-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add taint propagation to the String indent method #7707
Conversation
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 53 metrics, 10 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.41.0-SNAPSHOT~07d7781ed1, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.08 s) : 0, 1080167
Total [baseline] (10.473 s) : 0, 10472778
Agent [candidate] (1.088 s) : 0, 1088448
Total [candidate] (10.521 s) : 0, 10520733
section appsec
Agent [baseline] (1.204 s) : 0, 1204349
Total [baseline] (10.669 s) : 0, 10668557
Agent [candidate] (1.211 s) : 0, 1211093
Total [candidate] (10.645 s) : 0, 10644709
section iast
Agent [baseline] (1.199 s) : 0, 1199264
Total [baseline] (10.886 s) : 0, 10886440
Agent [candidate] (1.2 s) : 0, 1200032
Total [candidate] (10.893 s) : 0, 10892986
section profiling
Agent [baseline] (1.292 s) : 0, 1292031
Total [baseline] (10.829 s) : 0, 10829483
Agent [candidate] (1.281 s) : 0, 1281437
Total [candidate] (10.658 s) : 0, 10658263
gantt
title petclinic - break down per module: candidate=1.41.0-SNAPSHOT~07d7781ed1, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (689.306 ms) : 0, 689306
BytebuddyAgent [candidate] (694.464 ms) : 0, 694464
GlobalTracer [baseline] (314.444 ms) : 0, 314444
GlobalTracer [candidate] (316.942 ms) : 0, 316942
AppSec [baseline] (54.119 ms) : 0, 54119
AppSec [candidate] (54.577 ms) : 0, 54577
Remote Config [baseline] (664.492 µs) : 0, 664
Remote Config [candidate] (676.431 µs) : 0, 676
Telemetry [baseline] (7.759 ms) : 0, 7759
Telemetry [candidate] (7.799 ms) : 0, 7799
section appsec
BytebuddyAgent [baseline] (700.379 ms) : 0, 700379
BytebuddyAgent [candidate] (702.727 ms) : 0, 702727
GlobalTracer [baseline] (308.279 ms) : 0, 308279
GlobalTracer [candidate] (310.362 ms) : 0, 310362
AppSec [baseline] (163.354 ms) : 0, 163354
AppSec [candidate] (163.919 ms) : 0, 163919
IAST [baseline] (20.125 ms) : 0, 20125
IAST [candidate] (22.054 ms) : 0, 22054
Remote Config [baseline] (638.143 µs) : 0, 638
Remote Config [candidate] (641.569 µs) : 0, 642
Telemetry [baseline] (7.875 ms) : 0, 7875
Telemetry [candidate] (8.559 ms) : 0, 8559
section iast
BytebuddyAgent [baseline] (798.42 ms) : 0, 798420
BytebuddyAgent [candidate] (798.976 ms) : 0, 798976
GlobalTracer [baseline] (300.989 ms) : 0, 300989
GlobalTracer [candidate] (301.122 ms) : 0, 301122
AppSec [baseline] (54.785 ms) : 0, 54785
AppSec [candidate] (55.348 ms) : 0, 55348
IAST [baseline] (23.521 ms) : 0, 23521
IAST [candidate] (23.084 ms) : 0, 23084
Remote Config [baseline] (619.443 µs) : 0, 619
Remote Config [candidate] (606.284 µs) : 0, 606
Telemetry [baseline] (7.134 ms) : 0, 7134
Telemetry [candidate] (7.08 ms) : 0, 7080
section profiling
BytebuddyAgent [baseline] (687.661 ms) : 0, 687661
BytebuddyAgent [candidate] (683.27 ms) : 0, 683270
GlobalTracer [baseline] (401.834 ms) : 0, 401834
GlobalTracer [candidate] (398.073 ms) : 0, 398073
AppSec [baseline] (55.713 ms) : 0, 55713
AppSec [candidate] (55.037 ms) : 0, 55037
Remote Config [baseline] (665.843 µs) : 0, 666
Remote Config [candidate] (682.575 µs) : 0, 683
Telemetry [baseline] (7.639 ms) : 0, 7639
Telemetry [candidate] (7.562 ms) : 0, 7562
ProfilingAgent [baseline] (99.031 ms) : 0, 99031
ProfilingAgent [candidate] (97.574 ms) : 0, 97574
Profiling [baseline] (99.055 ms) : 0, 99055
Profiling [candidate] (97.598 ms) : 0, 97598
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.41.0-SNAPSHOT~07d7781ed1, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.081 s) : 0, 1081274
Total [baseline] (8.592 s) : 0, 8592477
Agent [candidate] (1.086 s) : 0, 1086258
