Skip to content

Propagation of translateEscapes of String class#8186

Merged
sezen-datadog merged 27 commits into
masterfrom
sezen.leblay/APPSEC-55380-translateEscapes-propagation
Jan 16, 2025
Merged

Propagation of translateEscapes of String class#8186
sezen-datadog merged 27 commits into
masterfrom
sezen.leblay/APPSEC-55380-translateEscapes-propagation

Conversation

@sezen-datadog

@sezen-datadog sezen-datadog commented Jan 13, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

What Does This Do

Taints translateEscapes string

Motivation

This is a feature added to String class operations in Java 15 so we add a propagation for this method

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-55380

@sezen-datadog sezen-datadog requested review from a team as code owners January 13, 2025 10:17
@github-actions

github-actions Bot commented Jan 13, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@smola smola marked this pull request as draft January 13, 2025 10:19
@sezen-datadog sezen-datadog changed the title DRAFT APPSEC-55380 Propagation of translateEscapes of String class Propagation of translateEscapes of String class Jan 13, 2025
@pr-commenter

pr-commenter Bot commented Jan 13, 2025
edited
Loading

Copy link
Copy Markdown

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/APPSEC-55380-translateEscapes-propagation
git_commit_date 1737017707 1737017620
git_commit_sha 9b06903 44f3db9
release_version 1.46.0-SNAPSHOT~9b06903e18 1.46.0-SNAPSHOT~44f3db9c3a
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1737020130 1737020130
ci_job_id 768520198 768520198
ci_pipeline_id 53154263 53154263
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 60 metrics, 3 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.46.0-SNAPSHOT~44f3db9c3a, baseline=1.46.0-SNAPSHOT~9b06903e18

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.058 s) : 0, 1057899
Total [baseline] (8.668 s) : 0, 8668464
Agent [candidate] (1.053 s) : 0, 1052559
Total [candidate] (8.618 s) : 0, 8617868
section iast
Agent [baseline] (1.183 s) : 0, 1182531
Total [baseline] (9.18 s) : 0, 9179899
Agent [candidate] (1.182 s) : 0, 1182080
Total [candidate] (9.192 s) : 0, 9191971
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.18 s) : 0, 1179823
Total [baseline] (9.148 s) : 0, 9147698
Agent [candidate] (1.181 s) : 0, 1181225
Total [candidate] (9.163 s) : 0, 9163381
section iast_TELEMETRY_OFF
Agent [baseline] (1.184 s) : 0, 1184008
Total [baseline] (9.198 s) : 0, 9197734
Agent [candidate] (1.179 s) : 0, 1178905
Total [candidate] (9.166 s) : 0, 9165519
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.058 s -
Agent iast 1.183 s 124.633 ms (11.8%)
Agent iast_HARDCODED_SECRET_DISABLED 1.18 s 121.924 ms (11.5%)
Agent iast_TELEMETRY_OFF 1.184 s 126.109 ms (11.9%)
Total tracing 8.668 s -
Total iast 9.18 s 511.435 ms (5.9%)
Total iast_HARDCODED_SECRET_DISABLED 9.148 s 479.234 ms (5.5%)
Total iast_TELEMETRY_OFF 9.198 s 529.27 ms (6.1%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.053 s -
Agent iast 1.182 s 129.521 ms (12.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.181 s 128.667 ms (12.2%)
Agent iast_TELEMETRY_OFF 1.179 s 126.346 ms (12.0%)
Total tracing 8.618 s -
Total iast 9.192 s 574.103 ms (6.7%)
Total iast_HARDCODED_SECRET_DISABLED 9.163 s 545.513 ms (6.3%)
Total iast_TELEMETRY_OFF 9.166 s 547.651 ms (6.4%) 
gantt
    title insecure-bank - break down per module: candidate=1.46.0-SNAPSHOT~44f3db9c3a, baseline=1.46.0-SNAPSHOT~9b06903e18

