-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extract EventTracker logic to the appsec module #7554
Extract EventTracker logic to the appsec module #7554
Conversation
dd-java-agent/appsec/src/main/java/com/datadog/appsec/user/AppSecEventTrackerImpl.java
Outdated
Show resolved
Hide resolved
...-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy
Outdated
Show resolved
Hide resolved
internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java
Outdated
Show resolved
Hide resolved
cd88509
to
13fcee3
Compare
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~8a7f01b435, baseline=1.40.0-SNAPSHOT~bb8b0d25a6
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.57 s) : 0, 1569782
Total [baseline] (14.318 s) : 0, 14317749
Agent [candidate] (1.576 s) : 0, 1576077
Total [candidate] (14.317 s) : 0, 14316866
section appsec
Agent [baseline] (1.771 s) : 0, 1771338
Total [baseline] (14.641 s) : 0, 14641089
Agent [candidate] (1.781 s) : 0, 1780755
Total [candidate] (14.759 s) : 0, 14758952
section iast
Agent [baseline] (1.734 s) : 0, 1733604
Total [baseline] (14.898 s) : 0, 14897878
Agent [candidate] (1.743 s) : 0, 1742981
Total [candidate] (14.94 s) : 0, 14940319
section profiling
Agent [baseline] (1.895 s) : 0, 1894563
Total [baseline] (14.635 s) : 0, 14635478
Agent [candidate] (1.893 s) : 0, 1893440
Total [candidate] (14.561 s) : 0, 14561282
gantt
title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~8a7f01b435, baseline=1.40.0-SNAPSHOT~bb8b0d25a6
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (1.004 s) : 0, 1004372
BytebuddyAgent [candidate] (1.008 s) : 0, 1007919
GlobalTracer [baseline] (461.387 ms) : 0, 461387
GlobalTracer [candidate] (462.732 ms) : 0, 462732
AppSec [baseline] (73.256 ms) : 0, 73256
AppSec [candidate] (74.506 ms) : 0, 74506
Remote Config [baseline] (813.948 µs) : 0, 814
Remote Config [candidate] (842.287 µs) : 0, 842
Telemetry [baseline] (9.744 ms) : 0, 9744
Telemetry [candidate] (9.754 ms) : 0, 9754
section appsec
BytebuddyAgent [baseline] (1.037 s) : 0, 1037245
BytebuddyAgent [candidate] (1.042 s) : 0, 1042219
GlobalTracer [baseline] (450.229 ms) : 0, 450229
GlobalTracer [candidate] (451.639 ms) : 0, 451639
AppSec [baseline] (239.135 ms) : 0, 239135
AppSec [candidate] (241.929 ms) : 0, 241929
Remote Config [baseline] (808.815 µs) : 0, 809
Remote Config [candidate] (791.34 µs) : 0, 791
Telemetry [baseline] (11.025 ms) : 0, 11025
Telemetry [candidate] (11.202 ms) : 0, 11202
IAST [baseline] (25.394 ms) : 0, 25394
IAST [candidate] (25.153 ms) : 0, 25153
section iast
BytebuddyAgent [baseline] (1.163 s) : 0, 1162819
BytebuddyAgent [candidate] (1.168 s) : 0, 1167732
GlobalTracer [baseline] (437.627 ms) : 0, 437627
GlobalTracer [candidate] (439.863 ms) : 0, 439863
AppSec [baseline] (72.427 ms) : 0, 72427
AppSec [candidate] (70.922 ms) : 0, 70922
Remote Config [baseline] (763.113 µs) : 0, 763
Remote Config [candidate] (861.084 µs) : 0, 861
Telemetry [baseline] (9.475 ms) : 0, 9475
Telemetry [candidate] (9.424 ms) : 0, 9424
IAST [baseline] (30.173 ms) : 0, 30173
IAST [candidate] (33.73 ms) : 0, 33730
section profiling
BytebuddyAgent [baseline] (998.019 ms) : 0, 998019
BytebuddyAgent [candidate] (995.985 ms) : 0, 995985
GlobalTracer [baseline] (588.38 ms) : 0, 588380
GlobalTracer [candidate] (587.283 ms) : 0, 587283
AppSec [baseline] (74.361 ms) : 0, 74361
AppSec [candidate] (74.99 ms) : 0, 74990
Remote Config [baseline] (834.701 µs) : 0, 835
Remote Config [candidate] (827.938 µs) : 0, 828
Telemetry [baseline] (9.555 ms) : 0, 9555
Telemetry [candidate] (9.554 ms) : 0, 9554
ProfilingAgent [baseline] (166.568 ms) : 0, 166568
ProfilingAgent [candidate] (167.953 ms) : 0, 167953
Profiling [baseline] (166.623 ms) : 0, 166623
Profiling [candidate] (168.01 ms) : 0, 168010
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~8a7f01b435, baseline=1.40.0-SNAPSHOT~bb8b0d25a6
