Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increase IAST propagation to StringBuilder append #8010

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Increase IAST propagation to StringBuilder append #8010

wants to merge 4 commits into from

Conversation

Mariovido
Copy link
Contributor

@Mariovido Mariovido commented Nov 25, 2024
edited by smola
Loading

What Does This Do

This adds the instrumentation to propagate the taint values through the following methods of StringBuilder:

  • append(CharSequence, int, int)
  • append(StringBuffer)

Motivation

Increase propagation of StringBuilder methods.

Additional Notes

Contributor Checklist

Jira ticket: APPSEC-55358

@Mariovido Mariovido added type: enhancement comp: asm iast Application Security Management (IAST) inst: java Core Java language instrumentation labels Nov 25, 2024
@smola smola removed the inst: java Core Java language instrumentation label Nov 25, 2024
@smola smola changed the title Increase propagation to StringBuilder append Increase IAST propagation to StringBuilder append Nov 25, 2024
@pr-commenter
Copy link

pr-commenter bot commented Nov 25, 2024
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mario.vidal/taint_tracking_string_builder_append
git_commit_date 1732796662 1732796716
git_commit_sha 7f91a3e e45b946
release_version 1.44.0-SNAPSHOT~7f91a3ecc2 1.44.0-SNAPSHOT~e45b946d65
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1732799257 1732799257
ci_job_id 722762489 722762489
ci_pipeline_id 50103347 50103347
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 1 performance regressions! Performance is the same for 55 metrics, 7 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:insecure-bank:iast_TELEMETRY_OFF:Remote Config worse
[+16.237µs; +59.894µs] or [+2.662%; +9.821%]		 647.915µs 609.850µs
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.44.0-SNAPSHOT~e45b946d65, baseline=1.44.0-SNAPSHOT~7f91a3ecc2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.087 s) : 0, 1087139
Total [baseline] (10.488 s) : 0, 10487877
Agent [candidate] (1.098 s) : 0, 1098109
Total [candidate] (10.42 s) : 0, 10419603
section appsec
Agent [baseline] (1.228 s) : 0, 1227579
Total [baseline] (10.727 s) : 0, 10727131
Agent [candidate] (1.223 s) : 0, 1223337
Total [candidate] (10.773 s) : 0, 10773428
section iast
Agent [baseline] (1.228 s) : 0, 1228327
Total [baseline] (10.952 s) : 0, 10952095
Agent [candidate] (1.218 s) : 0, 1218374
Total [candidate] (10.964 s) : 0, 10963750
section profiling
Agent [baseline] (1.314 s) : 0, 1313934
Total [baseline] (10.759 s) : 0, 10758628
Agent [candidate] (1.321 s) : 0, 1321117
Total [candidate] (10.811 s) : 0, 10810644
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.087 s -
Agent appsec 1.228 s 140.44 ms (12.9%)
Agent iast 1.228 s 141.189 ms (13.0%)
Agent profiling 1.314 s 226.795 ms (20.9%)
Total tracing 10.488 s -
Total appsec 10.727 s 239.253 ms (2.3%)
Total iast 10.952 s 464.217 ms (4.4%)
Total profiling 10.759 s 270.751 ms (2.6%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.098 s -
Agent appsec 1.223 s 125.228 ms (11.4%)
Agent iast 1.218 s 120.265 ms (11.0%)
Agent profiling 1.321 s 223.008 ms (20.3%)
Total tracing 10.42 s -
Total appsec 10.773 s 353.826 ms (3.4%)
Total iast 10.964 s 544.148 ms (5.2%)
Total profiling 10.811 s 391.041 ms (3.8%) 
gantt
    title petclinic - break down per module: candidate=1.44.0-SNAPSHOT~e45b946d65, baseline=1.44.0-SNAPSHOT~7f91a3ecc2