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (714.586 ms) : 0, 714586
BytebuddyAgent [candidate] (714.461 ms) : 0, 714461
GlobalTracer [baseline] (256.269 ms) : 0, 256269
GlobalTracer [candidate] (255.58 ms) : 0, 255580
AppSec [baseline] (56.997 ms) : 0, 56997
AppSec [candidate] (55.925 ms) : 0, 55925
Remote Config [baseline] (715.232 µs) : 0, 715
Remote Config [candidate] (723.661 µs) : 0, 724
Telemetry [baseline] (14.328 ms) : 0, 14328
Telemetry [candidate] (10.797 ms) : 0, 10797
section iast
BytebuddyAgent [baseline] (832.313 ms) : 0, 832313
BytebuddyAgent [candidate] (831.404 ms) : 0, 831404
GlobalTracer [baseline] (246.298 ms) : 0, 246298
GlobalTracer [candidate] (246.474 ms) : 0, 246474
AppSec [baseline] (57.903 ms) : 0, 57903
AppSec [candidate] (57.971 ms) : 0, 57971
IAST [baseline] (21.601 ms) : 0, 21601
IAST [candidate] (21.618 ms) : 0, 21618
Remote Config [baseline] (667.024 µs) : 0, 667
Remote Config [candidate] (692.242 µs) : 0, 692
Telemetry [baseline] (8.78 ms) : 0, 8780
Telemetry [candidate] (8.928 ms) : 0, 8928
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (829.77 ms) : 0, 829770
BytebuddyAgent [candidate] (830.541 ms) : 0, 830541
GlobalTracer [baseline] (246.14 ms) : 0, 246140
GlobalTracer [candidate] (246.329 ms) : 0, 246329
AppSec [baseline] (58.194 ms) : 0, 58194
AppSec [candidate] (58.427 ms) : 0, 58427
IAST [baseline] (21.363 ms) : 0, 21363
IAST [candidate] (21.494 ms) : 0, 21494
Remote Config [baseline] (660.563 µs) : 0, 661
Remote Config [candidate] (667.983 µs) : 0, 668
Telemetry [baseline] (8.729 ms) : 0, 8729
Telemetry [candidate] (8.798 ms) : 0, 8798
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (833.259 ms) : 0, 833259
BytebuddyAgent [candidate] (829.239 ms) : 0, 829239
GlobalTracer [baseline] (247.509 ms) : 0, 247509
GlobalTracer [candidate] (246.76 ms) : 0, 246760
AppSec [baseline] (58.074 ms) : 0, 58074
AppSec [candidate] (57.726 ms) : 0, 57726
IAST [baseline] (20.845 ms) : 0, 20845
IAST [candidate] (20.843 ms) : 0, 20843
Remote Config [baseline] (654.445 µs) : 0, 654
Remote Config [candidate] (662.298 µs) : 0, 662
Telemetry [baseline] (8.65 ms) : 0, 8650
Telemetry [candidate] (8.623 ms) : 0, 8623
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.46.0-SNAPSHOT~44f3db9c3a, baseline=1.46.0-SNAPSHOT~9b06903e18

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.06 s) : 0, 1059625
Total [baseline] (10.429 s) : 0, 10428629
Agent [candidate] (1.053 s) : 0, 1052741
Total [candidate] (10.433 s) : 0, 10432796
section appsec
Agent [baseline] (1.188 s) : 0, 1187757
Total [baseline] (10.72 s) : 0, 10720082
Agent [candidate] (1.189 s) : 0, 1188567
Total [candidate] (10.701 s) : 0, 10700827
section iast
Agent [baseline] (1.198 s) : 0, 1197645
Total [baseline] (10.959 s) : 0, 10958855
Agent [candidate] (1.183 s) : 0, 1182830
Total [candidate] (11.001 s) : 0, 11000770
section profiling
Agent [baseline] (1.252 s) : 0, 1252429
Total [baseline] (10.765 s) : 0, 10765017
Agent [candidate] (1.263 s) : 0, 1263297
Total [candidate] (10.947 s) : 0, 10946878
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.06 s -
Agent appsec 1.188 s 128.132 ms (12.1%)
Agent iast 1.198 s 138.02 ms (13.0%)
Agent profiling 1.252 s 192.803 ms (18.2%)
Total tracing 10.429 s -
Total appsec 10.72 s 291.453 ms (2.8%)
Total iast 10.959 s 530.226 ms (5.1%)
Total profiling 10.765 s 336.388 ms (3.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.053 s -
Agent appsec 1.189 s 135.826 ms (12.9%)
Agent iast 1.183 s 130.089 ms (12.4%)
Agent profiling 1.263 s 210.556 ms (20.0%)
Total tracing 10.433 s -
Total appsec 10.701 s 268.031 ms (2.6%)
Total iast 11.001 s 567.974 ms (5.4%)
Total profiling 10.947 s 514.082 ms (4.9%) 
gantt
    title petclinic - break down per module: candidate=1.46.0-SNAPSHOT~44f3db9c3a, baseline=1.46.0-SNAPSHOT~9b06903e18

