-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attach stacktrace to IAST vulnerabilities #7757
Merged
jandro996
merged 32 commits into
master
from
alejandro.gonzalez/add-stacktrace-to-iast-vulns
Oct 25, 2024
Merged
Attach stacktrace to IAST vulnerabilities #7757
jandro996
merged 32 commits into
master
from
alejandro.gonzalez/add-stacktrace-to-iast-vulns
Oct 25, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jandro996
commented
Oct 11, 2024
communication/src/main/java/datadog/communication/serialization/Codec.java
Outdated
Show resolved
Hide resolved
jandro996
commented
Oct 11, 2024
communication/src/test/java/datadog/communication/serialization/msgpack/MsgPackWriterTest.java
Outdated
Show resolved
Hide resolved
jandro996
commented
Oct 11, 2024
dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/ReporterTest.groovy
Show resolved
Hide resolved
jandro996
commented
Oct 11, 2024
dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/ReporterTest.groovy
Outdated
Show resolved
Hide resolved
jandro996
commented
Oct 11, 2024
dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/ReporterTest.groovy
Outdated
Show resolved
Hide resolved
jandro996
commented
Oct 11, 2024
dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java
Outdated
Show resolved
Hide resolved
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 9 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.42.0-SNAPSHOT~57a353bb4a, baseline=1.42.0-SNAPSHOT~ec5eedcf29
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.087 s) : 0, 1086945
Total [baseline] (8.598 s) : 0, 8597752
Agent [candidate] (1.088 s) : 0, 1088191
Total [candidate] (8.641 s) : 0, 8640602
section iast
Agent [baseline] (1.201 s) : 0, 1201442
Total [baseline] (9.141 s) : 0, 9141369
Agent [candidate] (1.204 s) : 0, 1204240
Total [candidate] (9.128 s) : 0, 9127991
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.21 s) : 0, 1210048
Total [baseline] (9.094 s) : 0, 9093717
Agent [candidate] (1.204 s) : 0, 1204129
Total [candidate] (9.136 s) : 0, 9136219
section iast_TELEMETRY_OFF
Agent [baseline] (1.212 s) : 0, 1212389
Total [baseline] (9.159 s) : 0, 9159389
Agent [candidate] (1.203 s) : 0, 1203402
Total [candidate] (9.119 s) : 0, 9118663
gantt
title insecure-bank - break down per module: candidate=1.42.0-SNAPSHOT~57a353bb4a, baseline=1.42.0-SNAPSHOT~ec5eedcf29
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (692.003 ms) : 0, 692003
BytebuddyAgent [candidate] (692.01 ms) : 0, 692010
GlobalTracer [baseline] (315.723 ms) : 0, 315723
GlobalTracer [candidate] (317.893 ms) : 0, 317893
AppSec [baseline] (54.207 ms) : 0, 54207
AppSec [candidate] (54.665 ms) : 0, 54665
Remote Config [baseline] (659.786 µs) : 0, 660
Remote Config [candidate] (665.587 µs) : 0, 666
Telemetry [baseline] (10.579 ms) : 0, 10579
Telemetry [candidate] (9.192 ms) : 0, 9192
section iast
BytebuddyAgent [baseline] (800.55 ms) : 0, 800550
BytebuddyAgent [candidate] (801.628 ms) : 0, 801628
GlobalTracer [baseline] (301.892 ms) : 0, 301892
GlobalTracer [candidate] (304.007 ms) : 0, 304007
AppSec [baseline] (56.302 ms) : 0, 56302
AppSec [candidate] (56.493 ms) : 0, 56493
IAST [baseline] (21.014 ms) : 0, 21014
IAST [candidate] (20.551 ms) : 0, 20551
Remote Config [baseline] (588.884 µs) : 0, 589
Remote Config [candidate] (597.552 µs) : 0, 598
Telemetry [baseline] (7.404 ms) : 0, 7404
