Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reset call depth counter if query is blocked #7311

Merged
merged 1 commit into from
Jul 15, 2024
Merged

Reset call depth counter if query is blocked #7311

merged 1 commit into from
Jul 15, 2024
+1 −0

Conversation

ValentinZakharov
Copy link
Contributor

@ValentinZakharov ValentinZakharov commented Jul 11, 2024
edited by jira bot
Loading

What Does This Do

Reset call depth counter in StatementInstrumentation if query with SQL-injection is blocked.

Motivation

In case of multiple blocking of sql queries, an error occurred leading to blocking failure

Additional Notes

Jira ticket: APPSEC-47228

@ValentinZakharov ValentinZakharov added tag: no release notes Changes to exclude from release notes inst: jdbc JDBC instrumentation comp: asm waf Application Security Management (WAF) labels Jul 11, 2024
@ValentinZakharov ValentinZakharov self-assigned this Jul 11, 2024
@pr-commenter
Copy link

pr-commenter bot commented Jul 11, 2024
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master vzakharov/rasp_sqli_blocking_fix
git_commit_date 1720791451 1720793971
git_commit_sha f0eec59 578afec
release_version 1.38.0-SNAPSHOT~f0eec59df9 1.38.0-SNAPSHOT~578afec3e7
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1720796415 1720796415
ci_job_id 570955444 570955444
ci_pipeline_id 39040732 39040732
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 56 metrics, 7 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.38.0-SNAPSHOT~578afec3e7, baseline=1.38.0-SNAPSHOT~f0eec59df9

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.07 s) : 0, 1069835
Total [baseline] (8.593 s) : 0, 8593399
Agent [candidate] (1.068 s) : 0, 1067972
Total [candidate] (8.511 s) : 0, 8510700
section iast
Agent [baseline] (1.17 s) : 0, 1169761
Total [baseline] (8.964 s) : 0, 8964447
Agent [candidate] (1.178 s) : 0, 1178097
Total [candidate] (8.944 s) : 0, 8944234
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.174 s) : 0, 1173750
Total [baseline] (8.956 s) : 0, 8956345
Agent [candidate] (1.169 s) : 0, 1168684
Total [candidate] (8.96 s) : 0, 8959681
section iast_TELEMETRY_OFF
Agent [baseline] (1.175 s) : 0, 1174691
Total [baseline] (8.939 s) : 0, 8938850
Agent [candidate] (1.168 s) : 0, 1168076
Total [candidate] (8.952 s) : 0, 8952359
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.07 s -
Agent iast 1.17 s 99.926 ms (9.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.174 s 103.915 ms (9.7%)
Agent iast_TELEMETRY_OFF 1.175 s 104.856 ms (9.8%)
Total tracing 8.593 s -
Total iast 8.964 s 371.047 ms (4.3%)
Total iast_HARDCODED_SECRET_DISABLED 8.956 s 362.946 ms (4.2%)
Total iast_TELEMETRY_OFF 8.939 s 345.451 ms (4.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.068 s -
Agent iast 1.178 s 110.125 ms (10.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.169 s 100.712 ms (9.4%)
Agent iast_TELEMETRY_OFF 1.168 s 100.104 ms (9.4%)
Total tracing 8.511 s -
Total iast 8.944 s 433.534 ms (5.1%)
Total iast_HARDCODED_SECRET_DISABLED 8.96 s 448.981 ms (5.3%)
Total iast_TELEMETRY_OFF 8.952 s 441.658 ms (5.2%) 
gantt
    title insecure-bank - break down per module: candidate=1.38.0-SNAPSHOT~578afec3e7, baseline=1.38.0-SNAPSHOT~f0eec59df9

