Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement ForKnownTypes for commons-fileupload integration #6238

Merged
merged 4 commits into from
Nov 17, 2023
Merged

Implement ForKnownTypes for commons-fileupload integration #6238

merged 4 commits into from
Nov 17, 2023

Conversation

am312
Copy link
Contributor

@am312 am312 commented Nov 16, 2023
edited by smola
Loading

What Does This Do

Replaces ForConfiguredTypes with ForKnownTypes. ForKnownTypes is preferred because we know we can statically build that into the tracer and optimize it, whereas ForConfiguredTypes implies it might change at runtime and therefore shouldn't be optimized.

@am312
implement ForKnownTypes
083c5e9 
ForKnownTypes is preferred because we know we can statically build that into the tracer and optimize it, whereas ForConfiguredTypes implies it might change at runtime and therefore shouldn't be optimized.
@am312 am312 marked this pull request as ready for review November 16, 2023 22:59
@am312 am312 requested a review from a team as a code owner November 16, 2023 22:59
@mcculls mcculls added the tag: no release notes Changes to exclude from release notes label Nov 16, 2023
@pr-commenter
Copy link

pr-commenter bot commented Nov 16, 2023
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
commit 1.25.0-SNAPSHOT~fce1d5c289 1.25.0-SNAPSHOT~ccccff7ca6
config baseline candidate
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 54 cases.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.25.0-SNAPSHOT~ccccff7ca6, baseline=1.25.0-SNAPSHOT~fce1d5c289

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.032 s) : 0, 1031962
Total [baseline] (8.79 s) : 0, 8789664
Agent [candidate] (1.037 s) : 0, 1036568
Total [candidate] (8.808 s) : 0, 8808482
section iast
Agent [baseline] (1.149 s) : 0, 1148780
Total [baseline] (9.34 s) : 0, 9340167
Agent [candidate] (1.149 s) : 0, 1149109
Total [candidate] (9.32 s) : 0, 9320304
section iast_TELEMETRY_OFF
Agent [baseline] (1.144 s) : 0, 1144166
Total [baseline] (9.311 s) : 0, 9311148
Agent [candidate] (1.154 s) : 0, 1154014
Total [candidate] (9.324 s) : 0, 9323774
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.032 s -
Agent iast 1.149 s 116.818 ms (11.3%)
Agent iast_TELEMETRY_OFF 1.144 s 112.204 ms (10.9%)
Total tracing 8.79 s -
Total iast 9.34 s 550.504 ms (6.3%)
Total iast_TELEMETRY_OFF 9.311 s 521.484 ms (5.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.037 s -
Agent iast 1.149 s 112.542 ms (10.9%)
Agent iast_TELEMETRY_OFF 1.154 s 117.446 ms (11.3%)
Total tracing 8.808 s -
Total iast 9.32 s 511.823 ms (5.8%)
Total iast_TELEMETRY_OFF 9.324 s 515.293 ms (5.8%) 
gantt
    title insecure-bank - break down per module: candidate=1.25.0-SNAPSHOT~ccccff7ca6, baseline=1.25.0-SNAPSHOT~fce1d5c289

