline=1.34.0-SNAPSHOT~d3eae46967

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.084 s) : 0, 1083675
Total [baseline] (8.556 s) : 0, 8555745
Agent [candidate] (1.084 s) : 0, 1084478
Total [candidate] (8.58 s) : 0, 8579619
section iast
Agent [baseline] (1.199 s) : 0, 1199321
Total [baseline] (9.021 s) : 0, 9020730
Agent [candidate] (1.208 s) : 0, 1207547
Total [candidate] (9.054 s) : 0, 9054463
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.216 s) : 0, 1215950
Total [baseline] (8.973 s) : 0, 8973081
Agent [candidate] (1.201 s) : 0, 1201167
Total [candidate] (8.999 s) : 0, 8999354
section iast_TELEMETRY_OFF
Agent [baseline] (1.196 s) : 0, 1195911
Total [baseline] (9.057 s) : 0, 9056869
Agent [candidate] (1.207 s) : 0, 1206810
Total [candidate] (9.074 s) : 0, 9074044
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent iast 1.199 s 115.646 ms (10.7%)
Agent iast_HARDCODED_SECRET_DISABLED 1.216 s 132.275 ms (12.2%)
Agent iast_TELEMETRY_OFF 1.196 s 112.236 ms (10.4%)
Total tracing 8.556 s -
Total iast 9.021 s 464.985 ms (5.4%)
Total iast_HARDCODED_SECRET_DISABLED 8.973 s 417.336 ms (4.9%)
Total iast_TELEMETRY_OFF 9.057 s 501.124 ms (5.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent iast 1.208 s 123.07 ms (11.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.201 s 116.689 ms (10.8%)
Agent iast_TELEMETRY_OFF 1.207 s 122.332 ms (11.3%)
Total tracing 8.58 s -
Total iast 9.054 s 474.844 ms (5.5%)
Total iast_HARDCODED_SECRET_DISABLED 8.999 s 419.735 ms (4.9%)
Total iast_TELEMETRY_OFF 9.074 s 494.425 ms (5.8%) 
gantt
    title insecure-bank - break down per module: candidate=1.34.0-SNAPSHOT~9c5129c96b, baseline=1.34.0-SNAPSHOT~d3eae46967

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (679.258 ms) : 0, 679258
BytebuddyAgent [candidate] (679.425 ms) : 0, 679425
GlobalTracer [baseline] (311.851 ms) : 0, 311851
GlobalTracer [candidate] (312.19 ms) : 0, 312190
AppSec [baseline] (49.645 ms) : 0, 49645
AppSec [candidate] (49.87 ms) : 0, 49870
Remote Config [baseline] (659.613 µs) : 0, 660
Remote Config [candidate] (667.815 µs) : 0, 668
Telemetry [baseline] (7.651 ms) : 0, 7651
Telemetry [candidate] (7.646 ms) : 0, 7646
section iast
BytebuddyAgent [baseline] (794.507 ms) : 0, 794507
BytebuddyAgent [candidate] (799.977 ms) : 0, 799977
GlobalTracer [baseline] (287.999 ms) : 0, 287999
GlobalTracer [candidate] (290.387 ms) : 0, 290387
AppSec [baseline] (52.032 ms) : 0, 52032
AppSec [candidate] (51.959 ms) : 0, 51959
IAST [baseline] (23.29 ms) : 0, 23290
IAST [candidate] (23.275 ms) : 0, 23275
Remote Config [baseline] (563.972 µs) : 0, 564
Remote Config [candidate] (652.278 µs) : 0, 652
Telemetry [baseline] (6.583 ms) : 0, 6583
Telemetry [candidate] (6.695 ms) : 0, 6695
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (806.571 ms) : 0, 806571
BytebuddyAgent [candidate] (796.049 ms) : 0, 796049
GlobalTracer [baseline] (292.133 ms) : 0, 292133
GlobalTracer [candidate] (289.05 ms) : 0, 289050
AppSec [baseline] (51.754 ms) : 0, 51754
AppSec [candidate] (52.512 ms) : 0, 52512
IAST [baseline] (22.616 ms) : 0, 22616
IAST [candidate] (22.094 ms) : 0, 22094
Remote Config [baseline] (1.303 ms) : 0, 1303
Remote Config [candidate] (560.652 µs) : 0, 561
Telemetry [baseline] (6.723 ms) : 0, 6723
Telemetry [candidate] (6.581 ms) : 0, 6581
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (791.818 ms) : 0, 791818
BytebuddyAgent [candidate] (799.247 ms) : 0, 799247
GlobalTracer [baseline] (287.884 ms) : 0, 287884
GlobalTracer [candidate] (290.35 ms) : 0, 290350
AppSec [baseline] (48.333 ms) : 0, 48333
AppSec [candidate] (52.111 ms) : 0, 52111
IAST [baseline] (25.539 ms) : 0, 25539
IAST [candidate] (23.224 ms) : 0, 23224
Remote Config [baseline] (598.277 µs) : 0, 598
Remote Config [candidate] (585.172 µs) : 0, 585
Telemetry [baseline] (7.344 ms) : 0, 7344
Telemetry [candidate] (6.62 ms) : 0, 6620

