-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for waf_timeout
tag in telemetry
#7696
Add support for waf_timeout
tag in telemetry
#7696
Conversation
internal-api/src/main/java/datadog/trace/api/telemetry/WafMetricCollector.java
Show resolved
Hide resolved
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 52 metrics, 11 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.41.0-SNAPSHOT~40c46e2240, baseline=1.41.0-SNAPSHOT~fd84e8c84a
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.068 s) : 0, 1068221
Total [baseline] (8.574 s) : 0, 8573693
Agent [candidate] (1.069 s) : 0, 1068744
Total [candidate] (8.555 s) : 0, 8554755
section iast
Agent [baseline] (1.203 s) : 0, 1202586
Total [baseline] (9.119 s) : 0, 9119390
Agent [candidate] (1.21 s) : 0, 1209968
Total [candidate] (9.1 s) : 0, 9099872
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.204 s) : 0, 1204199
Total [baseline] (9.075 s) : 0, 9074787
Agent [candidate] (1.196 s) : 0, 1195948
Total [candidate] (9.077 s) : 0, 9077497
section iast_TELEMETRY_OFF
Agent [baseline] (1.193 s) : 0, 1192641
Total [baseline] (9.121 s) : 0, 9121316
Agent [candidate] (1.2 s) : 0, 1199883
Total [candidate] (9.126 s) : 0, 9125606
gantt
title insecure-bank - break down per module: candidate=1.41.0-SNAPSHOT~40c46e2240, baseline=1.41.0-SNAPSHOT~fd84e8c84a
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (681.468 ms) : 0, 681468
BytebuddyAgent [candidate] (681.906 ms) : 0, 681906
GlobalTracer [baseline] (310.97 ms) : 0, 310970
GlobalTracer [candidate] (311.094 ms) : 0, 311094
AppSec [baseline] (53.848 ms) : 0, 53848
AppSec [candidate] (53.736 ms) : 0, 53736
Remote Config [baseline] (655.569 µs) : 0, 656
Remote Config [candidate] (662.955 µs) : 0, 663
Telemetry [baseline] (7.607 ms) : 0, 7607
Telemetry [candidate] (7.643 ms) : 0, 7643
section iast
BytebuddyAgent [baseline] (801.142 ms) : 0, 801142
BytebuddyAgent [candidate] (806.577 ms) : 0, 806577
GlobalTracer [baseline] (301.583 ms) : 0, 301583
GlobalTracer [candidate] (303.205 ms) : 0, 303205
AppSec [baseline] (55.493 ms) : 0, 55493
AppSec [candidate] (55.749 ms) : 0, 55749
IAST [baseline] (22.879 ms) : 0, 22879
IAST [candidate] (22.82 ms) : 0, 22820
Remote Config [baseline] (606.559 µs) : 0, 607
Remote Config [candidate] (613.343 µs) : 0, 613
Telemetry [baseline] (7.118 ms) : 0, 7118
Telemetry [candidate] (7.076 ms) : 0, 7076
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (801.995 ms) : 0, 801995
BytebuddyAgent [candidate] (795.969 ms) : 0, 795969
GlobalTracer [baseline] (302.311 ms) : 0, 302311
GlobalTracer [candidate] (299.958 ms) : 0, 299958
AppSec [baseline] (52.525 ms) : 0, 52525
AppSec [candidate] (53.164 ms) : 0, 53164
IAST [baseline] (25.996 ms) : 0, 25996
IAST [candidate] (25.416 ms) : 0, 25416
Remote Config [baseline] (614.912 µs) : 0, 615
Remote Config [candidate] (617.389 µs) : 0, 617
Telemetry [baseline] (6.996 ms) : 0, 6996
Telemetry [candidate] (7.075 ms) : 0, 7075
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (792.821 ms) : 0, 792821
BytebuddyAgent [candidate] (797.543 ms) : 0, 797543
GlobalTracer [baseline] (300.029 ms) : 0, 300029
GlobalTracer [candidate] (302.256 ms) : 0, 302256
AppSec [baseline] (53.525 ms) : 0, 53525
AppSec [candidate] (55.36 ms) : 0, 55360
IAST [baseline] (25.056 ms) : 0, 25056
IAST [candidate] (23.352 ms) : 0, 23352
Remote Config [baseline] (618.776 µs) : 0, 619
Remote Config [candidate] (613.195 µs) : 0, 613
Telemetry [baseline] (6.918 ms) : 0, 6918
Telemetry [candidate] (6.967 ms) : 0, 6967
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.41.0-SNAPSHOT~40c46e2240, baseline=1.41.0-SNAPSHOT~fd84e8c84a
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.068 s) : 0, 1067662
Total [baseline] (10.388 s) : 0, 10388188
Agent [candidate] (1.072 s) : 0, 1072374
Total [candidate] (10.37 s) : 0, 10370313
section appsec
