Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend vulnerability location data with filename #8334

Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

Extend vulnerability location data with filename #8334

wants to merge 14 commits into from
+87 −65

Conversation

sezen-datadog
Copy link
Contributor

@sezen-datadog sezen-datadog commented Feb 4, 2025
edited
Loading

What Does This Do

Enhances location with class name for vulnerabilities and changes path to the actual path value (previously class name was stored in this field)

Motivation

Better define location data for vulnerabilities

Additional Notes

Must be merged with DataDog/system-tests#4024

Contributor Checklist

Jira ticket: APPSEC-56630

@smola smola added type: enhancement comp: asm iast Application Security Management (IAST) labels Feb 4, 2025
@smola smola changed the title Extend vulnerability location data Extend vulnerability location data with filename Feb 4, 2025
@pr-commenter
Copy link

pr-commenter bot commented Feb 4, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/APPSEC-56630-Extend-vulnerability-location-data
git_commit_date 1739374674 1739375539
git_commit_sha 3fd5db0 36ef193
release_version 1.47.0-SNAPSHOT~3fd5db0dc1 1.47.0-SNAPSHOT~36ef19350f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1739378332 1739378332
ci_job_id 805275868 805275868
ci_pipeline_id 55692691 55692691
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-y1o89h6k-project-304-concurrent-12-i6s5p68i 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux Linux runner-y1o89h6k-project-304-concurrent-12-i6s5p68i 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 5 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.47.0-SNAPSHOT~36ef19350f, baseline=1.47.0-SNAPSHOT~3fd5db0dc1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.041 s) : 0, 1040875
Total [baseline] (8.657 s) : 0, 8656904
Agent [candidate] (1.041 s) : 0, 1040551
Total [candidate] (8.648 s) : 0, 8647527
section iast
Agent [baseline] (1.177 s) : 0, 1177003
Total [baseline] (9.253 s) : 0, 9252975
Agent [candidate] (1.18 s) : 0, 1179705
Total [candidate] (9.283 s) : 0, 9282749
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.171 s) : 0, 1170534
Total [baseline] (9.224 s) : 0, 9223936
Agent [candidate] (1.172 s) : 0, 1171971
Total [candidate] (9.282 s) : 0, 9281654
section iast_TELEMETRY_OFF
Agent [baseline] (1.168 s) : 0, 1168336
Total [baseline] (9.253 s) : 0, 9253203
Agent [candidate] (1.178 s) : 0, 1178449
Total [candidate] (9.311 s) : 0, 9311271
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.041 s -
Agent iast 1.177 s 136.128 ms (13.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.171 s 129.658 ms (12.5%)
Agent iast_TELEMETRY_OFF 1.168 s 127.461 ms (12.2%)
Total tracing 8.657 s -
Total iast 9.253 s 596.071 ms (6.9%)
Total iast_HARDCODED_SECRET_DISABLED 9.224 s 567.032 ms (6.6%)
Total iast_TELEMETRY_OFF 9.253 s 596.298 ms (6.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.041 s -
Agent iast 1.18 s 139.154 ms (13.4%)
Agent iast_HARDCODED_SECRET_DISABLED 1.172 s 131.421 ms (12.6%)
Agent iast_TELEMETRY_OFF 1.178 s 137.898 ms (13.3%)
Total tracing 8.648 s -
Total iast 9.283 s 635.222 ms (7.3%)
Total iast_HARDCODED_SECRET_DISABLED 9.282 s 634.127 ms (7.3%)
Total iast_TELEMETRY_OFF 9.311 s 663.745 ms (7.7%) 
gantt
    title insecure-bank - break down per module: candidate=1.47.0-SNAPSHOT~36ef19350f, baseline=1.47.0-SNAPSHOT~3fd5db0dc1

