-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase IAST propagation to StringBuffer subSequence #8038
Merged
Mariovido
merged 2 commits into
master
from
mario.vidal/taint_tracking_string_buffer_subsequence
Dec 12, 2024
Merged
Increase IAST propagation to StringBuffer subSequence #8038
Mariovido
merged 2 commits into
master
from
mario.vidal/taint_tracking_string_buffer_subsequence
Dec 12, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mariovido
added
type: enhancement
comp: asm iast
Application Security Management (IAST)
labels
Nov 29, 2024
BenchmarksStartupParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 52 metrics, 11 unstable metrics. Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.44.0-SNAPSHOT~25745a24d8, baseline=1.44.0-SNAPSHOT~aa7092b92b
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.092 s) : 0, 1091772
Total [baseline] (10.423 s) : 0, 10422942
Agent [candidate] (1.091 s) : 0, 1091382
Total [candidate] (10.504 s) : 0, 10503771
section appsec
Agent [baseline] (1.227 s) : 0, 1226818
Total [baseline] (10.695 s) : 0, 10694625
Agent [candidate] (1.233 s) : 0, 1232775
Total [candidate] (10.76 s) : 0, 10760284
section iast
Agent [baseline] (1.223 s) : 0, 1222705
Total [baseline] (10.958 s) : 0, 10957502
Agent [candidate] (1.223 s) : 0, 1223302
Total [candidate] (10.987 s) : 0, 10987302
section profiling
Agent [baseline] (1.326 s) : 0, 1325822
Total [baseline] (10.866 s) : 0, 10865864
Agent [candidate] (1.317 s) : 0, 1316904
Total [candidate] (10.921 s) : 0, 10921282
gantt
title petclinic - break down per module: candidate=1.44.0-SNAPSHOT~25745a24d8, baseline=1.44.0-SNAPSHOT~aa7092b92b
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (695.324 ms) : 0, 695324
BytebuddyAgent [candidate] (695.076 ms) : 0, 695076
GlobalTracer [baseline] (317.643 ms) : 0, 317643
GlobalTracer [candidate] (317.784 ms) : 0, 317784
AppSec [baseline] (54.434 ms) : 0, 54434
AppSec [candidate] (54.369 ms) : 0, 54369
Remote Config [baseline] (679.471 µs) : 0, 679
Remote Config [candidate] (674.176 µs) : 0, 674
Telemetry [baseline] (9.967 ms) : 0, 9967
Telemetry [candidate] (9.74 ms) : 0, 9740
section appsec
BytebuddyAgent [baseline] (712.893 ms) : 0, 712893
BytebuddyAgent [candidate] (716.545 ms) : 0, 716545
GlobalTracer [baseline] (314.885 ms) : 0, 314885
GlobalTracer [candidate] (316.168 ms) : 0, 316168
AppSec [baseline] (166.972 ms) : 0, 166972
AppSec [candidate] (167.957 ms) : 0, 167957
Remote Config [baseline] (673.848 µs) : 0, 674
Remote Config [candidate] (649.877 µs) : 0, 650
Telemetry [baseline] (7.784 ms) : 0, 7784
Telemetry [candidate] (7.759 ms) : 0, 7759
IAST [baseline] (19.727 ms) : 0, 19727
IAST [candidate] (19.737 ms) : 0, 19737
section iast
BytebuddyAgent [baseline] (814.393 ms) : 0, 814393
BytebuddyAgent [candidate] (815.329 ms) : 0, 815329
GlobalTracer [baseline] (306.953 ms) : 0, 306953
GlobalTracer [candidate] (306.897 ms) : 0, 306897
AppSec [baseline] (57.271 ms) : 0, 57271
AppSec [candidate] (56.51 ms) : 0, 56510
Remote Config [baseline] (653.047 µs) : 0, 653
Remote Config [candidate] (610.999 µs) : 0, 611
Telemetry [baseline] (7.553 ms) : 0, 7553
Telemetry [candidate] (7.495 ms) : 0, 7495
IAST [baseline] (22.106 ms) : 0, 22106
IAST [candidate] (22.7 ms) : 0, 22700
section profiling
BytebuddyAgent [baseline] (695.237 ms) : 0, 695237
BytebuddyAgent [candidate] (690.231 ms) : 0, 690231
GlobalTracer [baseline] (435.023 ms) : 0, 435023
