dd-trace-java
dd-trace-java copied to clipboard
DataDog
Expand SSRF support in IAST to apache-httpclient, commons-httpclient and okhttp
What Does This Do
This changes the way of detecting an SSRF in the http client. In this PR we centralize inside the HttpClientDecorator the detection of the SSRF vulnerability. For now, we only have swapped the libraries that we were supporting with the previous approach (commons-httpclient, apache-httpclient and okHttp). The objective is to implement with this approach the rest of the clients supported by the HttpClientDecorator.
Even after centralizing the detection inside the HttpClientDecorator we needed to make some instrumentation to ensure the propagation.
Motivation
With this change we want to expand the support for SSRF in the different clients supported by the HttpClientDecorator.
Additional Notes
There are some cases where we cannot use this approach, so we need to maintain the previous approach and instrument the required methods to cover those cases.
Contributor Checklist
- [x] Format the title according the contribution guidelines
- [x] Assign the
type:and (comp:orinst:) labels in addition to any usefull labels - [ ] Squash your commits prior merging or merge using GitHub's Squash and merge
- [x] Don't use
close,fixor any linking keywords when referencing an issue.
Usesolvesinstead, and assign the PR milestone to the issue - [x] Update the public documentation in case of new configuration flag or behavior
Jira ticket: APPSEC-55237
Benchmarks
Startup
Parameters
| Baseline | Candidate | |
|---|---|---|
| baseline_or_candidate | baseline | candidate |
| git_branch | master | mario.vidal/expand_support_ssrf |
| git_commit_date | 1730315410 | 1730370358 |
| git_commit_sha | 104a441d0a | 8a51bbbb9c |
| release_version | 1.42.0-SNAPSHOT~104a441d0a | 1.42.0-SNAPSHOT~8a51bbbb9c |
See matching parameters
| Baseline | Candidate | |
|---|---|---|
| application | insecure-bank | insecure-bank |
| ci_job_date | 1730372819 | 1730372819 |
| ci_job_id | 691213835 | 691213835 |
| ci_pipeline_id | 47937012 | 47937012 |
| cpu_model | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz |
| module | Agent | Agent |
| parent | None | None |
| variant | iast | iast |
Summary
Found 0 performance improvements and 0 performance regressions! Performance is the same for 52 metrics, 11 unstable metrics.
Startup time reports for insecure-bank
gantt
title insecure-bank - global startup overhead: candidate=1.42.0-SNAPSHOT~8a51bbbb9c, baseline=1.42.0-SNAPSHOT~104a441d0a
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.084 s) : 0, 1084156
Total [baseline] (8.652 s) : 0, 8652058
Agent [candidate] (1.077 s) : 0, 1077170
Total [candidate] (8.554 s) : 0, 8554270
section iast
Agent [baseline] (1.204 s) : 0, 1204207
Total [baseline] (9.108 s) : 0, 9108006
Agent [candidate] (1.203 s) : 0, 1203355
Total [candidate] (9.109 s) : 0, 9109404
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.213 s) : 0, 1212969