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (692.886 ms) : 0, 692886
BytebuddyAgent [candidate] (698.764 ms) : 0, 698764
GlobalTracer [baseline] (316.688 ms) : 0, 316688
GlobalTracer [candidate] (319.545 ms) : 0, 319545
AppSec [baseline] (54.648 ms) : 0, 54648
AppSec [candidate] (55.329 ms) : 0, 55329
Remote Config [baseline] (681.838 µs) : 0, 682
Remote Config [candidate] (685.227 µs) : 0, 685
Telemetry [baseline] (8.549 ms) : 0, 8549
Telemetry [candidate] (9.953 ms) : 0, 9953
section appsec
BytebuddyAgent [baseline] (711.409 ms) : 0, 711409
BytebuddyAgent [candidate] (710.371 ms) : 0, 710371
GlobalTracer [baseline] (316.085 ms) : 0, 316085
GlobalTracer [candidate] (313.873 ms) : 0, 313873
AppSec [baseline] (167.086 ms) : 0, 167086
AppSec [candidate] (165.228 ms) : 0, 165228
IAST [baseline] (20.815 ms) : 0, 20815
IAST [candidate] (19.772 ms) : 0, 19772
Remote Config [baseline] (650.28 µs) : 0, 650
Remote Config [candidate] (652.169 µs) : 0, 652
Telemetry [baseline] (8.234 ms) : 0, 8234
Telemetry [candidate] (9.623 ms) : 0, 9623
section iast
BytebuddyAgent [baseline] (818.8 ms) : 0, 818800
BytebuddyAgent [candidate] (810.906 ms) : 0, 810906
GlobalTracer [baseline] (308.371 ms) : 0, 308371
GlobalTracer [candidate] (305.989 ms) : 0, 305989
AppSec [baseline] (58.019 ms) : 0, 58019
AppSec [candidate] (58.329 ms) : 0, 58329
IAST [baseline] (20.982 ms) : 0, 20982
IAST [candidate] (21.219 ms) : 0, 21219
Remote Config [baseline] (651.434 µs) : 0, 651
Remote Config [candidate] (646.688 µs) : 0, 647
Telemetry [baseline] (7.552 ms) : 0, 7552
Telemetry [candidate] (7.559 ms) : 0, 7559
section profiling
BytebuddyAgent [baseline] (686.586 ms) : 0, 686586
BytebuddyAgent [candidate] (691.075 ms) : 0, 691075
GlobalTracer [baseline] (432.87 ms) : 0, 432870
GlobalTracer [candidate] (434.344 ms) : 0, 434344
AppSec [baseline] (53.693 ms) : 0, 53693
AppSec [candidate] (54.155 ms) : 0, 54155
Remote Config [baseline] (658.753 µs) : 0, 659
Remote Config [candidate] (669.558 µs) : 0, 670
Telemetry [baseline] (7.673 ms) : 0, 7673
Telemetry [candidate] (7.828 ms) : 0, 7828
ProfilingAgent [baseline] (93.538 ms) : 0, 93538
ProfilingAgent [candidate] (93.848 ms) : 0, 93848
Profiling [baseline] (93.561 ms) : 0, 93561
Profiling [candidate] (93.871 ms) : 0, 93871
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.44.0-SNAPSHOT~e45b946d65, baseline=1.44.0-SNAPSHOT~7f91a3ecc2