GlobalTracer [candidate] (432.64 ms) : 0, 432640
AppSec [baseline] (53.794 ms) : 0, 53794
AppSec [candidate] (53.571 ms) : 0, 53571
Remote Config [baseline] (655.395 µs) : 0, 655
Remote Config [candidate] (660.266 µs) : 0, 660
Telemetry [baseline] (7.689 ms) : 0, 7689
Telemetry [candidate] (7.625 ms) : 0, 7625
ProfilingAgent [baseline] (93.993 ms) : 0, 93993
ProfilingAgent [candidate] (92.997 ms) : 0, 92997
Profiling [baseline] (94.018 ms) : 0, 94018
Profiling [candidate] (93.02 ms) : 0, 93020
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.44.0-SNAPSHOT~25745a24d8, baseline=1.44.0-SNAPSHOT~aa7092b92b
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.102 s) : 0, 1101681
Total [baseline] (8.721 s) : 0, 8720692
Agent [candidate] (1.101 s) : 0, 1100997
Total [candidate] (8.691 s) : 0, 8691419
section iast
Agent [baseline] (1.224 s) : 0, 1224205
Total [baseline] (9.226 s) : 0, 9225615
Agent [candidate] (1.222 s) : 0, 1222021
Total [candidate] (9.228 s) : 0, 9227529
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.22 s) : 0, 1220391
Total [baseline] (9.19 s) : 0, 9190424
Agent [candidate] (1.223 s) : 0, 1222502
Total [candidate] (9.158 s) : 0, 9157885
section iast_TELEMETRY_OFF
Agent [baseline] (1.224 s) : 0, 1224475
Total [baseline] (9.281 s) : 0, 9281092
Agent [candidate] (1.218 s) : 0, 1217737
Total [candidate] (9.197 s) : 0, 9197474
gantt
title insecure-bank - break down per module: candidate=1.44.0-SNAPSHOT~25745a24d8, baseline=1.44.0-SNAPSHOT~aa7092b92b
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (701.031 ms) : 0, 701031
BytebuddyAgent [candidate] (700.424 ms) : 0, 700424
GlobalTracer [baseline] (320.329 ms) : 0, 320329
GlobalTracer [candidate] (320.274 ms) : 0, 320274
AppSec [baseline] (55.068 ms) : 0, 55068
AppSec [candidate] (55.05 ms) : 0, 55050
Remote Config [baseline] (701.231 µs) : 0, 701
Remote Config [candidate] (686.927 µs) : 0, 687
Telemetry [baseline] (10.683 ms) : 0, 10683
Telemetry [candidate] (10.715 ms) : 0, 10715
section iast
BytebuddyAgent [baseline] (814.989 ms) : 0, 814989
BytebuddyAgent [candidate] (813.944 ms) : 0, 813944
GlobalTracer [baseline] (307.656 ms) : 0, 307656
GlobalTracer [candidate] (306.772 ms) : 0, 306772
AppSec [baseline] (56.627 ms) : 0, 56627
AppSec [candidate] (58.116 ms) : 0, 58116
Remote Config [baseline] (636.385 µs) : 0, 636
Remote Config [candidate] (642.914 µs) : 0, 643
Telemetry [baseline] (7.513 ms) : 0, 7513
Telemetry [candidate] (7.532 ms) : 0, 7532
IAST [baseline] (23.003 ms) : 0, 23003
IAST [candidate] (21.213 ms) : 0, 21213
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (812.873 ms) : 0, 812873
BytebuddyAgent [candidate] (814.304 ms) : 0, 814304
GlobalTracer [baseline] (306.334 ms) : 0, 306334
GlobalTracer [candidate] (306.513 ms) : 0, 306513
AppSec [baseline] (57.287 ms) : 0, 57287
AppSec [candidate] (57.578 ms) : 0, 57578
Remote Config [baseline] (631.913 µs) : 0, 632
Remote Config [candidate] (623.886 µs) : 0, 624
Telemetry [baseline] (7.474 ms) : 0, 7474
Telemetry [candidate] (7.576 ms) : 0, 7576
IAST [baseline] (22.044 ms) : 0, 22044
IAST [candidate] (22.148 ms) : 0, 22148
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (815.196 ms) : 0, 815196
BytebuddyAgent [candidate] (810.496 ms) : 0, 810496
GlobalTracer [baseline] (308.372 ms) : 0, 308372
GlobalTracer [candidate] (306.766 ms) : 0, 306766
AppSec [baseline] (57.264 ms) : 0, 57264
