-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove dependency with thread locals in jersey IAST instrumentation #7619
Remove dependency with thread locals in jersey IAST instrumentation #7619
Conversation
LGTM |
af8a07e
to
a311e59
Compare
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 1 performance regressions! Performance is the same for 48 metrics, 14 unstable metrics.
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~2758d2bd99, baseline=1.40.0-SNAPSHOT~a369f7b401
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.067 s) : 0, 1066723
Total [baseline] (8.57 s) : 0, 8569578
Agent [candidate] (1.065 s) : 0, 1064826
Total [candidate] (8.552 s) : 0, 8551560
section iast
Agent [baseline] (1.201 s) : 0, 1201263
Total [baseline] (9.057 s) : 0, 9056873
Agent [candidate] (1.192 s) : 0, 1192050
Total [candidate] (9.045 s) : 0, 9045183
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.196 s) : 0, 1195894
Total [baseline] (9.001 s) : 0, 9001188
Agent [candidate] (1.193 s) : 0, 1192694
Total [candidate] (8.987 s) : 0, 8987486
section iast_TELEMETRY_OFF
Agent [baseline] (1.192 s) : 0, 1192098
Total [baseline] (9.009 s) : 0, 9008957
Agent [candidate] (1.201 s) : 0, 1200538
Total [candidate] (9.026 s) : 0, 9025888
gantt
title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~2758d2bd99, baseline=1.40.0-SNAPSHOT~a369f7b401
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (679.912 ms) : 0, 679912
BytebuddyAgent [candidate] (679.818 ms) : 0, 679818
GlobalTracer [baseline] (312.085 ms) : 0, 312085
GlobalTracer [candidate] (310.719 ms) : 0, 310719
AppSec [baseline] (52.832 ms) : 0, 52832
AppSec [candidate] (52.429 ms) : 0, 52429
Remote Config [baseline] (674.044 µs) : 0, 674
Remote Config [candidate] (669.182 µs) : 0, 669
Telemetry [baseline] (7.513 ms) : 0, 7513
Telemetry [candidate] (7.495 ms) : 0, 7495
section iast
BytebuddyAgent [baseline] (799.62 ms) : 0, 799620
BytebuddyAgent [candidate] (793.103 ms) : 0, 793103
GlobalTracer [baseline] (301.005 ms) : 0, 301005
GlobalTracer [candidate] (299.3 ms) : 0, 299300
AppSec [baseline] (51.352 ms) : 0, 51352
AppSec [candidate] (53.134 ms) : 0, 53134
IAST [baseline] (27.382 ms) : 0, 27382
IAST [candidate] (23.841 ms) : 0, 23841
Remote Config [baseline] (618.942 µs) : 0, 619
Remote Config [candidate] (628.04 µs) : 0, 628
Telemetry [baseline] (7.428 ms) : 0, 7428
Telemetry [candidate] (8.269 ms) : 0, 8269
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (795.959 ms) : 0, 795959
BytebuddyAgent [candidate] (794.103 ms) : 0, 794103
GlobalTracer [baseline] (300.103 ms) : 0, 300103
GlobalTracer [candidate] (299.327 ms) : 0, 299327
AppSec [baseline] (53.176 ms) : 0, 53176
AppSec [candidate] (57.28 ms) : 0, 57280
IAST [baseline] (24.731 ms) : 0, 24731
IAST [candidate] (20.254 ms) : 0, 20254
Remote Config [baseline] (651.718 µs) : 0, 652
Remote Config [candidate] (610.366 µs) : 0, 610
Telemetry [baseline] (7.446 ms) : 0, 7446
Telemetry [candidate] (7.387 ms) : 0, 7387
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (791.415 ms) : 0, 791415
BytebuddyAgent [candidate] (797.531 ms) : 0, 797531
GlobalTracer [baseline] (301.768 ms) : 0, 301768
GlobalTracer [candidate] (302.611 ms) : 0, 302611
AppSec [baseline] (54.872 ms) : 0, 54872
AppSec [candidate] (55.592 ms) : 0, 55592
IAST [baseline] (22.464 ms) : 0, 22464
IAST [candidate] (22.869 ms) : 0, 22869
Remote Config [baseline] (619.048 µs) : 0, 619
Remote Config [candidate] (628.895 µs) : 0, 629
Telemetry [baseline] (7.199 ms) : 0, 7199
Telemetry [candidate] (7.432 ms) : 0, 7432
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~2758d2bd99, baseline=1.40.0-SNAPSHOT~a369f7b401
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.075 s) : 0, 1074706
