Skip to content

Reset IAST request context on root span published#7969

Merged
manuel-alvarez-alvarez merged 1 commit intomasterfrom
malvarez/iast-reset-context-on-close
Nov 19, 2024
Merged

Reset IAST request context on root span published#7969
manuel-alvarez-alvarez merged 1 commit intomasterfrom
malvarez/iast-reset-context-on-close

Conversation

@manuel-alvarez-alvarez
Copy link
Copy Markdown
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Nov 18, 2024
edited by atlassian Bot
Loading

What Does This Do

Resets all IAST request context data structures when the root span of a trace is published.

Motivation

We observed an akka-http service with a very high number of IAST contexts in the heap probably related to pending traces, once a trace has been published we should not hold down to any references.

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-55869

@manuel-alvarez-alvarez manuel-alvarez-alvarez added type: bug Bug report and fix comp: asm iast Application Security Management (IAST) labels Nov 18, 2024
Mariovido
Mariovido approved these changes Nov 18, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@Mariovido Mariovido left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jandro996
jandro996 approved these changes Nov 18, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@jandro996 jandro996 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! but there are plenty of failing tests 😅

@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Nov 18, 2024
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-reset-context-on-close
git_commit_date 1731943603 1732006679
git_commit_sha 6181783 f4d62a2
release_version 1.43.0-SNAPSHOT~6181783bd1 1.43.0-SNAPSHOT~f4d62a2aa3
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1732009037 1732009037
ci_job_id 711685902 711685902
ci_pipeline_id 49343709 49343709
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 55 metrics, 8 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.43.0-SNAPSHOT~f4d62a2aa3, baseline=1.43.0-SNAPSHOT~6181783bd1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.081 s) : 0, 1081358
Total [baseline] (8.608 s) : 0, 8608297
Agent [candidate] (1.085 s) : 0, 1084541
Total [candidate] (8.61 s) : 0, 8610194
section iast
Agent [baseline] (1.211 s) : 0, 1211123
Total [baseline] (9.172 s) : 0, 9172167
Agent [candidate] (1.22 s) : 0, 1220470
Total [candidate] (9.178 s) : 0, 9177560
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.213 s) : 0, 1212533
Total [baseline] (9.137 s) : 0, 9136942
Agent [candidate] (1.213 s) : 0, 1212570
Total [candidate] (9.137 s) : 0, 9137381
section iast_TELEMETRY_OFF
Agent [baseline] (1.211 s) : 0, 1210929
Total [baseline] (9.184 s) : 0, 9183903
Agent [candidate] (1.209 s) : 0, 1209178
Total [candidate] (9.163 s) : 0, 9163465
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.081 s -
Agent iast 1.211 s 129.765 ms (12.0%)
Agent iast_HARDCODED_SECRET_DISABLED 1.213 s 131.175 ms (12.1%)
Agent iast_TELEMETRY_OFF 1.211 s 129.571 ms (12.0%)
Total tracing 8.608 s -
Total iast 9.172 s 563.87 ms (6.6%)
Total iast_HARDCODED_SECRET_DISABLED 9.137 s 528.645 ms (6.1%)
Total iast_TELEMETRY_OFF 9.184 s 575.606 ms (6.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.085 s -
Agent iast 1.22 s 135.929 ms (12.5%)
Agent iast_HARDCODED_SECRET_DISABLED 1.213 s 128.029 ms (11.8%)
Agent iast_TELEMETRY_OFF 1.209 s 124.637 ms (11.5%)
Total tracing 8.61 s -
Total iast 9.178 s 567.366 ms (6.6%)
Total iast_HARDCODED_SECRET_DISABLED 9.137 s 527.187 ms (6.1%)
Total iast_TELEMETRY_OFF 9.163 s 553.271 ms (6.4%) 
gantt
    title insecure-bank - break down per module: candidate=1.43.0-SNAPSHOT~f4d62a2aa3, baseline=1.43.0-SNAPSHOT~6181783bd1