AppSec [candidate] (57.999 ms) : 0, 57999
Remote Config [baseline] (635.0 µs) : 0, 635
Remote Config [candidate] (644.526 µs) : 0, 645
Telemetry [baseline] (7.526 ms) : 0, 7526
Telemetry [candidate] (7.489 ms) : 0, 7489
IAST [baseline] (21.623 ms) : 0, 21623
IAST [candidate] (20.579 ms) : 0, 20579
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics. Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.44.0-SNAPSHOT~25745a24d8, baseline=1.44.0-SNAPSHOT~aa7092b92b
dateFormat X
axisFormat %s
section baseline
no_agent (374.83 µs) : 355, 395
. : milestone, 375,
iast (492.927 µs) : 471, 515
. : milestone, 493,
iast_FULL (647.555 µs) : 626, 669
. : milestone, 648,
iast_GLOBAL (520.909 µs) : 499, 543
. : milestone, 521,
iast_HARDCODED_SECRET_DISABLED (490.361 µs) : 469, 512
. : milestone, 490,
iast_INACTIVE (449.398 µs) : 428, 471
. : milestone, 449,
iast_TELEMETRY_OFF (487.158 µs) : 465, 510
. : milestone, 487,
tracing (445.964 µs) : 425, 467
. : milestone, 446,
section candidate
no_agent (377.432 µs) : 357, 397
. : milestone, 377,
iast (488.173 µs) : 467, 510
. : milestone, 488,
iast_FULL (641.72 µs) : 620, 663
. : milestone, 642,
iast_GLOBAL (515.996 µs) : 494, 538
. : milestone, 516,
iast_HARDCODED_SECRET_DISABLED (488.132 µs) : 466, 510
. : milestone, 488,
iast_INACTIVE (443.319 µs) : 423, 464
. : milestone, 443,
iast_TELEMETRY_OFF (475.727 µs) : 454, 497
. : milestone, 476,
tracing (443.179 µs) : 422, 464
. : milestone, 443,
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.44.0-SNAPSHOT~25745a24d8, baseline=1.44.0-SNAPSHOT~aa7092b92b
dateFormat X
axisFormat %s
section baseline
no_agent (1.346 ms) : 1327, 1365
. : milestone, 1346,
appsec (1.756 ms) : 1732, 1779
. : milestone, 1756,
appsec_no_iast (1.739 ms) : 1715, 1763
. : milestone, 1739,
iast (1.476 ms) : 1453, 1499
. : milestone, 1476,
profiling (1.489 ms) : 1465, 1512
. : milestone, 1489,
tracing (1.456 ms) : 1431, 1482
. : milestone, 1456,
section candidate
no_agent (1.351 ms) : 1331, 1371
. : milestone, 1351,
appsec (1.736 ms) : 1712, 1759
. : milestone, 1736,
appsec_no_iast (1.737 ms) : 1712, 1763
. : milestone, 1737,
iast (1.486 ms) : 1464, 1508
. : milestone, 1486,
profiling (1.502 ms) : 1479, 1526
. : milestone, 1502,
tracing (1.488 ms) : 1464, 1512
. : milestone, 1488,
DacapoParameters
See matching parameters
SummaryFound 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics. Execution time for biojavagantt
title biojava - execution time [CI 0.99] : candidate=1.44.0-SNAPSHOT~25745a24d8, baseline=1.44.0-SNAPSHOT~aa7092b92b
dateFormat X
axisFormat %s
section baseline
no_agent (15.303 s) : 15303000, 15303000
. : milestone, 15303000,
appsec (15.203 s) : 15203000, 15203000
. : milestone, 15203000,
iast (18.808 s) : 18808000, 18808000
. : milestone, 18808000,
iast_GLOBAL (17.944 s) : 17944000, 17944000
. : milestone, 17944000,
profiling (15.291 s) : 15291000, 15291000
. : milestone, 15291000,
tracing (15.202 s) : 15202000, 15202000
. : milestone, 15202000,
section candidate
no_agent (14.647 s) : 14647000, 14647000
. : milestone, 14647000,
appsec (14.793 s) : 14793000, 14793000
. : milestone, 14793000,
iast (18.852 s) : 18852000, 18852000
. : milestone, 18852000,
iast_GLOBAL (18.102 s) : 18102000, 18102000
. : milestone, 18102000,
profiling (14.695 s) : 14695000, 14695000
. : milestone, 14695000,
tracing (15.114 s) : 15114000, 15114000
. : milestone, 15114000,