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (716.869 ms) : 0, 716869
BytebuddyAgent [candidate] (716.369 ms) : 0, 716369
GlobalTracer [baseline] (240.453 ms) : 0, 240453
GlobalTracer [candidate] (240.967 ms) : 0, 240967
AppSec [baseline] (55.281 ms) : 0, 55281
AppSec [candidate] (55.352 ms) : 0, 55352
Remote Config [baseline] (721.13 µs) : 0, 721
Remote Config [candidate] (721.96 µs) : 0, 722
Telemetry [baseline] (12.401 ms) : 0, 12401
Telemetry [candidate] (12.018 ms) : 0, 12018
section iast
BytebuddyAgent [baseline] (840.186 ms) : 0, 840186
BytebuddyAgent [candidate] (841.905 ms) : 0, 841905
GlobalTracer [baseline] (231.931 ms) : 0, 231931
GlobalTracer [candidate] (232.291 ms) : 0, 232291
IAST [baseline] (23.031 ms) : 0, 23031
IAST [candidate] (23.102 ms) : 0, 23102
AppSec [baseline] (57.201 ms) : 0, 57201
AppSec [candidate] (57.651 ms) : 0, 57651
Remote Config [baseline] (624.903 µs) : 0, 625
Remote Config [candidate] (625.772 µs) : 0, 626
Telemetry [baseline] (8.762 ms) : 0, 8762
Telemetry [candidate] (8.783 ms) : 0, 8783
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (834.675 ms) : 0, 834675
BytebuddyAgent [candidate] (834.977 ms) : 0, 834977
GlobalTracer [baseline] (230.86 ms) : 0, 230860
GlobalTracer [candidate] (231.654 ms) : 0, 231654
IAST [baseline] (22.942 ms) : 0, 22942
IAST [candidate] (22.965 ms) : 0, 22965
AppSec [baseline] (57.419 ms) : 0, 57419
AppSec [candidate] (57.696 ms) : 0, 57696
Remote Config [baseline] (622.399 µs) : 0, 622
Remote Config [candidate] (637.418 µs) : 0, 637
Telemetry [baseline] (8.77 ms) : 0, 8770
Telemetry [candidate] (8.787 ms) : 0, 8787
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (833.342 ms) : 0, 833342
BytebuddyAgent [candidate] (840.743 ms) : 0, 840743
GlobalTracer [baseline] (231.181 ms) : 0, 231181
GlobalTracer [candidate] (232.9 ms) : 0, 232900
IAST [baseline] (26.183 ms) : 0, 26183
IAST [candidate] (25.63 ms) : 0, 25630
AppSec [baseline] (53.147 ms) : 0, 53147
AppSec [candidate] (54.467 ms) : 0, 54467
Remote Config [baseline] (619.621 µs) : 0, 620
Remote Config [candidate] (635.085 µs) : 0, 635
Telemetry [baseline] (8.617 ms) : 0, 8617
Telemetry [candidate] (8.731 ms) : 0, 8731
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.47.0-SNAPSHOT~36ef19350f, baseline=1.47.0-SNAPSHOT~3fd5db0dc1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.04 s) : 0, 1040093
Total [baseline] (10.473 s) : 0, 10472755
Agent [candidate] (1.041 s) : 0, 1040941
Total [candidate] (10.505 s) : 0, 10505397
section appsec
Agent [baseline] (1.182 s) : 0, 1182199
Total [baseline] (10.744 s) : 0, 10743969
Agent [candidate] (1.189 s) : 0, 1188815
Total [candidate] (10.8 s) : 0, 10799957
section iast
Agent [baseline] (1.178 s) : 0, 1177765
Total [baseline] (11.015 s) : 0, 11014904
Agent [candidate] (1.184 s) : 0, 1184156
Total [candidate] (11.011 s) : 0, 11010787
section profiling
Agent [baseline] (1.262 s) : 0, 1261666
Total [baseline] (10.887 s) : 0, 10887075
Agent [candidate] (1.27 s) : 0, 1269763
Total [candidate] (10.865 s) : 0, 10865159
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.04 s -
Agent appsec 1.182 s 142.106 ms (13.7%)
Agent iast 1.178 s 137.672 ms (13.2%)
Agent profiling 1.262 s 221.573 ms (21.3%)
Total tracing 10.473 s -
Total appsec 10.744 s 271.214 ms (2.6%)
Total iast 11.015 s 542.15 ms (5.2%)
Total profiling 10.887 s 414.32 ms (4.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.041 s -
Agent appsec 1.189 s 147.874 ms (14.2%)
Agent iast 1.184 s 143.215 ms (13.8%)
Agent profiling 1.27 s 228.822 ms (22.0%)
Total tracing 10.505 s -
Total appsec 10.8 s 294.56 ms (2.8%)
Total iast 11.011 s 505.39 ms (4.8%)
Total profiling 10.865 s 359.762 ms (3.4%) 
gantt
    title petclinic - break down per module: candidate=1.47.0-SNAPSHOT~36ef19350f, baseline=1.47.0-SNAPSHOT~3fd5db0dc1

