-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Send IAST vulnerability secure marks to backend #7645
Merged
jandro996
merged 11 commits into
master
from
alejandro.gonzalez/Send-secure-marks-to-backend
Sep 30, 2024
Merged
Send IAST vulnerability secure marks to backend #7645
jandro996
merged 11 commits into
master
from
alejandro.gonzalez/Send-secure-marks-to-backend
Sep 30, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 50 metrics, 13 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~0ba963f931, baseline=1.40.0-SNAPSHOT~8ee4a5d6dd
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.065 s) : 0, 1065494
Total [baseline] (10.38 s) : 0, 10380206
Agent [candidate] (1.067 s) : 0, 1067486
Total [candidate] (10.429 s) : 0, 10428546
section appsec
Agent [baseline] (1.2 s) : 0, 1200333
Total [baseline] (10.624 s) : 0, 10624226
Agent [candidate] (1.205 s) : 0, 1204595
Total [candidate] (10.688 s) : 0, 10688311
section iast
Agent [baseline] (1.191 s) : 0, 1190966
Total [baseline] (10.809 s) : 0, 10809431
Agent [candidate] (1.191 s) : 0, 1190954
Total [candidate] (10.875 s) : 0, 10874683
section profiling
Agent [baseline] (1.267 s) : 0, 1267105
Total [baseline] (10.586 s) : 0, 10586330
Agent [candidate] (1.27 s) : 0, 1270400
Total [candidate] (10.651 s) : 0, 10650753
gantt
title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~0ba963f931, baseline=1.40.0-SNAPSHOT~8ee4a5d6dd
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (679.569 ms) : 0, 679569
BytebuddyAgent [candidate] (680.543 ms) : 0, 680543
GlobalTracer [baseline] (310.19 ms) : 0, 310190
GlobalTracer [candidate] (310.977 ms) : 0, 310977
AppSec [baseline] (53.866 ms) : 0, 53866
AppSec [candidate] (54.058 ms) : 0, 54058
Remote Config [baseline] (662.149 µs) : 0, 662
Remote Config [candidate] (656.186 µs) : 0, 656
Telemetry [baseline] (7.608 ms) : 0, 7608
Telemetry [candidate] (7.633 ms) : 0, 7633
section appsec
BytebuddyAgent [baseline] (701.099 ms) : 0, 701099
BytebuddyAgent [candidate] (704.226 ms) : 0, 704226
GlobalTracer [baseline] (303.36 ms) : 0, 303360
GlobalTracer [candidate] (304.492 ms) : 0, 304492
AppSec [baseline] (162.88 ms) : 0, 162880
AppSec [candidate] (161.629 ms) : 0, 161629
IAST [baseline] (19.867 ms) : 0, 19867
IAST [candidate] (22.851 ms) : 0, 22851
Remote Config [baseline] (642.192 µs) : 0, 642
Remote Config [candidate] (657.163 µs) : 0, 657
Telemetry [baseline] (8.823 ms) : 0, 8823
Telemetry [candidate] (8.483 ms) : 0, 8483
section iast
BytebuddyAgent [baseline] (792.231 ms) : 0, 792231
BytebuddyAgent [candidate] (792.037 ms) : 0, 792037
GlobalTracer [baseline] (299.292 ms) : 0, 299292
GlobalTracer [candidate] (299.347 ms) : 0, 299347
AppSec [baseline] (54.501 ms) : 0, 54501
AppSec [candidate] (53.833 ms) : 0, 53833
IAST [baseline] (23.646 ms) : 0, 23646
IAST [candidate] (24.36 ms) : 0, 24360
Remote Config [baseline] (618.726 µs) : 0, 619
Remote Config [candidate] (650.535 µs) : 0, 651
Telemetry [baseline] (7.004 ms) : 0, 7004
Telemetry [candidate] (7.033 ms) : 0, 7033
section profiling
BytebuddyAgent [baseline] (674.621 ms) : 0, 674621
BytebuddyAgent [candidate] (676.127 ms) : 0, 676127
GlobalTracer [baseline] (394.814 ms) : 0, 394814
GlobalTracer [candidate] (395.911 ms) : 0, 395911
AppSec [baseline] (54.598 ms) : 0, 54598
AppSec [candidate] (54.543 ms) : 0, 54543
Remote Config [baseline] (645.696 µs) : 0, 646
Remote Config [candidate] (655.828 µs) : 0, 656
Telemetry [baseline] (7.398 ms) : 0, 7398
Telemetry [candidate] (7.412 ms) : 0, 7412
ProfilingAgent [baseline] (96.322 ms) : 0, 96322
ProfilingAgent [candidate] (97.099 ms) : 0, 97099
Profiling [baseline] (96.345 ms) : 0, 96345
Profiling [candidate] (97.122 ms) : 0, 97122
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~0ba963f931, baseline=1.40.0-SNAPSHOT~8ee4a5d6dd
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.071 s) : 0, 1070735