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (645.799 ms) : 0, 645799
BytebuddyAgent [candidate] (648.779 ms) : 0, 648779
GlobalTracer [baseline] (294.888 ms) : 0, 294888
GlobalTracer [candidate] (296.404 ms) : 0, 296404
AppSec [baseline] (48.98 ms) : 0, 48980
AppSec [candidate] (49.033 ms) : 0, 49033
Remote Config [baseline] (675.911 µs) : 0, 676
Remote Config [candidate] (669.939 µs) : 0, 670
Telemetry [baseline] (7.183 ms) : 0, 7183
Telemetry [candidate] (7.216 ms) : 0, 7216
section iast
BytebuddyAgent [baseline] (767.257 ms) : 0, 767257
BytebuddyAgent [candidate] (767.685 ms) : 0, 767685
GlobalTracer [baseline] (274.745 ms) : 0, 274745
GlobalTracer [candidate] (275.392 ms) : 0, 275392
AppSec [baseline] (46.453 ms) : 0, 46453
AppSec [candidate] (46.294 ms) : 0, 46294
IAST [baseline] (16.739 ms) : 0, 16739
IAST [candidate] (14.867 ms) : 0, 14867
Remote Config [baseline] (605.647 µs) : 0, 606
Remote Config [candidate] (590.094 µs) : 0, 590
Telemetry [baseline] (8.613 ms) : 0, 8613
Telemetry [candidate] (9.893 ms) : 0, 9893
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (761.259 ms) : 0, 761259
BytebuddyAgent [candidate] (768.356 ms) : 0, 768356
GlobalTracer [baseline] (275.673 ms) : 0, 275673
GlobalTracer [candidate] (278.443 ms) : 0, 278443
AppSec [baseline] (46.893 ms) : 0, 46893
AppSec [candidate] (47.123 ms) : 0, 47123
IAST [baseline] (16.706 ms) : 0, 16706
IAST [candidate] (16.264 ms) : 0, 16264
Remote Config [baseline] (595.15 µs) : 0, 595
Remote Config [candidate] (605.118 µs) : 0, 605
Telemetry [baseline] (8.642 ms) : 0, 8642
Telemetry [candidate] (8.441 ms) : 0, 8441
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.25.0-SNAPSHOT~ccccff7ca6, baseline=1.25.0-SNAPSHOT~fce1d5c289

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.04 s) : 0, 1040253
Total [baseline] (9.313 s) : 0, 9313340
Agent [candidate] (1.039 s) : 0, 1039256
Total [candidate] (9.317 s) : 0, 9316624
section appsec
Agent [baseline] (1.128 s) : 0, 1128474
Total [baseline] (9.393 s) : 0, 9393052
Agent [candidate] (1.137 s) : 0, 1136631
Total [candidate] (9.398 s) : 0, 9397840
section iast
Agent [baseline] (1.158 s) : 0, 1157899
Total [baseline] (9.567 s) : 0, 9566924
Agent [candidate] (1.153 s) : 0, 1153312
Total [candidate] (9.502 s) : 0, 9501555
section profiling
Agent [baseline] (1.215 s) : 0, 1214880
Total [baseline] (9.518 s) : 0, 9518188
Agent [candidate] (1.218 s) : 0, 1217961
Total [candidate] (9.587 s) : 0, 9587035
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.04 s -
Agent appsec 1.128 s 88.221 ms (8.5%)
Agent iast 1.158 s 117.646 ms (11.3%)
Agent profiling 1.215 s 174.628 ms (16.8%)
Total tracing 9.313 s -
Total appsec 9.393 s 79.712 ms (0.9%)
Total iast 9.567 s 253.584 ms (2.7%)
Total profiling 9.518 s 204.848 ms (2.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.039 s -
Agent appsec 1.137 s 97.374 ms (9.4%)
Agent iast 1.153 s 114.056 ms (11.0%)
Agent profiling 1.218 s 178.705 ms (17.2%)
Total tracing 9.317 s -
Total appsec 9.398 s 81.215 ms (0.9%)
Total iast 9.502 s 184.931 ms (2.0%)
Total profiling 9.587 s 270.41 ms (2.9%) 
gantt
    title petclinic - break down per module: candidate=1.25.0-SNAPSHOT~ccccff7ca6, baseline=1.25.0-SNAPSHOT~fce1d5c289