Execution time for tomcatgantt
title tomcat - execution time [CI 0.99] : candidate=1.44.0-SNAPSHOT~25745a24d8, baseline=1.44.0-SNAPSHOT~aa7092b92b
dateFormat X
axisFormat %s
section baseline
no_agent (1.47 ms) : 1459, 1482
. : milestone, 1470,
appsec (2.339 ms) : 2297, 2381
. : milestone, 2339,
iast (2.09 ms) : 2037, 2143
. : milestone, 2090,
iast_GLOBAL (2.136 ms) : 2082, 2189
. : milestone, 2136,
profiling (1.963 ms) : 1921, 2005
. : milestone, 1963,
tracing (1.932 ms) : 1892, 1972
. : milestone, 1932,
section candidate
no_agent (1.473 ms) : 1461, 1485
. : milestone, 1473,
appsec (2.346 ms) : 2305, 2388
. : milestone, 2346,
iast (2.09 ms) : 2037, 2143
. : milestone, 2090,
iast_GLOBAL (2.127 ms) : 2074, 2180
. : milestone, 2127,
profiling (1.968 ms) : 1925, 2010
. : milestone, 1968,
tracing (1.932 ms) : 1891, 1972
. : milestone, 1932,
|
smola
approved these changes
Dec 11, 2024
Mariovido
deleted the
mario.vidal/taint_tracking_string_buffer_subsequence
branch
December 12, 2024 12:09
svc-squareup-copybara
pushed a commit
to cashapp/misk
that referenced
this pull request
Dec 16, 2024
| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.49.0` -> `2.50.0` | | [com.google.cloud:google-cloud-core-http](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.48.0` -> `2.49.0` | | [com.google.cloud:google-cloud-spanner](https://github.com/googleapis/java-spanner) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `6.82.0` -> `6.83.0` | | [com.google.cloud:google-cloud-logging](https://github.com/googleapis/java-logging) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.20.7` -> `3.21.0` | | [com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.24.3` -> `2.25.1` | | [com.google.cloud:google-cloud-core](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.48.0` -> `2.49.0` | | [com.google.api:gax](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.58.0` -> `2.59.0` | | [com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin) | plugin | misk/gradle/libs.versions.toml | gradle | patch | `2.6.0` -> `2.6.1` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.43.0` -> `1.44.1` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.43.0` -> `1.44.1` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [com.amazonaws:aws-java-sdk-sqs](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` -> `1.12.780` | | [com.amazonaws:aws-java-sdk-s3](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` -> `1.12.780` | | [com.amazonaws:aws-java-sdk-dynamodb](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` -> `1.12.780` | | [com.amazonaws:aws-java-sdk-core](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` -> `1.12.780` | --- ### Release Notes <details> <summary>googleapis/sdk-platform-java (com.google.api.grpc:proto-google-common-protos)</summary> ### [`v2.50.0`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2500-2024-11-14) ##### Features - Add experimental S2A integration in client libraries grpc transport ([#​3326](googleapis/sdk-platform-java#3326)) ([1138ca6](googleapis/sdk-platform-java@1138ca6)) - enable selective generation based on service config include list ([#​3323](googleapis/sdk-platform-java#3323)) ([0cddadb](googleapis/sdk-platform-java@0cddadb)) - introduce `java.time` to java-core ([#​3330](googleapis/sdk-platform-java#3330)) ([f202c3b](googleapis/sdk-platform-java@f202c3b)) - Update Gapic-Generator to generate libraries