Agent [baseline] (1.206 s) : 0, 1206483
Total [baseline] (10.582 s) : 0, 10582462
Agent [candidate] (1.209 s) : 0, 1208713
Total [candidate] (10.587 s) : 0, 10587302
section iast
Agent [baseline] (1.198 s) : 0, 1197747
Total [baseline] (10.871 s) : 0, 10870920
Agent [candidate] (1.197 s) : 0, 1196642
Total [candidate] (10.822 s) : 0, 10821585
section profiling
Agent [baseline] (1.271 s) : 0, 1271246
Total [baseline] (10.729 s) : 0, 10729136
Agent [candidate] (1.268 s) : 0, 1267878
Total [candidate] (10.597 s) : 0, 10597023
gantt
title petclinic - break down per module: candidate=1.41.0-SNAPSHOT~40c46e2240, baseline=1.41.0-SNAPSHOT~fd84e8c84a
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (680.899 ms) : 0, 680899
BytebuddyAgent [candidate] (683.044 ms) : 0, 683044
GlobalTracer [baseline] (311.14 ms) : 0, 311140
GlobalTracer [candidate] (313.37 ms) : 0, 313370
AppSec [baseline] (53.742 ms) : 0, 53742
AppSec [candidate] (54.027 ms) : 0, 54027
Remote Config [baseline] (665.612 µs) : 0, 666
Remote Config [candidate] (664.869 µs) : 0, 665
Telemetry [baseline] (7.595 ms) : 0, 7595
Telemetry [candidate] (7.561 ms) : 0, 7561
section appsec
BytebuddyAgent [baseline] (699.717 ms) : 0, 699717
BytebuddyAgent [candidate] (702.116 ms) : 0, 702116
GlobalTracer [baseline] (308.977 ms) : 0, 308977
GlobalTracer [candidate] (309.668 ms) : 0, 309668
AppSec [baseline] (164.492 ms) : 0, 164492
AppSec [candidate] (164.088 ms) : 0, 164088
IAST [baseline] (20.22 ms) : 0, 20220
IAST [candidate] (19.989 ms) : 0, 19989
Remote Config [baseline] (635.814 µs) : 0, 636
Remote Config [candidate] (637.895 µs) : 0, 638
Telemetry [baseline] (8.858 ms) : 0, 8858
Telemetry [candidate] (8.505 ms) : 0, 8505
section iast
BytebuddyAgent [baseline] (798.443 ms) : 0, 798443
BytebuddyAgent [candidate] (796.689 ms) : 0, 796689
GlobalTracer [baseline] (299.936 ms) : 0, 299936
GlobalTracer [candidate] (300.267 ms) : 0, 300267
AppSec [baseline] (55.183 ms) : 0, 55183
AppSec [candidate] (53.211 ms) : 0, 53211
IAST [baseline] (22.811 ms) : 0, 22811
IAST [candidate] (25.105 ms) : 0, 25105
Remote Config [baseline] (603.716 µs) : 0, 604
Remote Config [candidate] (616.112 µs) : 0, 616
Telemetry [baseline] (7.074 ms) : 0, 7074
Telemetry [candidate] (7.066 ms) : 0, 7066
section profiling
BytebuddyAgent [baseline] (676.202 ms) : 0, 676202
BytebuddyAgent [candidate] (675.873 ms) : 0, 675873
GlobalTracer [baseline] (396.063 ms) : 0, 396063
GlobalTracer [candidate] (393.928 ms) : 0, 393928
AppSec [baseline] (55.042 ms) : 0, 55042
AppSec [candidate] (54.944 ms) : 0, 54944
Remote Config [baseline] (659.443 µs) : 0, 659
Remote Config [candidate] (654.3 µs) : 0, 654
Telemetry [baseline] (7.479 ms) : 0, 7479
Telemetry [candidate] (7.452 ms) : 0, 7452
ProfilingAgent [baseline] (97.141 ms) : 0, 97141
ProfilingAgent [candidate] (96.382 ms) : 0, 96382
Profiling [baseline] (97.165 ms) : 0, 97165
Profiling [candidate] (96.406 ms) : 0, 96406
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.41.0-SNAPSHOT~40c46e2240, baseline=1.41.0-SNAPSHOT~fd84e8c84a
dateFormat X
axisFormat %s
section baseline
no_agent (369.284 µs) : 350, 389
. : milestone, 369,
iast (488.603 µs) : 467, 510
. : milestone, 489,
iast_FULL (552.626 µs) : 532, 574
. : milestone, 553,
iast_GLOBAL (514.196 µs) : 492, 537
. : milestone, 514,
iast_HARDCODED_SECRET_DISABLED (479.818 µs) : 459, 501
. : milestone, 480,
iast_INACTIVE (435.138 µs) : 415, 455
. : milestone, 435,
iast_TELEMETRY_OFF (467.318 µs) : 446, 488
. : milestone, 467,
tracing (445.17 µs) : 424, 466
. : milestone, 445,
section candidate
no_agent (368.69 µs) : 349, 389
. : milestone, 369,
iast (479.736 µs) : 458, 501
. : milestone, 480,
iast_FULL (553.571 µs) : 532, 575
. : milestone, 554,
iast_GLOBAL (508.197 µs) : 487, 530
. : milestone, 508,
iast_HARDCODED_SECRET_DISABLED (476.922 µs) : 456, 498
. : milestone, 477,