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (669.397 ms) : 0, 669397
BytebuddyAgent [candidate] (668.299 ms) : 0, 668299
GlobalTracer [baseline] (307.125 ms) : 0, 307125
GlobalTracer [candidate] (306.639 ms) : 0, 306639
AppSec [baseline] (50.275 ms) : 0, 50275
AppSec [candidate] (50.194 ms) : 0, 50194
Remote Config [baseline] (682.853 µs) : 0, 683
Remote Config [candidate] (671.879 µs) : 0, 672
Telemetry [baseline] (7.651 ms) : 0, 7651
Telemetry [candidate] (7.624 ms) : 0, 7624
section iast
BytebuddyAgent [baseline] (780.031 ms) : 0, 780031
BytebuddyAgent [candidate] (785.095 ms) : 0, 785095
GlobalTracer [baseline] (295.133 ms) : 0, 295133
GlobalTracer [candidate] (297.063 ms) : 0, 297063
AppSec [baseline] (48.475 ms) : 0, 48475
AppSec [candidate] (49.97 ms) : 0, 49970
IAST [baseline] (25.247 ms) : 0, 25247
IAST [candidate] (24.817 ms) : 0, 24817
Remote Config [baseline] (562.977 µs) : 0, 563
Remote Config [candidate] (590.191 µs) : 0, 590
Telemetry [baseline] (6.868 ms) : 0, 6868
Telemetry [candidate] (7.029 ms) : 0, 7029
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (780.332 ms) : 0, 780332
BytebuddyAgent [candidate] (777.722 ms) : 0, 777722
GlobalTracer [baseline] (296.28 ms) : 0, 296280
GlobalTracer [candidate] (294.842 ms) : 0, 294842
AppSec [baseline] (47.945 ms) : 0, 47945
AppSec [candidate] (48.286 ms) : 0, 48286
IAST [baseline] (28.018 ms) : 0, 28018
IAST [candidate] (26.881 ms) : 0, 26881
Remote Config [baseline] (573.585 µs) : 0, 574
Remote Config [candidate] (554.125 µs) : 0, 554
Telemetry [baseline] (7.025 ms) : 0, 7025
Telemetry [candidate] (6.863 ms) : 0, 6863
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (781.479 ms) : 0, 781479
BytebuddyAgent [candidate] (776.705 ms) : 0, 776705
GlobalTracer [baseline] (296.436 ms) : 0, 296436
GlobalTracer [candidate] (294.832 ms) : 0, 294832
AppSec [baseline] (47.451 ms) : 0, 47451
AppSec [candidate] (47.147 ms) : 0, 47147
IAST [baseline] (28.362 ms) : 0, 28362
IAST [candidate] (28.492 ms) : 0, 28492
Remote Config [baseline] (573.583 µs) : 0, 574
Remote Config [candidate] (570.983 µs) : 0, 571
Telemetry [baseline] (6.791 ms) : 0, 6791
Telemetry [candidate] (6.787 ms) : 0, 6787
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.38.0-SNAPSHOT~578afec3e7, baseline=1.38.0-SNAPSHOT~f0eec59df9

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.067 s) : 0, 1066628
Total [baseline] (10.378 s) : 0, 10377759
Agent [candidate] (1.07 s) : 0, 1070112
Total [candidate] (10.34 s) : 0, 10340163
section appsec
Agent [baseline] (1.19 s) : 0, 1190065
Total [baseline] (10.488 s) : 0, 10488418
Agent [candidate] (1.184 s) : 0, 1184141
Total [candidate] (10.524 s) : 0, 10523575
section iast
Agent [baseline] (1.175 s) : 0, 1174865
Total [baseline] (10.741 s) : 0, 10740584
Agent [candidate] (1.172 s) : 0, 1171578
Total [candidate] (10.673 s) : 0, 10672940
section profiling
Agent [baseline] (1.282 s) : 0, 1282282
Total [baseline] (10.612 s) : 0, 10611895
Agent [candidate] (1.265 s) : 0, 1265409
Total [candidate] (10.558 s) : 0, 10558357
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.067 s -
Agent appsec 1.19 s 123.437 ms (11.6%)
Agent iast 1.175 s 108.237 ms (10.1%)
Agent profiling 1.282 s 215.654 ms (20.2%)
Total tracing 10.378 s -
Total appsec 10.488 s 110.659 ms (1.1%)
Total iast 10.741 s 362.825 ms (3.5%)
Total profiling 10.612 s 234.137 ms (2.3%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.07 s -
Agent appsec 1.184 s 114.029 ms (10.7%)
Agent iast 1.172 s 101.466 ms (9.5%)
Agent profiling 1.265 s 195.297 ms (18.3%)
Total tracing 10.34 s -
Total appsec 10.524 s 183.412 ms (1.8%)
Total iast 10.673 s 332.777 ms (3.2%)
Total profiling 10.558 s 218.194 ms (2.1%) 
gantt
    title petclinic - break down per module: candidate=1.38.0-SNAPSHOT~578afec3e7, baseline=1.38.0-SNAPSHOT~f0eec59df9