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.095 s) : 0, 1094919
Total [baseline] (8.649 s) : 0, 8649500
Agent [candidate] (1.099 s) : 0, 1099019
Total [candidate] (8.687 s) : 0, 8687277
section iast
Agent [baseline] (1.215 s) : 0, 1215338
Total [baseline] (9.2 s) : 0, 9199607
Agent [candidate] (1.216 s) : 0, 1216049
Total [candidate] (9.242 s) : 0, 9241640
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.224 s) : 0, 1223899
Total [baseline] (9.177 s) : 0, 9177125
Agent [candidate] (1.228 s) : 0, 1228235
Total [candidate] (9.215 s) : 0, 9215369
section iast_TELEMETRY_OFF
Agent [baseline] (1.213 s) : 0, 1213182
Total [baseline] (9.186 s) : 0, 9186425
Agent [candidate] (1.219 s) : 0, 1219415
Total [candidate] (9.201 s) : 0, 9201081
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.095 s -
Agent iast 1.215 s 120.419 ms (11.0%)
Agent iast_HARDCODED_SECRET_DISABLED 1.224 s 128.98 ms (11.8%)
Agent iast_TELEMETRY_OFF 1.213 s 118.263 ms (10.8%)
Total tracing 8.649 s -
Total iast 9.2 s 550.107 ms (6.4%)
Total iast_HARDCODED_SECRET_DISABLED 9.177 s 527.625 ms (6.1%)
Total iast_TELEMETRY_OFF 9.186 s 536.926 ms (6.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.099 s -
Agent iast 1.216 s 117.029 ms (10.6%)
Agent iast_HARDCODED_SECRET_DISABLED 1.228 s 129.216 ms (11.8%)
Agent iast_TELEMETRY_OFF 1.219 s 120.396 ms (11.0%)
Total tracing 8.687 s -
Total iast 9.242 s 554.363 ms (6.4%)
Total iast_HARDCODED_SECRET_DISABLED 9.215 s 528.092 ms (6.1%)
Total iast_TELEMETRY_OFF 9.201 s 513.805 ms (5.9%) 
gantt
    title insecure-bank - break down per module: candidate=1.44.0-SNAPSHOT~e45b946d65, baseline=1.44.0-SNAPSHOT~7f91a3ecc2

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (697.977 ms) : 0, 697977
BytebuddyAgent [candidate] (699.241 ms) : 0, 699241
GlobalTracer [baseline] (318.732 ms) : 0, 318732
GlobalTracer [candidate] (320.464 ms) : 0, 320464
AppSec [baseline] (55.084 ms) : 0, 55084
AppSec [candidate] (55.549 ms) : 0, 55549
Remote Config [baseline] (688.624 µs) : 0, 689
Remote Config [candidate] (688.775 µs) : 0, 689
Telemetry [baseline] (8.61 ms) : 0, 8610
Telemetry [candidate] (9.259 ms) : 0, 9259
section iast
BytebuddyAgent [baseline] (810.249 ms) : 0, 810249
BytebuddyAgent [candidate] (809.832 ms) : 0, 809832
GlobalTracer [baseline] (304.885 ms) : 0, 304885
GlobalTracer [candidate] (305.605 ms) : 0, 305605
AppSec [baseline] (57.726 ms) : 0, 57726
AppSec [candidate] (58.015 ms) : 0, 58015
IAST [baseline] (20.653 ms) : 0, 20653
IAST [candidate] (20.759 ms) : 0, 20759
Remote Config [baseline] (623.388 µs) : 0, 623
Remote Config [candidate] (633.515 µs) : 0, 634
Telemetry [baseline] (7.501 ms) : 0, 7501
Telemetry [candidate] (7.478 ms) : 0, 7478
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (817.117 ms) : 0, 817117
BytebuddyAgent [candidate] (818.764 ms) : 0, 818764
GlobalTracer [baseline] (305.901 ms) : 0, 305901
GlobalTracer [candidate] (307.666 ms) : 0, 307666
AppSec [baseline] (57.228 ms) : 0, 57228
AppSec [candidate] (57.251 ms) : 0, 57251
IAST [baseline] (21.651 ms) : 0, 21651
IAST [candidate] (22.583 ms) : 0, 22583
Remote Config [baseline] (627.333 µs) : 0, 627
Remote Config [candidate] (616.623 µs) : 0, 617
Telemetry [baseline] (7.521 ms) : 0, 7521
Telemetry [candidate] (7.494 ms) : 0, 7494
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (807.889 ms) : 0, 807889
BytebuddyAgent [candidate] (809.512 ms) : 0, 809512
GlobalTracer [baseline] (305.352 ms) : 0, 305352
GlobalTracer [candidate] (308.638 ms) : 0, 308638
AppSec [baseline] (57.636 ms) : 0, 57636
AppSec [candidate] (56.293 ms) : 0, 56293
IAST [baseline] (20.566 ms) : 0, 20566
IAST [candidate] (23.222 ms) : 0, 23222
Remote Config [baseline] (609.85 µs) : 0, 610
Remote Config [candidate] (647.915 µs) : 0, 648
Telemetry [baseline] (7.411 ms) : 0, 7411
Telemetry [candidate] (7.391 ms) : 0, 7391
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-11-28T12:37:41 2024-11-28T12:44:42
git_branch master mario.vidal/taint_tracking_string_builder_append
git_commit_date 1732796662 1732796716
git_commit_sha 7f91a3e e45b946
release_version 1.44.0-SNAPSHOT~7f91a3ecc2 1.44.0-SNAPSHOT~e45b946d65
start_time 2024-11-28T12:37:28 2024-11-28T12:44:28
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1732798236 1732798236
ci_job_id 722762490 722762490
ci_pipeline_id 50103347 50103347
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics.

Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.44.0-SNAPSHOT~e45b946d65, baseline=1.44.0-SNAPSHOT~7f91a3ecc2
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.368 ms) : 1349, 1388
.   : milestone, 1368,
appsec (1.764 ms) : 1740, 1788
.   : milestone, 1764,
appsec_no_iast (1.741 ms) : 1716, 1767
.   : milestone, 1741,
iast (1.508 ms) : 1485, 1531
.   : milestone, 1508,
profiling (1.529 ms) : 1505, 1554
.   : milestone, 1529,
tracing (1.511 ms) : 1487, 1535
.   : milestone, 1511,
section candidate
no_agent (1.38 ms) : 1360, 1399
.   : milestone, 1380,
appsec (1.759 ms) : 1734, 1783
.   : milestone, 1759,
appsec_no_iast (1.746 ms) : 1720, 1772
.   : milestone, 1746,
iast (1.497 ms) : 1474, 1520
.   : milestone, 1497,
profiling (1.519 ms) : 1496, 1542
.   : milestone, 1519,
tracing (1.497 ms) : 1473, 1522
.   : milestone, 1497,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.368 ms [1.349 ms, 1.388 ms] -
appsec 1.764 ms [1.74 ms, 1.788 ms] 395.478 µs (28.9%)
appsec_no_iast 1.741 ms [1.716 ms, 1.767 ms] 372.851 µs (27.2%)
iast 1.508 ms [1.485 ms, 1.531 ms] 139.562 µs (10.2%)
profiling 1.529 ms [1.505 ms, 1.554 ms] 160.866 µs (11.8%)
tracing 1.511 ms [1.487 ms, 1.535 ms] 142.218 µs (10.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.38 ms [1.36 ms, 1.399 ms] -
appsec 1.759 ms [1.734 ms, 1.783 ms] 379.1 µs (27.5%)
appsec_no_iast 1.746 ms [1.72 ms, 1.772 ms] 366.438 µs (26.6%)
iast 1.497 ms [1.474 ms, 1.52 ms] 117.219 µs (8.5%)
profiling 1.519 ms [1.496 ms, 1.542 ms] 139.431 µs (10.1%)
tracing 1.497 ms [1.473 ms, 1.522 ms] 117.913 µs (8.5%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.44.0-SNAPSHOT~e45b946d65, baseline=1.44.0-SNAPSHOT~7f91a3ecc2
    dateFormat X
    axisFormat %s
section baseline
no_agent (380.833 µs) : 361, 401
.   : milestone, 381,
iast (497.714 µs) : 476, 520
.   : milestone, 498,
iast_FULL (654.225 µs) : 633, 676
.   : milestone, 654,
iast_GLOBAL (529.28 µs) : 506, 552
.   : milestone, 529,
iast_HARDCODED_SECRET_DISABLED (504.167 µs) : 482, 526
.   : milestone, 504,
iast_INACTIVE (457.365 µs) : 436, 479
.   : milestone, 457,
iast_TELEMETRY_OFF (494.127 µs) : 472, 516
.   : milestone, 494,
tracing (459.68 µs) : 438, 481
.   : milestone, 460,
section candidate
no_agent (381.396 µs) : 362, 401
.   : milestone, 381,
iast (501.83 µs) : 480, 524
.   : milestone, 502,
iast_FULL (652.871 µs) : 631, 674
.   : milestone, 653,
iast_GLOBAL (526.561 µs) : 505, 548
.   : milestone, 527,
iast_HARDCODED_SECRET_DISABLED (494.837 µs) : 474, 516
.   : milestone, 495,
iast_INACTIVE (455.873 µs) : 435, 477
.   : milestone, 456,
iast_TELEMETRY_OFF (482.225 µs) : 461, 504
.   : milestone, 482,
tracing (451.889 µs) : 431, 473
.   : milestone, 452,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 380.833 µs [360.961 µs, 400.705 µs] -
iast 497.714 µs [475.862 µs, 519.567 µs] 116.881 µs (30.7%)
iast_FULL 654.225 µs [632.538 µs, 675.912 µs] 273.392 µs (71.8%)