using `java.time` methods ([#​3321](googleapis/sdk-platform-java#3321)) ([b21c9a4](googleapis/sdk-platform-java@b21c9a4)) ##### Bug Fixes - Fix flaky test ScheduledRetryingExecutorTest.testCancelOuterFutureAfterStart ([#​3335](googleapis/sdk-platform-java#3335)) ([e73740d](googleapis/sdk-platform-java@e73740d)) - httpjson callables to trace attempts (started, failed) ([#​3300](googleapis/sdk-platform-java#3300)) ([15a64ee](googleapis/sdk-platform-java@15a64ee)) - instantiate GaxProperties at build time to ensure we get the protobuf version ([#​3365](googleapis/sdk-platform-java#3365)) ([bb2a3be](googleapis/sdk-platform-java@bb2a3be)) - protobuf version not always getting set in headers ([#​3322](googleapis/sdk-platform-java#3322)) ([7f6e470](googleapis/sdk-platform-java@7f6e470)) - use BuildKit instead of legacy builder to build the Hermetic Build images ([#​3338](googleapis/sdk-platform-java#3338)) ([222fb45](googleapis/sdk-platform-java@222fb45)) ##### Dependencies - update google auth library dependencies to v1.30.0 ([#​3367](googleapis/sdk-platform-java#3367)) ([a31c682](googleapis/sdk-platform-java@a31c682)) - update grpc dependencies to v1.68.1 ([#​3240](googleapis/sdk-platform-java#3240)) ([c8e3941](googleapis/sdk-platform-java@c8e3941)) ##### Documentation - fix list num ([#​3356](googleapis/sdk-platform-java#3356)) ([b7d6296](googleapis/sdk-platform-java@b7d6296)) - **hermetic-build:** indicate usage of Docker Buildkit in development guide ([#​3337](googleapis/sdk-platform-java#3337)) ([01e742d](googleapis/sdk-platform-java@01e742d)) - modify hermetic build docs ([#​3331](googleapis/sdk-platform-java#3331)) ([25023af](googleapis/sdk-platform-java@25023af)) </details> <details> <summary>googleapis/java-spanner (com.google.cloud:google-cloud-spanner)</summary> ### [`v6.83.0`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6830-2024-12-13) ##### Features - Add Metrics host for built in metrics ([#​3519](googleapis/java-spanner#3519)) ([4ed455a](googleapis/java-spanner@4ed455a)) - Add opt-in for using multiplexed sessions for blind writes ([#​3540](googleapis/java-spanner#3540)) ([216f53e](googleapis/java-spanner@216f53e)) - Add UUID in Spanner TypeCode enum ([41f83dc](googleapis/java-spanner@41f83dc)) - Introduce java.time variables and methods ([#​3495](googleapis/java-spanner#3495)) ([8a7d533](googleapis/java-spanner@8a7d533)) - **spanner:** Support multiplexed session for Partitioned operations ([#​3231](googleapis/java-spanner#3231)) ([4501a3e](googleapis/java-spanner@4501a3e)) - Support 'set local' for retry_aborts_internally ([#​3532](googleapis/java-spanner#3532)) ([331942f](googleapis/java-spanner@331942f)) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.51.0 ([41f83dc](googleapis/java-spanner@41f83dc)) ##### Dependencies - Update sdk platform java dependencies ([#​3549](googleapis/java-spanner#3549)) ([6235f0f](googleapis/java-spanner@6235f0f)) </details> <details> <summary>googleapis/java-logging (com.google.cloud:google-cloud-logging)</summary> ### [`v3.21.0`](https://github.com/googleapis/java-logging/blob/HEAD/CHANGELOG.md#3210-2024-12-13) ##### Features - Introduce `java.time` methods ([#​1729](googleapis/java-logging#1729)) ([323eb33](googleapis/java-logging@323eb33)) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.51.0 ([04d8868](googleapis/java-logging@04d8868)) ##### Dependencies - Update dependency