-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend support for SSRF in exploit prevention #7376
Conversation
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 9 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.093 s) : 0, 1093265
Total [baseline] (10.468 s) : 0, 10468055
Agent [candidate] (1.095 s) : 0, 1094933
Total [candidate] (10.447 s) : 0, 10447379
section appsec
Agent [baseline] (1.228 s) : 0, 1228397
Total [baseline] (10.805 s) : 0, 10804709
Agent [candidate] (1.223 s) : 0, 1223226
Total [candidate] (10.744 s) : 0, 10743816
section iast
Agent [baseline] (1.215 s) : 0, 1215418
Total [baseline] (10.93 s) : 0, 10929669
Agent [candidate] (1.215 s) : 0, 1215339
Total [candidate] (10.999 s) : 0, 10999278
section profiling
Agent [baseline] (1.287 s) : 0, 1287498
Total [baseline] (10.866 s) : 0, 10865629
Agent [candidate] (1.29 s) : 0, 1290222
Total [candidate] (10.876 s) : 0, 10875762
gantt
title petclinic - break down per module: candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (695.757 ms) : 0, 695757
BytebuddyAgent [candidate] (696.511 ms) : 0, 696511
GlobalTracer [baseline] (318.038 ms) : 0, 318038
GlobalTracer [candidate] (319.088 ms) : 0, 319088
AppSec [baseline] (54.975 ms) : 0, 54975
AppSec [candidate] (54.727 ms) : 0, 54727
Remote Config [baseline] (682.942 µs) : 0, 683
Remote Config [candidate] (688.394 µs) : 0, 688
Telemetry [baseline] (10.035 ms) : 0, 10035
Telemetry [candidate] (10.135 ms) : 0, 10135
section appsec
BytebuddyAgent [baseline] (713.323 ms) : 0, 713323
BytebuddyAgent [candidate] (709.328 ms) : 0, 709328
GlobalTracer [baseline] (315.759 ms) : 0, 315759
GlobalTracer [candidate] (314.573 ms) : 0, 314573
AppSec [baseline] (166.768 ms) : 0, 166768
AppSec [candidate] (165.042 ms) : 0, 165042
Remote Config [baseline] (653.35 µs) : 0, 653
Remote Config [candidate] (646.121 µs) : 0, 646
Telemetry [baseline] (8.253 ms) : 0, 8253
Telemetry [candidate] (9.317 ms) : 0, 9317
IAST [baseline] (19.702 ms) : 0, 19702
IAST [candidate] (21.201 ms) : 0, 21201
section iast
BytebuddyAgent [baseline] (808.044 ms) : 0, 808044
BytebuddyAgent [candidate] (808.114 ms) : 0, 808114
GlobalTracer [baseline] (306.585 ms) : 0, 306585
GlobalTracer [candidate] (306.315 ms) : 0, 306315
AppSec [baseline] (56.443 ms) : 0, 56443
AppSec [candidate] (57.395 ms) : 0, 57395
Remote Config [baseline] (628.165 µs) : 0, 628
Remote Config [candidate] (605.577 µs) : 0, 606
Telemetry [baseline] (7.459 ms) : 0, 7459
Telemetry [candidate] (7.546 ms) : 0, 7546
IAST [baseline] (22.611 ms) : 0, 22611
IAST [candidate] (21.667 ms) : 0, 21667
section profiling
BytebuddyAgent [baseline] (686.938 ms) : 0, 686938
BytebuddyAgent [candidate] (689.051 ms) : 0, 689051
GlobalTracer [baseline] (400.787 ms) : 0, 400787
GlobalTracer [candidate] (401.499 ms) : 0, 401499
AppSec [baseline] (55.301 ms) : 0, 55301
AppSec [candidate] (55.135 ms) : 0, 55135
Remote Config [baseline] (681.411 µs) : 0, 681
Remote Config [candidate] (680.3 µs) : 0, 680
Telemetry [baseline] (12.279 ms) : 0, 12279
Telemetry [candidate] (10.734 ms) : 0, 10734
ProfilingAgent [baseline] (92.497 ms) : 0, 92497
ProfilingAgent [candidate] (94.001 ms) : 0, 94001
Profiling [baseline] (92.52 ms) : 0, 92520
