-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create new ranges for vulns to prevent GC issues #7309
Merged
manuel-alvarez-alvarez
merged 1 commit into
master
from
malvarez/iast-prevent-flaky-weak-refs
Jul 15, 2024
Merged
Create new ranges for vulns to prevent GC issues #7309
manuel-alvarez-alvarez
merged 1 commit into
master
from
malvarez/iast-prevent-flaky-weak-refs
Jul 15, 2024
+90
−7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manuel-alvarez-alvarez
added
the
comp: asm iast
Application Security Management (IAST)
label
Jul 11, 2024
smola
approved these changes
Jul 11, 2024
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 9 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.38.0-SNAPSHOT~5de479f3cc, baseline=1.38.0-SNAPSHOT~f88def8618
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.064 s) : 0, 1063621
Total [baseline] (8.527 s) : 0, 8526561
Agent [candidate] (1.078 s) : 0, 1078252
Total [candidate] (8.583 s) : 0, 8583470
section iast
Agent [baseline] (1.182 s) : 0, 1181634
Total [baseline] (8.967 s) : 0, 8967436
Agent [candidate] (1.188 s) : 0, 1187783
Total [candidate] (9.007 s) : 0, 9007138
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.172 s) : 0, 1172034
Total [baseline] (8.938 s) : 0, 8938400
Agent [candidate] (1.173 s) : 0, 1172986
Total [candidate] (8.908 s) : 0, 8907529
section iast_TELEMETRY_OFF
Agent [baseline] (1.171 s) : 0, 1170621
Total [baseline] (8.964 s) : 0, 8963636
Agent [candidate] (1.171 s) : 0, 1170811
Total [candidate] (8.948 s) : 0, 8948008
gantt
title insecure-bank - break down per module: candidate=1.38.0-SNAPSHOT~5de479f3cc, baseline=1.38.0-SNAPSHOT~f88def8618
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (665.929 ms) : 0, 665929
BytebuddyAgent [candidate] (674.034 ms) : 0, 674034
GlobalTracer [baseline] (305.004 ms) : 0, 305004
GlobalTracer [candidate] (310.049 ms) : 0, 310049
AppSec [baseline] (49.841 ms) : 0, 49841
AppSec [candidate] (50.784 ms) : 0, 50784
Remote Config [baseline] (679.676 µs) : 0, 680
Remote Config [candidate] (691.507 µs) : 0, 692
Telemetry [baseline] (7.663 ms) : 0, 7663
Telemetry [candidate] (7.787 ms) : 0, 7787
section iast
BytebuddyAgent [baseline] (787.844 ms) : 0, 787844
BytebuddyAgent [candidate] (791.696 ms) : 0, 791696
GlobalTracer [baseline] (297.874 ms) : 0, 297874
GlobalTracer [candidate] (299.053 ms) : 0, 299053
AppSec [baseline] (47.876 ms) : 0, 47876
AppSec [candidate] (51.041 ms) : 0, 51041
Remote Config [baseline] (602.841 µs) : 0, 603
Remote Config [candidate] (586.684 µs) : 0, 587
Telemetry [baseline] (7.06 ms) : 0, 7060
Telemetry [candidate] (6.97 ms) : 0, 6970
IAST [baseline] (26.752 ms) : 0, 26752
IAST [candidate] (24.741 ms) : 0, 24741
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (779.587 ms) : 0, 779587
BytebuddyAgent [candidate] (780.742 ms) : 0, 780742
GlobalTracer [baseline] (295.61 ms) : 0, 295610
GlobalTracer [candidate] (295.783 ms) : 0, 295783
AppSec [baseline] (49.026 ms) : 0, 49026
AppSec [candidate] (49.113 ms) : 0, 49113
Remote Config [baseline] (570.74 µs) : 0, 571
Remote Config [candidate] (557.62 µs) : 0, 558
Telemetry [baseline] (6.945 ms) : 0, 6945
Telemetry [candidate] (6.928 ms) : 0, 6928
IAST [baseline] (26.759 ms) : 0, 26759
