-
Notifications
You must be signed in to change notification settings - Fork 278
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Map JSP stack traces to file names #7005
base: master
Are you sure you want to change the base?
Conversation
BenchmarksStartupParameters
See matching parameters
SummaryFound 1 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 13 unstable metrics.
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.36.0-SNAPSHOT~807f96af15, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.065 s) : 0, 1064574
Total [baseline] (10.336 s) : 0, 10336430
Agent [candidate] (1.061 s) : 0, 1061414
Total [candidate] (10.413 s) : 0, 10413342
section appsec
Agent [baseline] (1.182 s) : 0, 1181678
Total [baseline] (10.436 s) : 0, 10435638
Agent [candidate] (1.18 s) : 0, 1180417
Total [candidate] (10.455 s) : 0, 10455206
section iast
Agent [baseline] (1.178 s) : 0, 1178281
Total [baseline] (10.769 s) : 0, 10768706
Agent [candidate] (1.168 s) : 0, 1167756
Total [candidate] (10.679 s) : 0, 10679055
section profiling
Agent [baseline] (1.269 s) : 0, 1269014
Total [baseline] (10.622 s) : 0, 10622295
Agent [candidate] (1.272 s) : 0, 1271820
Total [candidate] (10.687 s) : 0, 10686569
gantt
title petclinic - break down per module: candidate=1.36.0-SNAPSHOT~807f96af15, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (666.95 ms) : 0, 666950
BytebuddyAgent [candidate] (664.722 ms) : 0, 664722
GlobalTracer [baseline] (304.643 ms) : 0, 304643
GlobalTracer [candidate] (303.77 ms) : 0, 303770
AppSec [baseline] (50.283 ms) : 0, 50283
AppSec [candidate] (50.015 ms) : 0, 50015
Logs Intake [candidate] (415.999 µs) : 0, 416
Remote Config [baseline] (686.963 µs) : 0, 687
Remote Config [candidate] (661.365 µs) : 0, 661
Telemetry [baseline] (7.573 ms) : 0, 7573
Telemetry [candidate] (7.462 ms) : 0, 7462
section appsec
BytebuddyAgent [baseline] (675.106 ms) : 0, 675106
BytebuddyAgent [candidate] (675.151 ms) : 0, 675151
GlobalTracer [baseline] (296.949 ms) : 0, 296949
GlobalTracer [candidate] (297.389 ms) : 0, 297389
AppSec [baseline] (153.71 ms) : 0, 153710
AppSec [candidate] (153.146 ms) : 0, 153146
Logs Intake [candidate] (333.552 µs) : 0, 334
Remote Config [baseline] (635.845 µs) : 0, 636
Remote Config [candidate] (646.991 µs) : 0, 647
Telemetry [baseline] (9.374 ms) : 0, 9374
Telemetry [candidate] (8.493 ms) : 0, 8493
IAST [baseline] (22.995 ms) : 0, 22995
IAST [candidate] (21.662 ms) : 0, 21662
section iast
BytebuddyAgent [baseline] (785.279 ms) : 0, 785279
BytebuddyAgent [candidate] (778.853 ms) : 0, 778853
GlobalTracer [baseline] (296.0 ms) : 0, 296000
GlobalTracer [candidate] (293.171 ms) : 0, 293171
AppSec [baseline] (47.478 ms) : 0, 47478
AppSec [candidate] (46.966 ms) : 0, 46966
Logs Intake [candidate] (301.262 µs) : 0, 301
Remote Config [baseline] (600.215 µs) : 0, 600
Remote Config [candidate] (570.756 µs) : 0, 571
Telemetry [baseline] (7.018 ms) : 0, 7018
Telemetry [candidate] (8.457 ms) : 0, 8457
IAST [baseline] (28.491 ms) : 0, 28491
IAST [candidate] (26.146 ms) : 0, 26146
section profiling
BytebuddyAgent [baseline] (667.155 ms) : 0, 667155
BytebuddyAgent [candidate] (666.882 ms) : 0, 666882
GlobalTracer [baseline] (388.166 ms) : 0, 388166
GlobalTracer [candidate] (390.495 ms) : 0, 390495
AppSec [baseline] (51.486 ms) : 0, 51486
