-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed closing WAF context #7681
Fixed closing WAF context #7681
Conversation
7ad360b
to
0a8eeb8
Compare
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 48 metrics, 15 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.40.0-SNAPSHOT~cc6603d80f, baseline=1.40.0-SNAPSHOT~59ce38a456
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.078 s) : 0, 1077663
Total [baseline] (10.36 s) : 0, 10360346
Agent [candidate] (1.066 s) : 0, 1066011
Total [candidate] (10.337 s) : 0, 10336570
section appsec
Agent [baseline] (1.196 s) : 0, 1195715
Total [baseline] (10.56 s) : 0, 10560183
Agent [candidate] (1.21 s) : 0, 1209515
Total [candidate] (10.658 s) : 0, 10657854
section iast
Agent [baseline] (1.2 s) : 0, 1200309
Total [baseline] (10.839 s) : 0, 10838626
Agent [candidate] (1.209 s) : 0, 1208514
Total [candidate] (10.797 s) : 0, 10797214
section profiling
Agent [baseline] (1.267 s) : 0, 1267128
Total [baseline] (10.67 s) : 0, 10670065
Agent [candidate] (1.27 s) : 0, 1270229
Total [candidate] (10.544 s) : 0, 10543705
gantt
title petclinic - break down per module: candidate=1.40.0-SNAPSHOT~cc6603d80f, baseline=1.40.0-SNAPSHOT~59ce38a456
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.436 ms) : 0, 687436
BytebuddyAgent [candidate] (679.938 ms) : 0, 679938
GlobalTracer [baseline] (313.735 ms) : 0, 313735
GlobalTracer [candidate] (310.474 ms) : 0, 310474
AppSec [baseline] (54.26 ms) : 0, 54260
AppSec [candidate] (53.773 ms) : 0, 53773
Remote Config [baseline] (670.985 µs) : 0, 671
Remote Config [candidate] (657.859 µs) : 0, 658
Telemetry [baseline] (7.76 ms) : 0, 7760
Telemetry [candidate] (7.585 ms) : 0, 7585
section appsec
BytebuddyAgent [baseline] (695.364 ms) : 0, 695364
BytebuddyAgent [candidate] (707.363 ms) : 0, 707363
GlobalTracer [baseline] (306.403 ms) : 0, 306403
GlobalTracer [candidate] (305.268 ms) : 0, 305268
AppSec [baseline] (161.983 ms) : 0, 161983
AppSec [candidate] (162.871 ms) : 0, 162871
Remote Config [baseline] (648.318 µs) : 0, 648
Remote Config [candidate] (652.073 µs) : 0, 652
Telemetry [baseline] (7.865 ms) : 0, 7865
Telemetry [candidate] (9.261 ms) : 0, 9261
IAST [baseline] (19.753 ms) : 0, 19753
IAST [candidate] (20.735 ms) : 0, 20735
section iast
BytebuddyAgent [baseline] (799.043 ms) : 0, 799043
BytebuddyAgent [candidate] (804.657 ms) : 0, 804657
GlobalTracer [baseline] (301.416 ms) : 0, 301416
GlobalTracer [candidate] (303.191 ms) : 0, 303191
AppSec [baseline] (54.617 ms) : 0, 54617
AppSec [candidate] (55.874 ms) : 0, 55874
Remote Config [baseline] (637.347 µs) : 0, 637
Remote Config [candidate] (605.464 µs) : 0, 605
Telemetry [baseline] (7.91 ms) : 0, 7910
Telemetry [candidate] (7.19 ms) : 0, 7190
IAST [baseline] (22.937 ms) : 0, 22937
IAST [candidate] (23.145 ms) : 0, 23145
section profiling
ProfilingAgent [baseline] (97.105 ms) : 0, 97105
ProfilingAgent [candidate] (96.928 ms) : 0, 96928
BytebuddyAgent [baseline] (673.516 ms) : 0, 673516
BytebuddyAgent [candidate] (676.098 ms) : 0, 676098
GlobalTracer [baseline] (394.932 ms) : 0, 394932
GlobalTracer [candidate] (395.786 ms) : 0, 395786
AppSec [baseline] (54.796 ms) : 0, 54796
AppSec [candidate] (54.634 ms) : 0, 54634
Remote Config [baseline] (658.48 µs) : 0, 658
Remote Config [candidate] (654.393 µs) : 0, 654
Telemetry [baseline] (7.538 ms) : 0, 7538
Telemetry [candidate] (7.492 ms) : 0, 7492
Profiling [baseline] (97.129 ms) : 0, 97129
Profiling [candidate] (96.952 ms) : 0, 96952
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.40.0-SNAPSHOT~cc6603d80f, baseline=1.40.0-SNAPSHOT~59ce38a456
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.073 s) : 0, 1072921
Total [baseline] (8.572 s) : 0, 8571799
Agent [candidate] (1.069 s) : 0, 1068514
Total [candidate] (8.533 s) : 0, 8533395
section iast
Agent [baseline] (1.186 s) : 0, 1185713
Total [baseline] (9.032 s) : 0, 9032449
Agent [candidate] (1.186 s) : 0, 1185818