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (667.539 ms) : 0, 667539
BytebuddyAgent [candidate] (670.247 ms) : 0, 670247
GlobalTracer [baseline] (306.353 ms) : 0, 306353
GlobalTracer [candidate] (306.638 ms) : 0, 306638
AppSec [baseline] (49.869 ms) : 0, 49869
AppSec [candidate] (50.118 ms) : 0, 50118
Remote Config [baseline] (667.377 µs) : 0, 667
Remote Config [candidate] (671.431 µs) : 0, 671
Telemetry [baseline] (7.565 ms) : 0, 7565
Telemetry [candidate] (7.636 ms) : 0, 7636
section appsec
BytebuddyAgent [baseline] (680.424 ms) : 0, 680424
BytebuddyAgent [candidate] (676.167 ms) : 0, 676167
GlobalTracer [baseline] (300.942 ms) : 0, 300942
GlobalTracer [candidate] (298.871 ms) : 0, 298871
AppSec [baseline] (154.278 ms) : 0, 154278
AppSec [candidate] (153.821 ms) : 0, 153821
Remote Config [baseline] (622.085 µs) : 0, 622
Remote Config [candidate] (617.747 µs) : 0, 618
Telemetry [baseline] (8.852 ms) : 0, 8852
Telemetry [candidate] (9.493 ms) : 0, 9493
IAST [baseline] (20.262 ms) : 0, 20262
IAST [candidate] (20.836 ms) : 0, 20836
section iast
BytebuddyAgent [baseline] (782.013 ms) : 0, 782013
BytebuddyAgent [candidate] (779.487 ms) : 0, 779487
GlobalTracer [baseline] (296.217 ms) : 0, 296217
GlobalTracer [candidate] (295.529 ms) : 0, 295529
AppSec [baseline] (48.409 ms) : 0, 48409
AppSec [candidate] (49.268 ms) : 0, 49268
Remote Config [baseline] (582.361 µs) : 0, 582
Remote Config [candidate] (567.695 µs) : 0, 568
Telemetry [baseline] (7.056 ms) : 0, 7056
Telemetry [candidate] (6.912 ms) : 0, 6912
IAST [baseline] (27.068 ms) : 0, 27068
IAST [candidate] (26.24 ms) : 0, 26240
section profiling
BytebuddyAgent [baseline] (673.172 ms) : 0, 673172
BytebuddyAgent [candidate] (663.121 ms) : 0, 663121
GlobalTracer [baseline] (393.353 ms) : 0, 393353
GlobalTracer [candidate] (388.81 ms) : 0, 388810
AppSec [baseline] (52.189 ms) : 0, 52189
AppSec [candidate] (51.853 ms) : 0, 51853
Remote Config [baseline] (667.422 µs) : 0, 667
Remote Config [candidate] (657.969 µs) : 0, 658
Telemetry [baseline] (7.432 ms) : 0, 7432
Telemetry [candidate] (7.335 ms) : 0, 7335
ProfilingAgent [baseline] (97.385 ms) : 0, 97385
ProfilingAgent [candidate] (96.4 ms) : 0, 96400
Profiling [baseline] (97.41 ms) : 0, 97410
Profiling [candidate] (96.425 ms) : 0, 96425
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-07-12T14:31:02 2024-07-12T14:37:52
git_branch master vzakharov/rasp_sqli_blocking_fix
git_commit_date 1720791451 1720793971
git_commit_sha f0eec59 578afec
release_version 1.38.0-SNAPSHOT~f0eec59df9 1.38.0-SNAPSHOT~578afec3e7
start_time 2024-07-12T14:30:48 2024-07-12T14:37:39
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1720795419 1720795419
ci_job_id 570955445 570955445
ci_pipeline_id 39040732 39040732
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.38.0-SNAPSHOT~578afec3e7, baseline=1.38.0-SNAPSHOT~f0eec59df9
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.351 ms) : 1331, 1371
.   : milestone, 1351,
appsec (1.73 ms) : 1707, 1753
.   : milestone, 1730,
appsec_no_iast (1.732 ms) : 1709, 1756
.   : milestone, 1732,
iast (1.49 ms) : 1467, 1514
.   : milestone, 1490,
profiling (1.511 ms) : 1484, 1537
.   : milestone, 1511,
tracing (1.463 ms) : 1438, 1488
.   : milestone, 1463,
section candidate
no_agent (1.358 ms) : 1339, 1377
.   : milestone, 1358,
appsec (1.737 ms) : 1714, 1760
.   : milestone, 1737,
appsec_no_iast (1.72 ms) : 1696, 1745
