-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude non username and password authentication from user tracking #6995
Merged
manuel-alvarez-alvarez
merged 2 commits into
master
from
malvarez/asm-skip-non-username-password-auth
May 7, 2024
Merged
Exclude non username and password authentication from user tracking #6995
manuel-alvarez-alvarez
merged 2 commits into
master
from
malvarez/asm-skip-non-username-password-auth
May 7, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manuel-alvarez-alvarez
added
the
comp: asm waf
Application Security Management (WAF)
label
May 7, 2024
manuel-alvarez-alvarez
force-pushed
the
malvarez/asm-skip-non-username-password-auth
branch
from
May 7, 2024 10:19
8085444
to
0e5d967
Compare
manuel-alvarez-alvarez
requested review from
smola,
jandro996 and
ValentinZakharov
May 7, 2024 10:19
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 52 metrics, 11 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.34.0-SNAPSHOT~7213021259, baseline=1.34.0-SNAPSHOT~23683a0e6f
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.079 s) : 0, 1078833
Total [baseline] (10.431 s) : 0, 10431402
Agent [candidate] (1.076 s) : 0, 1075863
Total [candidate] (10.391 s) : 0, 10390969
section appsec
Agent [baseline] (1.2 s) : 0, 1200163
Total [baseline] (10.511 s) : 0, 10510747
Agent [candidate] (1.196 s) : 0, 1196303
Total [candidate] (10.457 s) : 0, 10457482
section iast
Agent [baseline] (1.205 s) : 0, 1204724
Total [baseline] (10.737 s) : 0, 10737064
Agent [candidate] (1.213 s) : 0, 1213030
Total [candidate] (10.766 s) : 0, 10765500
section profiling
Agent [baseline] (1.272 s) : 0, 1271993
Total [baseline] (10.683 s) : 0, 10682747
Agent [candidate] (1.273 s) : 0, 1272939
Total [candidate] (10.567 s) : 0, 10566755
gantt
title petclinic - break down per module: candidate=1.34.0-SNAPSHOT~7213021259, baseline=1.34.0-SNAPSHOT~23683a0e6f
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (675.42 ms) : 0, 675420
BytebuddyAgent [candidate] (673.343 ms) : 0, 673343
GlobalTracer [baseline] (311.345 ms) : 0, 311345
GlobalTracer [candidate] (310.486 ms) : 0, 310486
AppSec [baseline] (49.514 ms) : 0, 49514
AppSec [candidate] (49.584 ms) : 0, 49584
Remote Config [baseline] (658.091 µs) : 0, 658
Remote Config [candidate] (652.182 µs) : 0, 652
Telemetry [baseline] (7.521 ms) : 0, 7521
Telemetry [candidate] (7.516 ms) : 0, 7516
section appsec
BytebuddyAgent [baseline] (699.875 ms) : 0, 699875
BytebuddyAgent [candidate] (698.899 ms) : 0, 698899
GlobalTracer [baseline] (295.824 ms) : 0, 295824
GlobalTracer [candidate] (293.846 ms) : 0, 293846
AppSec [baseline] (149.84 ms) : 0, 149840
AppSec [candidate] (149.847 ms) : 0, 149847
Remote Config [baseline] (624.082 µs) : 0, 624
Remote Config [candidate] (619.876 µs) : 0, 620
Telemetry [baseline] (9.756 ms) : 0, 9756
Telemetry [candidate] (8.855 ms) : 0, 8855
IAST [baseline] (19.464 ms) : 0, 19464
IAST [candidate] (19.463 ms) : 0, 19463
section iast
BytebuddyAgent [baseline] (795.708 ms) : 0, 795708
BytebuddyAgent [candidate] (801.6 ms) : 0, 801600
GlobalTracer [baseline] (292.105 ms) : 0, 292105
GlobalTracer [candidate] (293.616 ms) : 0, 293616
AppSec [baseline] (51.938 ms) : 0, 51938
AppSec [candidate] (50.854 ms) : 0, 50854
Remote Config [baseline] (599.26 µs) : 0, 599
Remote Config [candidate] (587.012 µs) : 0, 587
Telemetry [baseline] (6.632 ms) : 0, 6632
Telemetry [candidate] (8.132 ms) : 0, 8132
IAST [baseline] (23.347 ms) : 0, 23347
IAST [candidate] (23.499 ms) : 0, 23499
section profiling
BytebuddyAgent [baseline] (679.378 ms) : 0, 679378
BytebuddyAgent [candidate] (680.209 ms) : 0, 680209
GlobalTracer [baseline] (381.917 ms) : 0, 381917
GlobalTracer [candidate] (382.06 ms) : 0, 382060
AppSec [baseline] (50.094 ms) : 0, 50094
AppSec [candidate] (50.035 ms) : 0, 50035
Remote Config [baseline] (727.493 µs) : 0, 727
Remote Config [candidate] (711.169 µs) : 0, 711
Telemetry [baseline] (7.472 ms) : 0, 7472
Telemetry [candidate] (7.56 ms) : 0, 7560
