-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix issue with call sites in super calls to constructor #7991
Merged
manuel-alvarez-alvarez
merged 3 commits into
master
from
malvarez/iast-fix-callsites-super-ctor
Nov 24, 2024
Merged
Fix issue with call sites in super calls to constructor #7991
manuel-alvarez-alvarez
merged 3 commits into
master
from
malvarez/iast-fix-callsites-super-ctor
Nov 24, 2024
+293
−22
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manuel-alvarez-alvarez
added
type: bug
comp: asm iast
Application Security Management (IAST)
labels
Nov 21, 2024
...ent-tooling/src/main/java/datadog/trace/agent/tooling/bytebuddy/csi/CallSiteTransformer.java
Outdated
Show resolved
Hide resolved
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-fix-callsites-super-ctor
branch
from
November 21, 2024 11:50
99bb102
to
a3e6e6d
Compare
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 47 metrics, 16 unstable metrics. Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.093 s) : 0, 1092790
Total [baseline] (8.664 s) : 0, 8664425
Agent [candidate] (1.089 s) : 0, 1089082
Total [candidate] (8.641 s) : 0, 8640721
section iast
Agent [baseline] (1.225 s) : 0, 1224990
Total [baseline] (9.28 s) : 0, 9280199
Agent [candidate] (1.225 s) : 0, 1225162
Total [candidate] (9.217 s) : 0, 9217404
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.217 s) : 0, 1217102
Total [baseline] (9.184 s) : 0, 9183501
Agent [candidate] (1.226 s) : 0, 1226205
Total [candidate] (9.21 s) : 0, 9209915
section iast_TELEMETRY_OFF
Agent [baseline] (1.215 s) : 0, 1214788
Total [baseline] (9.191 s) : 0, 9191403
Agent [candidate] (1.224 s) : 0, 1223954
Total [candidate] (9.221 s) : 0, 9221379
gantt
title insecure-bank - break down per module: candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (692.752 ms) : 0, 692752
BytebuddyAgent [candidate] (692.298 ms) : 0, 692298
GlobalTracer [baseline] (317.268 ms) : 0, 317268
GlobalTracer [candidate] (317.232 ms) : 0, 317232
AppSec [baseline] (54.784 ms) : 0, 54784
AppSec [candidate] (55.256 ms) : 0, 55256
Remote Config [baseline] (687.34 µs) : 0, 687
Remote Config [candidate] (683.385 µs) : 0, 683
Telemetry [baseline] (13.645 ms) : 0, 13645
Telemetry [candidate] (9.937 ms) : 0, 9937
section iast
BytebuddyAgent [baseline] (814.952 ms) : 0, 814952
BytebuddyAgent [candidate] (815.199 ms) : 0, 815199
GlobalTracer [baseline] (308.236 ms) : 0, 308236
GlobalTracer [candidate] (308.792 ms) : 0, 308792
AppSec [baseline] (57.898 ms) : 0, 57898
AppSec [candidate] (58.215 ms) : 0, 58215
IAST [baseline] (21.977 ms) : 0, 21977
IAST [candidate] (21.02 ms) : 0, 21020
Remote Config [baseline] (617.275 µs) : 0, 617
Remote Config [candidate] (638.151 µs) : 0, 638
Telemetry [baseline] (7.544 ms) : 0, 7544
Telemetry [candidate] (7.532 ms) : 0, 7532
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (809.665 ms) : 0, 809665
BytebuddyAgent [candidate] (815.634 ms) : 0, 815634
GlobalTracer [baseline] (307.047 ms) : 0, 307047
GlobalTracer [candidate] (309.2 ms) : 0, 309200
AppSec [baseline] (58.056 ms) : 0, 58056
AppSec [candidate] (57.482 ms) : 0, 57482
IAST [baseline] (20.568 ms) : 0, 20568
IAST [candidate] (21.888 ms) : 0, 21888
Remote Config [baseline] (613.303 µs) : 0, 613
Remote Config [candidate] (641.121 µs) : 0, 641
Telemetry [baseline] (7.469 ms) : 0, 7469
Telemetry [candidate] (7.57 ms) : 0, 7570
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (807.447 ms) : 0, 807447
BytebuddyAgent [candidate] (813.831 ms) : 0, 813831
GlobalTracer [baseline] (306.477 ms) : 0, 306477
GlobalTracer [candidate] (308.546 ms) : 0, 308546
AppSec [baseline] (56.88 ms) : 0, 56880
AppSec [candidate] (56.42 ms) : 0, 56420
IAST [baseline] (21.365 ms) : 0, 21365
IAST [candidate] (23.255 ms) : 0, 23255
Remote Config [baseline] (649.389 µs) : 0, 649
Remote Config [candidate] (644.71 µs) : 0, 645
Telemetry [baseline] (8.289 ms) : 0, 8289
Telemetry [candidate] (7.451 ms) : 0, 7451