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-04-30T09:05:32 2024-04-30T09:12:20
git_branch master malvarez/iast-disable-enclosed-classes
git_commit_date 1714466677 1714467036
git_commit_sha d3eae46 9c5129c
release_version 1.34.0-SNAPSHOT~d3eae46967 1.34.0-SNAPSHOT~9c5129c96b
start_time 2024-04-30T09:05:19 2024-04-30T09:12:07
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1714468685 1714468685
ci_job_id 500520086 500520086
ci_pipeline_id 33231573 33231573
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.34.0-SNAPSHOT~9c5129c96b, baseline=1.34.0-SNAPSHOT~d3eae46967
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.332 ms) : 1313, 1351
.   : milestone, 1332,
appsec (1.732 ms) : 1709, 1756
.   : milestone, 1732,
appsec_no_iast (1.721 ms) : 1697, 1745
.   : milestone, 1721,
iast (1.472 ms) : 1449, 1495
.   : milestone, 1472,
profiling (1.504 ms) : 1479, 1529
.   : milestone, 1504,
tracing (1.466 ms) : 1441, 1490
.   : milestone, 1466,
section candidate
no_agent (1.329 ms) : 1310, 1349
.   : milestone, 1329,
appsec (1.741 ms) : 1717, 1765
.   : milestone, 1741,
appsec_no_iast (1.711 ms) : 1686, 1736
.   : milestone, 1711,
iast (1.493 ms) : 1470, 1516
.   : milestone, 1493,
profiling (1.507 ms) : 1482, 1532
.   : milestone, 1507,
tracing (1.497 ms) : 1473, 1521
.   : milestone, 1497,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.332 ms [1.313 ms, 1.351 ms] -
appsec 1.732 ms [1.709 ms, 1.756 ms] 400.42 µs (30.1%)
appsec_no_iast 1.721 ms [1.697 ms, 1.745 ms] 389.156 µs (29.2%)
iast 1.472 ms [1.449 ms, 1.495 ms] 139.856 µs (10.5%)
profiling 1.504 ms [1.479 ms, 1.529 ms] 171.675 µs (12.9%)
tracing 1.466 ms [1.441 ms, 1.49 ms] 133.726 µs (10.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.329 ms [1.31 ms, 1.349 ms] -
appsec 1.741 ms [1.717 ms, 1.765 ms] 411.781 µs (31.0%)
appsec_no_iast 1.711 ms [1.686 ms, 1.736 ms] 381.383 µs (28.7%)
iast 1.493 ms [1.47 ms, 1.516 ms] 163.696 µs (12.3%)
profiling 1.507 ms [1.482 ms, 1.532 ms] 177.942 µs (13.4%)
tracing 1.497 ms [1.473 ms, 1.521 ms] 167.959 µs (12.6%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.34.0-SNAPSHOT~9c5129c96b, baseline=1.34.0-SNAPSHOT~d3eae46967
    dateFormat X
    axisFormat %s
section baseline
no_agent (364.174 µs) : 345, 384
.   : milestone, 364,
iast (473.115 µs) : 453, 494
.   : milestone, 473,
iast_FULL (539.969 µs) : 518, 561
.   : milestone, 540,
iast_GLOBAL (502.907 µs) : 482, 524
.   : milestone, 503,
iast_HARDCODED_SECRET_DISABLED (487.152 µs) : 467, 508
.   : milestone, 487,
iast_INACTIVE (450.055 µs) : 429, 471
.   : milestone, 450,
iast_TELEMETRY_OFF (477.243 µs) : 455, 499
.   : milestone, 477,
tracing (448.967 µs) : 427, 471
.   : milestone, 449,
section candidate
no_agent (371.55 µs) : 352, 391
.   : milestone, 372,
iast (475.441 µs) : 455, 496
.   : milestone, 475,
iast_FULL (543.149 µs) : 523, 564
.   : milestone, 543,
iast_GLOBAL (498.01 µs) : 477, 519
.   : milestone, 498,
iast_HARDCODED_SECRET_DISABLED (471.71 µs) : 452, 492
.   : milestone, 472,
iast_INACTIVE (454.748 µs) : 433, 476
.   : milestone, 455,
iast_TELEMETRY_OFF (471.299 µs) : 450, 492
.   : milestone, 471,
tracing (449.226 µs) : 428, 470
.   : milestone, 449,
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 364.174 µs [344.718 µs, 383.63 µs] -
iast 473.115 µs [452.506 µs, 493.723 µs] 108.94 µs (29.9%)
iast_FULL 539.969 µs [518.441 µs, 561.497 µs] 175.795 µs (48.3%)
iast_GLOBAL 502.907 µs [481.882 µs, 523.932 µs] 138.733 µs (38.1%)
iast_HARDCODED_SECRET_DISABLED 487.152 µs [466.539 µs, 507.764 µs] 122.978 µs (33.8%)
iast_INACTIVE 450.055 µs [429.324 µs, 470.786 µs] 85.881 µs (23.6%)
iast_TELEMETRY_OFF 477.243 µs [455.247 µs, 499.24 µs] 113.069 µs (31.0%)
tracing 448.967 µs [427.38 µs, 470.555 µs] 84.793 µs (23.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 371.55 µs [352.116 µs, 390.984 µs] -
iast 475.441 µs [454.785 µs, 496.096 µs] 103.891 µs (28.0%)
iast_FULL 543.149 µs [522.575 µs, 563.723 µs] 171.599 µs (46.2%)