Total [baseline] (9.158 s) : 0, 9158497
Agent [candidate] (1.21 s) : 0, 1210430
Total [candidate] (9.093 s) : 0, 9092759
section iast_TELEMETRY_OFF
Agent [baseline] (1.202 s) : 0, 1201814
Total [baseline] (9.125 s) : 0, 9124683
Agent [candidate] (1.2 s) : 0, 1199601
Total [candidate] (9.098 s) : 0, 9097966
- baseline results
| Module | Variant | Duration | Δ tracing |
|---|---|---|---|
| Agent | tracing | 1.084 s | - |
| Agent | iast | 1.204 s | 120.051 ms (11.1%) |
| Agent | iast_HARDCODED_SECRET_DISABLED | 1.213 s | 128.813 ms (11.9%) |
| Agent | iast_TELEMETRY_OFF | 1.202 s | 117.658 ms (10.9%) |
| Total | tracing | 8.652 s | - |
| Total | iast | 9.108 s | 455.947 ms (5.3%) |
| Total | iast_HARDCODED_SECRET_DISABLED | 9.158 s | 506.438 ms (5.9%) |
| Total | iast_TELEMETRY_OFF | 9.125 s | 472.625 ms (5.5%) |
- candidate results
| Module | Variant | Duration | Δ tracing |
|---|---|---|---|
| Agent | tracing | 1.077 s | - |
| Agent | iast | 1.203 s | 126.184 ms (11.7%) |
| Agent | iast_HARDCODED_SECRET_DISABLED | 1.21 s | 133.259 ms (12.4%) |
| Agent | iast_TELEMETRY_OFF | 1.2 s | 122.43 ms (11.4%) |
| Total | tracing | 8.554 s | - |
| Total | iast | 9.109 s | 555.134 ms (6.5%) |
| Total | iast_HARDCODED_SECRET_DISABLED | 9.093 s | 538.489 ms (6.3%) |
| Total | iast_TELEMETRY_OFF | 9.098 s | 543.696 ms (6.4%) |
gantt
title insecure-bank - break down per module: candidate=1.42.0-SNAPSHOT~8a51bbbb9c, baseline=1.42.0-SNAPSHOT~104a441d0a
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (688.056 ms) : 0, 688056
BytebuddyAgent [candidate] (686.072 ms) : 0, 686072
GlobalTracer [baseline] (315.754 ms) : 0, 315754
GlobalTracer [candidate] (314.397 ms) : 0, 314397
AppSec [baseline] (54.685 ms) : 0, 54685
AppSec [candidate] (53.99 ms) : 0, 53990
Remote Config [baseline] (665.941 µs) : 0, 666
Remote Config [candidate] (674.577 µs) : 0, 675
Telemetry [baseline] (11.302 ms) : 0, 11302
Telemetry [candidate] (8.366 ms) : 0, 8366
section iast
BytebuddyAgent [baseline] (801.838 ms) : 0, 801838
BytebuddyAgent [candidate] (800.941 ms) : 0, 800941
GlobalTracer [baseline] (303.084 ms) : 0, 303084
GlobalTracer [candidate] (303.74 ms) : 0, 303740
AppSec [baseline] (56.23 ms) : 0, 56230
AppSec [candidate] (57.41 ms) : 0, 57410
IAST [baseline] (20.584 ms) : 0, 20584
IAST [candidate] (19.612 ms) : 0, 19612
Remote Config [baseline] (603.137 µs) : 0, 603
Remote Config [candidate] (594.422 µs) : 0, 594
Telemetry [baseline] (8.205 ms) : 0, 8205
Telemetry [candidate] (7.356 ms) : 0, 7356
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (808.074 ms) : 0, 808074
BytebuddyAgent [candidate] (806.341 ms) : 0, 806341
GlobalTracer [baseline] (305.888 ms) : 0, 305888
GlobalTracer [candidate] (304.448 ms) : 0, 304448
AppSec [baseline] (57.465 ms) : 0, 57465
AppSec [candidate] (57.238 ms) : 0, 57238
IAST [baseline] (19.731 ms) : 0, 19731
IAST [candidate] (20.649 ms) : 0, 20649
Remote Config [baseline] (606.716 µs) : 0, 607