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (687.143 ms) : 0, 687143
BytebuddyAgent [candidate] (689.274 ms) : 0, 689274
GlobalTracer [baseline] (315.163 ms) : 0, 315163
GlobalTracer [candidate] (316.955 ms) : 0, 316955
AppSec [baseline] (54.535 ms) : 0, 54535
AppSec [candidate] (54.518 ms) : 0, 54518
Remote Config [baseline] (682.262 µs) : 0, 682
Remote Config [candidate] (683.213 µs) : 0, 683
Telemetry [baseline] (10.108 ms) : 0, 10108
Telemetry [candidate] (9.339 ms) : 0, 9339
section iast
BytebuddyAgent [baseline] (804.467 ms) : 0, 804467
BytebuddyAgent [candidate] (811.495 ms) : 0, 811495
GlobalTracer [baseline] (306.153 ms) : 0, 306153
GlobalTracer [candidate] (308.347 ms) : 0, 308347
AppSec [baseline] (57.23 ms) : 0, 57230
AppSec [candidate] (56.111 ms) : 0, 56111
Remote Config [baseline] (607.351 µs) : 0, 607
Remote Config [candidate] (628.828 µs) : 0, 629
Telemetry [baseline] (7.472 ms) : 0, 7472
Telemetry [candidate] (7.49 ms) : 0, 7490
IAST [baseline] (21.41 ms) : 0, 21410
IAST [candidate] (22.479 ms) : 0, 22479
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (805.46 ms) : 0, 805460
BytebuddyAgent [candidate] (805.163 ms) : 0, 805163
GlobalTracer [baseline] (306.753 ms) : 0, 306753
GlobalTracer [candidate] (306.86 ms) : 0, 306860
AppSec [baseline] (56.967 ms) : 0, 56967
AppSec [candidate] (57.0 ms) : 0, 57000
Remote Config [baseline] (621.303 µs) : 0, 621
Remote Config [candidate] (615.32 µs) : 0, 615
Telemetry [baseline] (7.532 ms) : 0, 7532
Telemetry [candidate] (7.471 ms) : 0, 7471
IAST [baseline] (21.438 ms) : 0, 21438
IAST [candidate] (21.655 ms) : 0, 21655
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (803.424 ms) : 0, 803424
BytebuddyAgent [candidate] (802.757 ms) : 0, 802757
GlobalTracer [baseline] (306.676 ms) : 0, 306676
GlobalTracer [candidate] (306.324 ms) : 0, 306324
AppSec [baseline] (57.833 ms) : 0, 57833
AppSec [candidate] (57.132 ms) : 0, 57132
Remote Config [baseline] (620.166 µs) : 0, 620
Remote Config [candidate] (613.75 µs) : 0, 614
Telemetry [baseline] (7.476 ms) : 0, 7476
Telemetry [candidate] (7.42 ms) : 0, 7420
IAST [baseline] (21.127 ms) : 0, 21127
IAST [candidate] (21.128 ms) : 0, 21128
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.43.0-SNAPSHOT~f4d62a2aa3, baseline=1.43.0-SNAPSHOT~6181783bd1

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.085 s) : 0, 1084520
Total [baseline] (10.425 s) : 0, 10424910
Agent [candidate] (1.088 s) : 0, 1088286
Total [candidate] (10.455 s) : 0, 10455318
section appsec
Agent [baseline] (1.218 s) : 0, 1218476
Total [baseline] (10.712 s) : 0, 10712422
Agent [candidate] (1.223 s) : 0, 1222987
Total [candidate] (10.778 s) : 0, 10778456
section iast
Agent [baseline] (1.212 s) : 0, 1211516
Total [baseline] (10.957 s) : 0, 10956665
Agent [candidate] (1.214 s) : 0, 1214331
Total [candidate] (10.942 s) : 0, 10942256
section profiling
Agent [baseline] (1.283 s) : 0, 1283413
Total [baseline] (10.845 s) : 0, 10844526
Agent [candidate] (1.283 s) : 0, 1282735
Total [candidate] (10.759 s) : 0, 10758887
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.085 s -
Agent appsec 1.218 s 133.956 ms (12.4%)
Agent iast 1.212 s 126.996 ms (11.7%)
Agent profiling 1.283 s 198.893 ms (18.3%)
Total tracing 10.425 s -
Total appsec 10.712 s 287.511 ms (2.8%)
Total iast 10.957 s 531.755 ms (5.1%)
Total profiling 10.845 s 419.616 ms (4.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.088 s -
Agent appsec 1.223 s 134.7 ms (12.4%)
Agent iast 1.214 s 126.045 ms (11.6%)
Agent profiling 1.283 s 194.449 ms (17.9%)
Total tracing 10.455 s -
Total appsec 10.778 s 323.138 ms (3.1%)
Total iast 10.942 s 486.938 ms (4.7%)
Total profiling 10.759 s 303.57 ms (2.9%) 
gantt
    title petclinic - break down per module: candidate=1.43.0-SNAPSHOT~f4d62a2aa3, baseline=1.43.0-SNAPSHOT~6181783bd1