iast_GLOBAL 529.28 µs [506.452 µs, 552.108 µs] 148.447 µs (39.0%)
iast_HARDCODED_SECRET_DISABLED 504.167 µs [482.017 µs, 526.317 µs] 123.334 µs (32.4%)
iast_INACTIVE 457.365 µs [436.168 µs, 478.561 µs] 76.531 µs (20.1%)
iast_TELEMETRY_OFF 494.127 µs [472.171 µs, 516.084 µs] 113.294 µs (29.7%)
tracing 459.68 µs [438.288 µs, 481.072 µs] 78.847 µs (20.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 381.396 µs [361.631 µs, 401.162 µs] -
iast 501.83 µs [480.014 µs, 523.646 µs] 120.434 µs (31.6%)
iast_FULL 652.871 µs [631.284 µs, 674.457 µs] 271.474 µs (71.2%)
iast_GLOBAL 526.561 µs [504.812 µs, 548.311 µs] 145.165 µs (38.1%)
iast_HARDCODED_SECRET_DISABLED 494.837 µs [473.501 µs, 516.174 µs] 113.441 µs (29.7%)
iast_INACTIVE 455.873 µs [434.977 µs, 476.769 µs] 74.477 µs (19.5%)
iast_TELEMETRY_OFF 482.225 µs [460.892 µs, 503.558 µs] 100.829 µs (26.4%)
tracing 451.889 µs [430.964 µs, 472.814 µs] 70.493 µs (18.5%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mario.vidal/taint_tracking_string_builder_append
git_commit_date 1732796662 1732796716
git_commit_sha 7f91a3e e45b946
release_version 1.44.0-SNAPSHOT~7f91a3ecc2 1.44.0-SNAPSHOT~e45b946d65
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1732798774 1732798774
ci_job_id 722762491 722762491
ci_pipeline_id 50103347 50103347
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant appsec appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.44.0-SNAPSHOT~e45b946d65, baseline=1.44.0-SNAPSHOT~7f91a3ecc2
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.472 ms) : 1460, 1483
.   : milestone, 1472,
appsec (2.346 ms) : 2304, 2388
.   : milestone, 2346,
iast (2.092 ms) : 2040, 2144
.   : milestone, 2092,
iast_GLOBAL (2.128 ms) : 2075, 2181
.   : milestone, 2128,
profiling (1.952 ms) : 1910, 1994
.   : milestone, 1952,
tracing (1.93 ms) : 1890, 1971
.   : milestone, 1930,
section candidate
no_agent (1.469 ms) : 1458, 1481
.   : milestone, 1469,
appsec (2.343 ms) : 2302, 2384
.   : milestone, 2343,
iast (2.094 ms) : 2042, 2146
.   : milestone, 2094,
iast_GLOBAL (2.132 ms) : 2079, 2184
.   : milestone, 2132,
profiling (1.961 ms) : 1919, 2003
.   : milestone, 1961,
tracing (1.927 ms) : 1887, 1967
.   : milestone, 1927,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.472 ms [1.46 ms, 1.483 ms] -
appsec 2.346 ms [2.304 ms, 2.388 ms] 874.306 µs (59.4%)
iast 2.092 ms [2.04 ms, 2.144 ms] 620.207 µs (42.1%)
iast_GLOBAL 2.128 ms [2.075 ms, 2.181 ms] 656.31 µs (44.6%)
profiling 1.952 ms [1.91 ms, 1.994 ms] 480.41 µs (32.6%)
tracing 1.93 ms [1.89 ms, 1.971 ms] 458.672 µs (31.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.469 ms [1.458 ms, 1.481 ms] -
appsec 2.343 ms [2.302 ms, 2.384 ms] 873.774 µs (59.5%)
iast 2.094 ms [2.042 ms, 2.146 ms] 624.808 µs (42.5%)
iast_GLOBAL 2.132 ms [2.079 ms, 2.184 ms] 662.708 µs (45.1%)
profiling 1.961 ms [1.919 ms, 2.003 ms] 492.115 µs (33.5%)
tracing 1.927 ms [1.887 ms, 1.967 ms] 457.509 µs (31.1%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.44.0-SNAPSHOT~e45b946d65, baseline=1.44.0-SNAPSHOT~7f91a3ecc2