io.opentelemetry:opentelemetry-bom to v1.45.0 ([#​1638](googleapis/java-logging#1638)) ([7e007d4](googleapis/java-logging@7e007d4)) - Update sdk platform java dependencies ([#​1736](googleapis/java-logging#1736)) ([88b4cdf](googleapis/java-logging@88b4cdf)) </details> <details> <summary>googleapis/java-datastore (com.google.cloud:google-cloud-datastore)</summary> ### [`v2.25.1`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2251-2024-12-13) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.51.0 ([106ee4d](googleapis/java-datastore@106ee4d)) ##### Dependencies - Update sdk platform java dependencies ([#​1685](googleapis/java-datastore#1685)) ([4372350](googleapis/java-datastore@4372350)) ### [`v2.25.0`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2250-2024-12-11) ##### Features - Introduce `java.time` methods and variables ([#​1671](googleapis/java-datastore#1671)) ([5a78a80](googleapis/java-datastore@5a78a80)) ##### Dependencies - Update dependency com.google.cloud:gapic-libraries-bom to v1.48.0 ([#​1605](googleapis/java-datastore#1605)) ([5c6a678](googleapis/java-datastore@5c6a678)) ##### Documentation - Update gapic upgrade installation instructions ([#​1677](googleapis/java-datastore#1677)) ([b3fbfcc](googleapis/java-datastore@b3fbfcc)) </details> <details> <summary>autonomousapps/dependency-analysis-android-gradle-plugin (com.autonomousapps.dependency-analysis)</summary> ### [`v2.6.1`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-261) - \[Fix]: `superClassName` can be null (Object has no superclass). </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.44.1`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.44.1): 1.44.1 ##### Components ##### Continuous Integration Visibility - 🐛 Fix tracing JUnit5 tests in Maven projects with multiple forks ([#​8089](DataDog/dd-trace-java#8089) - [@​nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) ### [`v1.44.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.44.0): 1.44.0 ##### Known Issues > \[!WARNING]\ > This release contains a known issue that causes failures when using Test Optimization to trace JUnit 5 tests in a Maven project where Maven Surefire is configured with `forkCount` > 1. > The issue is fixed in v1.44.1 ##### Breaking Changes > \[!WARNING]\ > Support for `X-Forwarded` header is dropped from default client IP resolution. > It can still be re-activated using the `dd.trace.client-ip-header=x-forwarded` system property, or the `DD_TRACE_CLIENT_IP_HEADER=x-forwarded` environment variable. See [#​7946](DataDog/dd-trace-java#7946). ##### Components ##### Application Security Management (IAST) - ✨ Set unexpected IAST exceptions to debug log level ([#​8044](DataDog/dd-trace-java#8044) - [@​smola](https://github.com/smola)) - ✨ Increase IAST propagation to StringBuffer subSequence ([#​8038](DataDog/dd-trace-java#8038) - [@​Mariovido](https://github.com/Mariovido)) - ✨ Increase IAST propagation to StringBuilder subSequence ([#​8026](DataDog/dd-trace-java#8026) - [@​Mariovido](https://github.com/Mariovido)) - ✨ Add IAST propagation to String valueOf ([#​8013](DataDog/dd-trace-java#8013) - [@​Mariovido](https://github.com/Mariovido)) - ✨ Increase IAST propagation to StringBuilder append ([#​8010](DataDog/dd-trace-java#8010) - [@​Mariovido](https://github.com/Mariovido)) - ✨ Expand SSRF support in IAST to apache-httpclient-5 and apache-httpasyncclient-4 ([#​7920](DataDog/dd-trace-java#7920) - [@​Mariovido](https://github.com/Mariovido)) ##### Build & Tooling - ✨ Generate Muzzle classes for Groovy instrumentations ([#​8004](DataDog/dd-trace-java#8004) - [@​nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) ##### Continuous Integration Visibility - ✨ Support distributed traces in tests ([#​8078](DataDog/dd-trace-java#8078) - [@​nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Implement fail-fast tests ordering for JUnit 5 ([#​8055](DataDog/dd-trace-java#8055) - [@​nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Mark JUnit 5 setup and teardown action spans as failed if there is an error ([#​8033](DataDog/dd-trace-java#8033) - [@​nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add tracing of setup and teardown actions in JUnit 4 ([#​8030](DataDog/dd-trace-java#8030) - [@​daniel-mohedano](https://github.com/daniel-mohedano)) ##### Crash tracking - ✨ Improve crash tracking install logging ([#​8045](DataDog/dd-trace-java#8045) - [@​PerfectSlayer](https://github.com/PerfectSlayer)) ##### Data Streams Monitoring - 🐛 Add Data Streams support in AWS SQS without raw message delivery ([#​8071](DataDog/dd-trace-java#8071) - [@​piochelepiotr](https://github.com/piochelepiotr)) - ✨ Add new tag for enabled products / features to DSM checkpoints ([#​8051](DataDog/dd-trace-java#8051) - [@​kr-igor](https://github.com/kr-igor)) - 💡 Instrument self hosted Kafka connectors ([#​7959](DataDog/dd-trace-java#7959) - [@​piochelepiotr](https://github.com/piochelepiotr)) ##### Dynamic Instrumentation - ✨ Add Micronaut 4 support for code origin for spans ([#​8039](DataDog/dd-trace-java#8039) - [@​jpbempel](https://github.com/jpbempel)) - ✨ Refactor probe matching for methods ([#​8021](DataDog/dd-trace-java#8021) - [@​jpbempel](https://github.com/jpbempel)) - ✨ Update the CodeOriginProbe fingerprint to not rely on a stack walk ([#​8016](DataDog/dd-trace-java#8016) - [@​evanchooly](https://github.com/evanchooly)) - ✨ Implement code origin support for grpc server entry spans ([#​7942](DataDog/dd-trace-java#7942) - [@​evanchooly](https://github.com/evanchooly)) ##### GraalVM native-image - 🐛 Update Graal build-time instrumentation config for TracePropagationStyle ([#​8065](DataDog/dd-trace-java#8065) - [@​MattAlp](https://github.com/MattAlp)) - 🐛 Fix NoClassDefFoundError: Could not initialize class DDSpanLink$EncoderHolder in Graal native-image ([#​8036](DataDog/dd-trace-java#8036) - [@​mcculls](https://github.com/mcculls)) - 🐛🧹 Fix native-image generation of reactive applications ([#​8012](DataDog/dd-trace-java#8012) - [@​mcculls](https://github.com/mcculls)) ##### OpenTracing - 🧹 Custom ScopeManagers are deprecated and will be removed in a future release of dd-trace-ot ([#​8058](DataDog/dd-trace-java#8058) - [@​mcculls](https://github.com/mcculls)) ##### Tracer core - ✨🧪 Service naming: split by jee deployment ([#​8064](DataDog/dd-trace-java#8064) - [@​amarziali](https://github.com/amarziali)) - ✨ Exclude jboss mdb proxies from instrumenting ([#​8061](DataDog/dd-trace-java#8061) - [@​amarziali](https://github.com/amarziali)) - ✨ Add a built-in trace interceptor for keeping traces depending of their latency ([#​8040](DataDog/dd-trace-java#8040) - [@​cecile75](https://github.com/cecile75)) - 💡 Introduce marker mechanism for eagerly initializing helpers ([#​8028](DataDog/dd-trace-java#8028) - [@​mcculls](https://github.com/mcculls)) - 