Remote Config [candidate] (593.887 µs) : 0, 594
Telemetry [baseline] (7.42 ms) : 0, 7420
Telemetry [candidate] (7.362 ms) : 0, 7362
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (799.678 ms) : 0, 799678
BytebuddyAgent [candidate] (797.856 ms) : 0, 797856
GlobalTracer [baseline] (303.581 ms) : 0, 303581
GlobalTracer [candidate] (303.467 ms) : 0, 303467
AppSec [baseline] (57.37 ms) : 0, 57370
AppSec [candidate] (55.811 ms) : 0, 55811
IAST [baseline] (19.543 ms) : 0, 19543
IAST [candidate] (20.93 ms) : 0, 20930
Remote Config [baseline] (597.628 µs) : 0, 598
Remote Config [candidate] (588.968 µs) : 0, 589
Telemetry [baseline] (7.364 ms) : 0, 7364
Telemetry [candidate] (7.235 ms) : 0, 7235
Startup time reports for petclinic
gantt
title petclinic - global startup overhead: candidate=1.42.0-SNAPSHOT~8a51bbbb9c, baseline=1.42.0-SNAPSHOT~104a441d0a
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.076 s) : 0, 1076133
Total [baseline] (10.469 s) : 0, 10468553
Agent [candidate] (1.078 s) : 0, 1078211
Total [candidate] (10.437 s) : 0, 10436914
section appsec
Agent [baseline] (1.213 s) : 0, 1213378
Total [baseline] (10.711 s) : 0, 10710605
Agent [candidate] (1.216 s) : 0, 1215779
Total [candidate] (10.653 s) : 0, 10653113
section iast
Agent [baseline] (1.203 s) : 0, 1203474
Total [baseline] (10.873 s) : 0, 10872954
Agent [candidate] (1.206 s) : 0, 1206125
Total [candidate] (10.894 s) : 0, 10893662
section profiling
Agent [baseline] (1.273 s) : 0, 1273062
Total [baseline] (10.735 s) : 0, 10734660
Agent [candidate] (1.283 s) : 0, 1282954
Total [candidate] (10.685 s) : 0, 10684933
- baseline results
| Module | Variant | Duration | Δ tracing |
|---|---|---|---|
| Agent | tracing | 1.076 s | - |
| Agent | appsec | 1.213 s | 137.245 ms (12.8%) |
| Agent | iast | 1.203 s | 127.341 ms (11.8%) |
| Agent | profiling | 1.273 s | 196.929 ms (18.3%) |
| Total | tracing | 10.469 s | - |
| Total | appsec | 10.711 s | 242.052 ms (2.3%) |
| Total | iast | 10.873 s | 404.401 ms (3.9%) |
| Total | profiling | 10.735 s | 266.106 ms (2.5%) |
- candidate results
| Module | Variant | Duration | Δ tracing |
|---|---|---|---|
| Agent | tracing | 1.078 s | - |
| Agent | appsec | 1.216 s | 137.567 ms (12.8%) |
| Agent | iast | 1.206 s | 127.914 ms (11.9%) |
| Agent | profiling | 1.283 s | 204.742 ms (19.0%) |
| Total | tracing | 10.437 s | - |
| Total | appsec | 10.653 s | 216.199 ms (2.1%) |
| Total | iast | 10.894 s | 456.748 ms (4.4%) |
| Total | profiling | 10.685 s | 248.018 ms (2.4%) |
gantt
title petclinic - break down per module: candidate=1.42.0-SNAPSHOT~8a51bbbb9c, baseline=1.42.0-SNAPSHOT~104a441d0a
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (684.67 ms) : 0, 684670
BytebuddyAgent [candidate] (686.145 ms) : 0, 686145
GlobalTracer [baseline] (314.324 ms) : 0, 314324
GlobalTracer [candidate] (314.753 ms) : 0, 314753
AppSec [baseline] (53.806 ms) : 0, 53806
AppSec [candidate] (53.868 ms) : 0, 53868