Total [candidate] (8.998 s) : 0, 8998241
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.192 s) : 0, 1192241
Total [baseline] (8.978 s) : 0, 8978306
Agent [candidate] (1.207 s) : 0, 1206557
Total [candidate] (8.999 s) : 0, 8998510
section iast_TELEMETRY_OFF
Agent [baseline] (1.195 s) : 0, 1195277
Total [baseline] (9.047 s) : 0, 9046891
Agent [candidate] (1.187 s) : 0, 1187047
Total [candidate] (9.025 s) : 0, 9024926
gantt
title insecure-bank - break down per module: candidate=1.40.0-SNAPSHOT~cc6603d80f, baseline=1.40.0-SNAPSHOT~59ce38a456
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (684.853 ms) : 0, 684853
BytebuddyAgent [candidate] (683.608 ms) : 0, 683608
GlobalTracer [baseline] (312.062 ms) : 0, 312062
GlobalTracer [candidate] (309.686 ms) : 0, 309686
AppSec [baseline] (53.94 ms) : 0, 53940
AppSec [candidate] (53.329 ms) : 0, 53329
Remote Config [baseline] (659.12 µs) : 0, 659
Remote Config [candidate] (662.143 µs) : 0, 662
Telemetry [baseline] (7.647 ms) : 0, 7647
Telemetry [candidate] (7.55 ms) : 0, 7550
section iast
BytebuddyAgent [baseline] (788.919 ms) : 0, 788919
BytebuddyAgent [candidate] (788.959 ms) : 0, 788959
GlobalTracer [baseline] (298.019 ms) : 0, 298019
GlobalTracer [candidate] (298.581 ms) : 0, 298581
AppSec [baseline] (52.965 ms) : 0, 52965
AppSec [candidate] (55.063 ms) : 0, 55063
IAST [baseline] (23.665 ms) : 0, 23665
IAST [candidate] (21.937 ms) : 0, 21937
Remote Config [baseline] (632.165 µs) : 0, 632
Remote Config [candidate] (642.234 µs) : 0, 642
Telemetry [baseline] (7.89 ms) : 0, 7890
Telemetry [candidate] (7.048 ms) : 0, 7048
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (792.978 ms) : 0, 792978
BytebuddyAgent [candidate] (802.813 ms) : 0, 802813
GlobalTracer [baseline] (299.85 ms) : 0, 299850
GlobalTracer [candidate] (302.925 ms) : 0, 302925
AppSec [baseline] (55.336 ms) : 0, 55336
AppSec [candidate] (55.595 ms) : 0, 55595
IAST [baseline] (22.749 ms) : 0, 22749
IAST [candidate] (23.629 ms) : 0, 23629
Remote Config [baseline] (604.103 µs) : 0, 604
Remote Config [candidate] (611.015 µs) : 0, 611
Telemetry [baseline] (7.073 ms) : 0, 7073
Telemetry [candidate] (7.156 ms) : 0, 7156
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (794.386 ms) : 0, 794386
BytebuddyAgent [candidate] (788.556 ms) : 0, 788556
GlobalTracer [baseline] (301.139 ms) : 0, 301139
GlobalTracer [candidate] (299.179 ms) : 0, 299179
AppSec [baseline] (53.482 ms) : 0, 53482
AppSec [candidate] (57.147 ms) : 0, 57147
IAST [baseline] (25.052 ms) : 0, 25052
IAST [candidate] (20.942 ms) : 0, 20942
Remote Config [baseline] (617.956 µs) : 0, 618
Remote Config [candidate] (613.38 µs) : 0, 613
Telemetry [baseline] (6.859 ms) : 0, 6859
Telemetry [candidate] (6.964 ms) : 0, 6964
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~cc6603d80f, baseline=1.40.0-SNAPSHOT~59ce38a456
dateFormat X
axisFormat %s
section baseline
no_agent (377.045 µs) : 357, 397
. : milestone, 377,
iast (490.837 µs) : 469, 512
. : milestone, 491,
iast_FULL (560.323 µs) : 539, 582
. : milestone, 560,
iast_GLOBAL (509.77 µs) : 489, 531
. : milestone, 510,
iast_HARDCODED_SECRET_DISABLED (486.092 µs) : 465, 507
. : milestone, 486,
iast_INACTIVE (449.854 µs) : 429, 471
. : milestone, 450,
iast_TELEMETRY_OFF (484.299 µs) : 461, 508
. : milestone, 484,
tracing (452.582 µs) : 432, 474
. : milestone, 453,
section candidate
no_agent (373.571 µs) : 354, 393
. : milestone, 374,
iast (489.844 µs) : 469, 511
. : milestone, 490,
iast_FULL (559.231 µs) : 538, 580
. : milestone, 559,
iast_GLOBAL (509.462 µs) : 489, 530
. : milestone, 509,
iast_HARDCODED_SECRET_DISABLED (484.751 µs) : 464, 506
. : milestone, 485,
iast_INACTIVE (457.252 µs) : 436, 479
. : milestone, 457,
iast_TELEMETRY_OFF (484.444 µs) : 461, 507
. : milestone, 484,
tracing (446.591 µs) : 426, 467
. : milestone, 447,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.40.0-SNAPSHOT~cc6603d80f, baseline=1.40.0-SNAPSHOT~59ce38a456
