-
Notifications
You must be signed in to change notification settings - Fork 411
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(iast): set iast instrumented metrics at runtime, not at request time #8816
fix(iast): set iast instrumented metrics at runtime, not at request time #8816
Conversation
Datadog ReportBranch report: ✅ 0 Failed, 55972 Passed, 55517 Skipped, 1h 2m 10.82s Total duration (52m 30.92s time saved) |
BenchmarksBenchmark execution time: 2024-04-02 07:27:46 Comparing candidate commit dd06ba3 in PR branch Found 3 performance improvements and 3 performance regressions! Performance is the same for 195 metrics, 9 unstable metrics. scenario:flasksimple-appsec-telemetry
scenario:httppropagationextract-b3_headers
scenario:httppropagationextract-invalid_priority_header
scenario:httppropagationextract-none_propagation_style
scenario:sethttpmeta-obfuscation-disabled
scenario:sethttpmeta-obfuscation-worst-case-explicit-query
|
2449828
to
d0528d0
Compare
The
instrumented
metrics are independent of whether IAST is active in a request or not; they only depend on whether instrumentation is applied (which should only depend on DD_IAST_ENABLED=true). There are two sets of metrics: those with "instrumented" and those with "executed":Instrumented
metrics: A point has been patched where cookies (for example) can be tainted. It doesn't matter whether it is executed or not, the sampling rate, or whether there are cookies or not.Executed
metrics: The callback for handling cookies is actually executed.Checklist
changelog/no-changelog
is set@DataDog/apm-tees
.@DataDog/security-design-and-guidance
.Reviewer Checklist