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (717.073 ms) : 0, 717073
BytebuddyAgent [candidate] (716.898 ms) : 0, 716898
GlobalTracer [baseline] (240.408 ms) : 0, 240408
GlobalTracer [candidate] (241.158 ms) : 0, 241158
AppSec [baseline] (55.289 ms) : 0, 55289
AppSec [candidate] (55.456 ms) : 0, 55456
Remote Config [baseline] (714.457 µs) : 0, 714
Remote Config [candidate] (717.017 µs) : 0, 717
Telemetry [baseline] (11.386 ms) : 0, 11386
Telemetry [candidate] (11.477 ms) : 0, 11477
section appsec
BytebuddyAgent [baseline] (732.927 ms) : 0, 732927
BytebuddyAgent [candidate] (737.698 ms) : 0, 737698
GlobalTracer [baseline] (237.575 ms) : 0, 237575
GlobalTracer [candidate] (238.749 ms) : 0, 238749
IAST [baseline] (21.667 ms) : 0, 21667
IAST [candidate] (21.802 ms) : 0, 21802
AppSec [baseline] (176.827 ms) : 0, 176827
AppSec [candidate] (177.212 ms) : 0, 177212
Remote Config [baseline] (649.692 µs) : 0, 650
Remote Config [candidate] (668.097 µs) : 0, 668
Telemetry [baseline] (8.242 ms) : 0, 8242
Telemetry [candidate] (8.342 ms) : 0, 8342
section iast
BytebuddyAgent [baseline] (840.637 ms) : 0, 840637
BytebuddyAgent [candidate] (846.794 ms) : 0, 846794
GlobalTracer [baseline] (232.336 ms) : 0, 232336
GlobalTracer [candidate] (232.318 ms) : 0, 232318
IAST [baseline] (22.974 ms) : 0, 22974
IAST [candidate] (22.929 ms) : 0, 22929
AppSec [baseline] (57.006 ms) : 0, 57006
AppSec [candidate] (57.025 ms) : 0, 57025
Remote Config [baseline] (619.179 µs) : 0, 619
Remote Config [candidate] (619.311 µs) : 0, 619
Telemetry [baseline] (8.757 ms) : 0, 8757
Telemetry [candidate] (8.853 ms) : 0, 8853
section profiling
BytebuddyAgent [baseline] (707.497 ms) : 0, 707497
BytebuddyAgent [candidate] (711.816 ms) : 0, 711816
GlobalTracer [baseline] (351.043 ms) : 0, 351043
GlobalTracer [candidate] (354.209 ms) : 0, 354209
AppSec [baseline] (55.033 ms) : 0, 55033
AppSec [candidate] (55.002 ms) : 0, 55002
Remote Config [baseline] (711.457 µs) : 0, 711
Remote Config [candidate] (701.292 µs) : 0, 701
Telemetry [baseline] (8.874 ms) : 0, 8874
Telemetry [candidate] (8.948 ms) : 0, 8948
ProfilingAgent [baseline] (96.245 ms) : 0, 96245
ProfilingAgent [candidate] (96.463 ms) : 0, 96463
Profiling [baseline] (96.269 ms) : 0, 96269
Profiling [candidate] (96.487 ms) : 0, 96487
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2025-02-12T16:09:03 2025-02-12T16:16:10
git_branch master sezen.leblay/APPSEC-56630-Extend-vulnerability-location-data
git_commit_date 1739374674 1739375539
git_commit_sha 3fd5db0 36ef193
release_version 1.47.0-SNAPSHOT~3fd5db0dc1 1.47.0-SNAPSHOT~36ef19350f
start_time 2025-02-12T16:08:49 2025-02-12T16:15:55
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1739377329 1739377329
ci_job_id 805275871 805275871
ci_pipeline_id 55692691 55692691
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-y1o89h6k-project-304-concurrent-13-v2zkc5mv 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux Linux runner-y1o89h6k-project-304-concurrent-13-v2zkc5mv 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.47.0-SNAPSHOT~36ef19350f, baseline=1.47.0-SNAPSHOT~3fd5db0dc1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.361 ms) : 1341, 1381
.   : milestone, 1361,
appsec (1.771 ms) : 1748, 1794
.   : milestone, 1771,
appsec_no_iast (1.77 ms) : 1747, 1793
.   : milestone, 1770,
iast (1.522 ms) : 1498, 1546
.   : milestone, 1522,
profiling (1.517 ms) : 1493, 1541
.   : milestone, 1517,
tracing (1.502 ms) : 1478, 1527
.   : milestone, 1502,
section candidate
no_agent (1.356 ms) : 1337, 1375
.   : milestone, 1356,
appsec (1.746 ms) : 1722, 1770
.   : milestone, 1746,
appsec_no_iast (1.78 ms) : 1755, 1804
.   : milestone, 1780,
iast (1.523 ms) : 1498, 1547
.   : milestone, 1523,
profiling (1.499 ms) : 1475, 1522
.   : milestone, 1499,
tracing (1.497 ms) : 1470, 1524
.   : milestone, 1497,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.361 ms [1.341 ms, 1.381 ms] -
appsec 1.771 ms [1.748 ms, 1.794 ms] 409.647 µs (30.1%)
appsec_no_iast 1.77 ms [1.747 ms, 1.793 ms] 408.586 µs (30.0%)
iast 1.522 ms [1.498 ms, 1.546 ms] 160.742 µs (11.8%)
profiling 1.517 ms [1.493 ms, 1.541 ms] 155.399 µs (11.4%)
tracing 1.502 ms [1.478 ms, 1.527 ms] 140.891 µs (10.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.356 ms [1.337 ms, 1.375 ms] -
appsec 1.746 ms [1.722 ms, 1.77 ms] 389.722 µs (28.7%)
appsec_no_iast 1.78 ms [1.755 ms, 1.804 ms] 423.432 µs (31.2%)
iast 1.523 ms [1.498 ms, 1.547 ms] 166.539 µs (12.3%)
profiling 1.499 ms [1.475 ms, 1.522 ms] 142.386 µs (10.5%)
tracing 1.497 ms [1.47 ms, 1.524 ms] 140.795 µs (10.4%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.47.0-SNAPSHOT~36ef19350f, baseline=1.47.0-SNAPSHOT~3fd5db0dc1
    dateFormat X
    axisFormat %s
section baseline
no_agent (385.398 µs) : 365, 406
.   : milestone, 385,
iast (516.725 µs) : 495, 539
.   : milestone, 517,
iast_FULL (760.333 µs) : 738, 782
.   : milestone, 760,
iast_GLOBAL (561.488 µs) : 539, 584
.   : milestone, 561,
iast_HARDCODED_SECRET_DISABLED (519.16 µs) : 497, 541
.   : milestone, 519,
iast_INACTIVE (467.522 µs) : 446, 489
.   : milestone, 468,
iast_TELEMETRY_OFF (504.272 µs) : 481, 528
.   : milestone, 504,
tracing (463.545 µs) : 442, 485
.   : milestone, 464,
section candidate
no_agent (380.384 µs) : 361, 400
.   : milestone, 380,
iast (516.772 µs) : 495, 539
.   : milestone, 517,
iast_FULL (752.687 µs) : 731, 775