ProfilingAgent [baseline] (95.891 ms) : 0, 95891
ProfilingAgent [candidate] (95.705 ms) : 0, 95705
Profiling [baseline] (95.917 ms) : 0, 95917
Profiling [candidate] (95.731 ms) : 0, 95731
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.34.0-SNAPSHOT~7213021259, baseline=1.34.0-SNAPSHOT~23683a0e6f
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.076 s) : 0, 1075932
Total [baseline] (8.55 s) : 0, 8549628
Agent [candidate] (1.077 s) : 0, 1077474
Total [candidate] (8.541 s) : 0, 8541074
section iast
Agent [baseline] (1.2 s) : 0, 1199621
Total [baseline] (8.995 s) : 0, 8995330
Agent [candidate] (1.203 s) : 0, 1203060
Total [candidate] (8.996 s) : 0, 8995993
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.204 s) : 0, 1204136
Total [baseline] (8.986 s) : 0, 8985967
Agent [candidate] (1.203 s) : 0, 1202662
Total [candidate] (8.972 s) : 0, 8972465
section iast_TELEMETRY_OFF
Agent [baseline] (1.198 s) : 0, 1197648
Total [baseline] (8.986 s) : 0, 8985635
Agent [candidate] (1.206 s) : 0, 1205806
Total [candidate] (9.024 s) : 0, 9024303
gantt
title insecure-bank - break down per module: candidate=1.34.0-SNAPSHOT~7213021259, baseline=1.34.0-SNAPSHOT~23683a0e6f
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (673.575 ms) : 0, 673575
BytebuddyAgent [candidate] (674.645 ms) : 0, 674645
GlobalTracer [baseline] (310.052 ms) : 0, 310052
GlobalTracer [candidate] (310.757 ms) : 0, 310757
AppSec [baseline] (49.606 ms) : 0, 49606
AppSec [candidate] (49.371 ms) : 0, 49371
Remote Config [baseline] (663.951 µs) : 0, 664
Remote Config [candidate] (660.257 µs) : 0, 660
Telemetry [baseline] (7.616 ms) : 0, 7616
Telemetry [candidate] (7.627 ms) : 0, 7627
section iast
BytebuddyAgent [baseline] (793.389 ms) : 0, 793389
BytebuddyAgent [candidate] (795.845 ms) : 0, 795845
GlobalTracer [baseline] (290.028 ms) : 0, 290028
GlobalTracer [candidate] (291.279 ms) : 0, 291279
AppSec [baseline] (51.293 ms) : 0, 51293
AppSec [candidate] (50.554 ms) : 0, 50554
Remote Config [baseline] (1.299 ms) : 0, 1299
Remote Config [candidate] (1.286 ms) : 0, 1286
Telemetry [baseline] (6.601 ms) : 0, 6601
Telemetry [candidate] (6.562 ms) : 0, 6562
IAST [baseline] (22.746 ms) : 0, 22746
IAST [candidate] (23.163 ms) : 0, 23163
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (795.688 ms) : 0, 795688
BytebuddyAgent [candidate] (794.113 ms) : 0, 794113
GlobalTracer [baseline] (291.826 ms) : 0, 291826
GlobalTracer [candidate] (291.591 ms) : 0, 291591
AppSec [baseline] (51.165 ms) : 0, 51165
AppSec [candidate] (51.192 ms) : 0, 51192
Remote Config [baseline] (573.585 µs) : 0, 574
Remote Config [candidate] (590.173 µs) : 0, 590
Telemetry [baseline] (6.605 ms) : 0, 6605
Telemetry [candidate] (6.589 ms) : 0, 6589
IAST [baseline] (23.852 ms) : 0, 23852
IAST [candidate] (24.341 ms) : 0, 24341
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (790.822 ms) : 0, 790822
BytebuddyAgent [candidate] (796.812 ms) : 0, 796812
GlobalTracer [baseline] (290.591 ms) : 0, 290591
GlobalTracer [candidate] (292.79 ms) : 0, 292790
AppSec [baseline] (48.815 ms) : 0, 48815
AppSec [candidate] (52.241 ms) : 0, 52241
Remote Config [baseline] (588.218 µs) : 0, 588
Remote Config [candidate] (612.545 µs) : 0, 613
Telemetry [baseline] (6.512 ms) : 0, 6512
Telemetry [candidate] (6.607 ms) : 0, 6607
IAST [baseline] (26.115 ms) : 0, 26115
IAST [candidate] (22.178 ms) : 0, 22178
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.34.0-SNAPSHOT~7213021259, baseline=1.34.0-SNAPSHOT~23683a0e6f
dateFormat X
axisFormat %s
section baseline
no_agent (1.341 ms) : 1321, 1361
. : milestone, 1341,
appsec (1.745 ms) : 1721, 1769
. : milestone, 1745,
appsec_no_iast (1.711 ms) : 1687, 1735
. : milestone, 1711,
iast (1.503 ms) : 1480, 1526
. : milestone, 1503,
profiling (1.574 ms) : 1549, 1600
. : milestone, 1574,
tracing (1.488 ms) : 1465, 1512
. : milestone, 1488,
section candidate
no_agent (1.332 ms) : 1313, 1351
. : milestone, 1332,
appsec (1.715 ms) : 1692, 1739
. : milestone, 1715,