iast_GLOBAL 498.01 µs [477.414 µs, 518.605 µs] 126.46 µs (34.0%)
iast_HARDCODED_SECRET_DISABLED 471.71 µs [451.528 µs, 491.892 µs] 100.16 µs (27.0%)
iast_INACTIVE 454.748 µs [433.404 µs, 476.092 µs] 83.198 µs (22.4%)
iast_TELEMETRY_OFF 471.299 µs [450.495 µs, 492.104 µs] 99.75 µs (26.8%)
tracing 449.226 µs [427.954 µs, 470.498 µs] 77.676 µs (20.9%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-disable-enclosed-classes
git_commit_date 1714466677 1714467036
git_commit_sha d3eae46 9c5129c
release_version 1.34.0-SNAPSHOT~d3eae46967 1.34.0-SNAPSHOT~9c5129c96b
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1714469174 1714469174
ci_job_id 500520089 500520089
ci_pipeline_id 33231573 33231573
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.34.0-SNAPSHOT~9c5129c96b, baseline=1.34.0-SNAPSHOT~d3eae46967
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.455 ms) : 1444, 1467
.   : milestone, 1455,
appsec (2.185 ms) : 2152, 2219
.   : milestone, 2185,
iast (1.877 ms) : 1841, 1912
.   : milestone, 1877,
iast_GLOBAL (1.916 ms) : 1881, 1952
.   : milestone, 1916,
profiling (1.831 ms) : 1798, 1863
.   : milestone, 1831,
tracing (1.823 ms) : 1791, 1856
.   : milestone, 1823,
section candidate
no_agent (1.465 ms) : 1453, 1477
.   : milestone, 1465,
appsec (2.188 ms) : 2154, 2221
.   : milestone, 2188,
iast (1.884 ms) : 1848, 1919
.   : milestone, 1884,
iast_GLOBAL (1.915 ms) : 1880, 1950
.   : milestone, 1915,
profiling (1.832 ms) : 1800, 1864
.   : milestone, 1832,
tracing (1.821 ms) : 1788, 1853
.   : milestone, 1821,
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.455 ms [1.444 ms, 1.467 ms] -
appsec 2.185 ms [2.152 ms, 2.219 ms] 729.778 µs (50.1%)
iast 1.877 ms [1.841 ms, 1.912 ms] 421.134 µs (28.9%)
iast_GLOBAL 1.916 ms [1.881 ms, 1.952 ms] 461.017 µs (31.7%)
profiling 1.831 ms [1.798 ms, 1.863 ms] 375.303 µs (25.8%)
tracing 1.823 ms [1.791 ms, 1.856 ms] 367.867 µs (25.3%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.465 ms [1.453 ms, 1.477 ms] -
appsec 2.188 ms [2.154 ms, 2.221 ms] 722.659 µs (49.3%)
iast 1.884 ms [1.848 ms, 1.919 ms] 418.847 µs (28.6%)
iast_GLOBAL 1.915 ms [1.88 ms, 1.95 ms] 449.623 µs (30.7%)
profiling 1.832 ms [1.8 ms, 1.864 ms] 367.068 µs (25.1%)
tracing 1.821 ms [1.788 ms, 1.853 ms] 355.425 µs (24.3%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.34.0-SNAPSHOT~9c5129c96b, baseline=1.34.0-SNAPSHOT~d3eae46967
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.523 s) : 15523000, 15523000
.   : milestone, 15523000,
appsec (15.189 s) : 15189000, 15189000
.   : milestone, 15189000,
iast (18.79 s) : 18790000, 18790000
.   : milestone, 18790000,
iast_GLOBAL (17.712 s) : 17712000, 17712000
.   : milestone, 17712000,
profiling (15.282 s) : 15282000, 15282000
.   : milestone, 15282000,
tracing (14.925 s) : 14925000, 14925000
.   : milestone, 14925000,
section candidate
no_agent (15.479 s) : 15479000, 15479000
.   : milestone, 15479000,
appsec (15.016 s) : 15016000, 15016000
.   : milestone, 15016000,
iast (18.942 s) : 18942000, 18942000
.   : milestone, 18942000,
iast_GLOBAL (17.993 s) : 17993000, 17993000
.   : milestone, 17993000,
profiling (15.048 s) : 15048000, 15048000
.   : milestone, 15048000,
tracing (14.714 s) : 14714000, 14714000
.   : milestone, 14714000,
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.523 s [15.523 s, 15.523 s] -
appsec 15.189 s [15.189 s, 15.189 s] -334.0 ms (-2.2%)
iast 18.79 s [18.79 s, 18.79 s] 3.267 s (21.0%)
iast_GLOBAL 17.712 s [17.712 s, 17.712 s] 2.189 s (14.1%)
profiling 15.282 s [15.282 s, 15.282 s] -241.0 ms (-1.6%)
tracing 14.925 s [14.925 s, 14.925 s] -598.0 ms (-3.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.479 s [15.479 s, 15.479 s] -
appsec 15.016 s [15.016 s, 15.016 s] -463.0 ms (-3.0%)
iast 18.942 s [18.942 s, 18.942 s] 3.463 s (22.4%)
iast_GLOBAL 17.993 s [17.993 s, 17.993 s] 2.514 s (16.2%)
profiling 15.048 s [15.048 s, 15.048 s] -431.0 ms (-2.8%)
tracing 14.714 s [14.714 s, 14.714 s] -765.0 ms (-4.9%)

