Skip to content

Fix call depth counter for sqli blocking#7522

Merged
ValentinZakharov merged 1 commit intomasterfrom
vzakharov/fix_sqli_blocking
Aug 28, 2024
Merged

Fix call depth counter for sqli blocking#7522
ValentinZakharov merged 1 commit intomasterfrom
vzakharov/fix_sqli_blocking

Conversation

@ValentinZakharov
Copy link
Copy Markdown
Contributor

@ValentinZakharov ValentinZakharov commented Aug 27, 2024
edited by atlassian Bot
Loading

What Does This Do

Reset call depth counter for StatementInstrumentation during the Exploit prevention blocking

Motivation

The issue caused to stop blocking SQLi queries when they were repeated multiple times in a row. In case of throwing blocking exception the onExit of advice is never called for Play framework.

Additional Notes

Contributor Checklist

@ValentinZakharov ValentinZakharov added the comp: asm waf Application Security Management (WAF) label Aug 27, 2024
@ValentinZakharov ValentinZakharov self-assigned this Aug 27, 2024
@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Aug 28, 2024
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master vzakharov/fix_sqli_blocking
git_commit_date 1724769397 1724829674
git_commit_sha 115998f 46b2d96f9f
release_version 1.39.0-SNAPSHOT~115998f9f0 1.39.0-SNAPSHOT~46b2d96f9f
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1724831891 1724831891
ci_job_id 619491468 619491468
ci_pipeline_id 42999784 42999784
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 49 metrics, 14 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.39.0-SNAPSHOT~46b2d96f9f, baseline=1.39.0-SNAPSHOT~115998f9f0

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.052 s) : 0, 1052066
Total [baseline] (8.516 s) : 0, 8515919
Agent [candidate] (1.046 s) : 0, 1046172
Total [candidate] (8.489 s) : 0, 8488790
section iast
Agent [baseline] (1.171 s) : 0, 1170656
Total [baseline] (8.95 s) : 0, 8949886
Agent [candidate] (1.173 s) : 0, 1172949
Total [candidate] (8.957 s) : 0, 8957139
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.172 s) : 0, 1171663
Total [baseline] (8.982 s) : 0, 8981796
Agent [candidate] (1.188 s) : 0, 1188197
Total [candidate] (9.008 s) : 0, 9007885
section iast_TELEMETRY_OFF
Agent [baseline] (1.167 s) : 0, 1166583
Total [baseline] (8.932 s) : 0, 8931689
Agent [candidate] (1.178 s) : 0, 1177864
Total [candidate] (8.97 s) : 0, 8970022
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.052 s -
Agent iast 1.171 s 118.59 ms (11.3%)
Agent iast_HARDCODED_SECRET_DISABLED 1.172 s 119.597 ms (11.4%)
Agent iast_TELEMETRY_OFF 1.167 s 114.516 ms (10.9%)
Total tracing 8.516 s -
Total iast 8.95 s 433.967 ms (5.1%)
Total iast_HARDCODED_SECRET_DISABLED 8.982 s 465.878 ms (5.5%)
Total iast_TELEMETRY_OFF 8.932 s 415.771 ms (4.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.046 s -
Agent iast 1.173 s 126.777 ms (12.1%)
Agent iast_HARDCODED_SECRET_DISABLED 1.188 s 142.024 ms (13.6%)
Agent iast_TELEMETRY_OFF 1.178 s 131.691 ms (12.6%)
Total tracing 8.489 s -
Total iast 8.957 s 468.349 ms (5.5%)
Total iast_HARDCODED_SECRET_DISABLED 9.008 s 519.095 ms (6.1%)
Total iast_TELEMETRY_OFF 8.97 s 481.232 ms (5.7%) 
gantt
    title insecure-bank - break down per module: candidate=1.39.0-SNAPSHOT~46b2d96f9f, baseline=1.39.0-SNAPSHOT~115998f9f0