Remote Config [baseline] (659.449 µs) : 0, 659
Remote Config [candidate] (662.561 µs) : 0, 663
Telemetry [baseline] (9.027 ms) : 0, 9027
Telemetry [candidate] (9.091 ms) : 0, 9091
section appsec
BytebuddyAgent [baseline] (704.303 ms) : 0, 704303
BytebuddyAgent [candidate] (705.45 ms) : 0, 705450
GlobalTracer [baseline] (312.403 ms) : 0, 312403
GlobalTracer [candidate] (313.163 ms) : 0, 313163
AppSec [baseline] (164.985 ms) : 0, 164985
AppSec [candidate] (165.008 ms) : 0, 165008
Remote Config [baseline] (644.509 µs) : 0, 645
Remote Config [candidate] (637.792 µs) : 0, 638
Telemetry [baseline] (7.733 ms) : 0, 7733
Telemetry [candidate] (8.086 ms) : 0, 8086
IAST [baseline] (19.274 ms) : 0, 19274
IAST [candidate] (19.427 ms) : 0, 19427
section iast
BytebuddyAgent [baseline] (801.334 ms) : 0, 801334
BytebuddyAgent [candidate] (802.466 ms) : 0, 802466
GlobalTracer [baseline] (303.181 ms) : 0, 303181
GlobalTracer [candidate] (304.393 ms) : 0, 304393
AppSec [baseline] (57.419 ms) : 0, 57419
AppSec [candidate] (56.734 ms) : 0, 56734
Remote Config [baseline] (601.265 µs) : 0, 601
Remote Config [candidate] (607.362 µs) : 0, 607
Telemetry [baseline] (7.366 ms) : 0, 7366
Telemetry [candidate] (7.44 ms) : 0, 7440
IAST [baseline] (19.931 ms) : 0, 19931
IAST [candidate] (20.786 ms) : 0, 20786
section profiling
BytebuddyAgent [baseline] (679.304 ms) : 0, 679304
BytebuddyAgent [candidate] (684.325 ms) : 0, 684325
GlobalTracer [baseline] (397.252 ms) : 0, 397252
GlobalTracer [candidate] (400.317 ms) : 0, 400317
AppSec [baseline] (54.116 ms) : 0, 54116
AppSec [candidate] (54.62 ms) : 0, 54620
Remote Config [baseline] (654.709 µs) : 0, 655
Remote Config [candidate] (673.901 µs) : 0, 674
Telemetry [baseline] (13.293 ms) : 0, 13293
Telemetry [candidate] (14.133 ms) : 0, 14133
ProfilingAgent [baseline] (89.775 ms) : 0, 89775
ProfilingAgent [candidate] (89.885 ms) : 0, 89885
Profiling [baseline] (89.798 ms) : 0, 89798
Profiling [candidate] (89.909 ms) : 0, 89909
Load
Parameters
| Baseline | Candidate | |
|---|---|---|
| baseline_or_candidate | baseline | candidate |
| end_time | 2024-10-31T10:38:24 | 2024-10-31T10:47:32 |
| git_branch | master | mario.vidal/expand_support_ssrf |
| git_commit_date | 1730315410 | 1730370358 |
| git_commit_sha | 104a441d0a | 8a51bbbb9c |
| release_version | 1.42.0-SNAPSHOT~104a441d0a | 1.42.0-SNAPSHOT~8a51bbbb9c |
| start_time | 2024-10-31T10:38:08 | 2024-10-31T10:47:16 |
See matching parameters
| Baseline | Candidate | |
|---|---|---|
| application | insecure-bank | insecure-bank |
| ci_job_date | 1730372113 | 1730372113 |
| ci_job_id | 691213837 | 691213837 |
| ci_pipeline_id | 47937012 | 47937012 |
| cpu_model | Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz | Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz |
| variant | iast | iast |
Summary
Found 1 performance improvements and 0 performance regressions! Performance is the same for 6 metrics, 21 unstable metrics.