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.573 s) : 0, 1573173
Total [baseline] (11.881 s) : 0, 11880597
Agent [candidate] (1.575 s) : 0, 1574649
Total [candidate] (11.825 s) : 0, 11824708
section iast
Agent [baseline] (1.74 s) : 0, 1740127
Total [baseline] (12.522 s) : 0, 12521741
Agent [candidate] (1.734 s) : 0, 1733736
Total [candidate] (12.551 s) : 0, 12551249
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.731 s) : 0, 1731009
Total [baseline] (12.446 s) : 0, 12446375
Agent [candidate] (1.736 s) : 0, 1735637
Total [candidate] (12.443 s) : 0, 12442972
section iast_TELEMETRY_OFF
Agent [baseline] (1.736 s) : 0, 1735936
Total [baseline] (12.506 s) : 0, 12505691
Agent [candidate] (1.731 s) : 0, 1731492
Total [candidate] (12.465 s) : 0, 12464549
gantt
title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~8a7f01b435, baseline=1.40.0-SNAPSHOT~bb8b0d25a6
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (1.007 s) : 0, 1007450
BytebuddyAgent [candidate] (1.008 s) : 0, 1007633
GlobalTracer [baseline] (461.142 ms) : 0, 461142
GlobalTracer [candidate] (462.126 ms) : 0, 462126
AppSec [baseline] (73.758 ms) : 0, 73758
AppSec [candidate] (74.022 ms) : 0, 74022
Remote Config [baseline] (833.763 µs) : 0, 834
Remote Config [candidate] (830.812 µs) : 0, 831
Telemetry [baseline] (9.727 ms) : 0, 9727
Telemetry [candidate] (9.687 ms) : 0, 9687
section iast
BytebuddyAgent [baseline] (1.167 s) : 0, 1166720
BytebuddyAgent [candidate] (1.161 s) : 0, 1160979
GlobalTracer [baseline] (439.128 ms) : 0, 439128
GlobalTracer [candidate] (438.009 ms) : 0, 438009
AppSec [baseline] (71.757 ms) : 0, 71757
AppSec [candidate] (74.052 ms) : 0, 74052
IAST [baseline] (31.809 ms) : 0, 31809
IAST [candidate] (30.124 ms) : 0, 30124
Remote Config [baseline] (902.97 µs) : 0, 903
Remote Config [candidate] (799.17 µs) : 0, 799
Telemetry [baseline] (9.46 ms) : 0, 9460
Telemetry [candidate] (9.432 ms) : 0, 9432
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (1.16 s) : 0, 1160128
BytebuddyAgent [candidate] (1.163 s) : 0, 1162631
GlobalTracer [baseline] (436.977 ms) : 0, 436977
GlobalTracer [candidate] (437.934 ms) : 0, 437934
AppSec [baseline] (71.029 ms) : 0, 71029
AppSec [candidate] (71.653 ms) : 0, 71653
IAST [baseline] (31.583 ms) : 0, 31583
IAST [candidate] (32.856 ms) : 0, 32856
Remote Config [baseline] (813.82 µs) : 0, 814
Remote Config [candidate] (820.783 µs) : 0, 821
Telemetry [baseline] (10.254 ms) : 0, 10254
Telemetry [candidate] (9.422 ms) : 0, 9422
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (1.162 s) : 0, 1162231
BytebuddyAgent [candidate] (1.158 s) : 0, 1158363
GlobalTracer [baseline] (439.803 ms) : 0, 439803
GlobalTracer [candidate] (438.435 ms) : 0, 438435
AppSec [baseline] (71.907 ms) : 0, 71907
AppSec [candidate] (71.725 ms) : 0, 71725
IAST [baseline] (29.9 ms) : 0, 29900
IAST [candidate] (29.891 ms) : 0, 29891
Remote Config [baseline] (768.702 µs) : 0, 769
Remote Config [candidate] (776.468 µs) : 0, 776
Telemetry [baseline] (11.038 ms) : 0, 11038
Telemetry [candidate] (11.96 ms) : 0, 11960
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~8a7f01b435, baseline=1.40.0-SNAPSHOT~bb8b0d25a6
dateFormat X
axisFormat %s
section baseline
no_agent (366.934 µs) : 347, 386
. : milestone, 367,
iast (475.12 µs) : 454, 496
. : milestone, 475,
iast_FULL (550.248 µs) : 529, 571
. : milestone, 550,
iast_GLOBAL (499.995 µs) : 479, 521
. : milestone, 500,
iast_HARDCODED_SECRET_DISABLED (479.853 µs) : 459, 501
. : milestone, 480,
iast_INACTIVE (434.836 µs) : 414, 455
. : milestone, 435,
iast_TELEMETRY_OFF (477.933 µs) : 455, 501
. : milestone, 478,
tracing (439.209 µs) : 419, 460
. : milestone, 439,
section candidate
no_agent (363.182 µs) : 343, 383
. : milestone, 363,
iast (481.576 µs) : 460, 503
. : milestone, 482,
iast_FULL (545.405 µs) : 524, 567
. : milestone, 545,
iast_GLOBAL (503.165 µs) : 481, 525
. : milestone, 503,