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (688.016 ms) : 0, 688016
BytebuddyAgent [candidate] (689.838 ms) : 0, 689838
GlobalTracer [baseline] (316.882 ms) : 0, 316882
GlobalTracer [candidate] (317.558 ms) : 0, 317558
AppSec [baseline] (54.55 ms) : 0, 54550
AppSec [candidate] (54.402 ms) : 0, 54402
Remote Config [baseline] (685.145 µs) : 0, 685
Remote Config [candidate] (677.421 µs) : 0, 677
Telemetry [baseline] (10.648 ms) : 0, 10648
Telemetry [candidate] (12.029 ms) : 0, 12029
section appsec
BytebuddyAgent [baseline] (705.544 ms) : 0, 705544
BytebuddyAgent [candidate] (708.694 ms) : 0, 708694
GlobalTracer [baseline] (314.568 ms) : 0, 314568
GlobalTracer [candidate] (315.374 ms) : 0, 315374
AppSec [baseline] (165.0 ms) : 0, 165000
AppSec [candidate] (167.129 ms) : 0, 167129
Remote Config [baseline] (640.971 µs) : 0, 641
Remote Config [candidate] (641.767 µs) : 0, 642
Telemetry [baseline] (8.169 ms) : 0, 8169
Telemetry [candidate] (7.496 ms) : 0, 7496
IAST [baseline] (21.68 ms) : 0, 21680
IAST [candidate] (19.779 ms) : 0, 19779
section iast
BytebuddyAgent [baseline] (804.688 ms) : 0, 804688
BytebuddyAgent [candidate] (806.656 ms) : 0, 806656
GlobalTracer [baseline] (306.966 ms) : 0, 306966
GlobalTracer [candidate] (307.254 ms) : 0, 307254
AppSec [baseline] (57.63 ms) : 0, 57630
AppSec [candidate] (57.949 ms) : 0, 57949
Remote Config [baseline] (598.568 µs) : 0, 599
Remote Config [candidate] (599.804 µs) : 0, 600
Telemetry [baseline] (7.434 ms) : 0, 7434
Telemetry [candidate] (7.425 ms) : 0, 7425
IAST [baseline] (20.454 ms) : 0, 20454
IAST [candidate] (20.646 ms) : 0, 20646
section profiling
BytebuddyAgent [baseline] (683.616 ms) : 0, 683616
BytebuddyAgent [candidate] (683.415 ms) : 0, 683415
GlobalTracer [baseline] (400.713 ms) : 0, 400713
GlobalTracer [candidate] (400.293 ms) : 0, 400293
AppSec [baseline] (54.805 ms) : 0, 54805
AppSec [candidate] (54.736 ms) : 0, 54736
Remote Config [baseline] (662.647 µs) : 0, 663
Remote Config [candidate] (663.676 µs) : 0, 664
Telemetry [baseline] (11.276 ms) : 0, 11276
Telemetry [candidate] (11.419 ms) : 0, 11419
ProfilingAgent [baseline] (93.307 ms) : 0, 93307
ProfilingAgent [candidate] (93.201 ms) : 0, 93201
Profiling [baseline] (93.331 ms) : 0, 93331
Profiling [candidate] (93.225 ms) : 0, 93225
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-11-19T09:09:47 2024-11-19T09:16:41
git_branch master malvarez/iast-reset-context-on-close
git_commit_date 1731943603 1732006679
git_commit_sha 6181783 f4d62a2
release_version 1.43.0-SNAPSHOT~6181783bd1 1.43.0-SNAPSHOT~f4d62a2aa3
start_time 2024-11-19T09:09:34 2024-11-19T09:16:28
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1732008151 1732008151
ci_job_id 711685903 711685903
ci_pipeline_id 49343709 49343709
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 17 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~f4d62a2aa3, baseline=1.43.0-SNAPSHOT~6181783bd1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.334 ms) : 1315, 1354
.   : milestone, 1334,
appsec (1.747 ms) : 1724, 1771
.   : milestone, 1747,
appsec_no_iast (1.727 ms) : 1703, 1751
.   : milestone, 1727,
iast (1.472 ms) : 1449, 1495
.   : milestone, 1472,
profiling (1.54 ms) : 1516, 1565
.   : milestone, 1540,
tracing (1.476 ms) : 1451, 1501
.   : milestone, 1476,
section candidate
no_agent (1.335 ms) : 1316, 1354
.   : milestone, 1335,
appsec (1.716 ms) : 1692, 1741
.   : milestone, 1716,