.   : milestone, 753,
iast_GLOBAL (562.183 µs) : 540, 584
.   : milestone, 562,
iast_HARDCODED_SECRET_DISABLED (519.183 µs) : 496, 542
.   : milestone, 519,
iast_INACTIVE (464.235 µs) : 443, 486
.   : milestone, 464,
iast_TELEMETRY_OFF (499.531 µs) : 478, 521
.   : milestone, 500,
tracing (458.581 µs) : 437, 481
.   : milestone, 459,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 385.398 µs [365.051 µs, 405.744 µs] -
iast 516.725 µs [494.785 µs, 538.665 µs] 131.327 µs (34.1%)
iast_FULL 760.333 µs [738.233 µs, 782.433 µs] 374.935 µs (97.3%)
iast_GLOBAL 561.488 µs [539.178 µs, 583.799 µs] 176.091 µs (45.7%)
iast_HARDCODED_SECRET_DISABLED 519.16 µs [497.429 µs, 540.891 µs] 133.762 µs (34.7%)
iast_INACTIVE 467.522 µs [445.832 µs, 489.212 µs] 82.125 µs (21.3%)
iast_TELEMETRY_OFF 504.272 µs [480.7 µs, 527.845 µs] 118.875 µs (30.8%)
tracing 463.545 µs [442.024 µs, 485.066 µs] 78.147 µs (20.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 380.384 µs [360.629 µs, 400.139 µs] -
iast 516.772 µs [495.024 µs, 538.52 µs] 136.388 µs (35.9%)
iast_FULL 752.687 µs [730.8 µs, 774.574 µs] 372.303 µs (97.9%)
iast_GLOBAL 562.183 µs [539.951 µs, 584.414 µs] 181.799 µs (47.8%)
iast_HARDCODED_SECRET_DISABLED 519.183 µs [496.481 µs, 541.885 µs] 138.799 µs (36.5%)
iast_INACTIVE 464.235 µs [442.607 µs, 485.862 µs] 83.851 µs (22.0%)
iast_TELEMETRY_OFF 499.531 µs [478.225 µs, 520.838 µs] 119.147 µs (31.3%)
tracing 458.581 µs [436.645 µs, 480.517 µs] 78.197 µs (20.6%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sezen.leblay/APPSEC-56630-Extend-vulnerability-location-data
git_commit_date 1739374674 1739375539
git_commit_sha 3fd5db0 36ef193
release_version 1.47.0-SNAPSHOT~3fd5db0dc1 1.47.0-SNAPSHOT~36ef19350f
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1739377905 1739377905
ci_job_id 805275875 805275875
ci_pipeline_id 55692691 55692691
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-y1o89h6k-project-304-concurrent-14-iyqmvxm1 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux Linux runner-y1o89h6k-project-304-concurrent-14-iyqmvxm1 6.8.0-1021-aws #23~22.04.1-Ubuntu SMP Tue Dec 10 16:50:46 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.47.0-SNAPSHOT~36ef19350f, baseline=1.47.0-SNAPSHOT~3fd5db0dc1
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.201 s) : 15201000, 15201000
.   : milestone, 15201000,
appsec (15.072 s) : 15072000, 15072000
.   : milestone, 15072000,
iast (19.201 s) : 19201000, 19201000
.   : milestone, 19201000,
iast_GLOBAL (18.093 s) : 18093000, 18093000
.   : milestone, 18093000,
profiling (15.197 s) : 15197000, 15197000
.   : milestone, 15197000,
tracing (14.91 s) : 14910000, 14910000
.   : milestone, 14910000,
section candidate
no_agent (15.278 s) : 15278000, 15278000
.   : milestone, 15278000,
appsec (14.862 s) : 14862000, 14862000
.   : milestone, 14862000,
iast (18.904 s) : 18904000, 18904000
.   : milestone, 18904000,
iast_GLOBAL (17.714 s) : 17714000, 17714000
.   : milestone, 17714000,
profiling (15.112 s) : 15112000, 15112000
.   : milestone, 15112000,
tracing (14.744 s) : 14744000, 14744000
.   : milestone, 14744000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.201 s [15.201 s, 15.201 s] -
appsec 15.072 s [15.072 s, 15.072 s] -129.0 ms (-0.8%)
iast 19.201 s [19.201 s, 19.201 s] 4.0 s (26.3%)
iast_GLOBAL 18.093 s [18.093 s, 18.093 s] 2.892 s (19.0%)
profiling 15.197 s [15.197 s, 15.197 s] -4.0 ms (-0.0%)
tracing 14.91 s [14.91 s, 14.91 s] -291.0 ms (-1.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.278 s [15.278 s, 15.278 s] -
appsec 14.862 s [14.862 s, 14.862 s] -416.0 ms (-2.7%)
iast 18.904 s [18.904 s, 18.904 s] 3.626 s (23.7%)
iast_GLOBAL 17.714 s [17.714 s, 17.714 s] 2.436 s (15.9%)
profiling 15.112 s [15.112 s, 15.112 s] -166.0 ms (-1.1%)
tracing 14.744 s [14.744 s, 14.744 s] -534.0 ms (-3.5%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.47.0-SNAPSHOT~36ef19350f, baseline=1.47.0-SNAPSHOT~3fd5db0dc1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.465 ms) : 1454, 1477
.   : milestone, 1465,
appsec (2.342 ms) : 2299, 2386
.   : milestone, 2342,
iast (2.1 ms) : 2045, 2155
.   : milestone, 2100,
iast_GLOBAL (2.15 ms) : 2094, 2206
.   : milestone, 2150,
profiling (1.96 ms) : 1916, 2004
.   : milestone, 1960,
tracing (1.946 ms) : 1903, 1988
.   : milestone, 1946,
section candidate
no_agent (1.467 ms) : 1455, 1478
.   : milestone, 1467,
appsec (2.348 ms) : 2304, 2391
.   : milestone, 2348,
iast (2.101 ms) : 2046, 2156
.   : milestone, 2101,
iast_GLOBAL (2.145 ms) : 2090, 2200
.   : milestone, 2145,
profiling (1.982 ms) : 1938, 2027
.   : milestone, 1982,
tracing (1.939 ms) : 1897, 1981
.   : milestone, 1939,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.465 ms [1.454 ms, 1.477 ms] -
appsec 2.342 ms [2.299 ms, 2.386 ms] 877.038 µs (59.9%)
iast 2.1 ms [2.045 ms, 2.155 ms] 635.182 µs (43.4%)
iast_GLOBAL 2.15 ms [2.094 ms, 2.206 ms] 685.171 µs (46.8%)
profiling 1.96 ms [1.916 ms, 2.004 ms] 494.831 µs (33.8%)
tracing 1.946 ms [1.903 ms, 1.988 ms] 480.585 µs (32.8%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.467 ms [1.455 ms, 1.478 ms] -
appsec 2.348 ms [2.304 ms, 2.391 ms] 881.222 µs (60.1%)
iast 2.101 ms [2.046 ms, 2.156 ms] 634.619 µs (43.3%)
iast_GLOBAL 2.145 ms [2.09 ms, 2.2 ms] 678.356 µs (46.3%)
profiling 1.982 ms [1.938 ms, 2.027 ms] 515.747 µs (35.2%)
tracing 1.939 ms [1.897 ms, 1.981 ms] 472.403 µs (32.2%)