| scenario | Δ mean http_req_duration | Δ mean throughput | candidate mean http_req_duration | candidate mean throughput | baseline mean http_req_duration | baseline mean throughput |
|---|---|---|---|---|---|---|
| scenario:load:petclinic:profiling | better [-142.109µs; -73.399µs] or [-7.244%; -3.741%] |
unstable [-173.080op/s; +628.488op/s] or [-7.356%; +26.711%] |
1.854ms | 2580.645op/s | 1.962ms | 2352.941op/s |
Request duration reports for insecure-bank
gantt
title insecure-bank - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~8a51bbbb9c, baseline=1.42.0-SNAPSHOT~104a441d0a
dateFormat X
axisFormat %s
section baseline
no_agent (459.305 µs) : 429, 490
. : milestone, 459,
iast (586.675 µs) : 554, 619
. : milestone, 587,
iast_FULL (829.938 µs) : 797, 863
. : milestone, 830,
iast_GLOBAL (622.269 µs) : 591, 654
. : milestone, 622,
iast_HARDCODED_SECRET_DISABLED (585.842 µs) : 553, 619
. : milestone, 586,
iast_INACTIVE (543.369 µs) : 513, 574
. : milestone, 543,
iast_TELEMETRY_OFF (572.941 µs) : 541, 605
. : milestone, 573,
tracing (538.206 µs) : 508, 568
. : milestone, 538,
section candidate
no_agent (449.952 µs) : 421, 479
. : milestone, 450,
iast (587.61 µs) : 555, 620
. : milestone, 588,
iast_FULL (834.987 µs) : 803, 867
. : milestone, 835,
iast_GLOBAL (629.453 µs) : 597, 662
. : milestone, 629,
iast_HARDCODED_SECRET_DISABLED (589.247 µs) : 557, 622
. : milestone, 589,
iast_INACTIVE (538.032 µs) : 507, 569
. : milestone, 538,
iast_TELEMETRY_OFF (582.249 µs) : 550, 614
. : milestone, 582,
tracing (535.474 µs) : 505, 566
. : milestone, 535,
- baseline results
| Variant | Request duration [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 459.305 µs [428.638 µs, 489.971 µs] | - |
| iast | 586.675 µs [554.345 µs, 619.005 µs] | 127.371 µs (27.7%) |
| iast_FULL | 829.938 µs [797.189 µs, 862.687 µs] | 370.633 µs (80.7%) |
| iast_GLOBAL | 622.269 µs [590.888 µs, 653.65 µs] | 162.964 µs (35.5%) |
| iast_HARDCODED_SECRET_DISABLED | 585.842 µs [553.156 µs, 618.529 µs] | 126.538 µs (27.5%) |
| iast_INACTIVE | 543.369 µs [513.186 µs, 573.551 µs] | 84.064 µs (18.3%) |
| iast_TELEMETRY_OFF | 572.941 µs [540.603 µs, 605.278 µs] | 113.636 µs (24.7%) |
| tracing | 538.206 µs [508.01 µs, 568.402 µs] | 78.901 µs (17.2%) |
- candidate results
| Variant | Request duration [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 449.952 µs [420.991 µs, 478.914 µs] | - |
| iast | 587.61 µs [555.308 µs, 619.911 µs] | 137.657 µs (30.6%) |
| iast_FULL | 834.987 µs [802.666 µs, 867.309 µs] | 385.035 µs (85.6%) |
| iast_GLOBAL | 629.453 µs [596.677 µs, 662.23 µs] | 179.501 µs (39.9%) |
| iast_HARDCODED_SECRET_DISABLED | 589.247 µs [556.836 µs, 621.658 µs] | 139.295 µs (31.0%) |
| iast_INACTIVE | 538.032 µs [507.297 µs, 568.768 µs] | 88.08 µs (19.6%) |
| iast_TELEMETRY_OFF | 582.249 µs [550.339 µs, 614.16 µs] | 132.297 µs (29.4%) |
| tracing | 535.474 µs [504.59 µs, 566.357 µs] | 85.521 µs (19.0%) |
Request duration reports for petclinic
gantt
title petclinic - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~8a51bbbb9c, baseline=1.42.0-SNAPSHOT~104a441d0a
dateFormat X
axisFormat %s
section baseline
no_agent (1.701 ms) : 1676, 1726
. : milestone, 1701,
appsec (2.191 ms) : 2161, 2220
. : milestone, 2191,
appsec_no_iast (2.198 ms) : 2166, 2230
. : milestone, 2198,
iast (1.864 ms) : 1834, 1894
. : milestone, 1864,
