-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add propagation to StringBuilder substring methods #7980
Add propagation to StringBuilder substring methods #7980
Conversation
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 52 metrics, 11 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.43.0-SNAPSHOT~2fc0cedf40, baseline=1.43.0-SNAPSHOT~270a82d63a
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.09 s) : 0, 1089632
Total [baseline] (8.663 s) : 0, 8662875
Agent [candidate] (1.096 s) : 0, 1095744
Total [candidate] (8.674 s) : 0, 8673562
section iast
Agent [baseline] (1.216 s) : 0, 1216321
Total [baseline] (9.183 s) : 0, 9183338
Agent [candidate] (1.214 s) : 0, 1214415
Total [candidate] (9.21 s) : 0, 9210108
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.215 s) : 0, 1214924
Total [baseline] (9.164 s) : 0, 9164421
Agent [candidate] (1.216 s) : 0, 1215798
Total [candidate] (9.172 s) : 0, 9172028
section iast_TELEMETRY_OFF
Agent [baseline] (1.219 s) : 0, 1219268
Total [baseline] (9.18 s) : 0, 9180442
Agent [candidate] (1.229 s) : 0, 1228921
Total [candidate] (9.216 s) : 0, 9216211
gantt
title insecure-bank - break down per module: candidate=1.43.0-SNAPSHOT~2fc0cedf40, baseline=1.43.0-SNAPSHOT~270a82d63a
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (693.55 ms) : 0, 693550
BytebuddyAgent [candidate] (696.85 ms) : 0, 696850
GlobalTracer [baseline] (317.253 ms) : 0, 317253
GlobalTracer [candidate] (318.356 ms) : 0, 318356
AppSec [baseline] (54.489 ms) : 0, 54489
AppSec [candidate] (54.541 ms) : 0, 54541
Remote Config [baseline] (682.747 µs) : 0, 683
Remote Config [candidate] (703.608 µs) : 0, 704
Telemetry [baseline] (9.96 ms) : 0, 9960
Telemetry [candidate] (11.506 ms) : 0, 11506
section iast
BytebuddyAgent [baseline] (809.522 ms) : 0, 809522
BytebuddyAgent [candidate] (808.414 ms) : 0, 808414
GlobalTracer [baseline] (306.328 ms) : 0, 306328
GlobalTracer [candidate] (305.408 ms) : 0, 305408
AppSec [baseline] (57.826 ms) : 0, 57826
AppSec [candidate] (56.747 ms) : 0, 56747
Remote Config [baseline] (613.453 µs) : 0, 613
Remote Config [candidate] (595.482 µs) : 0, 595
Telemetry [baseline] (7.508 ms) : 0, 7508
Telemetry [candidate] (7.35 ms) : 0, 7350
IAST [baseline] (20.787 ms) : 0, 20787
IAST [candidate] (22.19 ms) : 0, 22190
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (808.513 ms) : 0, 808513
BytebuddyAgent [candidate] (808.758 ms) : 0, 808758
GlobalTracer [baseline] (305.282 ms) : 0, 305282
GlobalTracer [candidate] (305.951 ms) : 0, 305951
AppSec [baseline] (57.523 ms) : 0, 57523
AppSec [candidate] (55.083 ms) : 0, 55083
Remote Config [baseline] (607.867 µs) : 0, 608
Remote Config [candidate] (654.257 µs) : 0, 654
Telemetry [baseline] (7.502 ms) : 0, 7502
Telemetry [candidate] (7.427 ms) : 0, 7427
IAST [baseline] (21.814 ms) : 0, 21814
IAST [candidate] (24.203 ms) : 0, 24203
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (811.932 ms) : 0, 811932
BytebuddyAgent [candidate] (818.226 ms) : 0, 818226
GlobalTracer [baseline] (307.154 ms) : 0, 307154
GlobalTracer [candidate] (309.209 ms) : 0, 309209
AppSec [baseline] (58.333 ms) : 0, 58333
AppSec [candidate] (57.844 ms) : 0, 57844
Remote Config [baseline] (601.891 µs) : 0, 602
Remote Config [candidate] (624.133 µs) : 0, 624
Telemetry [baseline] (7.378 ms) : 0, 7378
Telemetry [candidate] (7.541 ms) : 0, 7541
IAST [baseline] (20.095 ms) : 0, 20095
IAST [candidate] (21.553 ms) : 0, 21553
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.43.0-SNAPSHOT~2fc0cedf40, baseline=1.43.0-SNAPSHOT~270a82d63a
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.085 s) : 0, 1084610
