Increase IAST propagation to StringBuilder subSequence #8026

Mariovido · 2024-11-27T14:13:17Z

What Does This Do

This adds the instrumentation to propagate the taint values through the following methods of StringBuilder:

subSequence(int, int)

Motivation

Increase propagation of StringBuilder methods.

Additional Notes

In this PR it has been made one refactor in the tests to make them clear.

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Squash your commits prior merging or merge using GitHub's Squash and merge
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-55360

pr-commenter · 2024-11-27T14:21:06Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mario.vidal/taint_tracking_string_builder_subsequence
git_commit_date	1732709291	1732716676
git_commit_sha	`966ef84`	`f617c28`
release_version	1.44.0-SNAPSHOT~966ef84e87	1.44.0-SNAPSHOT~f617c28123

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1732719089	1732719089
ci_job_id	722016029	722016029
ci_pipeline_id	50060797	50060797
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 54 metrics, 9 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.44.0-SNAPSHOT~f617c28123, baseline=1.44.0-SNAPSHOT~966ef84e87

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.101 s) : 0, 1101328
Total [baseline] (10.471 s) : 0, 10470933
Agent [candidate] (1.107 s) : 0, 1107398
Total [candidate] (10.577 s) : 0, 10577354
section appsec
Agent [baseline] (1.222 s) : 0, 1222040
Total [baseline] (10.719 s) : 0, 10718836
Agent [candidate] (1.225 s) : 0, 1224782
Total [candidate] (10.71 s) : 0, 10709544
section iast
Agent [baseline] (1.23 s) : 0, 1229574
Total [baseline] (10.945 s) : 0, 10944622
Agent [candidate] (1.219 s) : 0, 1219058
Total [candidate] (10.987 s) : 0, 10987030
section profiling
Agent [baseline] (1.32 s) : 0, 1320164
Total [baseline] (10.857 s) : 0, 10856751
Agent [candidate] (1.321 s) : 0, 1320826
Total [candidate] (10.841 s) : 0, 10841330

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.101 s	-
Agent	appsec	1.222 s	120.713 ms (11.0%)
Agent	iast	1.23 s	128.247 ms (11.6%)
Agent	profiling	1.32 s	218.837 ms (19.9%)
Total	tracing	10.471 s	-
Total	appsec	10.719 s	247.904 ms (2.4%)
Total	iast	10.945 s	473.69 ms (4.5%)
Total	profiling	10.857 s	385.818 ms (3.7%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.107 s	-
Agent	appsec	1.225 s	117.384 ms (10.6%)
Agent	iast	1.219 s	111.66 ms (10.1%)
Agent	profiling	1.321 s	213.428 ms (19.3%)
Total	tracing	10.577 s	-
Total	appsec	10.71 s	132.19 ms (1.2%)
Total	iast	10.987 s	409.676 ms (3.9%)
Total	profiling	10.841 s	263.976 ms (2.5%)

gantt
    title petclinic - break down per module: candidate=1.44.0-SNAPSHOT~f617c28123, baseline=1.44.0-SNAPSHOT~966ef84e87