💡 Add JSON component ([#​7973](DataDog/dd-trace-java#7973) - [@​PerfectSlayer](https://github.com/PerfectSlayer)) - ✨⚠️ Remove support for X-Forwarded in client IP resolution ([#​7946](DataDog/dd-trace-java#7946) - [@​smola](https://github.com/smola)) ##### Instrumentations ##### Apache HttpComponents - ✨ Expand SSRF support in IAST to apache-httpclient-5 and apache-httpasyncclient-4 ([#​7920](DataDog/dd-trace-java#7920) - [@​Mariovido](https://github.com/Mariovido)) ##### gRPC instrumentation - 🐛 Use lower priorities for grpc server errors ([#​8043](DataDog/dd-trace-java#8043) - [@​amarziali](https://github.com/amarziali)) ##### JDBC instrumentation - ✨ Add trace injection for prepared statements in Postgres ([#​7940](DataDog/dd-trace-java#7940) - [@​nenadnoveljic](https://github.com/nenadnoveljic)) ##### JMS instrumentation - 🐛 Protect mdb from instrumenting multiple time the same event ([#​8062](DataDog/dd-trace-java#8062) - [@​amarziali](https://github.com/amarziali)) ##### Kafka instrumentation - 💡 Instrument self hosted Kafka connectors ([#​7959](DataDog/dd-trace-java#7959) - [@​piochelepiotr](https://github.com/piochelepiotr)) ##### OpenTelemetry instrumentation - 🐛 Support using OpenTelemetry Event API inside `@WithSpan` annotated method ([#​8019](DataDog/dd-trace-java#8019) - [@​mcculls](https://github.com/mcculls)) ##### Reactor instrumentation - 🐛🧹 Fix native-image generation of reactive applications ([#​8012](DataDog/dd-trace-java#8012) - [@​mcculls](https://github.com/mcculls)) ##### Spring instrumentation - 🐛 Avoid double instrumenting lambdas on latest spring scheduling ([#​8005](DataDog/dd-trace-java#8005) - [@​amarziali](https://github.com/amarziali)) ##### All other instrumentations - 🐛 Twilio: allow service name flattening ([#​8025](DataDog/dd-trace-java#8025) - [@​amarziali](https://github.com/amarziali)) - ✨ Instrument Mulesoft 4.5.0+ ([#​7981](DataDog/dd-trace-java#7981) - [@​amarziali](https://github.com/amarziali)) </details> <details> <summary>aws/aws-sdk-java (com.amazonaws:aws-java-sdk-sqs)</summary> ### [`v1.12.780`](https://github.com/aws/aws-sdk-java/blob/HEAD/CHANGELOG.md#112780-2024-12-11) [Compare Source](aws/aws-sdk-java@1.12.779...1.12.780) #### **Amazon Simple Storage Service** - ### Bugfixes - AWS SDK for Java 1.x now includes additional validation for Amazon S3 client APIs to handle scenarios where an empty string ('') is passed as the key argument to the following operations: PutObject, DeleteObject, ListObjects, GetObjectMetaData, ListObjectsV2, SetObjectTagging, GetObjectTagging, SetObjectAcl, GetObjectAcl, SetObjectLegalHold, GetObjectLegalHold, CopyObject, CopyPart, SelectObjectContent, SetObjectRetention, GetObjectRetention, AbortMultipartUpload, CompleteMultipartUpload, InitiateMultipartUpload, ListParts, UploadPart, RestoreObjectV2, and RestoreObject. The SDK will validate the key argument and throw an exception if it is an empty string, ensuring correct and expected behavior. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 69831bc62ea4d80cdcd42cef2aa9bd8eda28ae8c
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
This adds the instrumentation to propagate the taint values through the following methods of
StringBuffer
:subSequence(int, int)
Motivation
Increase propagation of
StringBuffer
methods.Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-55368