profiling (1.962 ms) : 1928, 1996
. : milestone, 1962,
tracing (1.849 ms) : 1818, 1880
. : milestone, 1849,
section candidate
no_agent (1.717 ms) : 1693, 1742
. : milestone, 1717,
appsec (2.195 ms) : 2166, 2224
. : milestone, 2195,
appsec_no_iast (2.203 ms) : 2173, 2234
. : milestone, 2203,
iast (1.846 ms) : 1816, 1876
. : milestone, 1846,
profiling (1.854 ms) : 1824, 1884
. : milestone, 1854,
tracing (1.844 ms) : 1812, 1875
. : milestone, 1844,
- baseline results
| Variant | Request duration [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 1.701 ms [1.676 ms, 1.726 ms] | - |
| appsec | 2.191 ms [2.161 ms, 2.22 ms] | 489.695 µs (28.8%) |
| appsec_no_iast | 2.198 ms [2.166 ms, 2.23 ms] | 497.172 µs (29.2%) |
| iast | 1.864 ms [1.834 ms, 1.894 ms] | 163.401 µs (9.6%) |
| profiling | 1.962 ms [1.928 ms, 1.996 ms] | 261.008 µs (15.3%) |
| tracing | 1.849 ms [1.818 ms, 1.88 ms] | 147.863 µs (8.7%) |
- candidate results
| Variant | Request duration [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 1.717 ms [1.693 ms, 1.742 ms] | - |
| appsec | 2.195 ms [2.166 ms, 2.224 ms] | 477.709 µs (27.8%) |
| appsec_no_iast | 2.203 ms [2.173 ms, 2.234 ms] | 486.223 µs (28.3%) |
| iast | 1.846 ms [1.816 ms, 1.876 ms] | 128.73 µs (7.5%) |
| profiling | 1.854 ms [1.824 ms, 1.884 ms] | 136.983 µs (8.0%) |
| tracing | 1.844 ms [1.812 ms, 1.875 ms] | 126.514 µs (7.4%) |
Dacapo
Parameters
| Baseline | Candidate | |
|---|---|---|
| baseline_or_candidate | baseline | candidate |
| git_branch | master | mario.vidal/expand_support_ssrf |
| git_commit_date | 1730315410 | 1730370358 |
| git_commit_sha | 104a441d0a | 8a51bbbb9c |
| release_version | 1.42.0-SNAPSHOT~104a441d0a | 1.42.0-SNAPSHOT~8a51bbbb9c |
See matching parameters
| Baseline | Candidate | |
|---|---|---|
| application | biojava | biojava |
| ci_job_date | 1730372317 | 1730372317 |
| ci_job_id | 691213840 | 691213840 |
| ci_pipeline_id | 47937012 | 47937012 |
| cpu_model | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz |
| variant | appsec | appsec |
Summary
Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.
Execution time for biojava
gantt
title biojava - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~8a51bbbb9c, baseline=1.42.0-SNAPSHOT~104a441d0a
dateFormat X
axisFormat %s
section baseline
no_agent (15.081 s) : 15081000, 15081000
. : milestone, 15081000,
appsec (15.288 s) : 15288000, 15288000
. : milestone, 15288000,
iast (18.922 s) : 18922000, 18922000
. : milestone, 18922000,
iast_GLOBAL (18.39 s) : 18390000, 18390000
. : milestone, 18390000,
profiling (15.349 s) : 15349000, 15349000
. : milestone, 15349000,
tracing (15.109 s) : 15109000, 15109000
. : milestone, 15109000,
section candidate
no_agent (15.02 s) : 15020000, 15020000
. : milestone, 15020000,
appsec (15.296 s) : 15296000, 15296000
. : milestone, 15296000,
iast (19.171 s) : 19171000, 19171000
. : milestone, 19171000,
iast_GLOBAL (18.285 s) : 18285000, 18285000
. : milestone, 18285000,
profiling (15.063 s) : 15063000, 15063000
. : milestone, 15063000,
tracing (15.106 s) : 15106000, 15106000
. : milestone, 15106000,
- baseline results
| Variant | Execution Time [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 15.081 s [15.081 s, 15.081 s] | - |
| appsec | 15.288 s [15.288 s, 15.288 s] | 207.0 ms (1.4%) |
| iast | 18.922 s [18.922 s, 18.922 s] | 3.841 s (25.5%) |
| iast_GLOBAL | 18.39 s [18.39 s, 18.39 s] | 3.309 s (21.9%) |