Total [baseline] (8.541 s) : 0, 8541080
Agent [candidate] (1.066 s) : 0, 1065988
Total [candidate] (8.532 s) : 0, 8531860
section iast
Agent [baseline] (1.199 s) : 0, 1199117
Total [baseline] (9.057 s) : 0, 9056890
Agent [candidate] (1.191 s) : 0, 1190643
Total [candidate] (9.006 s) : 0, 9005871
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.199 s) : 0, 1199024
Total [baseline] (8.993 s) : 0, 8993461
Agent [candidate] (1.208 s) : 0, 1208388
Total [candidate] (8.988 s) : 0, 8988150
section iast_TELEMETRY_OFF
Agent [baseline] (1.189 s) : 0, 1189151
Total [baseline] (9.013 s) : 0, 9012567
Agent [candidate] (1.188 s) : 0, 1188050
Total [candidate] (9.003 s) : 0, 9002812
gantt
title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~0ba963f931, baseline=1.40.0-SNAPSHOT~8ee4a5d6dd
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (683.234 ms) : 0, 683234
BytebuddyAgent [candidate] (680.013 ms) : 0, 680013
GlobalTracer [baseline] (311.609 ms) : 0, 311609
GlobalTracer [candidate] (310.472 ms) : 0, 310472
AppSec [baseline] (53.921 ms) : 0, 53921
AppSec [candidate] (53.551 ms) : 0, 53551
Remote Config [baseline] (665.389 µs) : 0, 665
Remote Config [candidate] (660.274 µs) : 0, 660
Telemetry [baseline] (7.654 ms) : 0, 7654
Telemetry [candidate] (7.648 ms) : 0, 7648
section iast
BytebuddyAgent [baseline] (798.005 ms) : 0, 798005
BytebuddyAgent [candidate] (791.752 ms) : 0, 791752
GlobalTracer [baseline] (301.241 ms) : 0, 301241
GlobalTracer [candidate] (299.297 ms) : 0, 299297
AppSec [baseline] (54.208 ms) : 0, 54208
AppSec [candidate] (55.635 ms) : 0, 55635
IAST [baseline] (24.414 ms) : 0, 24414
IAST [candidate] (22.672 ms) : 0, 22672
Remote Config [baseline] (597.627 µs) : 0, 598
Remote Config [candidate] (617.528 µs) : 0, 618
Telemetry [baseline] (6.933 ms) : 0, 6933
Telemetry [candidate] (7.009 ms) : 0, 7009
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (798.23 ms) : 0, 798230
BytebuddyAgent [candidate] (804.131 ms) : 0, 804131
GlobalTracer [baseline] (300.826 ms) : 0, 300826
GlobalTracer [candidate] (303.724 ms) : 0, 303724
AppSec [baseline] (54.055 ms) : 0, 54055
AppSec [candidate] (56.807 ms) : 0, 56807
IAST [baseline] (24.451 ms) : 0, 24451
IAST [candidate] (21.253 ms) : 0, 21253
Remote Config [baseline] (651.819 µs) : 0, 652
Remote Config [candidate] (623.258 µs) : 0, 623
Telemetry [baseline] (7.048 ms) : 0, 7048
Telemetry [candidate] (7.967 ms) : 0, 7967
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (789.808 ms) : 0, 789808
BytebuddyAgent [candidate] (789.081 ms) : 0, 789081
GlobalTracer [baseline] (300.07 ms) : 0, 300070
GlobalTracer [candidate] (299.535 ms) : 0, 299535
AppSec [baseline] (55.951 ms) : 0, 55951
AppSec [candidate] (56.111 ms) : 0, 56111
IAST [baseline] (22.164 ms) : 0, 22164
IAST [candidate] (22.123 ms) : 0, 22123
Remote Config [baseline] (599.024 µs) : 0, 599
Remote Config [candidate] (611.027 µs) : 0, 611
Telemetry [baseline] (6.861 ms) : 0, 6861
Telemetry [candidate] (6.897 ms) : 0, 6897
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~0ba963f931, baseline=1.40.0-SNAPSHOT~8ee4a5d6dd
dateFormat X
axisFormat %s
section baseline
no_agent (1.337 ms) : 1318, 1357
. : milestone, 1337,
appsec (1.737 ms) : 1714, 1760
. : milestone, 1737,
appsec_no_iast (1.711 ms) : 1686, 1736
. : milestone, 1711,
iast (1.482 ms) : 1459, 1505
. : milestone, 1482,
profiling (1.5 ms) : 1475, 1525
. : milestone, 1500,
tracing (1.471 ms) : 1447, 1495
. : milestone, 1471,
section candidate
no_agent (1.339 ms) : 1319, 1358
. : milestone, 1339,
appsec (1.724 ms) : 1699, 1748
. : milestone, 1724,
appsec_no_iast (1.728 ms) : 1704, 1752
. : milestone, 1728,
iast (1.479 ms) : 1455, 1502
. : milestone, 1479,
profiling (1.487 ms) : 1464, 1511
. : milestone, 1487,
tracing (1.474 ms) : 1450, 1498