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.084 s) : 0, 1084062
Total [baseline] (10.432 s) : 0, 10432307
Agent [candidate] (1.09 s) : 0, 1090403
Total [candidate] (10.406 s) : 0, 10406445
section appsec
Agent [baseline] (1.223 s) : 0, 1222735
Total [baseline] (10.738 s) : 0, 10738260
Agent [candidate] (1.222 s) : 0, 1222107
Total [candidate] (10.704 s) : 0, 10703946
section iast
Agent [baseline] (1.233 s) : 0, 1232912
Total [baseline] (11.006 s) : 0, 11006315
Agent [candidate] (1.218 s) : 0, 1218407
Total [candidate] (10.929 s) : 0, 10929083
section profiling
Agent [baseline] (1.316 s) : 0, 1315861
Total [baseline] (10.827 s) : 0, 10826807
Agent [candidate] (1.318 s) : 0, 1317812
Total [candidate] (10.758 s) : 0, 10757935
gantt
title petclinic - break down per module: candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (689.92 ms) : 0, 689920
BytebuddyAgent [candidate] (692.007 ms) : 0, 692007
GlobalTracer [baseline] (316.088 ms) : 0, 316088
GlobalTracer [candidate] (317.28 ms) : 0, 317280
AppSec [baseline] (54.453 ms) : 0, 54453
AppSec [candidate] (54.701 ms) : 0, 54701
Remote Config [baseline] (702.87 µs) : 0, 703
Remote Config [candidate] (684.4 µs) : 0, 684
Telemetry [baseline] (9.207 ms) : 0, 9207
Telemetry [candidate] (12.022 ms) : 0, 12022
section appsec
BytebuddyAgent [baseline] (709.577 ms) : 0, 709577
BytebuddyAgent [candidate] (709.569 ms) : 0, 709569
GlobalTracer [baseline] (313.848 ms) : 0, 313848
GlobalTracer [candidate] (314.124 ms) : 0, 314124
AppSec [baseline] (165.751 ms) : 0, 165751
AppSec [candidate] (164.938 ms) : 0, 164938
IAST [baseline] (21.338 ms) : 0, 21338
IAST [candidate] (21.2 ms) : 0, 21200
Remote Config [baseline] (643.243 µs) : 0, 643
Remote Config [candidate] (647.222 µs) : 0, 647
Telemetry [baseline] (8.559 ms) : 0, 8559
Telemetry [candidate] (8.542 ms) : 0, 8542
section iast
BytebuddyAgent [baseline] (822.07 ms) : 0, 822070
BytebuddyAgent [candidate] (810.416 ms) : 0, 810416
GlobalTracer [baseline] (309.478 ms) : 0, 309478
GlobalTracer [candidate] (307.479 ms) : 0, 307479
AppSec [baseline] (57.719 ms) : 0, 57719
AppSec [candidate] (56.372 ms) : 0, 56372
IAST [baseline] (21.688 ms) : 0, 21688
IAST [candidate] (22.346 ms) : 0, 22346
Remote Config [baseline] (604.398 µs) : 0, 604
Remote Config [candidate] (617.49 µs) : 0, 617
Telemetry [baseline] (7.457 ms) : 0, 7457
Telemetry [candidate] (7.429 ms) : 0, 7429
section profiling
BytebuddyAgent [baseline] (686.222 ms) : 0, 686222
BytebuddyAgent [candidate] (687.338 ms) : 0, 687338
GlobalTracer [baseline] (434.755 ms) : 0, 434755
GlobalTracer [candidate] (436.216 ms) : 0, 436216
AppSec [baseline] (53.753 ms) : 0, 53753
AppSec [candidate] (53.624 ms) : 0, 53624
Remote Config [baseline] (686.348 µs) : 0, 686
Remote Config [candidate] (671.76 µs) : 0, 672
Telemetry [baseline] (7.733 ms) : 0, 7733
Telemetry [candidate] (7.801 ms) : 0, 7801
ProfilingAgent [baseline] (93.55 ms) : 0, 93550
ProfilingAgent [candidate] (93.005 ms) : 0, 93005
Profiling [baseline] (93.573 ms) : 0, 93573
Profiling [candidate] (93.028 ms) : 0, 93028
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
dateFormat X
axisFormat %s
section baseline
no_agent (376.624 µs) : 356, 397
. : milestone, 377,
iast (489.463 µs) : 468, 511
. : milestone, 489,
iast_FULL (653.941 µs) : 632, 676
. : milestone, 654,
iast_GLOBAL (514.304 µs) : 493, 536
. : milestone, 514,
iast_HARDCODED_SECRET_DISABLED (496.114 µs) : 474, 518
. : milestone, 496,
iast_INACTIVE (451.659 µs) : 431, 472
. : milestone, 452,
iast_TELEMETRY_OFF (479.799 µs) : 459, 501
. : milestone, 480,
tracing (450.435 µs) : 429, 472
. : milestone, 450,
section candidate
no_agent (384.279 µs) : 365, 404
. : milestone, 384,
iast (491.783 µs) : 470, 513
. : milestone, 492,
iast_FULL (649.56 µs) : 628, 671
. : milestone, 650,
iast_GLOBAL (529.854 µs) : 507, 553
. : milestone, 530,
iast_HARDCODED_SECRET_DISABLED (495.686 µs) : 474, 517
. : milestone, 496,
iast_INACTIVE (453.653 µs) : 432, 475
. : milestone, 454,
