-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Report span metrics for Exploit Prevention #7273
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupLoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.37.0-SNAPSHOT~176164bb57, baseline=1.37.0-SNAPSHOT~1496a6cfd7
dateFormat X
axisFormat %s
section baseline
no_agent (1.339 ms) : 1319, 1360
. : milestone, 1339,
appsec (1.731 ms) : 1709, 1754
. : milestone, 1731,
appsec_no_iast (1.738 ms) : 1713, 1762
. : milestone, 1738,
iast (1.488 ms) : 1466, 1511
. : milestone, 1488,
profiling (1.508 ms) : 1482, 1535
. : milestone, 1508,
tracing (1.485 ms) : 1461, 1509
. : milestone, 1485,
section candidate
no_agent (1.352 ms) : 1332, 1371
. : milestone, 1352,
appsec (1.728 ms) : 1704, 1753
. : milestone, 1728,
appsec_no_iast (1.728 ms) : 1704, 1752
. : milestone, 1728,
iast (1.464 ms) : 1442, 1487
. : milestone, 1464,
profiling (1.499 ms) : 1476, 1523
. : milestone, 1499,
tracing (1.458 ms) : 1434, 1483
. : milestone, 1458,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.37.0-SNAPSHOT~176164bb57, baseline=1.37.0-SNAPSHOT~1496a6cfd7
dateFormat X
axisFormat %s
section baseline
no_agent (370.469 µs) : 351, 390
. : milestone, 370,
iast (489.819 µs) : 469, 511
. : milestone, 490,
iast_FULL (553.771 µs) : 533, 575
. : milestone, 554,
iast_GLOBAL (505.246 µs) : 483, 527
. : milestone, 505,
iast_HARDCODED_SECRET_DISABLED (478.079 µs) : 457, 499
. : milestone, 478,
iast_INACTIVE (456.285 µs) : 435, 478
. : milestone, 456,
iast_TELEMETRY_OFF (476.801 µs) : 455, 498
. : milestone, 477,
tracing (444.382 µs) : 424, 465
. : milestone, 444,
section candidate
no_agent (366.486 µs) : 347, 386
. : milestone, 366,
iast (475.816 µs) : 455, 497
. : milestone, 476,
iast_FULL (551.899 µs) : 531, 573
. : milestone, 552,
iast_GLOBAL (504.101 µs) : 483, 525
. : milestone, 504,
iast_HARDCODED_SECRET_DISABLED (482.819 µs) : 461, 504
. : milestone, 483,
iast_INACTIVE (459.12 µs) : 437, 481
. : milestone, 459,
iast_TELEMETRY_OFF (468.948 µs) : 448, 490
. : milestone, 469,
tracing (441.011 µs) : 420, 462
. : milestone, 441,
Dacapo |
smola
requested changes
Jul 4, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The overall idea looks good to me. Just a minor comment, and a request for tests.
dd-java-agent/appsec/src/main/java/com/datadog/appsec/powerwaf/PowerWAFStatsReporter.java
Outdated
Show resolved
Hide resolved
...appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFStatsReporterSpecification.groovy
Outdated
Show resolved
Hide resolved
...appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFStatsReporterSpecification.groovy
Outdated
Show resolved
Hide resolved
d64c021
to
f21cea0
Compare
8066596
to
0693fbd
Compare
0693fbd
to
bc5bea4
Compare
smola
approved these changes
Jul 8, 2024
PerfectSlayer
approved these changes
Jul 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Added new span metrics for Exploit prevention:
_dd.appsec.rasp.duration
- cumulative runtime in nanoseconds of every call to libddwaf thought a RASP instrumentation with a request_dd.appsec.rasp.duration_ext
- cumulative runtime in nanoseconds of libddwaf call + binginds cost through RASP instrumentation with a request_dd.appsec.rasp.rule.eval
- counts the number of times libddwaf calls per requestMotivation
This is part of Exploit prevention to let collect useful metrics for future analysis of effectiveness.
Additional Notes
Jira ticket: APPSEC-47228