-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for session fingerprints to the WAF #7591
Add support for session fingerprints to the WAF #7591
Conversation
new BlockingDetails(403, BlockingContentType.JSON, ['X-Header': 'X-Header-Value']) : | ||
null | ||
} | ||
@Override |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lots of formatting changes here. Did spotless do this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, just tried to undo all changes but got:
Execution failed for task ':dd-java-agent:testing:spotlessGroovyCheck'.
> The following files had format violations:
src/main/groovy/datadog/trace/agent/test/base/HttpServerTest.groovy
c88df9b
to
d166843
Compare
c490da8
to
6ffb6d0
Compare
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 1 performance regressions! Performance is the same for 49 metrics, 13 unstable metrics.
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.075 s) : 0, 1075001
Total [baseline] (10.448 s) : 0, 10447636
Agent [candidate] (1.064 s) : 0, 1064112
Total [candidate] (10.412 s) : 0, 10412471
section appsec
Agent [baseline] (1.197 s) : 0, 1197492
Total [baseline] (10.617 s) : 0, 10617124
Agent [candidate] (1.206 s) : 0, 1206479
Total [candidate] (10.61 s) : 0, 10610115
section iast
Agent [baseline] (1.189 s) : 0, 1188859
Total [baseline] (10.808 s) : 0, 10807826
Agent [candidate] (1.189 s) : 0, 1188768
Total [candidate] (10.854 s) : 0, 10854171
section profiling
Agent [baseline] (1.261 s) : 0, 1260750
Total [baseline] (10.604 s) : 0, 10603775
Agent [candidate] (1.268 s) : 0, 1268251
Total [candidate] (10.632 s) : 0, 10632069
gantt
title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.934 ms) : 0, 687934
BytebuddyAgent [candidate] (678.836 ms) : 0, 678836
GlobalTracer [baseline] (312.372 ms) : 0, 312372
GlobalTracer [candidate] (309.853 ms) : 0, 309853
AppSec [baseline] (52.731 ms) : 0, 52731
AppSec [candidate] (53.523 ms) : 0, 53523
Remote Config [baseline] (677.376 µs) : 0, 677
Remote Config [candidate] (661.44 µs) : 0, 661
Telemetry [baseline] (7.506 ms) : 0, 7506
Telemetry [candidate] (7.578 ms) : 0, 7578
section appsec
BytebuddyAgent [baseline] (699.98 ms) : 0, 699980
BytebuddyAgent [candidate] (705.37 ms) : 0, 705370
GlobalTracer [baseline] (302.776 ms) : 0, 302776
GlobalTracer [candidate] (304.685 ms) : 0, 304685
AppSec [baseline] (162.362 ms) : 0, 162362
AppSec [candidate] (162.654 ms) : 0, 162654
IAST [baseline] (20.382 ms) : 0, 20382
IAST [candidate] (19.943 ms) : 0, 19943
Remote Config [baseline] (624.034 µs) : 0, 624
Remote Config [candidate] (641.187 µs) : 0, 641
Telemetry [baseline] (7.993 ms) : 0, 7993
Telemetry [candidate] (9.47 ms) : 0, 9470
section iast
BytebuddyAgent [baseline] (791.303 ms) : 0, 791303
BytebuddyAgent [candidate] (790.267 ms) : 0, 790267
GlobalTracer [baseline] (298.248 ms) : 0, 298248
GlobalTracer [candidate] (298.591 ms) : 0, 298591
AppSec [baseline] (54.94 ms) : 0, 54940
AppSec [candidate] (54.737 ms) : 0, 54737
IAST [baseline] (22.832 ms) : 0, 22832
IAST [candidate] (23.622 ms) : 0, 23622
Remote Config [baseline] (615.92 µs) : 0, 616
Remote Config [candidate] (602.388 µs) : 0, 602
Telemetry [baseline] (7.33 ms) : 0, 7330
Telemetry [candidate] (7.327 ms) : 0, 7327
section profiling
BytebuddyAgent [baseline] (671.725 ms) : 0, 671725
BytebuddyAgent [candidate] (673.692 ms) : 0, 673692
GlobalTracer [baseline] (393.51 ms) : 0, 393510
GlobalTracer [candidate] (395.627 ms) : 0, 395627
AppSec [baseline] (53.053 ms) : 0, 53053
AppSec [candidate] (55.082 ms) : 0, 55082
Remote Config [baseline] (661.816 µs) : 0, 662
Remote Config [candidate] (661.513 µs) : 0, 662
Telemetry [baseline] (7.354 ms) : 0, 7354
Telemetry [candidate] (7.479 ms) : 0, 7479
ProfilingAgent [baseline] (96.473 ms) : 0, 96473