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (702.178 ms) : 0, 702178
BytebuddyAgent [candidate] (704.892 ms) : 0, 704892
GlobalTracer [baseline] (319.044 ms) : 0, 319044
GlobalTracer [candidate] (321.163 ms) : 0, 321163
AppSec [baseline] (54.819 ms) : 0, 54819
AppSec [candidate] (55.23 ms) : 0, 55230
Remote Config [baseline] (675.078 µs) : 0, 675
Remote Config [candidate] (687.622 µs) : 0, 688
Telemetry [baseline] (10.735 ms) : 0, 10735
Telemetry [candidate] (11.484 ms) : 0, 11484
section appsec
BytebuddyAgent [baseline] (709.901 ms) : 0, 709901
BytebuddyAgent [candidate] (711.861 ms) : 0, 711861
GlobalTracer [baseline] (313.782 ms) : 0, 313782
GlobalTracer [candidate] (313.101 ms) : 0, 313101
AppSec [baseline] (165.719 ms) : 0, 165719
AppSec [candidate] (167.125 ms) : 0, 167125
IAST [baseline] (19.737 ms) : 0, 19737
IAST [candidate] (19.01 ms) : 0, 19010
Remote Config [baseline] (649.976 µs) : 0, 650
Remote Config [candidate] (644.555 µs) : 0, 645
Telemetry [baseline] (8.486 ms) : 0, 8486
Telemetry [candidate] (8.883 ms) : 0, 8883
section iast
BytebuddyAgent [baseline] (820.341 ms) : 0, 820341
BytebuddyAgent [candidate] (812.077 ms) : 0, 812077
GlobalTracer [baseline] (307.834 ms) : 0, 307834
GlobalTracer [candidate] (306.383 ms) : 0, 306383
AppSec [baseline] (57.567 ms) : 0, 57567
AppSec [candidate] (56.603 ms) : 0, 56603
IAST [baseline] (21.814 ms) : 0, 21814
IAST [candidate] (22.255 ms) : 0, 22255
Remote Config [baseline] (637.547 µs) : 0, 638
Remote Config [candidate] (635.846 µs) : 0, 636
Telemetry [baseline] (7.544 ms) : 0, 7544
Telemetry [candidate] (7.413 ms) : 0, 7413
section profiling
BytebuddyAgent [baseline] (691.31 ms) : 0, 691310
BytebuddyAgent [candidate] (691.024 ms) : 0, 691024
GlobalTracer [baseline] (432.93 ms) : 0, 432930
GlobalTracer [candidate] (434.566 ms) : 0, 434566
AppSec [baseline] (54.036 ms) : 0, 54036
AppSec [candidate] (53.888 ms) : 0, 53888
Remote Config [baseline] (658.597 µs) : 0, 659
Remote Config [candidate] (662.375 µs) : 0, 662
Telemetry [baseline] (7.768 ms) : 0, 7768
Telemetry [candidate] (7.851 ms) : 0, 7851
ProfilingAgent [baseline] (94.222 ms) : 0, 94222
ProfilingAgent [candidate] (93.639 ms) : 0, 93639
Profiling [baseline] (94.247 ms) : 0, 94247
Profiling [candidate] (93.663 ms) : 0, 93663

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.44.0-SNAPSHOT~f617c28123, baseline=1.44.0-SNAPSHOT~966ef84e87

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.098 s) : 0, 1098448
Total [baseline] (8.735 s) : 0, 8734843
Agent [candidate] (1.093 s) : 0, 1093112
Total [candidate] (8.641 s) : 0, 8641019
section iast
Agent [baseline] (1.217 s) : 0, 1217399
Total [baseline] (9.191 s) : 0, 9191258
Agent [candidate] (1.217 s) : 0, 1216770
Total [candidate] (9.193 s) : 0, 9193310
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.215 s) : 0, 1214864
Total [baseline] (9.144 s) : 0, 9143565
Agent [candidate] (1.229 s) : 0, 1228871
Total [candidate] (9.206 s) : 0, 9206257
section iast_TELEMETRY_OFF
Agent [baseline] (1.214 s) : 0, 1213555
Total [baseline] (9.144 s) : 0, 9143512
Agent [candidate] (1.222 s) : 0, 1221985
Total [candidate] (9.208 s) : 0, 9207714

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.098 s	-
Agent	iast	1.217 s	118.951 ms (10.8%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.215 s	116.416 ms (10.6%)
Agent	iast_TELEMETRY_OFF	1.214 s	115.106 ms (10.5%)
Total	tracing	8.735 s	-
Total	iast	9.191 s	456.415 ms (5.2%)
Total	iast_HARDCODED_SECRET_DISABLED	9.144 s	408.722 ms (4.7%)
Total	iast_TELEMETRY_OFF	9.144 s	408.669 ms (4.7%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.093 s	-
Agent	iast	1.217 s	123.658 ms (11.3%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.229 s	135.759 ms (12.4%)
Agent	iast_TELEMETRY_OFF	1.222 s	128.873 ms (11.8%)
Total	tracing	8.641 s	-
Total	iast	9.193 s	552.291 ms (6.4%)
Total	iast_HARDCODED_SECRET_DISABLED	9.206 s	565.238 ms (6.5%)
Total	iast_TELEMETRY_OFF	9.208 s	566.695 ms (6.6%)