appsec_no_iast (1.734 ms) : 1710, 1758
.   : milestone, 1734,
iast (1.476 ms) : 1453, 1499
.   : milestone, 1476,
profiling (1.526 ms) : 1501, 1550
.   : milestone, 1526,
tracing (1.456 ms) : 1431, 1481
.   : milestone, 1456,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.334 ms [1.315 ms, 1.354 ms] -
appsec 1.747 ms [1.724 ms, 1.771 ms] 413.272 µs (31.0%)
appsec_no_iast 1.727 ms [1.703 ms, 1.751 ms] 393.044 µs (29.5%)
iast 1.472 ms [1.449 ms, 1.495 ms] 138.126 µs (10.4%)
profiling 1.54 ms [1.516 ms, 1.565 ms] 206.283 µs (15.5%)
tracing 1.476 ms [1.451 ms, 1.501 ms] 141.813 µs (10.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.335 ms [1.316 ms, 1.354 ms] -
appsec 1.716 ms [1.692 ms, 1.741 ms] 381.446 µs (28.6%)
appsec_no_iast 1.734 ms [1.71 ms, 1.758 ms] 398.655 µs (29.9%)
iast 1.476 ms [1.453 ms, 1.499 ms] 141.357 µs (10.6%)
profiling 1.526 ms [1.501 ms, 1.55 ms] 190.756 µs (14.3%)
tracing 1.456 ms [1.431 ms, 1.481 ms] 120.974 µs (9.1%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.43.0-SNAPSHOT~f4d62a2aa3, baseline=1.43.0-SNAPSHOT~6181783bd1
    dateFormat X
    axisFormat %s
section baseline
no_agent (365.281 µs) : 345, 385
.   : milestone, 365,
iast (489.353 µs) : 467, 511
.   : milestone, 489,
iast_FULL (639.571 µs) : 618, 661
.   : milestone, 640,
iast_GLOBAL (516.119 µs) : 494, 539
.   : milestone, 516,
iast_HARDCODED_SECRET_DISABLED (484.521 µs) : 463, 506
.   : milestone, 485,
iast_INACTIVE (438.099 µs) : 418, 458
.   : milestone, 438,
iast_TELEMETRY_OFF (472.729 µs) : 452, 494
.   : milestone, 473,
tracing (441.383 µs) : 420, 463
.   : milestone, 441,
section candidate
no_agent (367.658 µs) : 347, 388
.   : milestone, 368,
iast (482.054 µs) : 461, 503
.   : milestone, 482,
iast_FULL (637.45 µs) : 616, 659
.   : milestone, 637,
iast_GLOBAL (502.158 µs) : 481, 523
.   : milestone, 502,
iast_HARDCODED_SECRET_DISABLED (478.965 µs) : 458, 500
.   : milestone, 479,
iast_INACTIVE (446.043 µs) : 425, 467
.   : milestone, 446,
iast_TELEMETRY_OFF (481.814 µs) : 460, 504
.   : milestone, 482,
tracing (438.698 µs) : 418, 459
.   : milestone, 439,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 365.281 µs [345.19 µs, 385.372 µs] -
iast 489.353 µs [467.476 µs, 511.229 µs] 124.072 µs (34.0%)
iast_FULL 639.571 µs [618.195 µs, 660.948 µs] 274.291 µs (75.1%)
iast_GLOBAL 516.119 µs [493.606 µs, 538.632 µs] 150.838 µs (41.3%)
iast_HARDCODED_SECRET_DISABLED 484.521 µs [462.868 µs, 506.174 µs] 119.24 µs (32.6%)
iast_INACTIVE 438.099 µs [417.955 µs, 458.243 µs] 72.819 µs (19.9%)
iast_TELEMETRY_OFF 472.729 µs [451.812 µs, 493.646 µs] 107.449 µs (29.4%)
tracing 441.383 µs [420.262 µs, 462.504 µs] 76.102 µs (20.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 367.658 µs [347.247 µs, 388.069 µs] -
iast 482.054 µs [460.721 µs, 503.386 µs] 114.396 µs (31.1%)
iast_FULL 637.45 µs [616.184 µs, 658.717 µs] 269.792 µs (73.4%)
iast_GLOBAL 502.158 µs [481.077 µs, 523.238 µs] 134.5 µs (36.6%)
iast_HARDCODED_SECRET_DISABLED 478.965 µs [457.79 µs, 500.141 µs] 111.307 µs (30.3%)
iast_INACTIVE 446.043 µs [424.742 µs, 467.344 µs] 78.385 µs (21.3%)
iast_TELEMETRY_OFF 481.814 µs [459.629 µs, 503.999 µs] 114.156 µs (31.0%)
tracing 438.698 µs [418.061 µs, 459.334 µs] 71.04 µs (19.3%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-reset-context-on-close
git_commit_date 1731943603 1732006679
git_commit_sha 6181783 f4d62a2
release_version 1.43.0-SNAPSHOT~6181783bd1 1.43.0-SNAPSHOT~f4d62a2aa3