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (651.494 ms) : 0, 651494
BytebuddyAgent [candidate] (651.805 ms) : 0, 651805
GlobalTracer [baseline] (297.021 ms) : 0, 297021
GlobalTracer [candidate] (296.003 ms) : 0, 296003
AppSec [baseline] (49.199 ms) : 0, 49199
AppSec [candidate] (48.984 ms) : 0, 48984
Remote Config [baseline] (661.248 µs) : 0, 661
Remote Config [candidate] (662.071 µs) : 0, 662
Telemetry [baseline] (7.24 ms) : 0, 7240
Telemetry [candidate] (7.212 ms) : 0, 7212
section appsec
BytebuddyAgent [baseline] (651.036 ms) : 0, 651036
BytebuddyAgent [candidate] (654.579 ms) : 0, 654579
GlobalTracer [baseline] (296.308 ms) : 0, 296308
GlobalTracer [candidate] (299.766 ms) : 0, 299766
AppSec [baseline] (139.165 ms) : 0, 139165
AppSec [candidate] (140.086 ms) : 0, 140086
Remote Config [baseline] (644.464 µs) : 0, 644
Remote Config [candidate] (649.792 µs) : 0, 650
Telemetry [baseline] (6.811 ms) : 0, 6811
Telemetry [candidate] (6.845 ms) : 0, 6845
section iast
BytebuddyAgent [baseline] (773.296 ms) : 0, 773296
BytebuddyAgent [candidate] (770.204 ms) : 0, 770204
GlobalTracer [baseline] (276.3 ms) : 0, 276300
GlobalTracer [candidate] (276.121 ms) : 0, 276121
AppSec [baseline] (46.958 ms) : 0, 46958
AppSec [candidate] (46.653 ms) : 0, 46653
Remote Config [baseline] (586.742 µs) : 0, 587
Remote Config [candidate] (560.293 µs) : 0, 560
Telemetry [baseline] (7.171 ms) : 0, 7171
Telemetry [candidate] (6.411 ms) : 0, 6411
IAST [baseline] (18.894 ms) : 0, 18894
IAST [candidate] (18.923 ms) : 0, 18923
section profiling
BytebuddyAgent [baseline] (656.763 ms) : 0, 656763
BytebuddyAgent [candidate] (658.558 ms) : 0, 658558
GlobalTracer [baseline] (359.487 ms) : 0, 359487
GlobalTracer [candidate] (360.316 ms) : 0, 360316
AppSec [baseline] (48.848 ms) : 0, 48848
AppSec [candidate] (48.482 ms) : 0, 48482
Remote Config [baseline] (646.958 µs) : 0, 647
Remote Config [candidate] (639.45 µs) : 0, 639
Telemetry [baseline] (7.318 ms) : 0, 7318
Telemetry [candidate] (7.383 ms) : 0, 7383
ProfilingAgent [baseline] (87.71 ms) : 0, 87710
ProfilingAgent [candidate] (88.229 ms) : 0, 88229
Profiling [baseline] (87.733 ms) : 0, 87733
Profiling [candidate] (88.253 ms) : 0, 88253
Loading

Load

Parameters

Baseline Candidate
commit 1.25.0-SNAPSHOT~fce1d5c289 1.25.0-SNAPSHOT~ccccff7ca6
config baseline candidate
end_time 2023-11-17T04:52:58 2023-11-17T05:09:29
start_time 2023-11-17T04:52:45 2023-11-17T05:09:16
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 22 cases.

Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.25.0-SNAPSHOT~ccccff7ca6, baseline=1.25.0-SNAPSHOT~fce1d5c289
    dateFormat X
    axisFormat %s
section baseline
no_agent (361.631 µs) : 342, 381
.   : milestone, 362,
iast (476.747 µs) : 456, 498
.   : milestone, 477,
iast_FULL (539.605 µs) : 519, 560
.   : milestone, 540,
iast_INACTIVE (451.739 µs) : 431, 473
.   : milestone, 452,
iast_TELEMETRY_OFF (476.407 µs) : 455, 498
.   : milestone, 476,
tracing (446.574 µs) : 425, 468
.   : milestone, 447,
section candidate
no_agent (371.956 µs) : 352, 392
.   : milestone, 372,
iast (475.828 µs) : 455, 497
.   : milestone, 476,
iast_FULL (539.59 µs) : 519, 560
.   : milestone, 540,
iast_INACTIVE (447.796 µs) : 426, 469
.   : milestone, 448,
iast_TELEMETRY_OFF (474.196 µs) : 453, 495
.   : milestone, 474,
tracing (445.836 µs) : 425, 467
.   : milestone, 446,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 361.631 µs [342.269 µs, 380.992 µs] -
iast 476.747 µs [455.64 µs, 497.854 µs] 115.116 µs (31.8%)
iast_FULL 539.605 µs [518.745 µs, 560.466 µs] 177.975 µs (49.2%)
iast_INACTIVE 451.739 µs [430.724 µs, 472.754 µs] 90.108 µs (24.9%)
iast_TELEMETRY_OFF 476.407 µs [454.776 µs, 498.037 µs] 114.776 µs (31.7%)
tracing 446.574 µs [425.341 µs, 467.807 µs] 84.944 µs (23.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 371.956 µs [351.595 µs, 392.318 µs] -
iast 475.828 µs [454.587 µs, 497.068 µs] 103.871 µs (27.9%)
iast_FULL 539.59 µs [518.727 µs, 560.453 µs] 167.634 µs (45.1%)
iast_INACTIVE 447.796 µs [426.285 µs, 469.308 µs] 75.84 µs (20.4%)
iast_TELEMETRY_OFF 474.196 µs [453.361 µs, 495.031 µs] 102.24 µs (27.5%)
tracing 445.836 µs [424.583 µs, 467.09 µs] 73.88 µs (19.9%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.25.0-SNAPSHOT~ccccff7ca6, baseline=1.25.0-SNAPSHOT~fce1d5c289
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.351 ms) : 1332, 1370
.   : milestone, 1351,
appsec (1.734 ms) : 1709, 1759
.   : milestone, 1734,
iast (1.499 ms) : 1475, 1524
.   : milestone, 1499,
profiling (1.471 ms) : 1446, 1496
.   : milestone, 1471,
tracing (1.488 ms) : 1463, 1514
.   : milestone, 1488,
section candidate
no_agent (1.367 ms) : 1348, 1387
.   : milestone, 1367,
appsec (1.75 ms) : 1725, 1775
.   : milestone, 1750,
iast (1.503 ms) : 1479, 1527
.   : milestone, 1503,
profiling (1.511 ms) : 1483, 1538
.   : milestone, 1511,
tracing (1.491 ms) : 1466, 1515
.   : milestone, 1491,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.351 ms [1.332 ms, 1.37 ms] -
appsec 1.734 ms [1.709 ms, 1.759 ms] 382.706 µs (28.3%)
iast 1.499 ms [1.475 ms, 1.524 ms] 148.156 µs (11.0%)
profiling 1.471 ms [1.446 ms, 1.496 ms] 119.84 µs (8.9%)
tracing 1.488 ms [1.463 ms, 1.514 ms] 137.073 µs (10.1%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.367 ms [1.348 ms, 1.387 ms] -
appsec 1.75 ms [1.725 ms, 1.775 ms] 383.039 µs (28.0%)
iast 1.503 ms [1.479 ms, 1.527 ms] 136.01 µs (9.9%)
profiling 1.511 ms [1.483 ms, 1.538 ms] 143.458 µs (10.5%)
tracing 1.491 ms [1.466 ms, 1.515 ms] 123.45 µs (9.0%)

@am312 am312 merged commit d84cc9f into master Nov 17, 2023
69 of 71 checks passed
@am312 am312 deleted the andrew.munn/file-uploader-instrumenter branch November 17, 2023 05:53
@github-actions github-actions bot added this to the 1.25.0 milestone Nov 17, 2023
@smola smola changed the title implement ForKnownTypes Implement ForKnownTypes for commons-fileupload integration Nov 17, 2023
@smola smola added the comp: asm iast Application Security Management (IAST) label Nov 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcculls mcculls mcculls approved these changes

@DDJavierSantos DDJavierSantos Awaiting requested review from DDJavierSantos

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST) tag: no release notes Changes to exclude from release notes
Projects
None yet
Milestone
1.25.0
Development

Successfully merging this pull request may close these issues.
3 participants
@am312 @mcculls @smola