AppSec [candidate] (51.583 ms) : 0, 51583
Logs Intake [candidate] (346.437 µs) : 0, 346
Remote Config [baseline] (734.196 µs) : 0, 734
Remote Config [candidate] (745.767 µs) : 0, 746
Telemetry [baseline] (7.441 ms) : 0, 7441
Telemetry [candidate] (7.473 ms) : 0, 7473
ProfilingAgent [baseline] (96.575 ms) : 0, 96575
ProfilingAgent [candidate] (97.071 ms) : 0, 97071
Profiling [baseline] (96.599 ms) : 0, 96599
Profiling [candidate] (97.096 ms) : 0, 97096
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.36.0-SNAPSHOT~807f96af15, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.07 s) : 0, 1069872
Total [baseline] (8.601 s) : 0, 8601024
Agent [candidate] (1.062 s) : 0, 1061946
Total [candidate] (8.528 s) : 0, 8527927
section iast
Agent [baseline] (1.169 s) : 0, 1169039
Total [baseline] (8.974 s) : 0, 8974003
Agent [candidate] (1.177 s) : 0, 1177350
Total [candidate] (9.014 s) : 0, 9014026
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.17 s) : 0, 1169568
Total [baseline] (8.995 s) : 0, 8994778
Agent [candidate] (1.175 s) : 0, 1174830
Total [candidate] (9.056 s) : 0, 9056264
section iast_TELEMETRY_OFF
Agent [baseline] (1.163 s) : 0, 1162923
Total [baseline] (8.969 s) : 0, 8968603
Agent [candidate] (1.166 s) : 0, 1166400
Total [candidate] (8.998 s) : 0, 8997954
gantt
title insecure-bank - break down per module: candidate=1.36.0-SNAPSHOT~807f96af15, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (670.289 ms) : 0, 670289
BytebuddyAgent [candidate] (664.788 ms) : 0, 664788
GlobalTracer [baseline] (306.033 ms) : 0, 306033
GlobalTracer [candidate] (303.801 ms) : 0, 303801
AppSec [baseline] (50.53 ms) : 0, 50530
AppSec [candidate] (50.224 ms) : 0, 50224
Logs Intake [candidate] (373.914 µs) : 0, 374
Remote Config [baseline] (696.075 µs) : 0, 696
Remote Config [candidate] (681.462 µs) : 0, 681
Telemetry [baseline] (7.592 ms) : 0, 7592
Telemetry [candidate] (7.593 ms) : 0, 7593
section iast
BytebuddyAgent [baseline] (779.402 ms) : 0, 779402
BytebuddyAgent [candidate] (785.117 ms) : 0, 785117
GlobalTracer [baseline] (293.222 ms) : 0, 293222
GlobalTracer [candidate] (295.611 ms) : 0, 295611
AppSec [baseline] (47.053 ms) : 0, 47053
AppSec [candidate] (47.192 ms) : 0, 47192
Logs Intake [candidate] (296.993 µs) : 0, 297
Remote Config [baseline] (605.423 µs) : 0, 605
Remote Config [candidate] (1.313 ms) : 0, 1313
Telemetry [baseline] (7.607 ms) : 0, 7607
Telemetry [candidate] (7.715 ms) : 0, 7715
IAST [baseline] (27.871 ms) : 0, 27871
IAST [candidate] (26.648 ms) : 0, 26648
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (778.926 ms) : 0, 778926
BytebuddyAgent [candidate] (781.144 ms) : 0, 781144
GlobalTracer [baseline] (293.476 ms) : 0, 293476
GlobalTracer [candidate] (296.623 ms) : 0, 296623
AppSec [baseline] (47.14 ms) : 0, 47140
AppSec [candidate] (46.85 ms) : 0, 46850
Logs Intake [candidate] (307.567 µs) : 0, 308
Remote Config [baseline] (622.521 µs) : 0, 623
Remote Config [candidate] (574.11 µs) : 0, 574
Telemetry [baseline] (7.753 ms) : 0, 7753
Telemetry [candidate] (7.717 ms) : 0, 7717
IAST [baseline] (28.328 ms) : 0, 28328
IAST [candidate] (28.133 ms) : 0, 28133
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (775.038 ms) : 0, 775038
BytebuddyAgent [candidate] (777.22 ms) : 0, 777220
GlobalTracer [baseline] (292.93 ms) : 0, 292930