.   : milestone, 1720,
iast (1.473 ms) : 1450, 1496
.   : milestone, 1473,
profiling (1.559 ms) : 1533, 1585
.   : milestone, 1559,
tracing (1.466 ms) : 1441, 1490
.   : milestone, 1466,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.351 ms [1.331 ms, 1.371 ms] -
appsec 1.73 ms [1.707 ms, 1.753 ms] 379.0 µs (28.1%)
appsec_no_iast 1.732 ms [1.709 ms, 1.756 ms] 381.458 µs (28.2%)
iast 1.49 ms [1.467 ms, 1.514 ms] 139.404 µs (10.3%)
profiling 1.511 ms [1.484 ms, 1.537 ms] 159.585 µs (11.8%)
tracing 1.463 ms [1.438 ms, 1.488 ms] 111.584 µs (8.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.358 ms [1.339 ms, 1.377 ms] -
appsec 1.737 ms [1.714 ms, 1.76 ms] 379.364 µs (27.9%)
appsec_no_iast 1.72 ms [1.696 ms, 1.745 ms] 362.389 µs (26.7%)
iast 1.473 ms [1.45 ms, 1.496 ms] 114.883 µs (8.5%)
profiling 1.559 ms [1.533 ms, 1.585 ms] 200.96 µs (14.8%)
tracing 1.466 ms [1.441 ms, 1.49 ms] 107.725 µs (7.9%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.38.0-SNAPSHOT~578afec3e7, baseline=1.38.0-SNAPSHOT~f0eec59df9
    dateFormat X
    axisFormat %s
section baseline
no_agent (368.145 µs) : 349, 388
.   : milestone, 368,
iast (478.041 µs) : 457, 499
.   : milestone, 478,
iast_FULL (557.415 µs) : 537, 578
.   : milestone, 557,
iast_GLOBAL (520.557 µs) : 497, 544
.   : milestone, 521,
iast_HARDCODED_SECRET_DISABLED (480.375 µs) : 459, 502
.   : milestone, 480,
iast_INACTIVE (453.726 µs) : 432, 475
.   : milestone, 454,
iast_TELEMETRY_OFF (469.207 µs) : 449, 490
.   : milestone, 469,
tracing (444.963 µs) : 424, 466
.   : milestone, 445,
section candidate
no_agent (369.969 µs) : 350, 390
.   : milestone, 370,
iast (479.234 µs) : 458, 500
.   : milestone, 479,
iast_FULL (546.946 µs) : 526, 568
.   : milestone, 547,
iast_GLOBAL (506.077 µs) : 484, 528
.   : milestone, 506,
iast_HARDCODED_SECRET_DISABLED (486.661 µs) : 465, 508
.   : milestone, 487,
iast_INACTIVE (447.192 µs) : 426, 468
.   : milestone, 447,
iast_TELEMETRY_OFF (473.944 µs) : 452, 496
.   : milestone, 474,
tracing (442.395 µs) : 422, 463
.   : milestone, 442,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 368.145 µs [348.606 µs, 387.684 µs] -
iast 478.041 µs [457.222 µs, 498.859 µs] 109.896 µs (29.9%)
iast_FULL 557.415 µs [536.506 µs, 578.324 µs] 189.27 µs (51.4%)
iast_GLOBAL 520.557 µs [497.372 µs, 543.742 µs] 152.412 µs (41.4%)
iast_HARDCODED_SECRET_DISABLED 480.375 µs [459.205 µs, 501.544 µs] 112.23 µs (30.5%)
iast_INACTIVE 453.726 µs [432.3 µs, 475.153 µs] 85.581 µs (23.2%)
iast_TELEMETRY_OFF 469.207 µs [448.586 µs, 489.828 µs] 101.062 µs (27.5%)
tracing 444.963 µs [424.103 µs, 465.823 µs] 76.818 µs (20.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 369.969 µs [350.111 µs, 389.827 µs] -
iast 479.234 µs [458.109 µs, 500.359 µs] 109.265 µs (29.5%)
iast_FULL 546.946 µs [525.861 µs, 568.031 µs] 176.977 µs (47.8%)
iast_GLOBAL 506.077 µs [484.029 µs, 528.125 µs] 136.108 µs (36.8%)
iast_HARDCODED_SECRET_DISABLED 486.661 µs [465.217 µs, 508.106 µs] 116.692 µs (31.5%)
iast_INACTIVE 447.192 µs [426.176 µs, 468.208 µs] 77.223 µs (20.9%)
iast_TELEMETRY_OFF 473.944 µs [452.19 µs, 495.698 µs] 103.975 µs (28.1%)
tracing 442.395 µs [421.838 µs, 462.951 µs] 72.425 µs (19.6%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master vzakharov/rasp_sqli_blocking_fix
git_commit_date 1720791451 1720793971
git_commit_sha f0eec59 578afec
release_version 1.38.0-SNAPSHOT~f0eec59df9 1.38.0-SNAPSHOT~578afec3e7