gantt
    title insecure-bank - break down per module: candidate=1.44.0-SNAPSHOT~f617c28123, baseline=1.44.0-SNAPSHOT~966ef84e87

    dateFormat X
    axisFormat %s
section tracing
BytebuddyAgent [baseline] (699.096 ms) : 0, 699096
BytebuddyAgent [candidate] (695.501 ms) : 0, 695501
GlobalTracer [baseline] (318.931 ms) : 0, 318931
GlobalTracer [candidate] (316.957 ms) : 0, 316957
AppSec [baseline] (54.76 ms) : 0, 54760
AppSec [candidate] (54.976 ms) : 0, 54976
Remote Config [baseline] (674.224 µs) : 0, 674
Remote Config [candidate] (680.078 µs) : 0, 680
Telemetry [baseline] (11.211 ms) : 0, 11211
Telemetry [candidate] (11.209 ms) : 0, 11209
section iast
BytebuddyAgent [baseline] (811.23 ms) : 0, 811230
BytebuddyAgent [candidate] (810.859 ms) : 0, 810859
GlobalTracer [baseline] (305.63 ms) : 0, 305630
GlobalTracer [candidate] (305.569 ms) : 0, 305569
AppSec [baseline] (57.226 ms) : 0, 57226
AppSec [candidate] (57.717 ms) : 0, 57717
IAST [baseline] (21.532 ms) : 0, 21532
IAST [candidate] (20.764 ms) : 0, 20764
Remote Config [baseline] (617.628 µs) : 0, 618
Remote Config [candidate] (645.561 µs) : 0, 646
Telemetry [baseline] (7.454 ms) : 0, 7454
Telemetry [candidate] (7.48 ms) : 0, 7480
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (810.001 ms) : 0, 810001
BytebuddyAgent [candidate] (818.768 ms) : 0, 818768
GlobalTracer [baseline] (304.819 ms) : 0, 304819
GlobalTracer [candidate] (308.756 ms) : 0, 308756
AppSec [baseline] (57.526 ms) : 0, 57526
AppSec [candidate] (57.555 ms) : 0, 57555
IAST [baseline] (20.798 ms) : 0, 20798
IAST [candidate] (21.788 ms) : 0, 21788
Remote Config [baseline] (612.062 µs) : 0, 612
Remote Config [candidate] (636.851 µs) : 0, 637
Telemetry [baseline] (7.45 ms) : 0, 7450
Telemetry [candidate] (7.51 ms) : 0, 7510
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (807.855 ms) : 0, 807855
BytebuddyAgent [candidate] (814.073 ms) : 0, 814073
GlobalTracer [baseline] (305.838 ms) : 0, 305838
GlobalTracer [candidate] (307.117 ms) : 0, 307117
AppSec [baseline] (57.107 ms) : 0, 57107
AppSec [candidate] (58.321 ms) : 0, 58321
IAST [baseline] (21.065 ms) : 0, 21065
IAST [candidate] (20.516 ms) : 0, 20516
Remote Config [baseline] (619.991 µs) : 0, 620
Remote Config [candidate] (623.845 µs) : 0, 624
Telemetry [baseline] (7.444 ms) : 0, 7444
Telemetry [candidate] (7.513 ms) : 0, 7513

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2024-11-27T14:23:34	2024-11-27T14:30:34
git_branch	master	mario.vidal/taint_tracking_string_builder_subsequence
git_commit_date	1732709291	1732716676
git_commit_sha	`966ef84`	`f617c28`
release_version	1.44.0-SNAPSHOT~966ef84e87	1.44.0-SNAPSHOT~f617c28123
start_time	2024-11-27T14:23:20	2024-11-27T14:30:20

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1732718189	1732718189
ci_job_id	722016030	722016030
ci_pipeline_id	50060797	50060797
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 13 metrics, 15 unstable metrics.