Telemetry [candidate] (7.289 ms) : 0, 7289
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (806.657 ms) : 0, 806657
BytebuddyAgent [candidate] (801.323 ms) : 0, 801323
GlobalTracer [baseline] (303.947 ms) : 0, 303947
GlobalTracer [candidate] (304.103 ms) : 0, 304103
AppSec [baseline] (55.858 ms) : 0, 55858
AppSec [candidate] (57.212 ms) : 0, 57212
IAST [baseline] (21.844 ms) : 0, 21844
IAST [candidate] (19.823 ms) : 0, 19823
Remote Config [baseline] (596.642 µs) : 0, 597
Remote Config [candidate] (604.453 µs) : 0, 604
Telemetry [baseline] (7.417 ms) : 0, 7417
Telemetry [candidate] (7.45 ms) : 0, 7450
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (805.605 ms) : 0, 805605
BytebuddyAgent [candidate] (799.891 ms) : 0, 799891
GlobalTracer [baseline] (306.371 ms) : 0, 306371
GlobalTracer [candidate] (304.749 ms) : 0, 304749
AppSec [baseline] (58.035 ms) : 0, 58035
AppSec [candidate] (56.573 ms) : 0, 56573
IAST [baseline] (20.539 ms) : 0, 20539
IAST [candidate] (20.51 ms) : 0, 20510
Remote Config [baseline] (632.965 µs) : 0, 633
Remote Config [candidate] (615.098 µs) : 0, 615
Telemetry [baseline] (7.455 ms) : 0, 7455
Telemetry [candidate] (7.355 ms) : 0, 7355
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.42.0-SNAPSHOT~57a353bb4a, baseline=1.42.0-SNAPSHOT~ec5eedcf29
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.079 s) : 0, 1078661
Total [baseline] (10.408 s) : 0, 10408081
Agent [candidate] (1.088 s) : 0, 1087729
Total [candidate] (10.501 s) : 0, 10500569
section appsec
Agent [baseline] (1.226 s) : 0, 1225613
Total [baseline] (10.634 s) : 0, 10633752
Agent [candidate] (1.212 s) : 0, 1212471
Total [candidate] (10.651 s) : 0, 10650960
section iast
Agent [baseline] (1.204 s) : 0, 1204485
Total [baseline] (10.867 s) : 0, 10867129
Agent [candidate] (1.214 s) : 0, 1214154
Total [candidate] (10.908 s) : 0, 10907577
section profiling
Agent [baseline] (1.274 s) : 0, 1273571
Total [baseline] (10.747 s) : 0, 10746947
Agent [candidate] (1.282 s) : 0, 1281769
Total [candidate] (10.864 s) : 0, 10864104
gantt
title petclinic - break down per module: candidate=1.42.0-SNAPSHOT~57a353bb4a, baseline=1.42.0-SNAPSHOT~ec5eedcf29
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (686.939 ms) : 0, 686939
BytebuddyAgent [candidate] (691.342 ms) : 0, 691342
GlobalTracer [baseline] (313.064 ms) : 0, 313064
GlobalTracer [candidate] (317.87 ms) : 0, 317870
AppSec [baseline] (53.874 ms) : 0, 53874
AppSec [candidate] (54.233 ms) : 0, 54233
Remote Config [baseline] (653.21 µs) : 0, 653
Remote Config [candidate] (664.79 µs) : 0, 665
Telemetry [baseline] (10.471 ms) : 0, 10471
Telemetry [candidate] (9.889 ms) : 0, 9889
section appsec
BytebuddyAgent [baseline] (710.977 ms) : 0, 710977
BytebuddyAgent [candidate] (702.567 ms) : 0, 702567
GlobalTracer [baseline] (314.205 ms) : 0, 314205
GlobalTracer [candidate] (312.224 ms) : 0, 312224
AppSec [baseline] (167.829 ms) : 0, 167829
AppSec [candidate] (165.705 ms) : 0, 165705
Remote Config [baseline] (640.559 µs) : 0, 641
Remote Config [candidate] (629.704 µs) : 0, 630
Telemetry [baseline] (8.457 ms) : 0, 8457
Telemetry [candidate] (8.451 ms) : 0, 8451
IAST [baseline] (19.458 ms) : 0, 19458
IAST [candidate] (18.499 ms) : 0, 18499
section iast
BytebuddyAgent [baseline] (802.112 ms) : 0, 802112
BytebuddyAgent [candidate] (808.928 ms) : 0, 808928
GlobalTracer [baseline] (302.961 ms) : 0, 302961