| profiling | 15.349 s [15.349 s, 15.349 s] | 268.0 ms (1.8%) |
| tracing | 15.109 s [15.109 s, 15.109 s] | 28.0 ms (0.2%) |
- candidate results
| Variant | Execution Time [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 15.02 s [15.02 s, 15.02 s] | - |
| appsec | 15.296 s [15.296 s, 15.296 s] | 276.0 ms (1.8%) |
| iast | 19.171 s [19.171 s, 19.171 s] | 4.151 s (27.6%) |
| iast_GLOBAL | 18.285 s [18.285 s, 18.285 s] | 3.265 s (21.7%) |
| profiling | 15.063 s [15.063 s, 15.063 s] | 43.0 ms (0.3%) |
| tracing | 15.106 s [15.106 s, 15.106 s] | 86.0 ms (0.6%) |
Execution time for tomcat
gantt
title tomcat - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~8a51bbbb9c, baseline=1.42.0-SNAPSHOT~104a441d0a
dateFormat X
axisFormat %s
section baseline
no_agent (1.466 ms) : 1454, 1477
. : milestone, 1466,
appsec (2.332 ms) : 2290, 2373
. : milestone, 2332,
iast (2.069 ms) : 2017, 2121
. : milestone, 2069,
iast_GLOBAL (2.127 ms) : 2074, 2180
. : milestone, 2127,
profiling (1.936 ms) : 1894, 1977
. : milestone, 1936,
tracing (1.912 ms) : 1873, 1951
. : milestone, 1912,
section candidate
no_agent (1.461 ms) : 1449, 1472
. : milestone, 1461,
appsec (2.341 ms) : 2299, 2382
. : milestone, 2341,
iast (2.076 ms) : 2023, 2129
. : milestone, 2076,
iast_GLOBAL (2.118 ms) : 2065, 2171
. : milestone, 2118,
profiling (1.942 ms) : 1900, 1984
. : milestone, 1942,
tracing (1.916 ms) : 1876, 1956
. : milestone, 1916,
- baseline results
| Variant | Execution Time [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 1.466 ms [1.454 ms, 1.477 ms] | - |
| appsec | 2.332 ms [2.29 ms, 2.373 ms] | 865.858 µs (59.1%) |
| iast | 2.069 ms [2.017 ms, 2.121 ms] | 602.881 µs (41.1%) |
| iast_GLOBAL | 2.127 ms [2.074 ms, 2.18 ms] | 660.951 µs (45.1%) |
| profiling | 1.936 ms [1.894 ms, 1.977 ms] | 469.599 µs (32.0%) |
| tracing | 1.912 ms [1.873 ms, 1.951 ms] | 446.119 µs (30.4%) |
- candidate results
| Variant | Execution Time [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 1.461 ms [1.449 ms, 1.472 ms] | - |
| appsec | 2.341 ms [2.299 ms, 2.382 ms] | 880.138 µs (60.2%) |
| iast | 2.076 ms [2.023 ms, 2.129 ms] | 615.487 µs (42.1%) |
| iast_GLOBAL | 2.118 ms [2.065 ms, 2.171 ms] | 657.466 µs (45.0%) |
| profiling | 1.942 ms [1.9 ms, 1.984 ms] | 481.038 µs (32.9%) |
| tracing | 1.916 ms [1.876 ms, 1.956 ms] | 455.524 µs (31.2%) |
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
Correct me if I'm wrong but I think that SsrfModule#onURLConnection(@Nullable String url, @Nullable Object host, @Nullable Object uri) is not used anymore with these changes, so it's better to remove it from the interface and the implementation to avoid dead code
Correct me if I'm wrong but I think that SsrfModule#onURLConnection(@nullable String url, @nullable Object host, @nullable Object uri) is not used anymore with these changes, so it's better to remove it from the interface and the implementation to avoid dead code
I have removed the method and added an exclusion for the coverage. It seems that method was the only one that tested the EvidenceBuilder. I have created a JIRA ticket to solve this problem later. For now, the method will be removed and we exclude EvidenceBuilder from the coverage report
LGTM! but please check the build, it seems that datadog.trace.api.iast.util.PropagationUtils is not passing the test coverage job