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.44.0-SNAPSHOT~f617c28123, baseline=1.44.0-SNAPSHOT~966ef84e87
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.341 ms) : 1322, 1361
.   : milestone, 1341,
appsec (1.76 ms) : 1735, 1784
.   : milestone, 1760,
appsec_no_iast (1.775 ms) : 1751, 1800
.   : milestone, 1775,
iast (1.493 ms) : 1470, 1515
.   : milestone, 1493,
profiling (1.519 ms) : 1495, 1542
.   : milestone, 1519,
tracing (1.484 ms) : 1459, 1509
.   : milestone, 1484,
section candidate
no_agent (1.371 ms) : 1350, 1391
.   : milestone, 1371,
appsec (1.762 ms) : 1736, 1788
.   : milestone, 1762,
appsec_no_iast (1.76 ms) : 1734, 1785
.   : milestone, 1760,
iast (1.521 ms) : 1498, 1544
.   : milestone, 1521,
profiling (1.539 ms) : 1514, 1564
.   : milestone, 1539,
tracing (1.476 ms) : 1451, 1501
.   : milestone, 1476,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.341 ms [1.322 ms, 1.361 ms]	-
appsec	1.76 ms [1.735 ms, 1.784 ms]	418.436 µs (31.2%)
appsec_no_iast	1.775 ms [1.751 ms, 1.8 ms]	434.092 µs (32.4%)
iast	1.493 ms [1.47 ms, 1.515 ms]	151.535 µs (11.3%)
profiling	1.519 ms [1.495 ms, 1.542 ms]	177.422 µs (13.2%)
tracing	1.484 ms [1.459 ms, 1.509 ms]	142.588 µs (10.6%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.371 ms [1.35 ms, 1.391 ms]	-
appsec	1.762 ms [1.736 ms, 1.788 ms]	390.863 µs (28.5%)
appsec_no_iast	1.76 ms [1.734 ms, 1.785 ms]	388.834 µs (28.4%)
iast	1.521 ms [1.498 ms, 1.544 ms]	150.212 µs (11.0%)
profiling	1.539 ms [1.514 ms, 1.564 ms]	168.514 µs (12.3%)
tracing	1.476 ms [1.451 ms, 1.501 ms]	105.469 µs (7.7%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.44.0-SNAPSHOT~f617c28123, baseline=1.44.0-SNAPSHOT~966ef84e87
    dateFormat X
    axisFormat %s
section baseline
no_agent (379.503 µs) : 360, 399
.   : milestone, 380,
iast (494.177 µs) : 473, 516
.   : milestone, 494,
iast_FULL (655.531 µs) : 634, 677
.   : milestone, 656,
iast_GLOBAL (524.573 µs) : 502, 547
.   : milestone, 525,
iast_HARDCODED_SECRET_DISABLED (497.878 µs) : 476, 520
.   : milestone, 498,