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1720795851 1720795851
ci_job_id 570955446 570955446
ci_pipeline_id 39040732 39040732
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.38.0-SNAPSHOT~578afec3e7, baseline=1.38.0-SNAPSHOT~f0eec59df9
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.98 s) : 14980000, 14980000
.   : milestone, 14980000,
appsec (15.067 s) : 15067000, 15067000
.   : milestone, 15067000,
iast (18.846 s) : 18846000, 18846000
.   : milestone, 18846000,
iast_GLOBAL (17.871 s) : 17871000, 17871000
.   : milestone, 17871000,
profiling (14.915 s) : 14915000, 14915000
.   : milestone, 14915000,
tracing (15.233 s) : 15233000, 15233000
.   : milestone, 15233000,
section candidate
no_agent (14.727 s) : 14727000, 14727000
.   : milestone, 14727000,
appsec (14.9 s) : 14900000, 14900000
.   : milestone, 14900000,
iast (18.675 s) : 18675000, 18675000
.   : milestone, 18675000,
iast_GLOBAL (17.715 s) : 17715000, 17715000
.   : milestone, 17715000,
profiling (15.51 s) : 15510000, 15510000
.   : milestone, 15510000,
tracing (14.858 s) : 14858000, 14858000
.   : milestone, 14858000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.98 s [14.98 s, 14.98 s] -
appsec 15.067 s [15.067 s, 15.067 s] 87.0 ms (0.6%)
iast 18.846 s [18.846 s, 18.846 s] 3.866 s (25.8%)
iast_GLOBAL 17.871 s [17.871 s, 17.871 s] 2.891 s (19.3%)
profiling 14.915 s [14.915 s, 14.915 s] -65.0 ms (-0.4%)
tracing 15.233 s [15.233 s, 15.233 s] 253.0 ms (1.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.727 s [14.727 s, 14.727 s] -
appsec 14.9 s [14.9 s, 14.9 s] 173.0 ms (1.2%)
iast 18.675 s [18.675 s, 18.675 s] 3.948 s (26.8%)
iast_GLOBAL 17.715 s [17.715 s, 17.715 s] 2.988 s (20.3%)
profiling 15.51 s [15.51 s, 15.51 s] 783.0 ms (5.3%)
tracing 14.858 s [14.858 s, 14.858 s] 131.0 ms (0.9%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.38.0-SNAPSHOT~578afec3e7, baseline=1.38.0-SNAPSHOT~f0eec59df9
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.456 ms) : 1444, 1467
.   : milestone, 1456,
appsec (2.229 ms) : 2194, 2264
.   : milestone, 2229,
iast (1.968 ms) : 1926, 2009
.   : milestone, 1968,
iast_GLOBAL (2.013 ms) : 1971, 2056
.   : milestone, 2013,
profiling (1.867 ms) : 1832, 1901
.   : milestone, 1867,
tracing (1.845 ms) : 1812, 1878
.   : milestone, 1845,
section candidate
no_agent (1.465 ms) : 1454, 1477
.   : milestone, 1465,
appsec (2.212 ms) : 2178, 2246
.   : milestone, 2212,
iast (1.967 ms) : 1926, 2009
.   : milestone, 1967,
iast_GLOBAL (2.021 ms) : 1977, 2064
.   : milestone, 2021,
profiling (1.85 ms) : 1816, 1883
.   : milestone, 1850,
tracing (1.832 ms) : 1800, 1864
.   : milestone, 1832,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.456 ms [1.444 ms, 1.467 ms] -
appsec 2.229 ms [2.194 ms, 2.264 ms] 773.515 µs (53.1%)
iast 1.968 ms [1.926 ms, 2.009 ms] 512.227 µs (35.2%)
iast_GLOBAL 2.013 ms [1.971 ms, 2.056 ms] 557.447 µs (38.3%)
profiling 1.867 ms [1.832 ms, 1.901 ms] 411.091 µs (28.2%)
tracing 1.845 ms [1.812 ms, 1.878 ms] 389.458 µs (26.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.465 ms [1.454 ms, 1.477 ms] -
appsec 2.212 ms [2.178 ms, 2.246 ms] 747.075 µs (51.0%)
iast 1.967 ms [1.926 ms, 2.009 ms] 502.167 µs (34.3%)
iast_GLOBAL 2.021 ms [1.977 ms, 2.064 ms] 555.568 µs (37.9%)
profiling 1.85 ms [1.816 ms, 1.883 ms] 384.537 µs (26.2%)
tracing 1.832 ms [1.8 ms, 1.864 ms] 366.802 µs (25.0%)