iast_INACTIVE (438.602 µs) : 418, 459
. : milestone, 439,
iast_TELEMETRY_OFF (468.55 µs) : 447, 490
. : milestone, 469,
tracing (444.517 µs) : 424, 465
. : milestone, 445,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.41.0-SNAPSHOT~40c46e2240, baseline=1.41.0-SNAPSHOT~fd84e8c84a
dateFormat X
axisFormat %s
section baseline
no_agent (1.347 ms) : 1327, 1367
. : milestone, 1347,
appsec (1.686 ms) : 1663, 1708
. : milestone, 1686,
appsec_no_iast (1.704 ms) : 1679, 1728
. : milestone, 1704,
iast (1.47 ms) : 1447, 1493
. : milestone, 1470,
profiling (1.475 ms) : 1450, 1499
. : milestone, 1475,
tracing (1.455 ms) : 1431, 1480
. : milestone, 1455,
section candidate
no_agent (1.32 ms) : 1300, 1340
. : milestone, 1320,
appsec (1.7 ms) : 1676, 1725
. : milestone, 1700,
appsec_no_iast (1.728 ms) : 1704, 1752
. : milestone, 1728,
iast (1.479 ms) : 1456, 1501
. : milestone, 1479,
profiling (1.477 ms) : 1452, 1501
. : milestone, 1477,
tracing (1.486 ms) : 1462, 1510
. : milestone, 1486,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.41.0-SNAPSHOT~40c46e2240, baseline=1.41.0-SNAPSHOT~fd84e8c84a
dateFormat X
axisFormat %s
section baseline
no_agent (1.466 ms) : 1454, 1477
. : milestone, 1466,
appsec (2.291 ms) : 2251, 2331
. : milestone, 2291,
iast (2.056 ms) : 2004, 2107
. : milestone, 2056,
iast_GLOBAL (2.1 ms) : 2048, 2152
. : milestone, 2100,
profiling (1.929 ms) : 1888, 1970
. : milestone, 1929,
tracing (1.902 ms) : 1862, 1941
. : milestone, 1902,
section candidate
no_agent (1.46 ms) : 1448, 1471
. : milestone, 1460,
appsec (2.305 ms) : 2264, 2345
. : milestone, 2305,
iast (2.057 ms) : 2006, 2108
. : milestone, 2057,
iast_GLOBAL (2.103 ms) : 2051, 2155
. : milestone, 2103,
profiling (1.929 ms) : 1889, 1970
. : milestone, 1929,
tracing (1.897 ms) : 1858, 1936
. : milestone, 1897,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.41.0-SNAPSHOT~40c46e2240, baseline=1.41.0-SNAPSHOT~fd84e8c84a
dateFormat X
axisFormat %s
section baseline
no_agent (16.041 s) : 16041000, 16041000
. : milestone, 16041000,
appsec (14.922 s) : 14922000, 14922000
. : milestone, 14922000,
iast (18.99 s) : 18990000, 18990000
. : milestone, 18990000,
iast_GLOBAL (17.999 s) : 17999000, 17999000
. : milestone, 17999000,
profiling (15.0 s) : 15000000, 15000000
. : milestone, 15000000,
tracing (15.005 s) : 15005000, 15005000
. : milestone, 15005000,
section candidate
no_agent (15.114 s) : 15114000, 15114000
. : milestone, 15114000,
appsec (15.247 s) : 15247000, 15247000
. : milestone, 15247000,
iast (18.638 s) : 18638000, 18638000
. : milestone, 18638000,
iast_GLOBAL (17.824 s) : 17824000, 17824000
. : milestone, 17824000,
profiling (15.34 s) : 15340000, 15340000
. : milestone, 15340000,
tracing (15.295 s) : 15295000, 15295000
. : milestone, 15295000,
|
...ava-agent/appsec/src/test/groovy/com/datadog/appsec/powerwaf/PowerWAFModuleForkedTest.groovy
Outdated
Show resolved
Hide resolved
… (performance wise)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
As a side note, continuously adding tags to the metric, when they are mostly exclusive, only makes the code hard to reason about. Probably we could have done it with a single tag with the different possible values: normal
, rule_triggered
, blocked
, waf_timeout
and excluded
Sounds good to me, maybe it will be a good idea to translate your thoughts to the Conflunce page that defines the WAF Telemetry |
What Does This Do
Add
waf_timeout
tag todd.instrumentation_telemetry_data.appsec.waf.requests
metricMotivation
This will allow us to better understand WAF timeout behaviours, possibly helping us to: improve the default, and spot performance issues.
Additional Notes
for the metric
dd.instrumentation_telemetry_data.appsec.waf.requests
not all combinations of the Boolean tags are valid.These are the valid combinations:
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-10829