Total [baseline] (10.372 s) : 0, 10372219
Agent [candidate] (1.074 s) : 0, 1074088
Total [candidate] (10.384 s) : 0, 10384299
section appsec
Agent [baseline] (1.208 s) : 0, 1207556
Total [baseline] (10.675 s) : 0, 10675119
Agent [candidate] (1.209 s) : 0, 1209444
Total [candidate] (10.674 s) : 0, 10674417
section iast
Agent [baseline] (1.201 s) : 0, 1200854
Total [baseline] (10.854 s) : 0, 10854421
Agent [candidate] (1.194 s) : 0, 1194472
Total [candidate] (10.852 s) : 0, 10851682
section profiling
Agent [baseline] (1.265 s) : 0, 1264750
Total [baseline] (10.638 s) : 0, 10637865
Agent [candidate] (1.265 s) : 0, 1264889
Total [candidate] (10.62 s) : 0, 10619758
gantt
title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~2758d2bd99, baseline=1.40.0-SNAPSHOT~a369f7b401
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (685.748 ms) : 0, 685748
BytebuddyAgent [candidate] (685.671 ms) : 0, 685671
GlobalTracer [baseline] (313.745 ms) : 0, 313745
GlobalTracer [candidate] (312.96 ms) : 0, 312960
AppSec [baseline] (53.201 ms) : 0, 53201
AppSec [candidate] (53.317 ms) : 0, 53317
Remote Config [baseline] (669.336 µs) : 0, 669
Remote Config [candidate] (684.363 µs) : 0, 684
Telemetry [baseline] (7.559 ms) : 0, 7559
Telemetry [candidate] (7.63 ms) : 0, 7630
section appsec
BytebuddyAgent [baseline] (706.256 ms) : 0, 706256
BytebuddyAgent [candidate] (708.273 ms) : 0, 708273
GlobalTracer [baseline] (305.463 ms) : 0, 305463
GlobalTracer [candidate] (305.919 ms) : 0, 305919
AppSec [baseline] (161.978 ms) : 0, 161978
AppSec [candidate] (161.623 ms) : 0, 161623
Remote Config [baseline] (660.626 µs) : 0, 661
Remote Config [candidate] (979.894 µs) : 0, 980
Telemetry [baseline] (8.385 ms) : 0, 8385
Telemetry [candidate] (9.195 ms) : 0, 9195
IAST [baseline] (22.198 ms) : 0, 22198
IAST [candidate] (19.366 ms) : 0, 19366
section iast
BytebuddyAgent [baseline] (800.187 ms) : 0, 800187
BytebuddyAgent [candidate] (795.067 ms) : 0, 795067
GlobalTracer [baseline] (301.351 ms) : 0, 301351
GlobalTracer [candidate] (299.976 ms) : 0, 299976
AppSec [baseline] (55.317 ms) : 0, 55317
AppSec [candidate] (54.79 ms) : 0, 54790
Remote Config [baseline] (643.117 µs) : 0, 643
Remote Config [candidate] (614.625 µs) : 0, 615
Telemetry [baseline] (7.396 ms) : 0, 7396
Telemetry [candidate] (7.386 ms) : 0, 7386
IAST [baseline] (22.142 ms) : 0, 22142
IAST [candidate] (22.92 ms) : 0, 22920
section profiling
BytebuddyAgent [baseline] (674.321 ms) : 0, 674321
BytebuddyAgent [candidate] (673.679 ms) : 0, 673679
GlobalTracer [baseline] (393.982 ms) : 0, 393982
GlobalTracer [candidate] (394.458 ms) : 0, 394458
AppSec [baseline] (53.352 ms) : 0, 53352
AppSec [candidate] (53.252 ms) : 0, 53252
Remote Config [baseline] (665.872 µs) : 0, 666
Remote Config [candidate] (682.382 µs) : 0, 682
Telemetry [baseline] (7.499 ms) : 0, 7499
Telemetry [candidate] (7.419 ms) : 0, 7419
ProfilingAgent [baseline] (96.798 ms) : 0, 96798
ProfilingAgent [candidate] (97.186 ms) : 0, 97186
Profiling [baseline] (96.822 ms) : 0, 96822
Profiling [candidate] (97.21 ms) : 0, 97210
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~2758d2bd99, baseline=1.40.0-SNAPSHOT~a369f7b401
dateFormat X
axisFormat %s
section baseline
no_agent (372.524 µs) : 351, 394
. : milestone, 373,
iast (486.197 µs) : 465, 507
. : milestone, 486,
iast_FULL (551.176 µs) : 530, 572
. : milestone, 551,
iast_GLOBAL (511.95 µs) : 489, 535
. : milestone, 512,
iast_HARDCODED_SECRET_DISABLED (482.096 µs) : 461, 503
. : milestone, 482,
iast_INACTIVE (450.362 µs) : 429, 472
. : milestone, 450,
iast_TELEMETRY_OFF (480.236 µs) : 457, 503
. : milestone, 480,
tracing (442.806 µs) : 422, 463
. : milestone, 443,