GlobalTracer [candidate] (305.932 ms) : 0, 305932
AppSec [baseline] (55.749 ms) : 0, 55749
AppSec [candidate] (56.666 ms) : 0, 56666
Remote Config [baseline] (599.378 µs) : 0, 599
Remote Config [candidate] (610.03 µs) : 0, 610
Telemetry [baseline] (7.415 ms) : 0, 7415
Telemetry [candidate] (7.388 ms) : 0, 7388
IAST [baseline] (21.985 ms) : 0, 21985
IAST [candidate] (20.861 ms) : 0, 20861
section profiling
ProfilingAgent [baseline] (89.344 ms) : 0, 89344
ProfilingAgent [candidate] (93.035 ms) : 0, 93035
BytebuddyAgent [baseline] (679.878 ms) : 0, 679878
BytebuddyAgent [candidate] (680.879 ms) : 0, 680879
GlobalTracer [baseline] (396.843 ms) : 0, 396843
GlobalTracer [candidate] (401.68 ms) : 0, 401680
AppSec [baseline] (54.132 ms) : 0, 54132
AppSec [candidate] (54.682 ms) : 0, 54682
Remote Config [baseline] (644.483 µs) : 0, 644
Remote Config [candidate] (661.616 µs) : 0, 662
Telemetry [baseline] (14.003 ms) : 0, 14003
Telemetry [candidate] (12.123 ms) : 0, 12123
Profiling [baseline] (89.367 ms) : 0, 89367
Profiling [candidate] (93.059 ms) : 0, 93059
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 1 performance regressions! Performance is the same for 10 metrics, 17 unstable metrics.
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~57a353bb4a, baseline=1.42.0-SNAPSHOT~ec5eedcf29
dateFormat X
axisFormat %s
section baseline
no_agent (377.004 µs) : 355, 399
. : milestone, 377,
iast (485.364 µs) : 464, 507
. : milestone, 485,
iast_FULL (562.322 µs) : 541, 584
. : milestone, 562,
iast_GLOBAL (519.527 µs) : 498, 541
. : milestone, 520,
iast_HARDCODED_SECRET_DISABLED (482.962 µs) : 462, 504
. : milestone, 483,
iast_INACTIVE (451.808 µs) : 431, 473
. : milestone, 452,
iast_TELEMETRY_OFF (479.348 µs) : 458, 501
. : milestone, 479,
tracing (442.566 µs) : 422, 463
. : milestone, 443,
section candidate
no_agent (371.081 µs) : 352, 390
. : milestone, 371,
iast (486.554 µs) : 465, 508
. : milestone, 487,
iast_FULL (644.306 µs) : 623, 666
. : milestone, 644,
iast_GLOBAL (515.793 µs) : 494, 537
. : milestone, 516,
iast_HARDCODED_SECRET_DISABLED (484.176 µs) : 463, 505
. : milestone, 484,
iast_INACTIVE (450.301 µs) : 429, 472
. : milestone, 450,
iast_TELEMETRY_OFF (484.206 µs) : 462, 506
. : milestone, 484,
tracing (443.311 µs) : 423, 464
. : milestone, 443,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.42.0-SNAPSHOT~57a353bb4a, baseline=1.42.0-SNAPSHOT~ec5eedcf29
dateFormat X
axisFormat %s
section baseline
no_agent (1.346 ms) : 1327, 1365
. : milestone, 1346,
appsec (1.733 ms) : 1710, 1757
. : milestone, 1733,
appsec_no_iast (1.743 ms) : 1719, 1768
. : milestone, 1743,
iast (1.495 ms) : 1472, 1518
. : milestone, 1495,
profiling (1.488 ms) : 1465, 1511
. : milestone, 1488,
tracing (1.455 ms) : 1430, 1479
. : milestone, 1455,
section candidate
no_agent (1.33 ms) : 1312, 1349
. : milestone, 1330,
appsec (1.736 ms) : 1713, 1760
. : milestone, 1736,
appsec_no_iast (1.715 ms) : 1690, 1739
. : milestone, 1715,
iast (1.491 ms) : 1469, 1513
. : milestone, 1491,
profiling (1.466 ms) : 1443, 1490
. : milestone, 1466,
tracing (1.476 ms) : 1452, 1500
. : milestone, 1476,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~57a353bb4a, baseline=1.42.0-SNAPSHOT~ec5eedcf29
dateFormat X
axisFormat %s
section baseline
no_agent (1.462 ms) : 1450, 1473
. : milestone, 1462,
appsec (2.317 ms) : 2276, 2359