. : milestone, 1474,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~0ba963f931, baseline=1.40.0-SNAPSHOT~8ee4a5d6dd
dateFormat X
axisFormat %s
section baseline
no_agent (374.206 µs) : 355, 394
. : milestone, 374,
iast (489.38 µs) : 468, 511
. : milestone, 489,
iast_FULL (553.569 µs) : 532, 575
. : milestone, 554,
iast_GLOBAL (517.742 µs) : 495, 541
. : milestone, 518,
iast_HARDCODED_SECRET_DISABLED (481.77 µs) : 461, 503
. : milestone, 482,
iast_INACTIVE (449.913 µs) : 429, 471
. : milestone, 450,
iast_TELEMETRY_OFF (471.328 µs) : 449, 494
. : milestone, 471,
tracing (436.949 µs) : 417, 457
. : milestone, 437,
section candidate
no_agent (364.563 µs) : 345, 384
. : milestone, 365,
iast (480.134 µs) : 459, 501
. : milestone, 480,
iast_FULL (551.722 µs) : 531, 573
. : milestone, 552,
iast_GLOBAL (521.448 µs) : 498, 545
. : milestone, 521,
iast_HARDCODED_SECRET_DISABLED (483.752 µs) : 462, 505
. : milestone, 484,
iast_INACTIVE (447.884 µs) : 427, 469
. : milestone, 448,
iast_TELEMETRY_OFF (471.779 µs) : 449, 494
. : milestone, 472,
tracing (446.048 µs) : 426, 467
. : milestone, 446,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~0ba963f931, baseline=1.40.0-SNAPSHOT~8ee4a5d6dd
dateFormat X
axisFormat %s
section baseline
no_agent (15.367 s) : 15367000, 15367000
. : milestone, 15367000,
appsec (15.172 s) : 15172000, 15172000
. : milestone, 15172000,
iast (18.9 s) : 18900000, 18900000
. : milestone, 18900000,
iast_GLOBAL (17.77 s) : 17770000, 17770000
. : milestone, 17770000,
profiling (16.052 s) : 16052000, 16052000
. : milestone, 16052000,
tracing (15.328 s) : 15328000, 15328000
. : milestone, 15328000,
section candidate
no_agent (14.888 s) : 14888000, 14888000
. : milestone, 14888000,
appsec (15.361 s) : 15361000, 15361000
. : milestone, 15361000,
iast (18.672 s) : 18672000, 18672000
. : milestone, 18672000,
iast_GLOBAL (18.146 s) : 18146000, 18146000
. : milestone, 18146000,
profiling (15.322 s) : 15322000, 15322000
. : milestone, 15322000,
tracing (15.39 s) : 15390000, 15390000
. : milestone, 15390000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~0ba963f931, baseline=1.40.0-SNAPSHOT~8ee4a5d6dd
dateFormat X
axisFormat %s
section baseline
no_agent (1.459 ms) : 1448, 1471
. : milestone, 1459,
appsec (2.309 ms) : 2269, 2350
. : milestone, 2309,
iast (2.047 ms) : 1997, 2096
. : milestone, 2047,
iast_GLOBAL (2.098 ms) : 2046, 2149
. : milestone, 2098,
profiling (1.923 ms) : 1883, 1963
. : milestone, 1923,
tracing (1.901 ms) : 1862, 1939
. : milestone, 1901,
section candidate
no_agent (1.462 ms) : 1450, 1473
. : milestone, 1462,
appsec (2.322 ms) : 2281, 2363
. : milestone, 2322,
iast (2.058 ms) : 2007, 2110
. : milestone, 2058,
iast_GLOBAL (2.086 ms) : 2035, 2137
. : milestone, 2086,
profiling (1.927 ms) : 1886, 1968
. : milestone, 1927,
tracing (1.888 ms) : 1850, 1926
. : milestone, 1888,
|
dd-java-agent/agent-iast/src/test/resources/redaction/evidence-redaction-suite-with-marks.yml
Outdated
Show resolved
Hide resolved
smola
requested changes
Sep 19, 2024
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Range.java
Outdated
Show resolved
Hide resolved
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/VulnerabilityType.java
Show resolved
Hide resolved
dd-java-agent/agent-iast/src/test/resources/redaction/evidence-redaction-suite-with-marks.yml
Outdated
Show resolved
Hide resolved
…ulnerabity type vs int)
smola
approved these changes
Sep 30, 2024
jandro996
deleted the
alejandro.gonzalez/Send-secure-marks-to-backend
branch
September 30, 2024 09:10
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
secure_marks
field in the IAST JSON, which holds an array of vulnerability types for which the evidence is marked.Motivation
Send vulnerability secure marks to allow backend to recalculate vulnerability score
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-54935