Profiling [candidate] (94.025 ms) : 0, 94025
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.093 s) : 0, 1093221
Total [baseline] (8.679 s) : 0, 8678894
Agent [candidate] (1.086 s) : 0, 1086145
Total [candidate] (8.651 s) : 0, 8651377
section iast
Agent [baseline] (1.226 s) : 0, 1225956
Total [baseline] (9.19 s) : 0, 9190241
Agent [candidate] (1.217 s) : 0, 1217104
Total [candidate] (9.185 s) : 0, 9184975
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.216 s) : 0, 1216436
Total [baseline] (9.179 s) : 0, 9178532
Agent [candidate] (1.217 s) : 0, 1217128
Total [candidate] (9.188 s) : 0, 9188230
section iast_TELEMETRY_OFF
Agent [baseline] (1.22 s) : 0, 1219987
Total [baseline] (9.159 s) : 0, 9158824
Agent [candidate] (1.212 s) : 0, 1212021
Total [candidate] (9.18 s) : 0, 9179877
gantt
title insecure-bank - break down per module: candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (693.935 ms) : 0, 693935
BytebuddyAgent [candidate] (691.512 ms) : 0, 691512
GlobalTracer [baseline] (317.836 ms) : 0, 317836
GlobalTracer [candidate] (316.664 ms) : 0, 316664
AppSec [baseline] (54.921 ms) : 0, 54921
AppSec [candidate] (54.269 ms) : 0, 54269
Remote Config [baseline] (689.729 µs) : 0, 690
Remote Config [candidate] (704.452 µs) : 0, 704
Telemetry [baseline] (12.073 ms) : 0, 12073
Telemetry [candidate] (9.282 ms) : 0, 9282
section iast
BytebuddyAgent [baseline] (816.108 ms) : 0, 816108
BytebuddyAgent [candidate] (809.819 ms) : 0, 809819
GlobalTracer [baseline] (308.768 ms) : 0, 308768
GlobalTracer [candidate] (307.006 ms) : 0, 307006
AppSec [baseline] (58.069 ms) : 0, 58069
AppSec [candidate] (57.058 ms) : 0, 57058
IAST [baseline] (20.996 ms) : 0, 20996
IAST [candidate] (21.408 ms) : 0, 21408
Remote Config [baseline] (634.539 µs) : 0, 635
Remote Config [candidate] (619.567 µs) : 0, 620
Telemetry [baseline] (7.576 ms) : 0, 7576
Telemetry [candidate] (7.407 ms) : 0, 7407
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (808.938 ms) : 0, 808938
BytebuddyAgent [candidate] (809.068 ms) : 0, 809068
GlobalTracer [baseline] (307.046 ms) : 0, 307046
GlobalTracer [candidate] (307.409 ms) : 0, 307409
AppSec [baseline] (58.039 ms) : 0, 58039
AppSec [candidate] (57.99 ms) : 0, 57990
IAST [baseline] (20.593 ms) : 0, 20593
IAST [candidate] (20.747 ms) : 0, 20747
Remote Config [baseline] (611.674 µs) : 0, 612
Remote Config [candidate] (619.957 µs) : 0, 620
Telemetry [baseline] (7.479 ms) : 0, 7479
Telemetry [candidate] (7.557 ms) : 0, 7557
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (811.082 ms) : 0, 811082
BytebuddyAgent [candidate] (805.281 ms) : 0, 805281
GlobalTracer [baseline] (307.72 ms) : 0, 307720
GlobalTracer [candidate] (306.225 ms) : 0, 306225
AppSec [baseline] (57.786 ms) : 0, 57786
AppSec [candidate] (58.428 ms) : 0, 58428
IAST [baseline] (21.432 ms) : 0, 21432
IAST [candidate] (20.307 ms) : 0, 20307
Remote Config [baseline] (618.509 µs) : 0, 619
Remote Config [candidate] (622.723 µs) : 0, 623
Telemetry [baseline] (7.522 ms) : 0, 7522
Telemetry [candidate] (7.429 ms) : 0, 7429
LoadParameters
See matching parameters
SummaryFound 1 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 17 unstable metrics.