. : milestone, 2317,
iast (2.065 ms) : 2013, 2116
. : milestone, 2065,
iast_GLOBAL (2.094 ms) : 2042, 2145
. : milestone, 2094,
profiling (1.941 ms) : 1899, 1983
. : milestone, 1941,
tracing (1.904 ms) : 1864, 1944
. : milestone, 1904,
section candidate
no_agent (1.461 ms) : 1449, 1472
. : milestone, 1461,
appsec (2.327 ms) : 2286, 2368
. : milestone, 2327,
iast (2.079 ms) : 2027, 2132
. : milestone, 2079,
iast_GLOBAL (2.106 ms) : 2054, 2158
. : milestone, 2106,
profiling (1.929 ms) : 1888, 1970
. : milestone, 1929,
tracing (1.91 ms) : 1870, 1949
. : milestone, 1910,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.42.0-SNAPSHOT~57a353bb4a, baseline=1.42.0-SNAPSHOT~ec5eedcf29
dateFormat X
axisFormat %s
section baseline
no_agent (14.894 s) : 14894000, 14894000
. : milestone, 14894000,
appsec (15.26 s) : 15260000, 15260000
. : milestone, 15260000,
iast (19.454 s) : 19454000, 19454000
. : milestone, 19454000,
iast_GLOBAL (18.007 s) : 18007000, 18007000
. : milestone, 18007000,
profiling (15.164 s) : 15164000, 15164000
. : milestone, 15164000,
tracing (15.055 s) : 15055000, 15055000
. : milestone, 15055000,
section candidate
no_agent (15.525 s) : 15525000, 15525000
. : milestone, 15525000,
appsec (15.03 s) : 15030000, 15030000
. : milestone, 15030000,
iast (19.191 s) : 19191000, 19191000
. : milestone, 19191000,
iast_GLOBAL (18.5 s) : 18500000, 18500000
. : milestone, 18500000,
profiling (15.244 s) : 15244000, 15244000
. : milestone, 15244000,
tracing (15.415 s) : 15415000, 15415000
. : milestone, 15415000,
|
Mariovido
reviewed
Oct 15, 2024
communication/src/main/java/datadog/communication/serialization/Codec.java
Outdated
Show resolved
Hide resolved
smola
approved these changes
Oct 22, 2024
smola
reviewed
Oct 22, 2024
internal-api/src/main/java/datadog/trace/util/stacktrace/StackUtils.java
Show resolved
Hide resolved
communication/src/main/java/datadog/communication/serialization/Codec.java
Outdated
Show resolved
Hide resolved
communication/src/main/java/datadog/communication/serialization/Codec.java
Outdated
Show resolved
Hide resolved
communication/src/main/java/datadog/communication/serialization/Codec.java
Outdated
Show resolved
Hide resolved
...t/appsec/src/test/groovy/com/datadog/appsec/gateway/AppSecRequestContextSpecification.groovy
Outdated
Show resolved
Hide resolved
manuel-alvarez-alvarez
approved these changes
Oct 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Rework current stack trace utilities for RASP to:
Be able to retrieve the metastruct map to share it between different products simultaneously
Add stack trace to IAST vulnerabilities
Add more tests
JIRA: APPSEC-11649
Motivation
Give more context to the source code vulnerabilities by adding the stack trace
Additional Notes
StackTraceEvent schema:
{
EVENT_CATEGORY: [
{
"type": EVENT_TYPE
(optional),
"language": (php|nodejs|java|dotnet|go|python|ruby|cpp|...) (optional),
"id": <string: UUID of the stack trace> (optional),
"message": <string: generic message> (optional),
"frames": [ STACK_FRAME ]
}
]
}
StackTraceFrameschema:
{
"id": <unsigned integer: index of the stack frame (0 = top of stack)>,
"text": <string: raw stack frame> (optional),
"file": (optional),
"line": (optional),
"column": (optional),
"namespace": (optional),
"class_name": (optional),
"function": (optional),
}
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-11649