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1732008707 1732008707
ci_job_id 711685904 711685904
ci_pipeline_id 49343709 49343709
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~f4d62a2aa3, baseline=1.43.0-SNAPSHOT~6181783bd1
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.471 ms) : 1460, 1483
.   : milestone, 1471,
appsec (2.336 ms) : 2295, 2377
.   : milestone, 2336,
iast (2.073 ms) : 2022, 2125
.   : milestone, 2073,
iast_GLOBAL (2.133 ms) : 2081, 2186
.   : milestone, 2133,
profiling (1.951 ms) : 1909, 1993
.   : milestone, 1951,
tracing (1.937 ms) : 1896, 1977
.   : milestone, 1937,
section candidate
no_agent (1.464 ms) : 1452, 1475
.   : milestone, 1464,
appsec (2.335 ms) : 2293, 2376
.   : milestone, 2335,
iast (2.061 ms) : 2010, 2112
.   : milestone, 2061,
iast_GLOBAL (2.114 ms) : 2062, 2165
.   : milestone, 2114,
profiling (1.943 ms) : 1901, 1986
.   : milestone, 1943,
tracing (1.913 ms) : 1874, 1953
.   : milestone, 1913,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.471 ms [1.46 ms, 1.483 ms] -
appsec 2.336 ms [2.295 ms, 2.377 ms] 864.782 µs (58.8%)
iast 2.073 ms [2.022 ms, 2.125 ms] 602.109 µs (40.9%)
iast_GLOBAL 2.133 ms [2.081 ms, 2.186 ms] 662.123 µs (45.0%)
profiling 1.951 ms [1.909 ms, 1.993 ms] 479.743 µs (32.6%)
tracing 1.937 ms [1.896 ms, 1.977 ms] 465.177 µs (31.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.464 ms [1.452 ms, 1.475 ms] -
appsec 2.335 ms [2.293 ms, 2.376 ms] 870.809 µs (59.5%)
iast 2.061 ms [2.01 ms, 2.112 ms] 597.257 µs (40.8%)
iast_GLOBAL 2.114 ms [2.062 ms, 2.165 ms] 650.021 µs (44.4%)
profiling 1.943 ms [1.901 ms, 1.986 ms] 479.387 µs (32.8%)
tracing 1.913 ms [1.874 ms, 1.953 ms] 449.662 µs (30.7%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.43.0-SNAPSHOT~f4d62a2aa3, baseline=1.43.0-SNAPSHOT~6181783bd1
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.227 s) : 15227000, 15227000
.   : milestone, 15227000,
appsec (15.416 s) : 15416000, 15416000
.   : milestone, 15416000,
iast (18.596 s) : 18596000, 18596000
.   : milestone, 18596000,
iast_GLOBAL (17.935 s) : 17935000, 17935000
.   : milestone, 17935000,
profiling (15.689 s) : 15689000, 15689000
.   : milestone, 15689000,
tracing (15.129 s) : 15129000, 15129000
.   : milestone, 15129000,
section candidate
no_agent (14.912 s) : 14912000, 14912000
.   : milestone, 14912000,
appsec (14.995 s) : 14995000, 14995000
.   : milestone, 14995000,
iast (19.073 s) : 19073000, 19073000
.   : milestone, 19073000,
iast_GLOBAL (18.329 s) : 18329000, 18329000
.   : milestone, 18329000,
profiling (14.909 s) : 14909000, 14909000
.   : milestone, 14909000,
tracing (15.254 s) : 15254000, 15254000
.   : milestone, 15254000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.227 s [15.227 s, 15.227 s] -
appsec 15.416 s [15.416 s, 15.416 s] 189.0 ms (1.2%)
iast 18.596 s [18.596 s, 18.596 s] 3.369 s (22.1%)
iast_GLOBAL 17.935 s [17.935 s, 17.935 s] 2.708 s (17.8%)
profiling 15.689 s [15.689 s, 15.689 s] 462.0 ms (3.0%)
tracing 15.129 s [15.129 s, 15.129 s] -98.0 ms (-0.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.912 s [14.912 s, 14.912 s] -
appsec 14.995 s [14.995 s, 14.995 s] 83.0 ms (0.6%)
iast 19.073 s [19.073 s, 19.073 s] 4.161 s (27.9%)
iast_GLOBAL 18.329 s [18.329 s, 18.329 s] 3.417 s (22.9%)
profiling 14.909 s [14.909 s, 14.909 s] -3.0 ms (-0.0%)
tracing 15.254 s [15.254 s, 15.254 s] 342.0 ms (2.3%)