ProfilingAgent [candidate] (97.592 ms) : 0, 97592
Profiling [baseline] (96.497 ms) : 0, 96497
Profiling [candidate] (97.616 ms) : 0, 97616
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.071 s) : 0, 1071279
Total [baseline] (8.595 s) : 0, 8594838
Agent [candidate] (1.072 s) : 0, 1072490
Total [candidate] (8.54 s) : 0, 8540080
section iast
Agent [baseline] (1.189 s) : 0, 1189115
Total [baseline] (9.044 s) : 0, 9043900
Agent [candidate] (1.19 s) : 0, 1190178
Total [candidate] (8.993 s) : 0, 8993080
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.196 s) : 0, 1195904
Total [baseline] (9.012 s) : 0, 9012210
Agent [candidate] (1.196 s) : 0, 1195999
Total [candidate] (8.984 s) : 0, 8983768
section iast_TELEMETRY_OFF
Agent [baseline] (1.196 s) : 0, 1196058
Total [baseline] (9.011 s) : 0, 9011275
Agent [candidate] (1.195 s) : 0, 1195330
Total [candidate] (9.006 s) : 0, 9005998
gantt
title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.729 ms) : 0, 683729
BytebuddyAgent [candidate] (684.631 ms) : 0, 684631
GlobalTracer [baseline] (312.43 ms) : 0, 312430
GlobalTracer [candidate] (311.945 ms) : 0, 311945
AppSec [baseline] (53.198 ms) : 0, 53198
AppSec [candidate] (53.975 ms) : 0, 53975
Remote Config [baseline] (676.382 µs) : 0, 676
Remote Config [candidate] (655.486 µs) : 0, 655
Telemetry [baseline] (7.523 ms) : 0, 7523
Telemetry [candidate] (7.558 ms) : 0, 7558
section iast
BytebuddyAgent [baseline] (791.245 ms) : 0, 791245
BytebuddyAgent [candidate] (791.692 ms) : 0, 791692
GlobalTracer [baseline] (298.097 ms) : 0, 298097
GlobalTracer [candidate] (298.727 ms) : 0, 298727
AppSec [baseline] (51.015 ms) : 0, 51015
AppSec [candidate] (53.16 ms) : 0, 53160
Remote Config [baseline] (660.893 µs) : 0, 661
Remote Config [candidate] (668.987 µs) : 0, 669
Telemetry [baseline] (7.331 ms) : 0, 7331
Telemetry [candidate] (7.28 ms) : 0, 7280
IAST [baseline] (27.159 ms) : 0, 27159
IAST [candidate] (25.012 ms) : 0, 25012
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (797.119 ms) : 0, 797119
BytebuddyAgent [candidate] (795.837 ms) : 0, 795837
GlobalTracer [baseline] (299.918 ms) : 0, 299918
GlobalTracer [candidate] (300.712 ms) : 0, 300712
AppSec [baseline] (52.611 ms) : 0, 52611
AppSec [candidate] (55.857 ms) : 0, 55857
Remote Config [baseline] (638.026 µs) : 0, 638
Remote Config [candidate] (609.556 µs) : 0, 610
Telemetry [baseline] (7.387 ms) : 0, 7387
Telemetry [candidate] (7.363 ms) : 0, 7363
IAST [baseline] (24.504 ms) : 0, 24504
IAST [candidate] (21.91 ms) : 0, 21910
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (795.214 ms) : 0, 795214
BytebuddyAgent [candidate] (793.76 ms) : 0, 793760
GlobalTracer [baseline] (301.404 ms) : 0, 301404
GlobalTracer [candidate] (301.016 ms) : 0, 301016
AppSec [baseline] (54.447 ms) : 0, 54447
AppSec [candidate] (54.863 ms) : 0, 54863
Remote Config [baseline] (625.495 µs) : 0, 625
Remote Config [candidate] (617.813 µs) : 0, 618
Telemetry [baseline] (8.143 ms) : 0, 8143
Telemetry [candidate] (7.272 ms) : 0, 7272
IAST [baseline] (22.453 ms) : 0, 22453
IAST [candidate] (24.138 ms) : 0, 24138
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
dateFormat X
axisFormat %s
section baseline
no_agent (1.344 ms) : 1325, 1364
. : milestone, 1344,
appsec (1.722 ms) : 1697, 1747
. : milestone, 1722,
appsec_no_iast (1.717 ms) : 1692, 1742
. : milestone, 1717,
iast (1.469 ms) : 1446, 1492
. : milestone, 1469,
profiling (1.495 ms) : 1471, 1520
. : milestone, 1495,
tracing (1.463 ms) : 1438, 1488
. : milestone, 1463,
section candidate
no_agent (1.333 ms) : 1313, 1354
. : milestone, 1333,
appsec (1.724 ms) : 1699, 1748
. : milestone, 1724,
appsec_no_iast (1.71 ms) : 1685, 1736
. : milestone, 1710,
iast (1.455 ms) : 1433, 1478
. : milestone, 1455,