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (671.95 ms) : 0, 671950
BytebuddyAgent [candidate] (667.279 ms) : 0, 667279
GlobalTracer [baseline] (307.016 ms) : 0, 307016
GlobalTracer [candidate] (305.938 ms) : 0, 305938
AppSec [baseline] (51.388 ms) : 0, 51388
AppSec [candidate] (51.321 ms) : 0, 51321
Remote Config [baseline] (659.807 µs) : 0, 660
Remote Config [candidate] (665.625 µs) : 0, 666
Telemetry [baseline] (7.438 ms) : 0, 7438
Telemetry [candidate] (7.411 ms) : 0, 7411
section iast
BytebuddyAgent [baseline] (777.398 ms) : 0, 777398
BytebuddyAgent [candidate] (778.356 ms) : 0, 778356
GlobalTracer [baseline] (295.408 ms) : 0, 295408
GlobalTracer [candidate] (296.646 ms) : 0, 296646
AppSec [baseline] (50.009 ms) : 0, 50009
AppSec [candidate] (50.439 ms) : 0, 50439
IAST [baseline] (26.495 ms) : 0, 26495
IAST [candidate] (25.454 ms) : 0, 25454
Remote Config [baseline] (594.753 µs) : 0, 595
Remote Config [candidate] (583.274 µs) : 0, 583
Telemetry [baseline] (7.156 ms) : 0, 7156
Telemetry [candidate] (7.868 ms) : 0, 7868
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (777.999 ms) : 0, 777999
BytebuddyAgent [candidate] (789.469 ms) : 0, 789469
GlobalTracer [baseline] (296.159 ms) : 0, 296159
GlobalTracer [candidate] (300.186 ms) : 0, 300186
AppSec [baseline] (50.304 ms) : 0, 50304
AppSec [candidate] (51.249 ms) : 0, 51249
IAST [baseline] (24.261 ms) : 0, 24261
IAST [candidate] (24.741 ms) : 0, 24741
Remote Config [baseline] (595.589 µs) : 0, 596
Remote Config [candidate] (609.446 µs) : 0, 609
Telemetry [baseline] (8.757 ms) : 0, 8757
Telemetry [candidate] (8.132 ms) : 0, 8132
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (772.972 ms) : 0, 772972
BytebuddyAgent [candidate] (781.376 ms) : 0, 781376
GlobalTracer [baseline] (295.627 ms) : 0, 295627
GlobalTracer [candidate] (298.156 ms) : 0, 298156
AppSec [baseline] (49.655 ms) : 0, 49655
AppSec [candidate] (50.634 ms) : 0, 50634
IAST [baseline] (26.379 ms) : 0, 26379
IAST [candidate] (25.649 ms) : 0, 25649
Remote Config [baseline] (574.689 µs) : 0, 575
Remote Config [candidate] (593.444 µs) : 0, 593
Telemetry [baseline] (7.801 ms) : 0, 7801
Telemetry [candidate] (7.753 ms) : 0, 7753
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.39.0-SNAPSHOT~46b2d96f9f, baseline=1.39.0-SNAPSHOT~115998f9f0

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.047 s) : 0, 1047143
Total [baseline] (10.461 s) : 0, 10461249
Agent [candidate] (1.049 s) : 0, 1049329
Total [candidate] (10.385 s) : 0, 10384765
section appsec
Agent [baseline] (1.173 s) : 0, 1173215
Total [baseline] (10.46 s) : 0, 10459989
Agent [candidate] (1.176 s) : 0, 1176377
Total [candidate] (10.465 s) : 0, 10465395
section iast
Agent [baseline] (1.182 s) : 0, 1182376
Total [baseline] (10.88 s) : 0, 10880457
Agent [candidate] (1.178 s) : 0, 1178367
Total [candidate] (10.851 s) : 0, 10850687
section profiling
Agent [baseline] (1.255 s) : 0, 1254885
Total [baseline] (10.544 s) : 0, 10544407
Agent [candidate] (1.248 s) : 0, 1247537
Total [candidate] (10.611 s) : 0, 10611317
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.047 s -
Agent appsec 1.173 s 126.072 ms (12.0%)
Agent iast 1.182 s 135.233 ms (12.9%)
Agent profiling 1.255 s 207.742 ms (19.8%)
Total tracing 10.461 s -
Total appsec 10.46 s -1.261 ms (-0.0%)
Total iast 10.88 s 419.208 ms (4.0%)
Total profiling 10.544 s 83.158 ms (0.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.049 s -
Agent appsec 1.176 s 127.048 ms (12.1%)
Agent iast 1.178 s 129.037 ms (12.3%)
Agent profiling 1.248 s 198.208 ms (18.9%)
Total tracing 10.385 s -
Total appsec 10.465 s 80.63 ms (0.8%)
Total iast 10.851 s 465.922 ms (4.5%)
Total profiling 10.611 s 226.552 ms (2.2%) 
gantt
    title petclinic - break down per module: candidate=1.39.0-SNAPSHOT~46b2d96f9f, baseline=1.39.0-SNAPSHOT~115998f9f0