Total [baseline] (10.511 s) : 0, 10510578
Agent [candidate] (1.091 s) : 0, 1091378
Total [candidate] (10.487 s) : 0, 10487290
section appsec
Agent [baseline] (1.226 s) : 0, 1225562
Total [baseline] (10.741 s) : 0, 10740925
Agent [candidate] (1.223 s) : 0, 1222744
Total [candidate] (10.728 s) : 0, 10728120
section iast
Agent [baseline] (1.213 s) : 0, 1213226
Total [baseline] (10.9 s) : 0, 10900434
Agent [candidate] (1.218 s) : 0, 1217747
Total [candidate] (11.0 s) : 0, 10999520
section profiling
Agent [baseline] (1.288 s) : 0, 1288353
Total [baseline] (10.82 s) : 0, 10819644
Agent [candidate] (1.286 s) : 0, 1285536
Total [candidate] (10.772 s) : 0, 10771910
gantt
title petclinic - break down per module: candidate=1.43.0-SNAPSHOT~2fc0cedf40, baseline=1.43.0-SNAPSHOT~270a82d63a
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (690.81 ms) : 0, 690810
BytebuddyAgent [candidate] (696.287 ms) : 0, 696287
GlobalTracer [baseline] (316.478 ms) : 0, 316478
GlobalTracer [candidate] (317.004 ms) : 0, 317004
AppSec [baseline] (54.504 ms) : 0, 54504
AppSec [candidate] (54.277 ms) : 0, 54277
Remote Config [baseline] (679.309 µs) : 0, 679
Remote Config [candidate] (702.316 µs) : 0, 702
Telemetry [baseline] (8.485 ms) : 0, 8485
Telemetry [candidate] (9.333 ms) : 0, 9333
section appsec
BytebuddyAgent [baseline] (711.193 ms) : 0, 711193
BytebuddyAgent [candidate] (709.936 ms) : 0, 709936
GlobalTracer [baseline] (315.032 ms) : 0, 315032
GlobalTracer [candidate] (314.315 ms) : 0, 314315
AppSec [baseline] (167.213 ms) : 0, 167213
AppSec [candidate] (166.006 ms) : 0, 166006
Remote Config [baseline] (643.341 µs) : 0, 643
Remote Config [candidate] (654.112 µs) : 0, 654
Telemetry [baseline] (7.936 ms) : 0, 7936
Telemetry [candidate] (7.872 ms) : 0, 7872
IAST [baseline] (19.681 ms) : 0, 19681
IAST [candidate] (20.54 ms) : 0, 20540
section iast
BytebuddyAgent [baseline] (807.256 ms) : 0, 807256
BytebuddyAgent [candidate] (810.826 ms) : 0, 810826
GlobalTracer [baseline] (305.881 ms) : 0, 305881
GlobalTracer [candidate] (306.534 ms) : 0, 306534
AppSec [baseline] (57.629 ms) : 0, 57629
AppSec [candidate] (56.716 ms) : 0, 56716
Remote Config [baseline] (611.562 µs) : 0, 612
Remote Config [candidate] (622.195 µs) : 0, 622
Telemetry [baseline] (7.426 ms) : 0, 7426
Telemetry [candidate] (7.493 ms) : 0, 7493
IAST [baseline] (20.73 ms) : 0, 20730
IAST [candidate] (21.839 ms) : 0, 21839
section profiling
BytebuddyAgent [baseline] (685.833 ms) : 0, 685833
BytebuddyAgent [candidate] (686.652 ms) : 0, 686652
GlobalTracer [baseline] (402.096 ms) : 0, 402096
GlobalTracer [candidate] (399.876 ms) : 0, 399876
AppSec [baseline] (55.383 ms) : 0, 55383
AppSec [candidate] (54.812 ms) : 0, 54812
Remote Config [baseline] (673.028 µs) : 0, 673
Remote Config [candidate] (666.805 µs) : 0, 667
Telemetry [baseline] (12.803 ms) : 0, 12803
Telemetry [candidate] (10.756 ms) : 0, 10756
ProfilingAgent [baseline] (92.566 ms) : 0, 92566
ProfilingAgent [candidate] (93.804 ms) : 0, 93804
Profiling [baseline] (92.589 ms) : 0, 92589
Profiling [candidate] (93.827 ms) : 0, 93827
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~2fc0cedf40, baseline=1.43.0-SNAPSHOT~270a82d63a
dateFormat X
axisFormat %s
section baseline
no_agent (370.884 µs) : 351, 391
. : milestone, 371,
iast (489.27 µs) : 468, 511
. : milestone, 489,
iast_FULL (655.565 µs) : 634, 677
. : milestone, 656,
iast_GLOBAL (524.183 µs) : 502, 546
. : milestone, 524,
iast_HARDCODED_SECRET_DISABLED (495.927 µs) : 474, 518
. : milestone, 496,
iast_INACTIVE (457.479 µs) : 436, 479
. : milestone, 457,
iast_TELEMETRY_OFF (482.799 µs) : 461, 504
. : milestone, 483,