iast_INACTIVE (458.976 µs) : 438, 480
.   : milestone, 459,
iast_TELEMETRY_OFF (507.658 µs) : 483, 532
.   : milestone, 508,
tracing (458.768 µs) : 438, 480
.   : milestone, 459,
section candidate
no_agent (380.164 µs) : 360, 401
.   : milestone, 380,
iast (504.047 µs) : 482, 526
.   : milestone, 504,
iast_FULL (655.58 µs) : 634, 677
.   : milestone, 656,
iast_GLOBAL (519.458 µs) : 498, 541
.   : milestone, 519,
iast_HARDCODED_SECRET_DISABLED (494.47 µs) : 473, 516
.   : milestone, 494,
iast_INACTIVE (451.187 µs) : 430, 472
.   : milestone, 451,
iast_TELEMETRY_OFF (488.896 µs) : 467, 510
.   : milestone, 489,
tracing (455.26 µs) : 434, 477
.   : milestone, 455,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	379.503 µs [359.689 µs, 399.317 µs]	-
iast	494.177 µs [472.549 µs, 515.806 µs]	114.675 µs (30.2%)
iast_FULL	655.531 µs [633.989 µs, 677.073 µs]	276.029 µs (72.7%)
iast_GLOBAL	524.573 µs [502.176 µs, 546.97 µs]	145.07 µs (38.2%)
iast_HARDCODED_SECRET_DISABLED	497.878 µs [476.024 µs, 519.731 µs]	118.375 µs (31.2%)
iast_INACTIVE	458.976 µs [437.659 µs, 480.294 µs]	79.474 µs (20.9%)
iast_TELEMETRY_OFF	507.658 µs [483.338 µs, 531.977 µs]	128.155 µs (33.8%)
tracing	458.768 µs [437.809 µs, 479.728 µs]	79.266 µs (20.9%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	380.164 µs [359.587 µs, 400.741 µs]	-
iast	504.047 µs [482.071 µs, 526.022 µs]	123.883 µs (32.6%)
iast_FULL	655.58 µs [634.121 µs, 677.039 µs]	275.416 µs (72.4%)
iast_GLOBAL	519.458 µs [497.875 µs, 541.042 µs]	139.294 µs (36.6%)
iast_HARDCODED_SECRET_DISABLED	494.47 µs [473.007 µs, 515.932 µs]	114.306 µs (30.1%)
iast_INACTIVE	451.187 µs [430.451 µs, 471.924 µs]	71.023 µs (18.7%)
iast_TELEMETRY_OFF	488.896 µs [467.496 µs, 510.296 µs]	108.732 µs (28.6%)
tracing	455.26 µs [433.602 µs, 476.917 µs]	75.096 µs (19.8%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	mario.vidal/taint_tracking_string_builder_subsequence
git_commit_date	1732709291	1732716676
git_commit_sha	`966ef84`	`f617c28`
release_version	1.44.0-SNAPSHOT~966ef84e87	1.44.0-SNAPSHOT~f617c28123

