-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Map JSP stack traces to file names #7005
Conversation
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.39.0-SNAPSHOT~eeec65e478, baseline=1.38.0~60ddc9e0d7
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.044 s) : 0, 1043692
Total [baseline] (10.299 s) : 0, 10299297
Agent [candidate] (1.046 s) : 0, 1046114
Total [candidate] (10.287 s) : 0, 10287185
section appsec
Agent [baseline] (1.178 s) : 0, 1177501
Total [baseline] (10.573 s) : 0, 10572794
Agent [candidate] (1.167 s) : 0, 1167105
Total [candidate] (10.45 s) : 0, 10449927
section iast
Agent [baseline] (1.18 s) : 0, 1180261
Total [baseline] (10.78 s) : 0, 10779730
Agent [candidate] (1.172 s) : 0, 1172253
Total [candidate] (10.772 s) : 0, 10772021
section profiling
Agent [baseline] (1.242 s) : 0, 1242474
Total [baseline] (10.59 s) : 0, 10589597
Agent [candidate] (1.25 s) : 0, 1249575
Total [candidate] (10.599 s) : 0, 10599126
gantt
title petclinic - break down per module: candidate=1.39.0-SNAPSHOT~eeec65e478, baseline=1.38.0~60ddc9e0d7
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (667.108 ms) : 0, 667108
BytebuddyAgent [candidate] (668.841 ms) : 0, 668841
GlobalTracer [baseline] (305.02 ms) : 0, 305020
GlobalTracer [candidate] (305.458 ms) : 0, 305458
AppSec [baseline] (50.121 ms) : 0, 50121
AppSec [candidate] (50.314 ms) : 0, 50314
Remote Config [baseline] (685.708 µs) : 0, 686
Remote Config [candidate] (684.712 µs) : 0, 685
Telemetry [baseline] (7.33 ms) : 0, 7330
Telemetry [candidate] (7.371 ms) : 0, 7371
section appsec
BytebuddyAgent [baseline] (686.572 ms) : 0, 686572
BytebuddyAgent [candidate] (681.61 ms) : 0, 681610
GlobalTracer [baseline] (301.77 ms) : 0, 301770
GlobalTracer [candidate] (298.207 ms) : 0, 298207
AppSec [baseline] (155.721 ms) : 0, 155721
AppSec [candidate] (155.321 ms) : 0, 155321
IAST [baseline] (22.415 ms) : 0, 22415
IAST [candidate] (19.047 ms) : 0, 19047
Remote Config [baseline] (605.699 µs) : 0, 606
Remote Config [candidate] (601.645 µs) : 0, 602
Telemetry [baseline] (7.97 ms) : 0, 7970
Telemetry [candidate] (8.272 ms) : 0, 8272
section iast
BytebuddyAgent [baseline] (788.032 ms) : 0, 788032
BytebuddyAgent [candidate] (781.656 ms) : 0, 781656
GlobalTracer [baseline] (296.576 ms) : 0, 296576
GlobalTracer [candidate] (295.124 ms) : 0, 295124
AppSec [baseline] (50.502 ms) : 0, 50502
AppSec [candidate] (51.64 ms) : 0, 51640
IAST [baseline] (23.009 ms) : 0, 23009
IAST [candidate] (22.664 ms) : 0, 22664
Remote Config [baseline] (1.368 ms) : 0, 1368
Remote Config [candidate] (585.711 µs) : 0, 586
Telemetry [baseline] (7.211 ms) : 0, 7211
Telemetry [candidate] (7.084 ms) : 0, 7084
section profiling
BytebuddyAgent [baseline] (662.56 ms) : 0, 662560
BytebuddyAgent [candidate] (666.998 ms) : 0, 666998
GlobalTracer [baseline] (388.086 ms) : 0, 388086
GlobalTracer [candidate] (390.455 ms) : 0, 390455
AppSec [baseline] (51.757 ms) : 0, 51757
AppSec [candidate] (51.853 ms) : 0, 51853
Remote Config [baseline] (707.433 µs) : 0, 707
Remote Config [candidate] (690.642 µs) : 0, 691
Telemetry [baseline] (7.287 ms) : 0, 7287
Telemetry [candidate] (7.33 ms) : 0, 7330
ProfilingAgent [baseline] (94.952 ms) : 0, 94952