@sezen-datadog sezen-datadog added the tag: do not merge Do not merge changes label Feb 5, 2025
@sezen-datadog sezen-datadog mentioned this pull request Feb 10, 2025
Draft
7 tasks
@sezen-datadog sezen-datadog force-pushed the sezen.leblay/APPSEC-56630-Extend-vulnerability-location-data branch from d234efd to b7e05ea Compare February 10, 2025 16:47
@sezen-datadog sezen-datadog removed the tag: do not merge Do not merge changes label Feb 11, 2025
@sezen-datadog sezen-datadog marked this pull request as ready for review February 11, 2025 07:55
@sezen-datadog sezen-datadog requested review from a team as code owners February 11, 2025 07:55
@sezen-datadog sezen-datadog added the tag: do not merge Do not merge changes label Feb 12, 2025
smola
smola requested changes Feb 12, 2025
View reviewed changes
dd-java-agent/agent-iast/src/main/java/com/datadog/iast/model/Location.java Outdated Show resolved Hide resolved
...gent/agent-iast/src/test/groovy/com/datadog/iast/model/json/VulnerabilityEncodingTest.groovy
@@ -298,12 +303,13 @@ class VulnerabilityEncodingTest extends DDSpecification {
{"value": "AD1"}
]
},
"hash": 1042880134,
"hash": 3008837960,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One of the prerequisites for this PR is that hash do not change. To verify this, you can change this test so that class == "foo" (just like before for path), and then use fooX for path. Then the hash should not change. Same for every test.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes but isn't it better that at least one test checks that the class change does impact hash? else no problem