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (716.914 ms) : 0, 716914
BytebuddyAgent [candidate] (712.42 ms) : 0, 712420
GlobalTracer [baseline] (256.602 ms) : 0, 256602
GlobalTracer [candidate] (255.227 ms) : 0, 255227
AppSec [baseline] (56.842 ms) : 0, 56842
AppSec [candidate] (55.766 ms) : 0, 55766
Remote Config [baseline] (731.586 µs) : 0, 732
Remote Config [candidate] (716.911 µs) : 0, 717
Telemetry [baseline] (13.485 ms) : 0, 13485
Telemetry [candidate] (13.661 ms) : 0, 13661
section appsec
BytebuddyAgent [baseline] (730.292 ms) : 0, 730292
BytebuddyAgent [candidate] (731.036 ms) : 0, 731036
GlobalTracer [baseline] (253.259 ms) : 0, 253259
GlobalTracer [candidate] (252.875 ms) : 0, 252875
AppSec [baseline] (170.679 ms) : 0, 170679
AppSec [candidate] (171.02 ms) : 0, 171020
Remote Config [baseline] (657.581 µs) : 0, 658
Remote Config [candidate] (670.777 µs) : 0, 671
Telemetry [baseline] (8.206 ms) : 0, 8206
Telemetry [candidate] (8.221 ms) : 0, 8221
IAST [baseline] (19.42 ms) : 0, 19420
IAST [candidate] (19.423 ms) : 0, 19423
section iast
BytebuddyAgent [baseline] (843.272 ms) : 0, 843272
BytebuddyAgent [candidate] (832.029 ms) : 0, 832029
GlobalTracer [baseline] (249.334 ms) : 0, 249334
GlobalTracer [candidate] (246.747 ms) : 0, 246747
AppSec [baseline] (58.488 ms) : 0, 58488
AppSec [candidate] (57.881 ms) : 0, 57881
Remote Config [baseline] (698.885 µs) : 0, 699
Remote Config [candidate] (655.999 µs) : 0, 656
Telemetry [baseline] (8.92 ms) : 0, 8920
Telemetry [candidate] (8.88 ms) : 0, 8880
IAST [baseline] (21.826 ms) : 0, 21826
IAST [candidate] (21.641 ms) : 0, 21641
section profiling
BytebuddyAgent [baseline] (702.657 ms) : 0, 702657
BytebuddyAgent [candidate] (708.609 ms) : 0, 708609
GlobalTracer [baseline] (349.166 ms) : 0, 349166
GlobalTracer [candidate] (352.053 ms) : 0, 352053
AppSec [baseline] (54.289 ms) : 0, 54289
AppSec [candidate] (54.789 ms) : 0, 54789
Remote Config [baseline] (652.803 µs) : 0, 653
Remote Config [candidate] (657.404 µs) : 0, 657
Telemetry [baseline] (8.805 ms) : 0, 8805
Telemetry [candidate] (8.947 ms) : 0, 8947
ProfilingAgent [baseline] (94.911 ms) : 0, 94911
ProfilingAgent [candidate] (96.012 ms) : 0, 96012
Profiling [baseline] (94.935 ms) : 0, 94935
Profiling [candidate] (96.036 ms) : 0, 96036
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-01-16T09:05:32 2025-01-16T09:12:35
git_branch master sezen.leblay/APPSEC-55380-translateEscapes-propagation
git_commit_date 1737017707 1737017620
git_commit_sha 9b06903 44f3db9
release_version 1.46.0-SNAPSHOT~9b06903e18 1.46.0-SNAPSHOT~44f3db9c3a
start_time 2025-01-16T09:05:18 2025-01-16T09:12:21
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1737019110 1737019110
ci_job_id 768520199 768520199
ci_pipeline_id 53154263 53154263
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 17 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:iast_FULL better
[-105.728µs; -59.081µs] or [-14.329%; -8.007%]		 unstable
[-1064.157op/s; +1695.736op/s] or [-17.736%; +28.262%]		 655.465µs 6315.789op/s 737.869µs 6000.000op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~44f3db9c3a, baseline=1.46.0-SNAPSHOT~9b06903e18
    dateFormat X
    axisFormat %s
section baseline
no_agent (386.278 µs) : 366, 406
.   : milestone, 386,
iast (510.915 µs) : 489, 533
.   : milestone, 511,
iast_FULL (737.869 µs) : 716, 760
.   : milestone, 738,
iast_GLOBAL (550.058 µs) : 529, 572
.   : milestone, 550,
iast_HARDCODED_SECRET_DISABLED (507.495 µs) : 486, 529
.   : milestone, 507,
iast_INACTIVE (460.294 µs) : 439, 482
.   : milestone, 460,