ProfilingAgent [candidate] (94.824 ms) : 0, 94824
Profiling [baseline] (94.977 ms) : 0, 94977
Profiling [candidate] (94.849 ms) : 0, 94849
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.39.0-SNAPSHOT~eeec65e478, baseline=1.38.0~60ddc9e0d7
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.044 s) : 0, 1043617
Total [baseline] (8.452 s) : 0, 8451728
Agent [candidate] (1.044 s) : 0, 1044394
Total [candidate] (8.477 s) : 0, 8476638
section iast
Agent [baseline] (1.175 s) : 0, 1175114
Total [baseline] (8.952 s) : 0, 8952076
Agent [candidate] (1.173 s) : 0, 1172764
Total [candidate] (8.965 s) : 0, 8964874
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.171 s) : 0, 1171143
Total [baseline] (8.936 s) : 0, 8935942
Agent [candidate] (1.173 s) : 0, 1173184
Total [candidate] (8.95 s) : 0, 8949950
section iast_TELEMETRY_OFF
Agent [baseline] (1.179 s) : 0, 1178537
Total [baseline] (8.986 s) : 0, 8986055
Agent [candidate] (1.176 s) : 0, 1176386
Total [candidate] (8.959 s) : 0, 8959304
gantt
title insecure-bank - break down per module: candidate=1.39.0-SNAPSHOT~eeec65e478, baseline=1.38.0~60ddc9e0d7
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (667.566 ms) : 0, 667566
BytebuddyAgent [candidate] (667.455 ms) : 0, 667455
GlobalTracer [baseline] (304.544 ms) : 0, 304544
GlobalTracer [candidate] (305.251 ms) : 0, 305251
AppSec [baseline] (50.091 ms) : 0, 50091
AppSec [candidate] (50.309 ms) : 0, 50309
Remote Config [baseline] (683.402 µs) : 0, 683
Remote Config [candidate] (679.068 µs) : 0, 679
Telemetry [baseline] (7.323 ms) : 0, 7323
Telemetry [candidate] (7.28 ms) : 0, 7280
section iast
BytebuddyAgent [baseline] (784.032 ms) : 0, 784032
BytebuddyAgent [candidate] (782.977 ms) : 0, 782977
GlobalTracer [baseline] (294.566 ms) : 0, 294566
GlobalTracer [candidate] (295.242 ms) : 0, 295242
AppSec [baseline] (52.21 ms) : 0, 52210
AppSec [candidate] (51.423 ms) : 0, 51423
IAST [baseline] (22.357 ms) : 0, 22357
IAST [candidate] (21.898 ms) : 0, 21898
Remote Config [baseline] (612.904 µs) : 0, 613
Remote Config [candidate] (586.91 µs) : 0, 587
Telemetry [baseline] (7.83 ms) : 0, 7830
Telemetry [candidate] (7.145 ms) : 0, 7145
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (781.277 ms) : 0, 781277
BytebuddyAgent [candidate] (782.086 ms) : 0, 782086
GlobalTracer [baseline] (294.883 ms) : 0, 294883
GlobalTracer [candidate] (295.694 ms) : 0, 295694
AppSec [baseline] (50.843 ms) : 0, 50843
AppSec [candidate] (51.675 ms) : 0, 51675
IAST [baseline] (22.068 ms) : 0, 22068
IAST [candidate] (22.574 ms) : 0, 22574
Remote Config [baseline] (1.418 ms) : 0, 1418
Remote Config [candidate] (574.654 µs) : 0, 575
Telemetry [baseline] (7.098 ms) : 0, 7098
Telemetry [candidate] (7.042 ms) : 0, 7042
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (784.855 ms) : 0, 784855
BytebuddyAgent [candidate] (784.309 ms) : 0, 784309
GlobalTracer [baseline] (296.975 ms) : 0, 296975
GlobalTracer [candidate] (297.132 ms) : 0, 297132
AppSec [baseline] (47.223 ms) : 0, 47223
AppSec [candidate] (48.492 ms) : 0, 48492
IAST [baseline] (28.168 ms) : 0, 28168
IAST [candidate] (25.295 ms) : 0, 25295
Remote Config [baseline] (629.539 µs) : 0, 630