IAST [candidate] (26.276 ms) : 0, 26276
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (778.358 ms) : 0, 778358
BytebuddyAgent [candidate] (778.167 ms) : 0, 778167
GlobalTracer [baseline] (295.81 ms) : 0, 295810
GlobalTracer [candidate] (295.822 ms) : 0, 295822
AppSec [baseline] (47.592 ms) : 0, 47592
AppSec [candidate] (47.415 ms) : 0, 47415
Remote Config [baseline] (579.786 µs) : 0, 580
Remote Config [candidate] (581.261 µs) : 0, 581
Telemetry [baseline] (6.834 ms) : 0, 6834
Telemetry [candidate] (6.801 ms) : 0, 6801
IAST [baseline] (27.889 ms) : 0, 27889
IAST [candidate] (28.468 ms) : 0, 28468
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.38.0-SNAPSHOT~5de479f3cc, baseline=1.38.0-SNAPSHOT~f88def8618
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.064 s) : 0, 1064301
Total [baseline] (10.281 s) : 0, 10280937
Agent [candidate] (1.066 s) : 0, 1065689
Total [candidate] (10.356 s) : 0, 10355510
section appsec
Agent [baseline] (1.184 s) : 0, 1183977
Total [baseline] (10.541 s) : 0, 10540641
Agent [candidate] (1.188 s) : 0, 1187583
Total [candidate] (10.571 s) : 0, 10570929
section iast
Agent [baseline] (1.183 s) : 0, 1183281
Total [baseline] (10.774 s) : 0, 10774402
Agent [candidate] (1.173 s) : 0, 1173296
Total [candidate] (10.668 s) : 0, 10667522
section profiling
Agent [baseline] (1.266 s) : 0, 1266306
Total [baseline] (10.62 s) : 0, 10620166
Agent [candidate] (1.264 s) : 0, 1264277
Total [candidate] (10.578 s) : 0, 10577834
gantt
title petclinic - break down per module: candidate=1.38.0-SNAPSHOT~5de479f3cc, baseline=1.38.0-SNAPSHOT~f88def8618
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (666.2 ms) : 0, 666200
BytebuddyAgent [candidate] (666.811 ms) : 0, 666811
GlobalTracer [baseline] (305.214 ms) : 0, 305214
GlobalTracer [candidate] (305.56 ms) : 0, 305560
AppSec [baseline] (50.075 ms) : 0, 50075
AppSec [candidate] (50.326 ms) : 0, 50326
Remote Config [baseline] (675.877 µs) : 0, 676
Remote Config [candidate] (686.722 µs) : 0, 687
Telemetry [baseline] (7.592 ms) : 0, 7592
Telemetry [candidate] (7.691 ms) : 0, 7691
section appsec
BytebuddyAgent [baseline] (676.762 ms) : 0, 676762
BytebuddyAgent [candidate] (678.256 ms) : 0, 678256
GlobalTracer [baseline] (299.41 ms) : 0, 299410
GlobalTracer [candidate] (300.042 ms) : 0, 300042
AppSec [baseline] (153.543 ms) : 0, 153543
AppSec [candidate] (153.903 ms) : 0, 153903
Remote Config [baseline] (622.572 µs) : 0, 623
Remote Config [candidate] (617.687 µs) : 0, 618
Telemetry [baseline] (8.213 ms) : 0, 8213
Telemetry [candidate] (9.255 ms) : 0, 9255
IAST [baseline] (21.522 ms) : 0, 21522
IAST [candidate] (21.523 ms) : 0, 21523
section iast
BytebuddyAgent [baseline] (790.717 ms) : 0, 790717
BytebuddyAgent [candidate] (782.183 ms) : 0, 782183
GlobalTracer [baseline] (296.791 ms) : 0, 296791
GlobalTracer [candidate] (296.145 ms) : 0, 296145
AppSec [baseline] (49.101 ms) : 0, 49101
AppSec [candidate] (49.432 ms) : 0, 49432
Remote Config [baseline] (591.18 µs) : 0, 591
Remote Config [candidate] (594.222 µs) : 0, 594
Telemetry [baseline] (6.953 ms) : 0, 6953
Telemetry [candidate] (6.956 ms) : 0, 6956
IAST [baseline] (25.409 ms) : 0, 25409
IAST [candidate] (24.405 ms) : 0, 24405
section profiling