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-reset-context-on-close branch from 3e386cd to 59f88c5 Compare November 18, 2024 11:49
@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Nov 18, 2024
edited
Loading

Kafka / producer-benchmark

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-reset-context-on-close
git_commit_date 1731943603 1732006679
git_commit_sha 6181783 f4d62a2
See matching parameters
Baseline Candidate
ci_job_date 1732007779 1732007779
ci_job_id 711685906 711685906
ci_pipeline_id 49343709 49343709
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
jdkVersion 11.0.21 11.0.21
jmhVersion 1.36 1.36
jvm /usr/lib/jvm/java-11-openjdk-amd64/bin/java /usr/lib/jvm/java-11-openjdk-amd64/bin/java
jvmArgs -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/go/src/github.com/DataDog/apm-reliability/dd-trace-java/platform/src/producer-benchmark/build/tmp/jmh -Duser.country=US -Duser.language=en -Duser.variant -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/go/src/github.com/DataDog/apm-reliability/dd-trace-java/platform/src/producer-benchmark/build/tmp/jmh -Duser.country=US -Duser.language=en -Duser.variant
vmName OpenJDK 64-Bit Server VM OpenJDK 64-Bit Server VM
vmVersion 11.0.21+9-post-Ubuntu-0ubuntu122.04 11.0.21+9-post-Ubuntu-0ubuntu122.04

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 3 metrics, 0 unstable metrics.