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1732718725	1732718725
ci_job_id	722016031	722016031
ci_pipeline_id	50060797	50060797
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.44.0-SNAPSHOT~f617c28123, baseline=1.44.0-SNAPSHOT~966ef84e87
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.365 s) : 15365000, 15365000
.   : milestone, 15365000,
appsec (15.183 s) : 15183000, 15183000
.   : milestone, 15183000,
iast (18.681 s) : 18681000, 18681000
.   : milestone, 18681000,
iast_GLOBAL (18.02 s) : 18020000, 18020000
.   : milestone, 18020000,
profiling (14.928 s) : 14928000, 14928000
.   : milestone, 14928000,
tracing (14.992 s) : 14992000, 14992000
.   : milestone, 14992000,
section candidate
no_agent (14.707 s) : 14707000, 14707000
.   : milestone, 14707000,
appsec (15.127 s) : 15127000, 15127000
.   : milestone, 15127000,
iast (18.865 s) : 18865000, 18865000
.   : milestone, 18865000,
iast_GLOBAL (17.622 s) : 17622000, 17622000
.   : milestone, 17622000,
profiling (14.923 s) : 14923000, 14923000
.   : milestone, 14923000,
tracing (15.289 s) : 15289000, 15289000
.   : milestone, 15289000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.365 s [15.365 s, 15.365 s]	-
appsec	15.183 s [15.183 s, 15.183 s]	-182.0 ms (-1.2%)
iast	18.681 s [18.681 s, 18.681 s]	3.316 s (21.6%)
iast_GLOBAL	18.02 s [18.02 s, 18.02 s]	2.655 s (17.3%)
profiling	14.928 s [14.928 s, 14.928 s]	-437.0 ms (-2.8%)
tracing	14.992 s [14.992 s, 14.992 s]	-373.0 ms (-2.4%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.707 s [14.707 s, 14.707 s]	-
appsec	15.127 s [15.127 s, 15.127 s]	420.0 ms (2.9%)
iast	18.865 s [18.865 s, 18.865 s]	4.158 s (28.3%)
iast_GLOBAL	17.622 s [17.622 s, 17.622 s]	2.915 s (19.8%)
profiling	14.923 s [14.923 s, 14.923 s]	216.0 ms (1.5%)
tracing	15.289 s [15.289 s, 15.289 s]	582.0 ms (4.0%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.44.0-SNAPSHOT~f617c28123, baseline=1.44.0-SNAPSHOT~966ef84e87
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.462 ms) : 1451, 1474
.   : milestone, 1462,
appsec (2.343 ms) : 2302, 2385
.   : milestone, 2343,
iast (2.081 ms) : 2029, 2134
.   : milestone, 2081,
iast_GLOBAL (2.126 ms) : 2074, 2179
.   : milestone, 2126,
profiling (1.937 ms) : 1895, 1979
.   : milestone, 1937,
tracing (1.919 ms) : 1879, 1959
.   : milestone, 1919,
section candidate
no_agent (1.465 ms) : 1453, 1476
.   : milestone, 1465,
appsec (2.334 ms) : 2292, 2375
.   : milestone, 2334,
iast (2.077 ms) : 2024, 2129
.   : milestone, 2077,
iast_GLOBAL (2.116 ms) : 2064, 2169
.   : milestone, 2116,
profiling (1.963 ms) : 1920, 2005
.   : milestone, 1963,
tracing (1.917 ms) : 1877, 1957
.   : milestone, 1917,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.462 ms [1.451 ms, 1.474 ms]	-
appsec	2.343 ms [2.302 ms, 2.385 ms]	881.084 µs (60.2%)
iast	2.081 ms [2.029 ms, 2.134 ms]	619.001 µs (42.3%)
iast_GLOBAL	2.126 ms [2.074 ms, 2.179 ms]	663.694 µs (45.4%)
profiling	1.937 ms [1.895 ms, 1.979 ms]	474.718 µs (32.5%)
tracing	1.919 ms [1.879 ms, 1.959 ms]	457.029 µs (31.3%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.465 ms [1.453 ms, 1.476 ms]	-
appsec	2.334 ms [2.292 ms, 2.375 ms]	868.68 µs (59.3%)
iast	2.077 ms [2.024 ms, 2.129 ms]	611.813 µs (41.8%)
iast_GLOBAL	2.116 ms [2.064 ms, 2.169 ms]	651.262 µs (44.5%)
profiling	1.963 ms [1.92 ms, 2.005 ms]	497.641 µs (34.0%)
tracing	1.917 ms [1.877 ms, 1.957 ms]	451.993 µs (30.9%)