BytebuddyAgent [baseline] (664.021 ms) : 0, 664021
BytebuddyAgent [candidate] (662.961 ms) : 0, 662961
GlobalTracer [baseline] (388.625 ms) : 0, 388625
GlobalTracer [candidate] (388.531 ms) : 0, 388531
AppSec [baseline] (51.82 ms) : 0, 51820
AppSec [candidate] (51.471 ms) : 0, 51471
Remote Config [baseline] (661.776 µs) : 0, 662
Remote Config [candidate] (647.058 µs) : 0, 647
Telemetry [baseline] (7.275 ms) : 0, 7275
Telemetry [candidate] (7.303 ms) : 0, 7303
ProfilingAgent [baseline] (96.855 ms) : 0, 96855
ProfilingAgent [candidate] (96.07 ms) : 0, 96070
Profiling [baseline] (96.88 ms) : 0, 96880
Profiling [candidate] (96.093 ms) : 0, 96093
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.38.0-SNAPSHOT~5de479f3cc, baseline=1.38.0-SNAPSHOT~f88def8618
dateFormat X
axisFormat %s
section baseline
no_agent (1.368 ms) : 1349, 1388
. : milestone, 1368,
appsec (1.737 ms) : 1714, 1760
. : milestone, 1737,
appsec_no_iast (1.745 ms) : 1721, 1768
. : milestone, 1745,
iast (1.493 ms) : 1471, 1516
. : milestone, 1493,
profiling (1.504 ms) : 1479, 1529
. : milestone, 1504,
tracing (1.473 ms) : 1449, 1497
. : milestone, 1473,
section candidate
no_agent (1.351 ms) : 1331, 1371
. : milestone, 1351,
appsec (1.743 ms) : 1719, 1767
. : milestone, 1743,
appsec_no_iast (1.715 ms) : 1690, 1741
. : milestone, 1715,
iast (1.475 ms) : 1452, 1498
. : milestone, 1475,
profiling (1.531 ms) : 1505, 1556
. : milestone, 1531,
tracing (1.476 ms) : 1452, 1499
. : milestone, 1476,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.38.0-SNAPSHOT~5de479f3cc, baseline=1.38.0-SNAPSHOT~f88def8618
dateFormat X
axisFormat %s
section baseline
no_agent (376.165 µs) : 356, 396
. : milestone, 376,
iast (490.67 µs) : 470, 512
. : milestone, 491,
iast_FULL (562.365 µs) : 541, 583
. : milestone, 562,
iast_GLOBAL (524.656 µs) : 503, 546
. : milestone, 525,
iast_HARDCODED_SECRET_DISABLED (490.992 µs) : 470, 512
. : milestone, 491,
iast_INACTIVE (455.346 µs) : 434, 476
. : milestone, 455,
iast_TELEMETRY_OFF (476.644 µs) : 455, 498
. : milestone, 477,
tracing (447.429 µs) : 427, 468
. : milestone, 447,
section candidate
no_agent (370.519 µs) : 350, 391
. : milestone, 371,
iast (493.132 µs) : 471, 515
. : milestone, 493,
iast_FULL (566.007 µs) : 545, 587
. : milestone, 566,
iast_GLOBAL (526.085 µs) : 503, 549
. : milestone, 526,
iast_HARDCODED_SECRET_DISABLED (485.396 µs) : 464, 506
. : milestone, 485,
iast_INACTIVE (460.144 µs) : 438, 482
. : milestone, 460,
iast_TELEMETRY_OFF (475.4 µs) : 454, 496
. : milestone, 475,
tracing (441.828 µs) : 421, 463
. : milestone, 442,
Dacapo |
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-prevent-flaky-weak-refs
branch
2 times, most recently
from
July 15, 2024 08:43
787f6ca
to
2abf7ca
Compare
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-prevent-flaky-weak-refs
branch
from
July 15, 2024 15:16
2abf7ca
to
5de479f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Creates new ranges without weak references for evidences in vulnerabilities
Motivation
Before the vulnerability is written to the span in the end of the request, there's still the chance that the original value is GCed causing flaky tests in our pipelines.
Additional Notes
Jira ticket: [PROJ-IDENT]