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (667.858 ms) : 0, 667858
BytebuddyAgent [candidate] (669.346 ms) : 0, 669346
GlobalTracer [baseline] (306.135 ms) : 0, 306135
GlobalTracer [candidate] (307.032 ms) : 0, 307032
AppSec [baseline] (51.396 ms) : 0, 51396
AppSec [candidate] (51.183 ms) : 0, 51183
Remote Config [baseline] (669.326 µs) : 0, 669
Remote Config [candidate] (664.347 µs) : 0, 664
Telemetry [baseline] (7.53 ms) : 0, 7530
Telemetry [candidate] (7.526 ms) : 0, 7526
section appsec
BytebuddyAgent [baseline] (681.496 ms) : 0, 681496
BytebuddyAgent [candidate] (681.977 ms) : 0, 681977
GlobalTracer [baseline] (301.518 ms) : 0, 301518
GlobalTracer [candidate] (302.346 ms) : 0, 302346
AppSec [baseline] (159.597 ms) : 0, 159597
AppSec [candidate] (160.452 ms) : 0, 160452
IAST [baseline] (18.443 ms) : 0, 18443
IAST [candidate] (18.441 ms) : 0, 18441
Remote Config [baseline] (639.743 µs) : 0, 640
Remote Config [candidate] (942.926 µs) : 0, 943
Telemetry [baseline] (7.119 ms) : 0, 7119
Telemetry [candidate] (7.804 ms) : 0, 7804
section iast
BytebuddyAgent [baseline] (785.131 ms) : 0, 785131
BytebuddyAgent [candidate] (780.595 ms) : 0, 780595
GlobalTracer [baseline] (298.385 ms) : 0, 298385
GlobalTracer [candidate] (299.012 ms) : 0, 299012
AppSec [baseline] (49.994 ms) : 0, 49994
AppSec [candidate] (50.879 ms) : 0, 50879
IAST [baseline] (25.854 ms) : 0, 25854
IAST [candidate] (24.055 ms) : 0, 24055
Remote Config [baseline] (592.643 µs) : 0, 593
Remote Config [candidate] (608.638 µs) : 0, 609
Telemetry [baseline] (8.699 ms) : 0, 8699
Telemetry [candidate] (9.57 ms) : 0, 9570
section profiling
BytebuddyAgent [baseline] (668.567 ms) : 0, 668567
BytebuddyAgent [candidate] (663.846 ms) : 0, 663846
GlobalTracer [baseline] (390.884 ms) : 0, 390884
GlobalTracer [candidate] (388.959 ms) : 0, 388959
AppSec [baseline] (52.752 ms) : 0, 52752
AppSec [candidate] (52.536 ms) : 0, 52536
Remote Config [baseline] (695.908 µs) : 0, 696
Remote Config [candidate] (687.852 µs) : 0, 688
Telemetry [baseline] (7.421 ms) : 0, 7421
Telemetry [candidate] (7.336 ms) : 0, 7336
ProfilingAgent [baseline] (96.92 ms) : 0, 96920
ProfilingAgent [candidate] (96.769 ms) : 0, 96769
Profiling [baseline] (96.945 ms) : 0, 96945
Profiling [candidate] (96.793 ms) : 0, 96793
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-08-28T07:31:15 2024-08-28T07:38:04
git_branch master vzakharov/fix_sqli_blocking
git_commit_date 1724769397 1724829674
git_commit_sha 115998f 46b2d96f9f
release_version 1.39.0-SNAPSHOT~115998f9f0 1.39.0-SNAPSHOT~46b2d96f9f
start_time 2024-08-28T07:31:02 2024-08-28T07:37:50
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1724831033 1724831033
ci_job_id 619491469 619491469
ci_pipeline_id 42999784 42999784
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 3 performance regressions! Performance is the same for 6 metrics, 19 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:iast_FULL worse
[+31.210µs; +76.724µs] or [+5.773%; +14.192%]		 unstable
[-2396.936op/s; +1514.583op/s] or [-31.959%; +20.194%]		 594.594µs 7058.824op/s 540.627µs 7500.000op/s
scenario:load:insecure-bank:iast_GLOBAL worse
[+19.715µs; +65.988µs] or [+3.925%; +13.136%]		 unstable
[-2781.311op/s; +1781.311op/s] or [-34.766%; +22.266%]		 545.182µs 7500.000op/s 502.331µs 8000.000op/s
scenario:load:insecure-bank:iast_HARDCODED_SECRET_DISABLED worse
[+10.470µs; +58.642µs] or [+2.169%; +12.149%]		 unstable
[-2901.543op/s; +1758.686op/s] or [-33.851%; +20.518%]		 517.241µs 8000.000op/s 482.685µs 8571.429op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.39.0-SNAPSHOT~46b2d96f9f, baseline=1.39.0-SNAPSHOT~115998f9f0
    dateFormat X