dateFormat X
axisFormat %s
section baseline
no_agent (1.343 ms) : 1323, 1362
. : milestone, 1343,
appsec (1.701 ms) : 1676, 1726
. : milestone, 1701,
appsec_no_iast (1.721 ms) : 1697, 1745
. : milestone, 1721,
iast (1.485 ms) : 1461, 1508
. : milestone, 1485,
profiling (1.48 ms) : 1455, 1504
. : milestone, 1480,
tracing (1.45 ms) : 1424, 1475
. : milestone, 1450,
section candidate
no_agent (1.357 ms) : 1338, 1376
. : milestone, 1357,
appsec (1.715 ms) : 1689, 1740
. : milestone, 1715,
appsec_no_iast (1.702 ms) : 1677, 1726
. : milestone, 1702,
iast (1.474 ms) : 1451, 1497
. : milestone, 1474,
profiling (1.524 ms) : 1499, 1549
. : milestone, 1524,
tracing (1.476 ms) : 1452, 1501
. : milestone, 1476,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~cc6603d80f, baseline=1.40.0-SNAPSHOT~59ce38a456
dateFormat X
axisFormat %s
section baseline
no_agent (15.19 s) : 15190000, 15190000
. : milestone, 15190000,
appsec (15.348 s) : 15348000, 15348000
. : milestone, 15348000,
iast (18.645 s) : 18645000, 18645000
. : milestone, 18645000,
iast_GLOBAL (18.05 s) : 18050000, 18050000
. : milestone, 18050000,
profiling (15.209 s) : 15209000, 15209000
. : milestone, 15209000,
tracing (15.265 s) : 15265000, 15265000
. : milestone, 15265000,
section candidate
no_agent (15.124 s) : 15124000, 15124000
. : milestone, 15124000,
appsec (15.096 s) : 15096000, 15096000
. : milestone, 15096000,
iast (18.942 s) : 18942000, 18942000
. : milestone, 18942000,
iast_GLOBAL (17.793 s) : 17793000, 17793000
. : milestone, 17793000,
profiling (15.939 s) : 15939000, 15939000
. : milestone, 15939000,
tracing (14.74 s) : 14740000, 14740000
. : milestone, 14740000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.40.0-SNAPSHOT~cc6603d80f, baseline=1.40.0-SNAPSHOT~59ce38a456
dateFormat X
axisFormat %s
section baseline
no_agent (1.465 ms) : 1453, 1476
. : milestone, 1465,
appsec (2.295 ms) : 2256, 2335
. : milestone, 2295,
iast (2.039 ms) : 1989, 2089
. : milestone, 2039,
iast_GLOBAL (2.095 ms) : 2044, 2146
. : milestone, 2095,
profiling (2.379 ms) : 2200, 2559
. : milestone, 2379,
tracing (1.893 ms) : 1855, 1932
. : milestone, 1893,
section candidate
no_agent (1.461 ms) : 1450, 1473
. : milestone, 1461,
appsec (2.281 ms) : 2242, 2321
. : milestone, 2281,
iast (2.047 ms) : 1997, 2097
. : milestone, 2047,
iast_GLOBAL (2.083 ms) : 2034, 2133
. : milestone, 2083,
profiling (1.916 ms) : 1877, 1956
. : milestone, 1916,
tracing (1.887 ms) : 1849, 1925
. : milestone, 1887,
|
@@ -204,6 +205,7 @@ public void closeAdditive() { | |||
if (additive != null) { | |||
try { | |||
additive.close(); | |||
additiveClosed = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could be in the finally block, to make sure it's marked as closed if additive.close throws?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, Done
@@ -205,6 +206,7 @@ public void closeAdditive() { | |||
try { | |||
additive.close(); | |||
} finally { | |||
additiveClosed = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a small change of a race condition here after the additive is closed, one thing you can do is to set the additiveClosed
before closing the additive, since both variables are volatile it should work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
cc6603d
to
a4ade47
Compare
What Does This Do
Added extra checks to prevent occurring exceptions, in case the WAF context was closed earlier during the race condition.
Motivation
Reported exception from customers' service
Additional Notes
Occasional exceptions were observed when the root span and SQL query span executed concurrently. This created a risk of a race condition, where the WAF context could be prematurely closed and finalized before all parallel spans completed. Upon further investigation, the following issues were identified:
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-55391