iast_TELEMETRY_OFF (492.965 µs) : 471, 515
.   : milestone, 493,
tracing (449.675 µs) : 429, 471
.   : milestone, 450,
section candidate
no_agent (377.126 µs) : 356, 398
.   : milestone, 377,
iast (492.837 µs) : 471, 514
.   : milestone, 493,
iast_FULL (655.465 µs) : 634, 677
.   : milestone, 655,
iast_GLOBAL (521.237 µs) : 499, 543
.   : milestone, 521,
iast_HARDCODED_SECRET_DISABLED (501.464 µs) : 480, 523
.   : milestone, 501,
iast_INACTIVE (463.084 µs) : 440, 486
.   : milestone, 463,
iast_TELEMETRY_OFF (481.471 µs) : 460, 503
.   : milestone, 481,
tracing (450.256 µs) : 429, 471
.   : milestone, 450,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 386.278 µs [366.405 µs, 406.151 µs] -
iast 510.915 µs [488.701 µs, 533.129 µs] 124.637 µs (32.3%)
iast_FULL 737.869 µs [716.076 µs, 759.662 µs] 351.591 µs (91.0%)
iast_GLOBAL 550.058 µs [528.526 µs, 571.59 µs] 163.78 µs (42.4%)
iast_HARDCODED_SECRET_DISABLED 507.495 µs [485.836 µs, 529.153 µs] 121.216 µs (31.4%)
iast_INACTIVE 460.294 µs [439.048 µs, 481.539 µs] 74.016 µs (19.2%)
iast_TELEMETRY_OFF 492.965 µs [471.133 µs, 514.796 µs] 106.686 µs (27.6%)
tracing 449.675 µs [428.596 µs, 470.754 µs] 63.397 µs (16.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 377.126 µs [355.793 µs, 398.459 µs] -
iast 492.837 µs [471.277 µs, 514.397 µs] 115.712 µs (30.7%)
iast_FULL 655.465 µs [633.91 µs, 677.02 µs] 278.339 µs (73.8%)
iast_GLOBAL 521.237 µs [499.216 µs, 543.258 µs] 144.111 µs (38.2%)
iast_HARDCODED_SECRET_DISABLED 501.464 µs [479.557 µs, 523.371 µs] 124.338 µs (33.0%)
iast_INACTIVE 463.084 µs [440.194 µs, 485.973 µs] 85.958 µs (22.8%)
iast_TELEMETRY_OFF 481.471 µs [460.193 µs, 502.748 µs] 104.345 µs (27.7%)
tracing 450.256 µs [429.051 µs, 471.462 µs] 73.131 µs (19.4%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.46.0-SNAPSHOT~44f3db9c3a, baseline=1.46.0-SNAPSHOT~9b06903e18
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.342 ms) : 1323, 1362
.   : milestone, 1342,
appsec (1.752 ms) : 1728, 1776
.   : milestone, 1752,
appsec_no_iast (1.748 ms) : 1724, 1772
.   : milestone, 1748,
iast (1.506 ms) : 1481, 1530
.   : milestone, 1506,
profiling (1.551 ms) : 1526, 1575
.   : milestone, 1551,
tracing (1.489 ms) : 1465, 1514
.   : milestone, 1489,
section candidate
no_agent (1.36 ms) : 1340, 1379
.   : milestone, 1360,
appsec (1.741 ms) : 1717, 1765
.   : milestone, 1741,
appsec_no_iast (1.743 ms) : 1720, 1766
.   : milestone, 1743,
iast (1.509 ms) : 1486, 1533
.   : milestone, 1509,
profiling (1.554 ms) : 1527, 1580
.   : milestone, 1554,
tracing (1.488 ms) : 1464, 1512
.   : milestone, 1488,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.342 ms [1.323 ms, 1.362 ms] -
appsec 1.752 ms [1.728 ms, 1.776 ms] 409.929 µs (30.5%)
appsec_no_iast 1.748 ms [1.724 ms, 1.772 ms] 406.067 µs (30.3%)
iast 1.506 ms [1.481 ms, 1.53 ms] 163.609 µs (12.2%)
profiling 1.551 ms [1.526 ms, 1.575 ms] 208.48 µs (15.5%)
tracing 1.489 ms [1.465 ms, 1.514 ms] 147.268 µs (11.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.36 ms [1.34 ms, 1.379 ms] -
appsec 1.741 ms [1.717 ms, 1.765 ms] 381.135 µs (28.0%)
appsec_no_iast 1.743 ms [1.72 ms, 1.766 ms] 383.422 µs (28.2%)
iast 1.509 ms [1.486 ms, 1.533 ms] 149.615 µs (11.0%)
profiling 1.554 ms [1.527 ms, 1.58 ms] 193.898 µs (14.3%)
tracing 1.488 ms [1.464 ms, 1.512 ms] 128.29 µs (9.4%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/APPSEC-55380-translateEscapes-propagation
git_commit_date 1737017707 1737017620
git_commit_sha 9b06903 44f3db9
release_version 1.46.0-SNAPSHOT~9b06903e18 1.46.0-SNAPSHOT~44f3db9c3a