GlobalTracer [candidate] (293.828 ms) : 0, 293828
AppSec [baseline] (46.968 ms) : 0, 46968
AppSec [candidate] (46.212 ms) : 0, 46212
Logs Intake [candidate] (300.154 µs) : 0, 300
Remote Config [baseline] (582.021 µs) : 0, 582
Remote Config [candidate] (554.094 µs) : 0, 554
Telemetry [baseline] (7.573 ms) : 0, 7573
Telemetry [candidate] (8.315 ms) : 0, 8315
IAST [baseline] (26.543 ms) : 0, 26543
IAST [candidate] (26.543 ms) : 0, 26543
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.36.0-SNAPSHOT~807f96af15, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section baseline
no_agent (372.52 µs) : 353, 392
. : milestone, 373,
iast (485.345 µs) : 464, 507
. : milestone, 485,
iast_FULL (555.571 µs) : 534, 577
. : milestone, 556,
iast_GLOBAL (514.963 µs) : 493, 537
. : milestone, 515,
iast_HARDCODED_SECRET_DISABLED (489.774 µs) : 468, 511
. : milestone, 490,
iast_INACTIVE (456.72 µs) : 436, 478
. : milestone, 457,
iast_TELEMETRY_OFF (474.673 µs) : 454, 496
. : milestone, 475,
tracing (446.769 µs) : 426, 468
. : milestone, 447,
section candidate
no_agent (372.131 µs) : 351, 393
. : milestone, 372,
iast (488.372 µs) : 467, 509
. : milestone, 488,
iast_FULL (557.368 µs) : 536, 579
. : milestone, 557,
iast_GLOBAL (513.441 µs) : 491, 535
. : milestone, 513,
iast_HARDCODED_SECRET_DISABLED (489.203 µs) : 468, 510
. : milestone, 489,
iast_INACTIVE (462.528 µs) : 441, 484
. : milestone, 463,
iast_TELEMETRY_OFF (477.062 µs) : 456, 498
. : milestone, 477,
tracing (448.344 µs) : 428, 469
. : milestone, 448,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.36.0-SNAPSHOT~807f96af15, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section baseline
no_agent (1.338 ms) : 1319, 1357
. : milestone, 1338,
appsec (1.736 ms) : 1713, 1760
. : milestone, 1736,
appsec_no_iast (1.722 ms) : 1697, 1747
. : milestone, 1722,
iast (1.481 ms) : 1458, 1503
. : milestone, 1481,
profiling (1.529 ms) : 1504, 1554
. : milestone, 1529,
tracing (1.478 ms) : 1454, 1501
. : milestone, 1478,
section candidate
no_agent (1.342 ms) : 1323, 1362
. : milestone, 1342,
appsec (1.74 ms) : 1715, 1764
. : milestone, 1740,
appsec_no_iast (1.723 ms) : 1698, 1747
. : milestone, 1723,
iast (1.477 ms) : 1455, 1500
. : milestone, 1477,
profiling (1.519 ms) : 1493, 1546
. : milestone, 1519,
tracing (1.457 ms) : 1432, 1482
. : milestone, 1457,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.36.0-SNAPSHOT~807f96af15, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section baseline
no_agent (15.256 s) : 15256000, 15256000
. : milestone, 15256000,
appsec (14.81 s) : 14810000, 14810000
. : milestone, 14810000,
iast (18.909 s) : 18909000, 18909000
. : milestone, 18909000,
iast_GLOBAL (17.98 s) : 17980000, 17980000
. : milestone, 17980000,
profiling (15.342 s) : 15342000, 15342000
. : milestone, 15342000,
tracing (15.1 s) : 15100000, 15100000
. : milestone, 15100000,
section candidate
no_agent (15.371 s) : 15371000, 15371000
. : milestone, 15371000,
appsec (14.904 s) : 14904000, 14904000
. : milestone, 14904000,
iast (18.883 s) : 18883000, 18883000
. : milestone, 18883000,
iast_GLOBAL (17.755 s) : 17755000, 17755000
. : milestone, 17755000,
profiling (15.145 s) : 15145000, 15145000
. : milestone, 15145000,
tracing (15.056 s) : 15056000, 15056000