iast_HARDCODED_SECRET_DISABLED (478.552 µs) : 457, 500
. : milestone, 479,
iast_INACTIVE (446.288 µs) : 425, 467
. : milestone, 446,
iast_TELEMETRY_OFF (470.527 µs) : 448, 493
. : milestone, 471,
tracing (433.98 µs) : 414, 454
. : milestone, 434,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~8a7f01b435, baseline=1.40.0-SNAPSHOT~bb8b0d25a6
dateFormat X
axisFormat %s
section baseline
no_agent (1.339 ms) : 1319, 1358
. : milestone, 1339,
appsec (1.738 ms) : 1714, 1762
. : milestone, 1738,
appsec_no_iast (1.71 ms) : 1685, 1735
. : milestone, 1710,
iast (1.484 ms) : 1461, 1507
. : milestone, 1484,
profiling (1.481 ms) : 1457, 1504
. : milestone, 1481,
tracing (1.462 ms) : 1436, 1489
. : milestone, 1462,
section candidate
no_agent (1.346 ms) : 1327, 1366
. : milestone, 1346,
appsec (1.692 ms) : 1667, 1718
. : milestone, 1692,
appsec_no_iast (1.693 ms) : 1669, 1717
. : milestone, 1693,
iast (1.477 ms) : 1455, 1500
. : milestone, 1477,
profiling (1.468 ms) : 1445, 1492
. : milestone, 1468,
tracing (1.457 ms) : 1432, 1481
. : milestone, 1457,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~8a7f01b435, baseline=1.40.0-SNAPSHOT~bb8b0d25a6
dateFormat X
axisFormat %s
section baseline
no_agent (1.46 ms) : 1449, 1471
. : milestone, 1460,
appsec (2.279 ms) : 2238, 2319
. : milestone, 2279,
iast (2.025 ms) : 1977, 2074
. : milestone, 2025,
iast_GLOBAL (2.098 ms) : 2047, 2149
. : milestone, 2098,
profiling (1.916 ms) : 1876, 1955
. : milestone, 1916,
tracing (1.892 ms) : 1853, 1930
. : milestone, 1892,
section candidate
no_agent (1.462 ms) : 1450, 1473
. : milestone, 1462,
appsec (2.289 ms) : 2248, 2329
. : milestone, 2289,
iast (2.037 ms) : 1988, 2087
. : milestone, 2037,
iast_GLOBAL (2.081 ms) : 2031, 2131
. : milestone, 2081,
profiling (1.915 ms) : 1874, 1956
. : milestone, 1915,
tracing (1.894 ms) : 1856, 1932
. : milestone, 1894,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~8a7f01b435, baseline=1.40.0-SNAPSHOT~bb8b0d25a6
dateFormat X
axisFormat %s
section baseline
no_agent (15.348 s) : 15348000, 15348000
. : milestone, 15348000,
appsec (15.236 s) : 15236000, 15236000
. : milestone, 15236000,
iast (19.016 s) : 19016000, 19016000
. : milestone, 19016000,
iast_GLOBAL (18.283 s) : 18283000, 18283000
. : milestone, 18283000,
profiling (15.803 s) : 15803000, 15803000
. : milestone, 15803000,
tracing (15.081 s) : 15081000, 15081000
. : milestone, 15081000,
section candidate
no_agent (15.418 s) : 15418000, 15418000
. : milestone, 15418000,
appsec (15.231 s) : 15231000, 15231000
. : milestone, 15231000,
iast (18.89 s) : 18890000, 18890000
. : milestone, 18890000,
iast_GLOBAL (17.952 s) : 17952000, 17952000
. : milestone, 17952000,
profiling (15.499 s) : 15499000, 15499000
. : milestone, 15499000,
tracing (14.85 s) : 14850000, 14850000
. : milestone, 14850000,
|
7ce505b
to
1f09c81
Compare
1f09c81
to
7e5a71e
Compare
477e6f5
to
a47521b
Compare
c88df9b
to
d166843
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! It would be nice if could improve the PR description :)
c225ff0
to
1daa49b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, but please, update the PR description. Especially explaining why this works with old SDK dependencies because of classloaders, etc.
1daa49b
to
8a7f01b
Compare
What Does This Do
Extracts
datadog.trace.api.EventTracker
logic and moves it into the appsec module, the actual implementation will be injected at runtime by thecom.datadog.appsec.AppSecSystem#start
method during initialization. Since these classes are added to the boostrap classloader by the tracer, customers will always be using the latest version provided by the tracer.Motivation
Moving the logic into the appsec module makes it easier to modify its behavior and make use of other appsec tools like the WAF which is needed for attacker fingerprinting.
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: [PROJ-IDENT]