Total [candidate] (8.665 s) : 0, 8665234
section iast
Agent [baseline] (1.202 s) : 0, 1201976
Total [baseline] (9.094 s) : 0, 9094498
Agent [candidate] (1.209 s) : 0, 1209455
Total [candidate] (9.112 s) : 0, 9112342
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.198 s) : 0, 1198479
Total [baseline] (9.106 s) : 0, 9106452
Agent [candidate] (1.202 s) : 0, 1201953
Total [candidate] (9.1 s) : 0, 9099808
section iast_TELEMETRY_OFF
Agent [baseline] (1.194 s) : 0, 1194189
Total [baseline] (9.129 s) : 0, 9128717
Agent [candidate] (1.206 s) : 0, 1205979
Total [candidate] (9.129 s) : 0, 9129338
gantt
title insecure-bank - break down per module: candidate=1.41.0-SNAPSHOT~07d7781ed1, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (690.678 ms) : 0, 690678
BytebuddyAgent [candidate] (693.736 ms) : 0, 693736
GlobalTracer [baseline] (313.9 ms) : 0, 313900
GlobalTracer [candidate] (315.704 ms) : 0, 315704
AppSec [baseline] (54.376 ms) : 0, 54376
AppSec [candidate] (54.38 ms) : 0, 54380
Remote Config [baseline] (667.957 µs) : 0, 668
Remote Config [candidate] (668.222 µs) : 0, 668
Telemetry [baseline] (7.783 ms) : 0, 7783
Telemetry [candidate] (7.789 ms) : 0, 7789
section iast
BytebuddyAgent [baseline] (800.043 ms) : 0, 800043
BytebuddyAgent [candidate] (805.709 ms) : 0, 805709
GlobalTracer [baseline] (301.692 ms) : 0, 301692
GlobalTracer [candidate] (303.347 ms) : 0, 303347
AppSec [baseline] (53.384 ms) : 0, 53384
AppSec [candidate] (55.015 ms) : 0, 55015
IAST [baseline] (25.34 ms) : 0, 25340
IAST [candidate] (23.707 ms) : 0, 23707
Remote Config [baseline] (603.041 µs) : 0, 603
Remote Config [candidate] (604.639 µs) : 0, 605
Telemetry [baseline] (7.063 ms) : 0, 7063
Telemetry [candidate] (7.146 ms) : 0, 7146
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (797.131 ms) : 0, 797131
BytebuddyAgent [candidate] (800.231 ms) : 0, 800231
GlobalTracer [baseline] (300.875 ms) : 0, 300875
GlobalTracer [candidate] (301.522 ms) : 0, 301522
AppSec [baseline] (55.834 ms) : 0, 55834
AppSec [candidate] (56.419 ms) : 0, 56419
IAST [baseline] (23.042 ms) : 0, 23042
IAST [candidate] (22.147 ms) : 0, 22147
Remote Config [baseline] (614.203 µs) : 0, 614
Remote Config [candidate] (598.609 µs) : 0, 599
Telemetry [baseline] (7.122 ms) : 0, 7122
Telemetry [candidate] (7.096 ms) : 0, 7096
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (794.465 ms) : 0, 794465
BytebuddyAgent [candidate] (802.43 ms) : 0, 802430
GlobalTracer [baseline] (299.993 ms) : 0, 299993
GlobalTracer [candidate] (302.628 ms) : 0, 302628
AppSec [baseline] (57.403 ms) : 0, 57403
AppSec [candidate] (56.32 ms) : 0, 56320
IAST [baseline] (20.798 ms) : 0, 20798
IAST [candidate] (22.935 ms) : 0, 22935
Remote Config [baseline] (624.757 µs) : 0, 625
Remote Config [candidate] (616.25 µs) : 0, 616
Telemetry [baseline] (7.073 ms) : 0, 7073
Telemetry [candidate] (7.084 ms) : 0, 7084
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics. Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.41.0-SNAPSHOT~07d7781ed1, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section baseline
no_agent (1.336 ms) : 1316, 1355
. : milestone, 1336,
appsec (1.736 ms) : 1712, 1760
. : milestone, 1736,
appsec_no_iast (1.742 ms) : 1718, 1766
. : milestone, 1742,
iast (1.487 ms) : 1464, 1509
. : milestone, 1487,
profiling (1.491 ms) : 1466, 1516
. : milestone, 1491,
tracing (1.465 ms) : 1441, 1489
. : milestone, 1465,
section candidate
no_agent (1.344 ms) : 1325, 1363
. : milestone, 1344,
appsec (1.735 ms) : 1711, 1758
. : milestone, 1735,
appsec_no_iast (1.719 ms) : 1694, 1743
. : milestone, 1719,
iast (1.499 ms) : 1477, 1521