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1737019640 1737019640
ci_job_id 768520200 768520200
ci_pipeline_id 53154263 53154263
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 0 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:dacapo:tomcat:appsec better
[-1.371ms; -1.042ms] or [-38.437%; -29.194%]		 2.361ms 3.568ms
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~44f3db9c3a, baseline=1.46.0-SNAPSHOT~9b06903e18
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.468 ms) : 1457, 1480
.   : milestone, 1468,
appsec (3.568 ms) : 3355, 3780
.   : milestone, 3568,
iast (2.096 ms) : 2042, 2150
.   : milestone, 2096,
iast_GLOBAL (2.15 ms) : 2095, 2205
.   : milestone, 2150,
profiling (1.973 ms) : 1928, 2018
.   : milestone, 1973,
tracing (1.937 ms) : 1895, 1979
.   : milestone, 1937,
section candidate
no_agent (1.467 ms) : 1456, 1479
.   : milestone, 1467,
appsec (2.361 ms) : 2318, 2404
.   : milestone, 2361,
iast (2.106 ms) : 2052, 2160
.   : milestone, 2106,
iast_GLOBAL (2.153 ms) : 2097, 2208
.   : milestone, 2153,
profiling (1.971 ms) : 1928, 2015
.   : milestone, 1971,
tracing (1.945 ms) : 1903, 1987
.   : milestone, 1945,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.468 ms [1.457 ms, 1.48 ms] -
appsec 3.568 ms [3.355 ms, 3.78 ms] 2.099 ms (143.0%)
iast 2.096 ms [2.042 ms, 2.15 ms] 627.827 µs (42.8%)
iast_GLOBAL 2.15 ms [2.095 ms, 2.205 ms] 681.753 µs (46.4%)
profiling 1.973 ms [1.928 ms, 2.018 ms] 504.626 µs (34.4%)
tracing 1.937 ms [1.895 ms, 1.979 ms] 468.676 µs (31.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.467 ms [1.456 ms, 1.479 ms] -
appsec 2.361 ms [2.318 ms, 2.404 ms] 893.831 µs (60.9%)
iast 2.106 ms [2.052 ms, 2.16 ms] 638.614 µs (43.5%)
iast_GLOBAL 2.153 ms [2.097 ms, 2.208 ms] 685.235 µs (46.7%)
profiling 1.971 ms [1.928 ms, 2.015 ms] 504.051 µs (34.4%)
tracing 1.945 ms [1.903 ms, 1.987 ms] 477.963 µs (32.6%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.46.0-SNAPSHOT~44f3db9c3a, baseline=1.46.0-SNAPSHOT~9b06903e18
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.218 s) : 15218000, 15218000
.   : milestone, 15218000,
appsec (15.07 s) : 15070000, 15070000
.   : milestone, 15070000,
iast (18.943 s) : 18943000, 18943000
.   : milestone, 18943000,
iast_GLOBAL (18.095 s) : 18095000, 18095000
.   : milestone, 18095000,
profiling (15.074 s) : 15074000, 15074000
.   : milestone, 15074000,
tracing (15.208 s) : 15208000, 15208000
.   : milestone, 15208000,
section candidate
no_agent (14.876 s) : 14876000, 14876000
.   : milestone, 14876000,
appsec (15.2 s) : 15200000, 15200000
.   : milestone, 15200000,
iast (18.861 s) : 18861000, 18861000
.   : milestone, 18861000,
iast_GLOBAL (17.964 s) : 17964000, 17964000
.   : milestone, 17964000,
profiling (14.935 s) : 14935000, 14935000
.   : milestone, 14935000,
tracing (15.01 s) : 15010000, 15010000
.   : milestone, 15010000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.218 s [15.218 s, 15.218 s] -
appsec 15.07 s [15.07 s, 15.07 s] -148.0 ms (-1.0%)
iast 18.943 s [18.943 s, 18.943 s] 3.725 s (24.5%)
iast_GLOBAL 18.095 s [18.095 s, 18.095 s] 2.877 s (18.9%)
profiling 15.074 s [15.074 s, 15.074 s] -144.0 ms (-0.9%)
tracing 15.208 s [15.208 s, 15.208 s] -10.0 ms (-0.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.876 s [14.876 s, 14.876 s] -
appsec 15.2 s [15.2 s, 15.2 s] 324.0 ms (2.2%)
iast 18.861 s [18.861 s, 18.861 s] 3.985 s (26.8%)
iast_GLOBAL 17.964 s [17.964 s, 17.964 s] 3.088 s (20.8%)
profiling 14.935 s [14.935 s, 14.935 s] 59.0 ms (0.4%)
tracing 15.01 s [15.01 s, 15.01 s] 134.0 ms (0.9%)