@ValentinZakharov ValentinZakharov marked this pull request as ready for review July 12, 2024 11:18
@ValentinZakharov ValentinZakharov requested a review from a team as a code owner July 12, 2024 11:18
@ValentinZakharov ValentinZakharov force-pushed the vzakharov/rasp_sqli_blocking_fix branch from fa29629 to 578afec Compare July 12, 2024 14:19
amarziali
amarziali reviewed Jul 12, 2024
View reviewed changes
...entation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/StatementInstrumentation.java
@@ -120,6 +120,7 @@ public static AgentScope onEnter(
// if we can't get the connection for any reason
return null;
} catch (BlockingException e) {
CallDepthThreadLocalMap.reset(Statement.class);
Copy link
Collaborator

@amarziali amarziali Jul 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would have instead put CallDepthThreadLocalMap.decrement(Statement.class) at first line of stopSpan method for the simple reason that the code is way more readeable this way. Of course the call of CallDepthThreadLocalMap.reset(Statement.class); also in stopSpan won't be needed anymore at this point

amarziali
amarziali approved these changes Jul 12, 2024
View reviewed changes
Copy link
Collaborator

@amarziali amarziali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I left a suggestion to make it more readable

@ValentinZakharov ValentinZakharov merged commit 0c75467 into master Jul 15, 2024
82 checks passed
@ValentinZakharov ValentinZakharov deleted the vzakharov/rasp_sqli_blocking_fix branch July 15, 2024 11:28
@github-actions github-actions bot added this to the 1.38.0 milestone Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amarziali amarziali amarziali approved these changes

Assignees

@ValentinZakharov ValentinZakharov

Labels
comp: asm waf Application Security Management (WAF) inst: jdbc JDBC instrumentation tag: no release notes Changes to exclude from release notes
Projects
None yet
Milestone
1.38.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ValentinZakharov @amarziali