profiling (1.502 ms) : 1476, 1528
. : milestone, 1502,
tracing (1.447 ms) : 1422, 1471
. : milestone, 1447,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
dateFormat X
axisFormat %s
section baseline
no_agent (370.091 µs) : 350, 390
. : milestone, 370,
iast (481.859 µs) : 461, 503
. : milestone, 482,
iast_FULL (560.006 µs) : 538, 582
. : milestone, 560,
iast_GLOBAL (507.353 µs) : 486, 529
. : milestone, 507,
iast_HARDCODED_SECRET_DISABLED (488.094 µs) : 467, 509
. : milestone, 488,
iast_INACTIVE (446.978 µs) : 426, 468
. : milestone, 447,
iast_TELEMETRY_OFF (482.642 µs) : 459, 506
. : milestone, 483,
tracing (444.828 µs) : 424, 466
. : milestone, 445,
section candidate
no_agent (369.636 µs) : 350, 389
. : milestone, 370,
iast (480.654 µs) : 459, 502
. : milestone, 481,
iast_FULL (558.091 µs) : 537, 579
. : milestone, 558,
iast_GLOBAL (507.163 µs) : 486, 529
. : milestone, 507,
iast_HARDCODED_SECRET_DISABLED (482.145 µs) : 461, 504
. : milestone, 482,
iast_INACTIVE (449.788 µs) : 428, 471
. : milestone, 450,
iast_TELEMETRY_OFF (474.749 µs) : 452, 497
. : milestone, 475,
tracing (443.404 µs) : 423, 464
. : milestone, 443,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
dateFormat X
axisFormat %s
section baseline
no_agent (1.461 ms) : 1449, 1472
. : milestone, 1461,
appsec (2.276 ms) : 2236, 2316
. : milestone, 2276,
iast (2.045 ms) : 1995, 2095
. : milestone, 2045,
iast_GLOBAL (2.085 ms) : 2035, 2135
. : milestone, 2085,
profiling (2.366 ms) : 2127, 2604
. : milestone, 2366,
tracing (1.903 ms) : 1865, 1941
. : milestone, 1903,
section candidate
no_agent (1.466 ms) : 1454, 1477
. : milestone, 1466,
appsec (2.317 ms) : 2276, 2358
. : milestone, 2317,
iast (2.046 ms) : 1996, 2096
. : milestone, 2046,
iast_GLOBAL (2.084 ms) : 2033, 2135
. : milestone, 2084,
profiling (1.93 ms) : 1889, 1970
. : milestone, 1930,
tracing (1.895 ms) : 1856, 1934
. : milestone, 1895,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~fff9d3586c, baseline=1.40.0-SNAPSHOT~da9ecfbbcd
dateFormat X
axisFormat %s
section baseline
no_agent (15.228 s) : 15228000, 15228000
. : milestone, 15228000,
appsec (15.216 s) : 15216000, 15216000
. : milestone, 15216000,
iast (18.813 s) : 18813000, 18813000
. : milestone, 18813000,
iast_GLOBAL (17.976 s) : 17976000, 17976000
. : milestone, 17976000,
profiling (15.78 s) : 15780000, 15780000
. : milestone, 15780000,
tracing (15.391 s) : 15391000, 15391000
. : milestone, 15391000,
section candidate
no_agent (15.536 s) : 15536000, 15536000
. : milestone, 15536000,
appsec (15.484 s) : 15484000, 15484000
. : milestone, 15484000,
iast (18.634 s) : 18634000, 18634000
. : milestone, 18634000,
iast_GLOBAL (17.947 s) : 17947000, 17947000
. : milestone, 17947000,
profiling (14.929 s) : 14929000, 14929000
. : milestone, 14929000,
tracing (15.143 s) : 15143000, 15143000
. : milestone, 15143000,
|
d166843
to
c225ff0
Compare
6ffb6d0
to
2c3d8b8
Compare
c225ff0
to
1daa49b
Compare
2c3d8b8
to
c3ddba0
Compare
1daa49b
to
8a7f01b
Compare
c3ddba0
to
c20c7bc
Compare
13dd133
to
d3344e8
Compare
d3344e8
to
23466e6
Compare
c834000
to
fff9d35
Compare
Add support for http session fingerprints
What Does This Do
Add support for tracking the requested session ids for those frameworks supporting sessions. It also adds required WAF with the session ids to be able to generate session fingerprints.
Motivation
Fingerprinting is a technique used to identify and track users through the use of available data which, when combined through a certain set of algorithms, can provide a unique fingerprint for said user.
Additional Notes
See original RFC
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issue[ ] Update the public documentation in case of new configuration flag or behaviorJira ticket: APPSEC-54838