sezen-datadog and others added 5 commits January 13, 2025 12:14
@sezen-datadog
test unicode added
94fb227
@amarziali @PerfectSlayer
@mcculls @sezen-datadog
Use env-entry to add tags per webapp deployment (#8138)
82e2530 
* Use env-entry to add tags per webapp deployment

* fix gradle file

* Migrate to hasmethodadvice

* exclude classes from coverage

* codenarc

* add more repos

* jacoco

* Update internal-api/src/main/java/datadog/trace/api/ClassloaderConfigurationOverrides.java

Co-authored-by: Bruce Bujon <PerfectSlayer@users.noreply.github.com>

* review

* use our named

* more coverage

* Update internal-api/src/main/java/datadog/trace/api/ClassloaderConfigurationOverrides.java

Co-authored-by: Stuart McCulloch <stuart.mcculloch@datadoghq.com>

* Update internal-api/src/main/java/datadog/trace/api/ClassloaderConfigurationOverrides.java

Co-authored-by: Stuart McCulloch <stuart.mcculloch@datadoghq.com>

* review

* add jmh

* optimize

* widen muzzle excludes

* exclude lazy from branch coverage

* clean

* Do not set contextual service name if jee-split-by-deployment is not enabled

---------

Co-authored-by: Bruce Bujon <PerfectSlayer@users.noreply.github.com>
Co-authored-by: Stuart McCulloch <stuart.mcculloch@datadoghq.com>
@tlhunter @sezen-datadog
fix github issue creation (#8179)
00c8cd0
@amarziali @sezen-datadog
Skip jacoco coverage for internal class (#8183)
542f3b8
@sezen-datadog
Merge branch 'master' into sezen.leblay/APPSEC-55380-translateEscapes…
19bafcb 
…-propagation
manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Jan 13, 2025
View reviewed changes
Comment thread dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java Outdated
if (rangesSelf.length == 0) {
return; // original string is not tainted
}
final Range[] newRanges = Ranges.forSubstring(0, result.length(), rangesSelf);