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you set path == fooX, and class == fooX, it will be clear that class does impact the hash (hash not changing, its value must have been computed with class, because path did change).

dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/sink/HardcodedSecretModuleTest.groovy
@@ -45,7 +45,7 @@ class HardcodedSecretModuleTest extends IastModuleImplTestBase {
final evidence = vuln.evidence
assert evidence != null
assert evidence.value == expectedEvidence
assert vuln.location.path == className
assert vuln.location.className == className
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check that the path is also present here, in addition to class name (this probably means that onHardcodedSecret needs to be updated.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i just checked and in hardcodedsecret i had changed the forPathAndMethodAndLine to forClassAndMethodAndLine, does that mean we should now have forClassAndPathAndMethodAndLine

dd-smoke-tests/springboot/src/test/groovy/datadog/smoketest/IastSpringBootSmokeTest.groovy
@@ -47,7 +47,7 @@ class IastSpringBootSmokeTest extends AbstractIastSpringBootTest {
vul ->
vul.type == 'HARDCODED_SECRET'
&& vul.location.method == 'hardcodedSecret'
&& vul.location.path == 'datadog.smoketest.springboot.controller.HardcodedSecretController'
&& vul.location.class == 'datadog.smoketest.springboot.controller.HardcodedSecretController'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add an additional check for the new path value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smola smola smola requested changes

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST) tag: do not merge Do not merge changes type: enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sezen-datadog @smola