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
dateFormat X
axisFormat %s
section baseline
no_agent (1.352 ms) : 1331, 1372
. : milestone, 1352,
appsec (1.775 ms) : 1751, 1800
. : milestone, 1775,
appsec_no_iast (1.763 ms) : 1739, 1788
. : milestone, 1763,
iast (1.511 ms) : 1488, 1534
. : milestone, 1511,
profiling (1.588 ms) : 1564, 1612
. : milestone, 1588,
tracing (1.495 ms) : 1471, 1520
. : milestone, 1495,
section candidate
no_agent (1.333 ms) : 1313, 1353
. : milestone, 1333,
appsec (1.749 ms) : 1724, 1774
. : milestone, 1749,
appsec_no_iast (1.752 ms) : 1728, 1776
. : milestone, 1752,
iast (1.503 ms) : 1481, 1526
. : milestone, 1503,
profiling (1.514 ms) : 1491, 1538
. : milestone, 1514,
tracing (1.495 ms) : 1471, 1519
. : milestone, 1495,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
dateFormat X
axisFormat %s
section baseline
no_agent (373.772 µs) : 354, 393
. : milestone, 374,
iast (486.579 µs) : 465, 508
. : milestone, 487,
iast_FULL (647.422 µs) : 626, 669
. : milestone, 647,
iast_GLOBAL (518.016 µs) : 497, 539
. : milestone, 518,
iast_HARDCODED_SECRET_DISABLED (490.808 µs) : 470, 512
. : milestone, 491,
iast_INACTIVE (453.526 µs) : 432, 475
. : milestone, 454,
iast_TELEMETRY_OFF (476.27 µs) : 455, 498
. : milestone, 476,
tracing (443.477 µs) : 423, 464
. : milestone, 443,
section candidate
no_agent (375.589 µs) : 356, 395
. : milestone, 376,
iast (490.827 µs) : 469, 512
. : milestone, 491,
iast_FULL (648.212 µs) : 627, 670
. : milestone, 648,
iast_GLOBAL (514.371 µs) : 492, 536
. : milestone, 514,
iast_HARDCODED_SECRET_DISABLED (484.774 µs) : 463, 506
. : milestone, 485,
iast_INACTIVE (459.056 µs) : 437, 481
. : milestone, 459,
iast_TELEMETRY_OFF (481.701 µs) : 460, 503
. : milestone, 482,
tracing (449.185 µs) : 427, 471
. : milestone, 449,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
dateFormat X
axisFormat %s
section baseline
no_agent (14.967 s) : 14967000, 14967000
. : milestone, 14967000,
appsec (15.069 s) : 15069000, 15069000
. : milestone, 15069000,
iast (18.835 s) : 18835000, 18835000
. : milestone, 18835000,
iast_GLOBAL (18.208 s) : 18208000, 18208000
. : milestone, 18208000,
profiling (14.936 s) : 14936000, 14936000
. : milestone, 14936000,
tracing (15.012 s) : 15012000, 15012000
. : milestone, 15012000,
section candidate
no_agent (15.273 s) : 15273000, 15273000
. : milestone, 15273000,
appsec (15.163 s) : 15163000, 15163000
. : milestone, 15163000,
iast (19.017 s) : 19017000, 19017000
. : milestone, 19017000,
iast_GLOBAL (17.97 s) : 17970000, 17970000
. : milestone, 17970000,
profiling (14.811 s) : 14811000, 14811000
. : milestone, 14811000,
tracing (14.713 s) : 14713000, 14713000
. : milestone, 14713000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~cfdcf8c525, baseline=1.43.0-SNAPSHOT~e5aa8fa019
dateFormat X
axisFormat %s
section baseline
no_agent (1.464 ms) : 1453, 1476
. : milestone, 1464,
appsec (2.323 ms) : 2282, 2364
. : milestone, 2323,
iast (2.071 ms) : 2019, 2123
. : milestone, 2071,
iast_GLOBAL (2.113 ms) : 2061, 2166
. : milestone, 2113,
profiling (1.946 ms) : 1903, 1989
. : milestone, 1946,
tracing (1.916 ms) : 1876, 1956
. : milestone, 1916,
section candidate
no_agent (1.465 ms) : 1454, 1477
. : milestone, 1465,
appsec (2.324 ms) : 2283, 2365
. : milestone, 2324,
iast (2.074 ms) : 2022, 2126
. : milestone, 2074,
iast_GLOBAL (2.12 ms) : 2067, 2172
. : milestone, 2120,
profiling (1.923 ms) : 1882, 1964
. : milestone, 1923,
tracing (1.909 ms) : 1870, 1949
. : milestone, 1909,
|
6c3abd6
to
83336f3
Compare
e3abcf7
to
0fd33ba
Compare
9920b1c
to
16a7bf8
Compare
be799c5
to
9dc7948
Compare
66da118
to
971fabe
Compare
fc764ee
to
a2295f9
Compare
...va/datadog/trace/instrumentation/jackson/codehouse/core/RaspJson1FactoryInstrumentation.java
Outdated
Show resolved
Hide resolved
85bd34a
to
4f6a0c9
Compare
647970a
to
001d4fc
Compare
@@ -175,6 +185,48 @@ public long getResponseContentLength(final RESPONSE response) { | |||
return 0; | |||
} | |||
|
|||
private void onNetworkConnection(final String networkConnection) { | |||
if (!Config.get().isAppSecRaspEnabled()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: you can cache it statically (the counterpart is that you need forkedtests)
What Does This Do
Motivation
improve Exploit prevention for SSRF coverage
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-54958