@jandro996
Copy link
Member

Review test Iast Instrumentation enablement for JDKs greater than 8 :)

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-disable-enclosed-classes branch from 7e28b5b to 8115f59 Compare April 11, 2024 16:12
@manuel-alvarez-alvarez manuel-alvarez-alvarez marked this pull request as ready for review April 11, 2024 16:13
ygree
ygree approved these changes Apr 16, 2024
View reviewed changes
Copy link
Contributor

@ygree ygree left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-disable-enclosed-classes branch 6 times, most recently from fb9554b to 7ea3ddd Compare April 24, 2024 14:46
@manuel-alvarez-alvarez manuel-alvarez-alvarez changed the title Disable IAST instrumenter for retransformation of already loaded enclosed classes Add option to disable IAST instrumenter for anonymous classes Apr 24, 2024
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-disable-enclosed-classes branch from 7ea3ddd to 120ec1f Compare April 24, 2024 15:39
mcculls
mcculls approved these changes Apr 29, 2024
View reviewed changes
Copy link
Contributor

@mcculls mcculls left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 just some minor questions about whether some checks can be simplified

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-disable-enclosed-classes branch 3 times, most recently from 64d47d9 to 8283857 Compare April 29, 2024 17:14
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-disable-enclosed-classes branch from 8283857 to 9c5129c Compare April 30, 2024 08:50
@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit 921a068 into master Apr 30, 2024
80 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/iast-disable-enclosed-classes branch April 30, 2024 09:39
@github-actions github-actions bot added this to the 1.34.0 milestone Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcculls mcculls mcculls approved these changes

@ygree ygree ygree approved these changes

@jandro996 jandro996 jandro996 approved these changes

@smola smola Awaiting requested review from smola smola is a code owner automatically assigned from DataDog/asm-java

@ValentinZakharov ValentinZakharov Awaiting requested review from ValentinZakharov ValentinZakharov is a code owner automatically assigned from DataDog/asm-java

@am312 am312 Awaiting requested review from am312 am312 is a code owner automatically assigned from DataDog/apm-java

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST) type: bug
Projects
None yet
Milestone
1.34.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@manuel-alvarez-alvarez @jandro996 @mcculls @ygree