tracing (454.72 µs) : 434, 475
. : milestone, 455,
section candidate
no_agent (375.057 µs) : 354, 396
. : milestone, 375,
iast (496.263 µs) : 475, 518
. : milestone, 496,
iast_FULL (652.649 µs) : 631, 674
. : milestone, 653,
iast_GLOBAL (519.192 µs) : 498, 541
. : milestone, 519,
iast_HARDCODED_SECRET_DISABLED (496.785 µs) : 475, 518
. : milestone, 497,
iast_INACTIVE (452.332 µs) : 431, 474
. : milestone, 452,
iast_TELEMETRY_OFF (481.157 µs) : 460, 502
. : milestone, 481,
tracing (455.058 µs) : 434, 476
. : milestone, 455,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~2fc0cedf40, baseline=1.43.0-SNAPSHOT~270a82d63a
dateFormat X
axisFormat %s
section baseline
no_agent (1.368 ms) : 1348, 1389
. : milestone, 1368,
appsec (1.785 ms) : 1761, 1810
. : milestone, 1785,
appsec_no_iast (1.767 ms) : 1743, 1791
. : milestone, 1767,
iast (1.512 ms) : 1490, 1535
. : milestone, 1512,
profiling (1.514 ms) : 1491, 1537
. : milestone, 1514,
tracing (1.495 ms) : 1470, 1520
. : milestone, 1495,
section candidate
no_agent (1.374 ms) : 1354, 1394
. : milestone, 1374,
appsec (1.769 ms) : 1744, 1794
. : milestone, 1769,
appsec_no_iast (1.768 ms) : 1742, 1793
. : milestone, 1768,
iast (1.485 ms) : 1462, 1509
. : milestone, 1485,
profiling (1.505 ms) : 1482, 1528
. : milestone, 1505,
tracing (1.495 ms) : 1471, 1519
. : milestone, 1495,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~2fc0cedf40, baseline=1.43.0-SNAPSHOT~270a82d63a
dateFormat X
axisFormat %s
section baseline
no_agent (1.462 ms) : 1451, 1474
. : milestone, 1462,
appsec (2.332 ms) : 2290, 2373
. : milestone, 2332,
iast (2.072 ms) : 2020, 2125
. : milestone, 2072,
iast_GLOBAL (2.113 ms) : 2061, 2165
. : milestone, 2113,
profiling (2.438 ms) : 2249, 2628
. : milestone, 2438,
tracing (1.914 ms) : 1874, 1954
. : milestone, 1914,
section candidate
no_agent (1.464 ms) : 1452, 1475
. : milestone, 1464,
appsec (2.323 ms) : 2282, 2364
. : milestone, 2323,
iast (2.068 ms) : 2016, 2120
. : milestone, 2068,
iast_GLOBAL (2.113 ms) : 2060, 2165
. : milestone, 2113,
profiling (1.937 ms) : 1895, 1979
. : milestone, 1937,
tracing (1.914 ms) : 1874, 1953
. : milestone, 1914,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~2fc0cedf40, baseline=1.43.0-SNAPSHOT~270a82d63a
dateFormat X
axisFormat %s
section baseline
no_agent (15.551 s) : 15551000, 15551000
. : milestone, 15551000,
appsec (15.011 s) : 15011000, 15011000
. : milestone, 15011000,
iast (18.541 s) : 18541000, 18541000
. : milestone, 18541000,
iast_GLOBAL (18.145 s) : 18145000, 18145000
. : milestone, 18145000,
profiling (14.926 s) : 14926000, 14926000
. : milestone, 14926000,
tracing (15.116 s) : 15116000, 15116000
. : milestone, 15116000,
section candidate
no_agent (15.649 s) : 15649000, 15649000
. : milestone, 15649000,
appsec (15.105 s) : 15105000, 15105000
. : milestone, 15105000,
iast (18.534 s) : 18534000, 18534000
. : milestone, 18534000,
iast_GLOBAL (18.169 s) : 18169000, 18169000
. : milestone, 18169000,
profiling (14.695 s) : 14695000, 14695000
. : milestone, 14695000,
tracing (14.975 s) : 14975000, 14975000
. : milestone, 14975000,
|
...ang/src/test/groovy/datadog/trace/instrumentation/java/lang/StringBuilderCallSiteTest.groovy
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
What Does This Do
This adds the instrumentation to propagate the taint values through the following methods of
StringBuilder
:substring(int)
substring(int, int)
Motivation
Increase propagation of
StringBuilder
methods.Additional Notes
This PR also made some small refactors to make some methods more generic.
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-55361