. : milestone, 15056000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.36.0-SNAPSHOT~807f96af15, baseline=1.36.0-SNAPSHOT~04cda746be
dateFormat X
axisFormat %s
section baseline
no_agent (1.456 ms) : 1444, 1467
. : milestone, 1456,
appsec (2.201 ms) : 2168, 2235
. : milestone, 2201,
iast (1.945 ms) : 1904, 1985
. : milestone, 1945,
iast_GLOBAL (1.989 ms) : 1948, 2029
. : milestone, 1989,
profiling (1.837 ms) : 1803, 1871
. : milestone, 1837,
tracing (1.831 ms) : 1799, 1863
. : milestone, 1831,
section candidate
no_agent (1.461 ms) : 1450, 1473
. : milestone, 1461,
appsec (2.199 ms) : 2165, 2233
. : milestone, 2199,
iast (1.962 ms) : 1921, 2003
. : milestone, 1962,
iast_GLOBAL (2.002 ms) : 1961, 2043
. : milestone, 2002,
profiling (1.842 ms) : 1809, 1875
. : milestone, 1842,
tracing (1.813 ms) : 1781, 1844
. : milestone, 1813,
|
183a51c
to
ae313e3
Compare
eab21bd
to
13aa99b
Compare
4b6a319
to
8468f2e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few comments, but I still did not review all the parsing logic.
internal-api/src/main/java/datadog/trace/api/iast/stratum/SourceMapper.java
Show resolved
Hide resolved
...gboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy
Outdated
Show resolved
Hide resolved
...oling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy
Outdated
Show resolved
Hide resolved
...oling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy
Outdated
Show resolved
Hide resolved
...nt/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/AbstractStratum.java
Show resolved
Hide resolved
@Override | ||
public void onConstantPool( | ||
@Nonnull TypeDescription type, @Nonnull ConstantPool pool, byte[] classFile) { | ||
if (StratumManagerImpl.shouldBeAnalyzed(type.getInternalName())) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is here just to get access to the class byte[]
right?
I'm not sure about this approach as it will take a lot of wasted space, it's very likely that only a few jsps will need to have their metadata collected (the ones with vulnerabilities), and it will probably delay startup quite a bit. I think the best approach is to execute it only when computing the stack for a vulnerability.
...agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java
Outdated
Show resolved
Hide resolved
...agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java
Outdated
Show resolved
Hide resolved
…tooling/iast/stratum/StratumManagerImpl.java Co-authored-by: Manuel Álvarez Álvarez <[email protected]>
…tooling/iast/stratum/StratumManagerImpl.java Co-authored-by: Manuel Álvarez Álvarez <[email protected]>
…t/tooling/iast/stratum/StratumManagerImplTest.groovy Co-authored-by: Santiago M. Mola <[email protected]>
…t/tooling/iast/stratum/StratumManagerImplTest.groovy Co-authored-by: Santiago M. Mola <[email protected]>
81b6989
to
3c8ca9e
Compare
Improve memory usage removing not necessary info from StratumExt objects Fix method to get the mapped jsp file and line
What Does This Do
Add StratumManger to deal with SMAP Syntax from Jakarta Debugging Support for Other Languages
Replace the StackTraceElement used to create the vulnerability location with the original file and line info
Motivation
If we want to show proper filename for vulnerabilities in JSP, we’ll need to map JSP stack traces to file names.
Additional Notes
Jira ticket: APPSEC-4703