section candidate
no_agent (370.683 µs) : 351, 390
. : milestone, 371,
iast (479.474 µs) : 458, 501
. : milestone, 479,
iast_FULL (551.274 µs) : 530, 573
. : milestone, 551,
iast_GLOBAL (503.748 µs) : 483, 525
. : milestone, 504,
iast_HARDCODED_SECRET_DISABLED (480.136 µs) : 459, 501
. : milestone, 480,
iast_INACTIVE (446.936 µs) : 426, 467
. : milestone, 447,
iast_TELEMETRY_OFF (478.664 µs) : 456, 502
. : milestone, 479,
tracing (447.241 µs) : 426, 468
. : milestone, 447,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~2758d2bd99, baseline=1.40.0-SNAPSHOT~a369f7b401
dateFormat X
axisFormat %s
section baseline
no_agent (1.35 ms) : 1329, 1370
. : milestone, 1350,
appsec (1.729 ms) : 1705, 1753
. : milestone, 1729,
appsec_no_iast (1.713 ms) : 1689, 1737
. : milestone, 1713,
iast (1.476 ms) : 1453, 1500
. : milestone, 1476,
profiling (1.516 ms) : 1492, 1541
. : milestone, 1516,
tracing (1.453 ms) : 1429, 1477
. : milestone, 1453,
section candidate
no_agent (1.336 ms) : 1316, 1355
. : milestone, 1336,
appsec (1.726 ms) : 1702, 1750
. : milestone, 1726,
appsec_no_iast (1.696 ms) : 1671, 1721
. : milestone, 1696,
iast (1.466 ms) : 1444, 1489
. : milestone, 1466,
profiling (1.516 ms) : 1492, 1540
. : milestone, 1516,
tracing (1.477 ms) : 1453, 1502
. : milestone, 1477,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~2758d2bd99, baseline=1.40.0-SNAPSHOT~a369f7b401
dateFormat X
axisFormat %s
section baseline
no_agent (1.466 ms) : 1455, 1478
. : milestone, 1466,
appsec (2.289 ms) : 2248, 2330
. : milestone, 2289,
iast (2.049 ms) : 1998, 2099
. : milestone, 2049,
iast_GLOBAL (2.087 ms) : 2037, 2138
. : milestone, 2087,
profiling (1.913 ms) : 1872, 1953
. : milestone, 1913,
tracing (1.896 ms) : 1858, 1934
. : milestone, 1896,
section candidate
no_agent (1.466 ms) : 1455, 1478
. : milestone, 1466,
appsec (2.281 ms) : 2240, 2322
. : milestone, 2281,
iast (2.051 ms) : 2000, 2102
. : milestone, 2051,
iast_GLOBAL (2.09 ms) : 2039, 2141
. : milestone, 2090,
profiling (1.919 ms) : 1879, 1959
. : milestone, 1919,
tracing (1.888 ms) : 1850, 1925
. : milestone, 1888,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~2758d2bd99, baseline=1.40.0-SNAPSHOT~a369f7b401
dateFormat X
axisFormat %s
section baseline
no_agent (15.289 s) : 15289000, 15289000
. : milestone, 15289000,
appsec (14.985 s) : 14985000, 14985000
. : milestone, 14985000,
iast (19.119 s) : 19119000, 19119000
. : milestone, 19119000,
iast_GLOBAL (18.075 s) : 18075000, 18075000
. : milestone, 18075000,
profiling (15.575 s) : 15575000, 15575000
. : milestone, 15575000,
tracing (15.225 s) : 15225000, 15225000
. : milestone, 15225000,
section candidate
no_agent (15.092 s) : 15092000, 15092000
. : milestone, 15092000,
appsec (15.127 s) : 15127000, 15127000
. : milestone, 15127000,
iast (18.957 s) : 18957000, 18957000
. : milestone, 18957000,
iast_GLOBAL (17.831 s) : 17831000, 17831000
. : milestone, 17831000,
profiling (15.992 s) : 15992000, 15992000
. : milestone, 15992000,
tracing (15.082 s) : 15082000, 15082000
. : milestone, 15082000,
|
On of the jersey related system test seems failing. Is it due to the change of behviour introduced by this PR? |
Yes, most likely is due to this PR, I'm currently having a look, thanks for pointing it out 😄 |
It's fixed with the last commit 😄 |
ecde2b8
to
3512017
Compare
3512017
to
2758d2b
Compare
What Does This Do
Removes thread locals from the IAST jersey instrumentation, it also introduces unit tests which where missing from this particular instrumentations.
Motivation
Some of the jersey tests started to flake in CI due to the randomness introduced by the thread local.
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-55387 (partially)