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.836 s) : 14836000, 14836000
.   : milestone, 14836000,
appsec (14.965 s) : 14965000, 14965000
.   : milestone, 14965000,
iast (18.607 s) : 18607000, 18607000
.   : milestone, 18607000,
iast_GLOBAL (18.073 s) : 18073000, 18073000
.   : milestone, 18073000,
profiling (15.654 s) : 15654000, 15654000
.   : milestone, 15654000,
tracing (14.814 s) : 14814000, 14814000
.   : milestone, 14814000,
section candidate
no_agent (14.645 s) : 14645000, 14645000
.   : milestone, 14645000,
appsec (14.904 s) : 14904000, 14904000
.   : milestone, 14904000,
iast (18.949 s) : 18949000, 18949000
.   : milestone, 18949000,
iast_GLOBAL (17.698 s) : 17698000, 17698000
.   : milestone, 17698000,
profiling (15.235 s) : 15235000, 15235000
.   : milestone, 15235000,
tracing (14.914 s) : 14914000, 14914000
.   : milestone, 14914000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.836 s [14.836 s, 14.836 s] -
appsec 14.965 s [14.965 s, 14.965 s] 129.0 ms (0.9%)
iast 18.607 s [18.607 s, 18.607 s] 3.771 s (25.4%)
iast_GLOBAL 18.073 s [18.073 s, 18.073 s] 3.237 s (21.8%)
profiling 15.654 s [15.654 s, 15.654 s] 818.0 ms (5.5%)
tracing 14.814 s [14.814 s, 14.814 s] -22.0 ms (-0.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.645 s [14.645 s, 14.645 s] -
appsec 14.904 s [14.904 s, 14.904 s] 259.0 ms (1.8%)
iast 18.949 s [18.949 s, 18.949 s] 4.304 s (29.4%)
iast_GLOBAL 17.698 s [17.698 s, 17.698 s] 3.053 s (20.8%)
profiling 15.235 s [15.235 s, 15.235 s] 590.0 ms (4.0%)
tracing 14.914 s [14.914 s, 14.914 s] 269.0 ms (1.8%)

@Mariovido Mariovido marked this pull request as ready for review November 25, 2024 11:23
@Mariovido Mariovido requested review from a team as code owners November 25, 2024 11:23
smola
smola requested changes Nov 28, 2024
View reviewed changes
dd-java-agent/agent-iast/src/test/groovy/com/datadog/iast/propagation/StringModuleTest.groovy
sb('123') | '==>456<==' | 0 | 3 | '123==>456<=='
sb('==>123<==') | '==>456<==' | 0 | 3 | '==>123<====>456<=='
sb('1==>234<==5==>678<==9') | 'a==>bcd<==e' | 0 | 5 | '1==>234<==5==>678<==9a==>bcd<==e'
sb('1==>234<==5==>678<==9') | 'a==>bcd<==e==>fgh<==i' | 0 | 9 | '1==>234<==5==>678<==9a==>bcd<==e==>fgh<==i'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add examples where start > 0

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added more test cases where start > 0 and end < s.length

@Mariovido Mariovido requested a review from smola November 28, 2024 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ValentinZakharov ValentinZakharov Awaiting requested review from ValentinZakharov ValentinZakharov is a code owner automatically assigned from DataDog/asm-java

@smola smola Awaiting requested review from smola

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST) type: enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Mariovido @smola