    axisFormat %s
section baseline
no_agent (370.42 µs) : 350, 391
.   : milestone, 370,
iast (479.98 µs) : 457, 503
.   : milestone, 480,
iast_FULL (540.627 µs) : 520, 562
.   : milestone, 541,
iast_GLOBAL (502.331 µs) : 480, 524
.   : milestone, 502,
iast_HARDCODED_SECRET_DISABLED (482.685 µs) : 460, 505
.   : milestone, 483,
iast_INACTIVE (444.827 µs) : 424, 466
.   : milestone, 445,
iast_TELEMETRY_OFF (475.214 µs) : 452, 498
.   : milestone, 475,
tracing (442.55 µs) : 422, 463
.   : milestone, 443,
section candidate
no_agent (366.443 µs) : 347, 386
.   : milestone, 366,
iast (524.054 µs) : 501, 547
.   : milestone, 524,
iast_FULL (594.594 µs) : 573, 616
.   : milestone, 595,
iast_GLOBAL (545.182 µs) : 524, 566
.   : milestone, 545,
iast_HARDCODED_SECRET_DISABLED (517.241 µs) : 495, 539
.   : milestone, 517,
iast_INACTIVE (486.824 µs) : 465, 508
.   : milestone, 487,
iast_TELEMETRY_OFF (509.267 µs) : 487, 532
.   : milestone, 509,
tracing (480.335 µs) : 460, 501
.   : milestone, 480,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 370.42 µs [349.539 µs, 391.302 µs] -
iast 479.98 µs [457.45 µs, 502.511 µs] 109.56 µs (29.6%)
iast_FULL 540.627 µs [519.535 µs, 561.718 µs] 170.207 µs (45.9%)
iast_GLOBAL 502.331 µs [480.398 µs, 524.264 µs] 131.911 µs (35.6%)
iast_HARDCODED_SECRET_DISABLED 482.685 µs [460.164 µs, 505.205 µs] 112.264 µs (30.3%)
iast_INACTIVE 444.827 µs [424.136 µs, 465.519 µs] 74.407 µs (20.1%)
iast_TELEMETRY_OFF 475.214 µs [452.181 µs, 498.246 µs] 104.793 µs (28.3%)
tracing 442.55 µs [421.759 µs, 463.342 µs] 72.13 µs (19.5%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 366.443 µs [346.911 µs, 385.976 µs] -
iast 524.054 µs [501.215 µs, 546.892 µs] 157.61 µs (43.0%)
iast_FULL 594.594 µs [573.389 µs, 615.799 µs] 228.151 µs (62.3%)
iast_GLOBAL 545.182 µs [524.123 µs, 566.242 µs] 178.739 µs (48.8%)
iast_HARDCODED_SECRET_DISABLED 517.241 µs [494.996 µs, 539.485 µs] 150.798 µs (41.2%)
iast_INACTIVE 486.824 µs [465.357 µs, 508.291 µs] 120.381 µs (32.9%)
iast_TELEMETRY_OFF 509.267 µs [486.684 µs, 531.849 µs] 142.823 µs (39.0%)
tracing 480.335 µs [459.654 µs, 501.017 µs] 113.892 µs (31.1%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.39.0-SNAPSHOT~46b2d96f9f, baseline=1.39.0-SNAPSHOT~115998f9f0
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.362 ms) : 1342, 1381
.   : milestone, 1362,
appsec (1.695 ms) : 1672, 1718
.   : milestone, 1695,
appsec_no_iast (1.74 ms) : 1717, 1764
.   : milestone, 1740,
iast (1.472 ms) : 1450, 1494
.   : milestone, 1472,
profiling (1.469 ms) : 1446, 1491
.   : milestone, 1469,
tracing (1.473 ms) : 1449, 1497
.   : milestone, 1473,
section candidate
no_agent (1.339 ms) : 1320, 1358
.   : milestone, 1339,
appsec (1.716 ms) : 1693, 1739
.   : milestone, 1716,
appsec_no_iast (1.72 ms) : 1696, 1744
.   : milestone, 1720,
iast (1.472 ms) : 1450, 1494
.   : milestone, 1472,
profiling (1.478 ms) : 1456, 1501
.   : milestone, 1478,
tracing (1.466 ms) : 1441, 1490
.   : milestone, 1466,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.362 ms [1.342 ms, 1.381 ms] -
appsec 1.695 ms [1.672 ms, 1.718 ms] 333.209 µs (24.5%)
appsec_no_iast 1.74 ms [1.717 ms, 1.764 ms] 378.514 µs (27.8%)
iast 1.472 ms [1.45 ms, 1.494 ms] 110.115 µs (8.1%)
profiling 1.469 ms [1.446 ms, 1.491 ms] 106.837 µs (7.8%)
tracing 1.473 ms [1.449 ms, 1.497 ms] 110.87 µs (8.1%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.339 ms [1.32 ms, 1.358 ms] -
appsec 1.716 ms [1.693 ms, 1.739 ms] 377.303 µs (28.2%)
appsec_no_iast 1.72 ms [1.696 ms, 1.744 ms] 381.316 µs (28.5%)
iast 1.472 ms [1.45 ms, 1.494 ms] 133.566 µs (10.0%)
profiling 1.478 ms [1.456 ms, 1.501 ms] 139.379 µs (10.4%)