iast_TELEMETRY_OFF (477.504 µs) : 456, 499
. : milestone, 478,
tracing (451.057 µs) : 430, 472
. : milestone, 451,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
dateFormat X
axisFormat %s
section baseline
no_agent (1.353 ms) : 1334, 1373
. : milestone, 1353,
appsec (1.736 ms) : 1711, 1761
. : milestone, 1736,
appsec_no_iast (1.766 ms) : 1742, 1791
. : milestone, 1766,
iast (1.489 ms) : 1466, 1512
. : milestone, 1489,
profiling (1.539 ms) : 1515, 1563
. : milestone, 1539,
tracing (1.486 ms) : 1462, 1511
. : milestone, 1486,
section candidate
no_agent (1.355 ms) : 1336, 1375
. : milestone, 1355,
appsec (1.755 ms) : 1730, 1780
. : milestone, 1755,
appsec_no_iast (1.765 ms) : 1741, 1788
. : milestone, 1765,
iast (1.503 ms) : 1481, 1525
. : milestone, 1503,
profiling (1.565 ms) : 1540, 1590
. : milestone, 1565,
tracing (1.489 ms) : 1464, 1514
. : milestone, 1489,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
dateFormat X
axisFormat %s
section baseline
no_agent (1.475 ms) : 1464, 1487
. : milestone, 1475,
appsec (2.34 ms) : 2299, 2381
. : milestone, 2340,
iast (2.084 ms) : 2032, 2136
. : milestone, 2084,
iast_GLOBAL (2.128 ms) : 2076, 2180
. : milestone, 2128,
profiling (1.955 ms) : 1913, 1996
. : milestone, 1955,
tracing (1.923 ms) : 1883, 1963
. : milestone, 1923,
section candidate
no_agent (1.469 ms) : 1457, 1480
. : milestone, 1469,
appsec (2.344 ms) : 2303, 2385
. : milestone, 2344,
iast (2.089 ms) : 2037, 2142
. : milestone, 2089,
iast_GLOBAL (2.126 ms) : 2074, 2179
. : milestone, 2126,
profiling (1.973 ms) : 1930, 2016
. : milestone, 1973,
tracing (1.935 ms) : 1894, 1975
. : milestone, 1935,
Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~0468adced4, baseline=1.43.0-SNAPSHOT~c8030bdceb
dateFormat X
axisFormat %s
section baseline
no_agent (15.031 s) : 15031000, 15031000
. : milestone, 15031000,
appsec (15.07 s) : 15070000, 15070000
. : milestone, 15070000,
iast (18.71 s) : 18710000, 18710000
. : milestone, 18710000,
iast_GLOBAL (17.693 s) : 17693000, 17693000
. : milestone, 17693000,
profiling (14.704 s) : 14704000, 14704000
. : milestone, 14704000,
tracing (14.851 s) : 14851000, 14851000
. : milestone, 14851000,
section candidate
no_agent (14.916 s) : 14916000, 14916000
. : milestone, 14916000,
appsec (15.165 s) : 15165000, 15165000
. : milestone, 15165000,
iast (18.856 s) : 18856000, 18856000
. : milestone, 18856000,
iast_GLOBAL (18.103 s) : 18103000, 18103000
. : milestone, 18103000,
profiling (14.817 s) : 14817000, 14817000
. : milestone, 14817000,
tracing (14.839 s) : 14839000, 14839000
. : milestone, 14839000,
|
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-fix-callsites-super-ctor
branch
from
November 21, 2024 15:24
a3e6e6d
to
1430279
Compare
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-fix-callsites-super-ctor
branch
2 times, most recently
from
November 21, 2024 15:33
47f7387
to
3ca1eed
Compare
smola
approved these changes
Nov 21, 2024
jandro996
approved these changes
Nov 22, 2024
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-fix-callsites-super-ctor
branch
3 times, most recently
from
November 22, 2024 15:20
4ce7c30
to
a09f99e
Compare
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-fix-callsites-super-ctor
branch
from
November 24, 2024 20:30
a09f99e
to
9ecadb3
Compare
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-fix-callsites-super-ctor
branch
from
November 24, 2024 21:01
9ecadb3
to
0468adc
Compare
manuel-alvarez-alvarez
deleted the
malvarez/iast-fix-callsites-super-ctor
branch
November 24, 2024 23:13
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Fixes an issue in IAST with call-sites instrumenting constructor super calls. The Java compiler generates different bytecode when the
<init>
method is called from anew
instruction or viasuper
:This PR ensures that the
CallSiteTransformer
is able to deal with both cases successfully.Motivation
One customer reported an issue when enabling IAST:
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-55918