appsec_no_iast (1.716 ms) : 1691, 1741
. : milestone, 1716,
iast (1.494 ms) : 1471, 1516
. : milestone, 1494,
profiling (1.529 ms) : 1504, 1554
. : milestone, 1529,
tracing (1.471 ms) : 1447, 1496
. : milestone, 1471,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.34.0-SNAPSHOT~7213021259, baseline=1.34.0-SNAPSHOT~23683a0e6f
dateFormat X
axisFormat %s
section baseline
no_agent (366.172 µs) : 346, 386
. : milestone, 366,
iast (476.448 µs) : 456, 497
. : milestone, 476,
iast_FULL (539.585 µs) : 519, 560
. : milestone, 540,
iast_GLOBAL (488.103 µs) : 468, 509
. : milestone, 488,
iast_HARDCODED_SECRET_DISABLED (471.432 µs) : 451, 492
. : milestone, 471,
iast_INACTIVE (442.448 µs) : 422, 463
. : milestone, 442,
iast_TELEMETRY_OFF (472.896 µs) : 451, 494
. : milestone, 473,
tracing (447.898 µs) : 427, 469
. : milestone, 448,
section candidate
no_agent (370.571 µs) : 350, 391
. : milestone, 371,
iast (477.465 µs) : 457, 498
. : milestone, 477,
iast_FULL (541.936 µs) : 521, 562
. : milestone, 542,
iast_GLOBAL (492.777 µs) : 472, 513
. : milestone, 493,
iast_HARDCODED_SECRET_DISABLED (474.947 µs) : 454, 496
. : milestone, 475,
iast_INACTIVE (455.53 µs) : 434, 477
. : milestone, 456,
iast_TELEMETRY_OFF (467.395 µs) : 447, 488
. : milestone, 467,
tracing (446.972 µs) : 426, 468
. : milestone, 447,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.34.0-SNAPSHOT~7213021259, baseline=1.34.0-SNAPSHOT~23683a0e6f
dateFormat X
axisFormat %s
section baseline
no_agent (14.755 s) : 14755000, 14755000
. : milestone, 14755000,
appsec (15.159 s) : 15159000, 15159000
. : milestone, 15159000,
iast (18.904 s) : 18904000, 18904000
. : milestone, 18904000,
iast_GLOBAL (17.711 s) : 17711000, 17711000
. : milestone, 17711000,
profiling (15.072 s) : 15072000, 15072000
. : milestone, 15072000,
tracing (15.099 s) : 15099000, 15099000
. : milestone, 15099000,
section candidate
no_agent (15.056 s) : 15056000, 15056000
. : milestone, 15056000,
appsec (14.983 s) : 14983000, 14983000
. : milestone, 14983000,
iast (18.851 s) : 18851000, 18851000
. : milestone, 18851000,
iast_GLOBAL (18.079 s) : 18079000, 18079000
. : milestone, 18079000,
profiling (15.376 s) : 15376000, 15376000
. : milestone, 15376000,
tracing (15.253 s) : 15253000, 15253000
. : milestone, 15253000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.34.0-SNAPSHOT~7213021259, baseline=1.34.0-SNAPSHOT~23683a0e6f
dateFormat X
axisFormat %s
section baseline
no_agent (1.46 ms) : 1448, 1471
. : milestone, 1460,
appsec (2.2 ms) : 2166, 2235
. : milestone, 2200,
iast (1.868 ms) : 1833, 1903
. : milestone, 1868,
iast_GLOBAL (1.911 ms) : 1876, 1946
. : milestone, 1911,
profiling (1.841 ms) : 1808, 1874
. : milestone, 1841,
tracing (1.822 ms) : 1790, 1854
. : milestone, 1822,
section candidate
no_agent (1.463 ms) : 1451, 1474
. : milestone, 1463,
appsec (2.189 ms) : 2155, 2222
. : milestone, 2189,
iast (1.871 ms) : 1836, 1905
. : milestone, 1871,
iast_GLOBAL (1.902 ms) : 1867, 1937
. : milestone, 1902,
profiling (1.853 ms) : 1820, 1887
. : milestone, 1853,
tracing (1.825 ms) : 1793, 1857
. : milestone, 1825,
|
manuel-alvarez-alvarez
force-pushed
the
malvarez/asm-skip-non-username-password-auth
branch
from
May 7, 2024 12:10
0e5d967
to
016ac07
Compare
smola
requested changes
May 7, 2024
...n/java17/datadog/trace/instrumentation/springsecurity5/SpringSecurityUserEventDecorator.java
Outdated
Show resolved
Hide resolved
smola
approved these changes
May 7, 2024
manuel-alvarez-alvarez
deleted the
malvarez/asm-skip-non-username-password-auth
branch
May 7, 2024 16:19
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Skips auto user tracking events for authentication tokens other than username and password.
Motivation
Detection of account take over campaigns are very sensitive to false positives in regards of events, having authentication events from systems like OAuth or Saml only introduces noise that might affect the detection.
Additional Notes
Jira ticket: APPSEC-53059