tracing 1.466 ms [1.441 ms, 1.49 ms] 126.947 µs (9.5%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master vzakharov/fix_sqli_blocking
git_commit_date 1724769397 1724829674
git_commit_sha 115998f 46b2d96f9f
release_version 1.39.0-SNAPSHOT~115998f9f0 1.39.0-SNAPSHOT~46b2d96f9f
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1724831537 1724831537
ci_job_id 619491470 619491470
ci_pipeline_id 42999784 42999784
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.39.0-SNAPSHOT~46b2d96f9f, baseline=1.39.0-SNAPSHOT~115998f9f0
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.048 s) : 15048000, 15048000
.   : milestone, 15048000,
appsec (15.088 s) : 15088000, 15088000
.   : milestone, 15088000,
iast (18.963 s) : 18963000, 18963000
.   : milestone, 18963000,
iast_GLOBAL (17.795 s) : 17795000, 17795000
.   : milestone, 17795000,
profiling (15.442 s) : 15442000, 15442000
.   : milestone, 15442000,
tracing (15.357 s) : 15357000, 15357000
.   : milestone, 15357000,
section candidate
no_agent (15.651 s) : 15651000, 15651000
.   : milestone, 15651000,
appsec (14.975 s) : 14975000, 14975000
.   : milestone, 14975000,
iast (18.973 s) : 18973000, 18973000
.   : milestone, 18973000,
iast_GLOBAL (17.962 s) : 17962000, 17962000
.   : milestone, 17962000,
profiling (15.282 s) : 15282000, 15282000
.   : milestone, 15282000,
tracing (15.017 s) : 15017000, 15017000
.   : milestone, 15017000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.048 s [15.048 s, 15.048 s] -
appsec 15.088 s [15.088 s, 15.088 s] 40.0 ms (0.3%)
iast 18.963 s [18.963 s, 18.963 s] 3.915 s (26.0%)
iast_GLOBAL 17.795 s [17.795 s, 17.795 s] 2.747 s (18.3%)
profiling 15.442 s [15.442 s, 15.442 s] 394.0 ms (2.6%)
tracing 15.357 s [15.357 s, 15.357 s] 309.0 ms (2.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.651 s [15.651 s, 15.651 s] -
appsec 14.975 s [14.975 s, 14.975 s] -676.0 ms (-4.3%)
iast 18.973 s [18.973 s, 18.973 s] 3.322 s (21.2%)
iast_GLOBAL 17.962 s [17.962 s, 17.962 s] 2.311 s (14.8%)
profiling 15.282 s [15.282 s, 15.282 s] -369.0 ms (-2.4%)
tracing 15.017 s [15.017 s, 15.017 s] -634.0 ms (-4.1%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.39.0-SNAPSHOT~46b2d96f9f, baseline=1.39.0-SNAPSHOT~115998f9f0
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.459 ms) : 1447, 1470
.   : milestone, 1459,
appsec (2.242 ms) : 2206, 2277
.   : milestone, 2242,
iast (2.0 ms) : 1955, 2044
.   : milestone, 2000,
iast_GLOBAL (2.027 ms) : 1983, 2072
.   : milestone, 2027,
profiling (1.866 ms) : 1832, 1900
.   : milestone, 1866,
tracing (1.848 ms) : 1815, 1882
.   : milestone, 1848,
section candidate
no_agent (1.46 ms) : 1448, 1471
.   : milestone, 1460,
appsec (2.235 ms) : 2199, 2270
.   : milestone, 2235,
iast (1.965 ms) : 1923, 2008
.   : milestone, 1965,
iast_GLOBAL (2.023 ms) : 1979, 2067
.   : milestone, 2023,
profiling (1.857 ms) : 1823, 1891
.   : milestone, 1857,
tracing (1.839 ms) : 1806, 1872
.   : milestone, 1839,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.459 ms [1.447 ms, 1.47 ms] -
appsec 2.242 ms [2.206 ms, 2.277 ms] 783.073 µs (53.7%)
iast 2.0 ms [1.955 ms, 2.044 ms] 541.006 µs (37.1%)
iast_GLOBAL 2.027 ms [1.983 ms, 2.072 ms] 568.38 µs (39.0%)
profiling 1.866 ms [1.832 ms, 1.9 ms] 407.11 µs (27.9%)
tracing 1.848 ms [1.815 ms, 1.882 ms] 389.379 µs (26.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.46 ms [1.448 ms, 1.471 ms] -
appsec 2.235 ms [2.199 ms, 2.27 ms] 775.033 µs (53.1%)
iast 1.965 ms [1.923 ms, 2.008 ms] 505.599 µs (34.6%)
iast_GLOBAL 2.023 ms [1.979 ms, 2.067 ms] 563.59 µs (38.6%)
profiling 1.857 ms [1.823 ms, 1.891 ms] 397.484 µs (27.2%)
tracing 1.839 ms [1.806 ms, 1.872 ms] 379.461 µs (26.0%)