@manuel-alvarez-alvarez manuel-alvarez-alvarez Jan 13, 2025

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAIK the translateEscapes never changes the length of the original string (it's a 1to1 mapping). So I think it will be safe to just reuse original ranges array (rangesSelf)

@smola smola added the comp: asm iast Application Security Management (IAST) label Jan 13, 2025
@sezen-datadog sezen-datadog marked this pull request as ready for review January 13, 2025 16:00
@sezen-datadog sezen-datadog added inst: java Core Java language instrumentation type: enhancement Enhancements and improvements labels Jan 14, 2025
Mariovido
Mariovido suggested changes Jan 14, 2025
View reviewed changes

@Mariovido Mariovido left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have some jobs in the pipeline failing, they must be green before merging :)

@sezen-datadog sezen-datadog marked this pull request as draft January 14, 2025 13:30
@sezen-datadog sezen-datadog marked this pull request as ready for review January 15, 2025 10:11
Mariovido
Mariovido approved these changes Jan 15, 2025
View reviewed changes

@Mariovido Mariovido left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Jan 15, 2025
View reviewed changes
Comment thread dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy Outdated
given:
final taintedObjects = ctx.getTaintedObjects()
def self = addFromTaintFormat(taintedObjects, testString)
def result = self

@manuel-alvarez-alvarez manuel-alvarez-alvarez Jan 15, 2025

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
def result = self
def result = self.translateEscapes()

manuel-alvarez-alvarez
manuel-alvarez-alvarez reviewed Jan 15, 2025
View reviewed changes
Comment thread dd-java-agent/agent-iast/src/main/java/com/datadog/iast/propagation/StringModuleImpl.java Outdated
return; // original string is not tainted
}
final Range[] rangesSelf = taintedSelf.getRanges();
if (rangesSelf.length == 0) {

@manuel-alvarez-alvarez manuel-alvarez-alvarez Jan 15, 2025

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you copy this from another method?, we shouldn't have tainted values without ranges (if it does not have ranges then it's not tainted 😓)

@sezen-datadog sezen-datadog Jan 15, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes i did 😅

ValentinZakharov
ValentinZakharov reviewed Jan 15, 2025
View reviewed changes
Comment thread ...ringboot-java-17/src/test/groovy/datadog/smoketest/springboot/IastSpringBootSmokeTest.groovy
import datadog.smoketest.AbstractIast17SpringBootTest

class IastSpringBootSmokeTest extends AbstractIast17SpringBootTest {
}

@ValentinZakharov ValentinZakharov Jan 15, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need empty test class?

@sezen-datadog sezen-datadog added comp: api Tracer public API and removed comp: api Tracer public API labels Jan 16, 2025
@sezen-datadog sezen-datadog merged commit 679f9e2 into master Jan 16, 2025
@sezen-datadog sezen-datadog deleted the sezen.leblay/APPSEC-55380-translateEscapes-propagation branch January 16, 2025 15:12
@github-actions github-actions Bot added this to the 1.46.0 milestone Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ValentinZakharov ValentinZakharov ValentinZakharov left review comments

@manuel-alvarez-alvarez manuel-alvarez-alvarez manuel-alvarez-alvarez approved these changes

@smola smola Awaiting requested review from smola smola is a code owner automatically assigned from DataDog/asm-java

+1 more reviewer

@Mariovido Mariovido Mariovido approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

comp: asm iast Application Security Management (IAST) inst: java Core Java language instrumentation type: enhancement Enhancements and improvements

Projects

None yet

Milestone

1.46.0

Development

Successfully merging this pull request may close these issues.

8 participants

@sezen-datadog @jandro996 @manuel-alvarez-alvarez @ValentinZakharov @Mariovido @smola @amarziali @tlhunter