See unchanged results
scenario Δ mean throughput
scenario:not-instrumented/KafkaProduceBenchmark.benchProduce same
scenario:only-tracing-dsm-disabled-benchmarks/KafkaProduceBenchmark.benchProduce same
scenario:only-tracing-dsm-enabled-benchmarks/KafkaProduceBenchmark.benchProduce same

@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Nov 18, 2024
edited
Loading

Kafka / consumer-benchmark

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-reset-context-on-close
git_commit_date 1731943603 1732006679
git_commit_sha 6181783 f4d62a2
See matching parameters
Baseline Candidate
ci_job_date 1732007999 1732007999
ci_job_id 711685907 711685907
ci_pipeline_id 49343709 49343709
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
jdkVersion 11.0.21 11.0.21
jmhVersion 1.36 1.36
jvm /usr/lib/jvm/java-11-openjdk-amd64/bin/java /usr/lib/jvm/java-11-openjdk-amd64/bin/java
jvmArgs -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/go/src/github.com/DataDog/apm-reliability/dd-trace-java/platform/src/consumer-benchmark/build/tmp/jmh -Duser.country=US -Duser.language=en -Duser.variant -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/go/src/github.com/DataDog/apm-reliability/dd-trace-java/platform/src/consumer-benchmark/build/tmp/jmh -Duser.country=US -Duser.language=en -Duser.variant
vmName OpenJDK 64-Bit Server VM OpenJDK 64-Bit Server VM
vmVersion 11.0.21+9-post-Ubuntu-0ubuntu122.04 11.0.21+9-post-Ubuntu-0ubuntu122.04

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 3 metrics, 0 unstable metrics.

See unchanged results
scenario Δ mean throughput
scenario:not-instrumented/KafkaConsumerBenchmark.benchConsume same
scenario:only-tracing-dsm-disabled-benchmarks/KafkaConsumerBenchmark.benchConsume unsure
[+123.722op/s; +14070.828op/s] or [+0.040%; +4.507%]
scenario:only-tracing-dsm-enabled-benchmarks/KafkaConsumerBenchmark.benchConsume same

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-reset-context-on-close branch from 59f88c5 to ca69ebb Compare November 18, 2024 12:41
amarziali
amarziali reviewed Nov 18, 2024
View reviewed changes
Comment thread internal-api/src/main/java/datadog/trace/api/iast/IastContext.java Outdated
Copy link
Copy Markdown
Contributor

@amarziali amarziali Nov 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps implementing AutoCloseable is a better choice here if you want to go with try-with-resources

Copy link
Copy Markdown
Member Author

@manuel-alvarez-alvarez manuel-alvarez-alvarez Nov 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, AFAIK Closeable extends AutoCloseable so we could eventually use it in a try with resources, but so far it's only used in the span context directly:

    if (this.requestContextDataIast instanceof Closeable) {
      try {
        ((Closeable) this.requestContextDataIast).close();
      } catch (IOException | RuntimeException e) {
        exc = e;
      }
    }

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-reset-context-on-close branch 4 times, most recently from a9c58b7 to 95147ec Compare November 19, 2024 01:59
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-reset-context-on-close branch from 95147ec to f4d62a2 Compare November 19, 2024 08:58
@manuel-alvarez-alvarez
Copy link
Copy Markdown
Member Author

manuel-alvarez-alvarez commented Nov 19, 2024

LGTM! but there are plenty of failing tests 😅

Fixed! 😉

@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit ff8ee85 into master Nov 19, 2024
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/iast-reset-context-on-close branch November 19, 2024 10:30
@github-actions github-actions Bot added this to the 1.43.0 milestone Nov 19, 2024
@mcculls mcculls changed the title Reset iast request context on root span published Reset IAST request context on root span published Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amarziali amarziali amarziali approved these changes

@ValentinZakharov ValentinZakharov ValentinZakharov approved these changes

@jandro996 jandro996 jandro996 approved these changes

@smola smola Awaiting requested review from smola smola is a code owner automatically assigned from DataDog/asm-java

+1 more reviewer

@Mariovido Mariovido Mariovido approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

comp: asm iast Application Security Management (IAST) type: bug Bug report and fix

Projects

None yet

Milestone

1.43.0

Development

Successfully merging this pull request may close these issues.

5 participants

@manuel-alvarez-alvarez @amarziali @ValentinZakharov @jandro996 @Mariovido