@ValentinZakharov ValentinZakharov marked this pull request as ready for review August 28, 2024 06:43
@ValentinZakharov ValentinZakharov requested a review from a team as a code owner August 28, 2024 06:43
amarziali
amarziali reviewed Aug 28, 2024
View reviewed changes
Comment thread ...entation/jdbc/src/main/java/datadog/trace/instrumentation/jdbc/StatementInstrumentation.java Outdated
Copy link
Copy Markdown
Contributor

@amarziali amarziali Aug 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you might use reset here if the onExit is never called after this throw

@ValentinZakharov ValentinZakharov force-pushed the vzakharov/fix_sqli_blocking branch 3 times, most recently from e5a87a6 to 46b2d96 Compare August 28, 2024 07:21
@ValentinZakharov ValentinZakharov force-pushed the vzakharov/fix_sqli_blocking branch from 46b2d96 to 1c07ad9 Compare August 28, 2024 07:21
@ValentinZakharov ValentinZakharov added tag: no release notes Changes to exclude from release notes type: bug Bug report and fix labels Aug 28, 2024
@ValentinZakharov ValentinZakharov merged commit 8965c97 into master Aug 28, 2024
@ValentinZakharov ValentinZakharov deleted the vzakharov/fix_sqli_blocking branch August 28, 2024 09:51
@github-actions github-actions Bot added this to the 1.39.0 milestone Aug 28, 2024
@smola smola removed the tag: no release notes Changes to exclude from release notes label Aug 28, 2024
@smola smola changed the title Fixed call depth counter for sqli blocking Fix call depth counter for sqli blocking Aug 28, 2024
@jandro996 jandro996 mentioned this pull request Nov 7, 2024
Merged
5 tasks
jandro996 added a commit that referenced this pull request Nov 20, 2024
@jandro996
Extend support for SSRF in exploit prevention (#7376)
f4163fa 
What Does This Do
Add SSRF exploit prevention check to HttpClientDecorator
Modify http client instrumentations that relay on CallDepthThreadLocalMap to avoid issues with blocking exception (only blocks the first time) -> Fix call depth counter for sqli blocking #7522
Add smoke tests for other libraries
Motivation
improve Exploit prevention for SSRF coverage
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amarziali amarziali amarziali approved these changes

Assignees

@ValentinZakharov ValentinZakharov

Labels

comp: asm waf Application Security Management (WAF) type: bug Bug report and fix

Projects

None yet

Milestone

1.39.0

Development

Successfully merging this pull request may close these issues.

3 participants

@ValentinZakharov @amarziali @smola