Remote Config [candidate] (617.463 µs) : 0, 617
Telemetry [baseline] (7.068 ms) : 0, 7068
Telemetry [candidate] (6.954 ms) : 0, 6954
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 6 metrics, 22 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.39.0-SNAPSHOT~eeec65e478, baseline=1.38.0~60ddc9e0d7
dateFormat X
axisFormat %s
section baseline
no_agent (443.693 µs) : 415, 472
. : milestone, 444,
iast (590.027 µs) : 558, 623
. : milestone, 590,
iast_FULL (676.992 µs) : 645, 709
. : milestone, 677,
iast_GLOBAL (612.737 µs) : 581, 645
. : milestone, 613,
iast_HARDCODED_SECRET_DISABLED (579.638 µs) : 548, 611
. : milestone, 580,
iast_INACTIVE (552.925 µs) : 521, 585
. : milestone, 553,
iast_TELEMETRY_OFF (576.195 µs) : 544, 608
. : milestone, 576,
tracing (527.92 µs) : 498, 558
. : milestone, 528,
section candidate
no_agent (449.133 µs) : 420, 478
. : milestone, 449,
iast (583.779 µs) : 553, 615
. : milestone, 584,
iast_FULL (685.158 µs) : 654, 717
. : milestone, 685,
iast_GLOBAL (614.101 µs) : 583, 646
. : milestone, 614,
iast_HARDCODED_SECRET_DISABLED (582.487 µs) : 551, 614
. : milestone, 582,
iast_INACTIVE (551.449 µs) : 519, 584
. : milestone, 551,
iast_TELEMETRY_OFF (573.126 µs) : 541, 606
. : milestone, 573,
tracing (538.543 µs) : 509, 569
. : milestone, 539,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.39.0-SNAPSHOT~eeec65e478, baseline=1.38.0~60ddc9e0d7
dateFormat X
axisFormat %s
section baseline
no_agent (1.695 ms) : 1670, 1720
. : milestone, 1695,
appsec (2.144 ms) : 2113, 2176
. : milestone, 2144,
appsec_no_iast (2.145 ms) : 2112, 2178
. : milestone, 2145,
iast (1.891 ms) : 1861, 1921
. : milestone, 1891,
profiling (1.876 ms) : 1844, 1908
. : milestone, 1876,
tracing (1.855 ms) : 1821, 1890
. : milestone, 1855,
section candidate
no_agent (1.703 ms) : 1678, 1728
. : milestone, 1703,
appsec (2.171 ms) : 2139, 2203
. : milestone, 2171,
appsec_no_iast (2.165 ms) : 2133, 2197
. : milestone, 2165,
iast (1.896 ms) : 1867, 1926
. : milestone, 1896,
profiling (1.9 ms) : 1864, 1936
. : milestone, 1900,
tracing (1.872 ms) : 1839, 1906
. : milestone, 1872,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.39.0-SNAPSHOT~eeec65e478, baseline=1.38.0~60ddc9e0d7
dateFormat X
axisFormat %s
section baseline
no_agent (21.058 s) : 21058000, 21058000
. : milestone, 21058000,
appsec (21.661 s) : 21661000, 21661000
. : milestone, 21661000,
iast (24.026 s) : 24026000, 24026000
. : milestone, 24026000,
iast_GLOBAL (24.914 s) : 24914000, 24914000
. : milestone, 24914000,
profiling (20.732 s) : 20732000, 20732000
. : milestone, 20732000,
tracing (20.931 s) : 20931000, 20931000
. : milestone, 20931000,
section candidate
no_agent (21.277 s) : 21277000, 21277000
. : milestone, 21277000,
appsec (21.556 s) : 21556000, 21556000
. : milestone, 21556000,
iast (24.719 s) : 24719000, 24719000
. : milestone, 24719000,
iast_GLOBAL (25.038 s) : 25038000, 25038000
. : milestone, 25038000,
profiling (21.165 s) : 21165000, 21165000
. : milestone, 21165000,
tracing (20.359 s) : 20359000, 20359000
. : milestone, 20359000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.39.0-SNAPSHOT~eeec65e478, baseline=1.38.0~60ddc9e0d7
dateFormat X
axisFormat %s
section baseline