. : milestone, 1499,
profiling (1.51 ms) : 1486, 1534
. : milestone, 1510,
tracing (1.471 ms) : 1447, 1495
. : milestone, 1471,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.41.0-SNAPSHOT~07d7781ed1, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section baseline
no_agent (373.968 µs) : 354, 394
. : milestone, 374,
iast (491.288 µs) : 470, 512
. : milestone, 491,
iast_FULL (558.537 µs) : 537, 580
. : milestone, 559,
iast_GLOBAL (514.507 µs) : 493, 536
. : milestone, 515,
iast_HARDCODED_SECRET_DISABLED (498.838 µs) : 478, 520
. : milestone, 499,
iast_INACTIVE (454.844 µs) : 434, 476
. : milestone, 455,
iast_TELEMETRY_OFF (481.863 µs) : 461, 503
. : milestone, 482,
tracing (453.534 µs) : 433, 474
. : milestone, 454,
section candidate
no_agent (370.77 µs) : 349, 393
. : milestone, 371,
iast (496.896 µs) : 475, 519
. : milestone, 497,
iast_FULL (558.267 µs) : 537, 579
. : milestone, 558,
iast_GLOBAL (513.907 µs) : 492, 536
. : milestone, 514,
iast_HARDCODED_SECRET_DISABLED (491.903 µs) : 471, 513
. : milestone, 492,
iast_INACTIVE (457.694 µs) : 437, 479
. : milestone, 458,
iast_TELEMETRY_OFF (473.795 µs) : 453, 495
. : milestone, 474,
tracing (454.358 µs) : 434, 475
. : milestone, 454,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.41.0-SNAPSHOT~07d7781ed1, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section baseline
no_agent (15.846 s) : 15846000, 15846000
. : milestone, 15846000,
appsec (15.162 s) : 15162000, 15162000
. : milestone, 15162000,
iast (18.826 s) : 18826000, 18826000
. : milestone, 18826000,
iast_GLOBAL (18.141 s) : 18141000, 18141000
. : milestone, 18141000,
profiling (15.369 s) : 15369000, 15369000
. : milestone, 15369000,
tracing (15.209 s) : 15209000, 15209000
. : milestone, 15209000,
section candidate
no_agent (15.096 s) : 15096000, 15096000
. : milestone, 15096000,
appsec (15.013 s) : 15013000, 15013000
. : milestone, 15013000,
iast (18.71 s) : 18710000, 18710000
. : milestone, 18710000,
iast_GLOBAL (18.353 s) : 18353000, 18353000
. : milestone, 18353000,
profiling (15.283 s) : 15283000, 15283000
. : milestone, 15283000,
tracing (15.454 s) : 15454000, 15454000
. : milestone, 15454000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.41.0-SNAPSHOT~07d7781ed1, baseline=1.41.0-SNAPSHOT~919bf01a5f
dateFormat X
axisFormat %s
section baseline
no_agent (1.475 ms) : 1463, 1486
. : milestone, 1475,
appsec (2.337 ms) : 2296, 2378
. : milestone, 2337,
iast (2.077 ms) : 2026, 2128
. : milestone, 2077,
iast_GLOBAL (2.118 ms) : 2066, 2170
. : milestone, 2118,
profiling (1.939 ms) : 1896, 1982
. : milestone, 1939,
tracing (1.931 ms) : 1891, 1971
. : milestone, 1931,
section candidate
no_agent (1.475 ms) : 1463, 1486
. : milestone, 1475,
appsec (2.346 ms) : 2305, 2386
. : milestone, 2346,
iast (2.087 ms) : 2035, 2139
. : milestone, 2087,
iast_GLOBAL (2.127 ms) : 2074, 2179
. : milestone, 2127,
profiling (1.955 ms) : 1913, 1997
. : milestone, 1955,
tracing (1.927 ms) : 1887, 1966
. : milestone, 1927,
|
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Ranges.java
Outdated
Show resolved
Hide resolved
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Ranges.java
Outdated
Show resolved
Hide resolved
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/taint/Ranges.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, Good job!
What Does This Do
This adds the instrumentation to propagate the taint values through the method of
String
calledindent
. This method are only available from version 17 of Java.Motivation
Increase propagation of
String
methodsAdditional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-5758