no_agent (1.539 ms) : 1527, 1552
. : milestone, 1539,
appsec (2.703 ms) : 2641, 2765
. : milestone, 2703,
iast (2.352 ms) : 2280, 2424
. : milestone, 2352,
iast_GLOBAL (2.434 ms) : 2360, 2508
. : milestone, 2434,
profiling (2.21 ms) : 2147, 2273
. : milestone, 2210,
tracing (2.189 ms) : 2130, 2249
. : milestone, 2189,
section candidate
no_agent (1.54 ms) : 1527, 1553
. : milestone, 1540,
appsec (2.704 ms) : 2641, 2766
. : milestone, 2704,
iast (2.343 ms) : 2272, 2415
. : milestone, 2343,
iast_GLOBAL (2.429 ms) : 2353, 2505
. : milestone, 2429,
profiling (2.233 ms) : 2169, 2297
. : milestone, 2233,
tracing (2.167 ms) : 2108, 2225
. : milestone, 2167,
|
183a51c
to
ae313e3
Compare
eab21bd
to
13aa99b
Compare
4b6a319
to
8468f2e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few comments, but I still did not review all the parsing logic.
internal-api/src/main/java/datadog/trace/api/iast/stratum/SourceMapper.java
Show resolved
Hide resolved
...gboot-tomcat-jsp/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy
Outdated
Show resolved
Hide resolved
...oling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy
Outdated
Show resolved
Hide resolved
...oling/src/test/groovy/datadog/trace/agent/tooling/iast/stratum/StratumManagerImplTest.groovy
Outdated
Show resolved
Hide resolved
...nt/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/AbstractStratum.java
Show resolved
Hide resolved
...strumenter/src/main/java/datadog/trace/instrumentation/iastinstrumenter/StratumListener.java
Outdated
Show resolved
Hide resolved
...agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java
Outdated
Show resolved
Hide resolved
...agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManagerImpl.java
Outdated
Show resolved
Hide resolved
…tooling/iast/stratum/StratumManagerImpl.java Co-authored-by: Manuel Álvarez Álvarez <[email protected]>
…tooling/iast/stratum/StratumManagerImpl.java Co-authored-by: Manuel Álvarez Álvarez <[email protected]>
…t/tooling/iast/stratum/StratumManagerImplTest.groovy Co-authored-by: Santiago M. Mola <[email protected]>
…t/tooling/iast/stratum/StratumManagerImplTest.groovy Co-authored-by: Santiago M. Mola <[email protected]>
81b6989
to
3c8ca9e
Compare
...a-agent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumExt.java
Outdated
Show resolved
Hide resolved
...ent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java
Outdated
Show resolved
Hide resolved
All changes reviewed to avoid logging at error level |
...ent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java
Outdated
Show resolved
Hide resolved
...ent/agent-tooling/src/main/java/datadog/trace/agent/tooling/iast/stratum/StratumManager.java
Outdated
Show resolved
Hide resolved
…tooling/iast/stratum/StratumManager.java Co-authored-by: Manuel Álvarez Álvarez <[email protected]>
What Does This Do
Add StratumManger to deal with SMAP Syntax from Jakarta Debugging Support for Other Languages
Replace the StackTraceElement used to create the vulnerability location with the original file and line info
Motivation
If we want to show proper filename for vulnerabilities in JSP, we’ll need to map JSP stack traces to file names.
Additional Notes
Jira ticket: APPSEC-4703
New metric PR