dd-java-agent/instrumentation/java-lang/src/test/java/foo/bar/TestStringBufferSuite.java

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.49.0` -> `2.50.0` | | [com.google.cloud:google-cloud-core-http](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.48.0` -> `2.49.0` | | [com.google.cloud:google-cloud-spanner](https://github.com/googleapis/java-spanner) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `6.82.0` -> `6.83.0` | | [com.google.cloud:google-cloud-logging](https://github.com/googleapis/java-logging) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.20.7` -> `3.21.0` | | [com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.24.3` -> `2.25.1` | | [com.google.cloud:google-cloud-core](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.48.0` -> `2.49.0` | | [com.google.api:gax](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.58.0` -> `2.59.0` | | [com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin) | plugin | misk/gradle/libs.versions.toml | gradle | patch | `2.6.0` -> `2.6.1` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.43.0` -> `1.44.1` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.43.0` -> `1.44.1` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.29.32` -> `2.29.34` | | [com.amazonaws:aws-java-sdk-sqs](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` -> `1.12.780` | | [com.amazonaws:aws-java-sdk-s3](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` -> `1.12.780` | | [com.amazonaws:aws-java-sdk-dynamodb](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` -> `1.12.780` | | [com.amazonaws:aws-java-sdk-core](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.779` -> `1.12.780` | --- ### Release Notes <details> <summary>googleapis/sdk-platform-java (com.google.api.grpc:proto-google-common-protos)</summary> ### [`v2.50.0`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2500-2024-11-14) ##### Features - Add experimental S2A integration in client libraries grpc transport ([#3326](googleapis/sdk-platform-java#3326)) ([1138ca6](googleapis/sdk-platform-java@1138ca6)) - enable selective generation based on service config include list ([#3323](googleapis/sdk-platform-java#3323)) ([0cddadb](googleapis/sdk-platform-java@0cddadb)) - introduce `java.time` to java-core ([#3330](googleapis/sdk-platform-java#3330)) ([f202c3b](googleapis/sdk-platform-java@f202c3b)) - Update Gapic-Generator to generate libraries using `java.time` methods ([#3321](googleapis/sdk-platform-java#3321)) ([b21c9a4](googleapis/sdk-platform-java@b21c9a4)) ##### Bug Fixes - Fix flaky test ScheduledRetryingExecutorTest.testCancelOuterFutureAfterStart ([#3335](googleapis/sdk-platform-java#3335)) ([e73740d](googleapis/sdk-platform-java@e73740d)) - httpjson callables to trace attempts (started, failed) ([#3300](googleapis/sdk-platform-java#3300)) ([15a64ee](googleapis/sdk-platform-java@15a64ee)) - instantiate GaxProperties at build time to ensure we get the protobuf version ([#3365](googleapis/sdk-platform-java#3365)) ([bb2a3be](googleapis/sdk-platform-java@bb2a3be)) - protobuf version not always getting set in headers ([#3322](googleapis/sdk-platform-java#3322)) ([7f6e470](googleapis/sdk-platform-java@7f6e470)) - use BuildKit instead of legacy builder to build the Hermetic Build images ([#3338](googleapis/sdk-platform-java#3338)) ([222fb45](googleapis/sdk-platform-java@222fb45)) ##### Dependencies - update google auth library dependencies to v1.30.0 ([#3367](googleapis/sdk-platform-java#3367)) ([a31c682](googleapis/sdk-platform-java@a31c682)) - update grpc dependencies to v1.68.1 ([#3240](googleapis/sdk-platform-java#3240)) ([c8e3941](googleapis/sdk-platform-java@c8e3941)) ##### Documentation - fix list num ([#3356](googleapis/sdk-platform-java#3356)) ([b7d6296](googleapis/sdk-platform-java@b7d6296)) - **hermetic-build:** indicate usage of Docker Buildkit in development guide ([#3337](googleapis/sdk-platform-java#3337)) ([01e742d](googleapis/sdk-platform-java@01e742d)) - modify hermetic build docs ([#3331](googleapis/sdk-platform-java#3331)) ([25023af](googleapis/sdk-platform-java@25023af)) </details> <details> <summary>googleapis/java-spanner (com.google.cloud:google-cloud-spanner)</summary> ### [`v6.83.0`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6830-2024-12-13) ##### Features - Add Metrics host for built in metrics ([#3519](googleapis/java-spanner#3519)) ([4ed455a](googleapis/java-spanner@4ed455a)) - Add opt-in for using multiplexed sessions for blind writes ([#3540](googleapis/java-spanner#3540)) ([216f53e](googleapis/java-spanner@216f53e)) - Add UUID in Spanner TypeCode enum ([41f83dc](googleapis/java-spanner@41f83dc)) - Introduce java.time variables and methods ([#3495](googleapis/java-spanner#3495)) ([8a7d533](googleapis/java-spanner@8a7d533)) - **spanner:** Support multiplexed session for Partitioned operations ([#3231](googleapis/java-spanner#3231)) ([4501a3e](googleapis/java-spanner@4501a3e)) - Support 'set local' for retry_aborts_internally ([#3532](googleapis/java-spanner#3532)) ([331942f](googleapis/java-spanner@331942f)) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.51.0 ([41f83dc](googleapis/java-spanner@41f83dc)) ##### Dependencies - Update sdk platform java dependencies ([#3549](googleapis/java-spanner#3549)) ([6235f0f](googleapis/java-spanner@6235f0f)) </details> <details> <summary>googleapis/java-logging (com.google.cloud:google-cloud-logging)</summary> ### [`v3.21.0`](https://github.com/googleapis/java-logging/blob/HEAD/CHANGELOG.md#3210-2024-12-13) ##### Features - Introduce `java.time` methods ([#1729](googleapis/java-logging#1729)) ([323eb33](googleapis/java-logging@323eb33)) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.51.0 ([04d8868](googleapis/java-logging@04d8868)) ##### Dependencies - Update dependency io.opentelemetry:opentelemetry-bom to v1.45.0 ([#1638](googleapis/java-logging#1638)) ([7e007d4](googleapis/java-logging@7e007d4)) - Update sdk platform java dependencies ([#1736](googleapis/java-logging#1736)) ([88b4cdf](googleapis/java-logging@88b4cdf)) </details> <details> <summary>googleapis/java-datastore (com.google.cloud:google-cloud-datastore)</summary> ### [`v2.25.1`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2251-2024-12-13) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.51.0 ([106ee4d](googleapis/java-datastore@106ee4d)) ##### Dependencies - Update sdk platform java dependencies ([#1685](googleapis/java-datastore#1685)) ([4372350](googleapis/java-datastore@4372350)) ### [`v2.25.0`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2250-2024-12-11) ##### Features - Introduce `java.time` methods and variables ([#1671](googleapis/java-datastore#1671)) ([5a78a80](googleapis/java-datastore@5a78a80)) ##### Dependencies - Update dependency com.google.cloud:gapic-libraries-bom to v1.48.0 ([#1605](googleapis/java-datastore#1605)) ([5c6a678](googleapis/java-datastore@5c6a678)) ##### Documentation - Update gapic upgrade installation instructions ([#1677](googleapis/java-datastore#1677)) ([b3fbfcc](googleapis/java-datastore@b3fbfcc)) </details> <details> <summary>autonomousapps/dependency-analysis-android-gradle-plugin (com.autonomousapps.dependency-analysis)</summary> ### [`v2.6.1`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-261) - \[Fix]: `superClassName` can be null (Object has no superclass). </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.44.1`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.44.1): 1.44.1 ##### Components ##### Continuous Integration Visibility - 🐛 Fix tracing JUnit5 tests in Maven projects with multiple forks ([#8089](DataDog/dd-trace-java#8089) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) ### [`v1.44.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.44.0): 1.44.0 ##### Known Issues > \[!WARNING]\ > This release contains a known issue that causes failures when using Test Optimization to trace JUnit 5 tests in a Maven project where Maven Surefire is configured with `forkCount` > 1. > The issue is fixed in v1.44.1 ##### Breaking Changes > \[!WARNING]\ > Support for `X-Forwarded` header is dropped from default client IP resolution. > It can still be re-activated using the `dd.trace.client-ip-header=x-forwarded` system property, or the `DD_TRACE_CLIENT_IP_HEADER=x-forwarded` environment variable. See [#7946](DataDog/dd-trace-java#7946). ##### Components ##### Application Security Management (IAST) - ✨ Set unexpected IAST exceptions to debug log level ([#8044](DataDog/dd-trace-java#8044) - [@smola](https://github.com/smola)) - ✨ Increase IAST propagation to StringBuffer subSequence ([#8038](DataDog/dd-trace-java#8038) - [@Mariovido](https://github.com/Mariovido)) - ✨ Increase IAST propagation to StringBuilder subSequence ([#8026](DataDog/dd-trace-java#8026) - [@Mariovido](https://github.com/Mariovido)) - ✨ Add IAST propagation to String valueOf ([#8013](DataDog/dd-trace-java#8013) - [@Mariovido](https://github.com/Mariovido)) - ✨ Increase IAST propagation to StringBuilder append ([#8010](DataDog/dd-trace-java#8010) - [@Mariovido](https://github.com/Mariovido)) - ✨ Expand SSRF support in IAST to apache-httpclient-5 and apache-httpasyncclient-4 ([#7920](DataDog/dd-trace-java#7920) - [@Mariovido](https://github.com/Mariovido)) ##### Build & Tooling - ✨ Generate Muzzle classes for Groovy instrumentations ([#8004](DataDog/dd-trace-java#8004) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) ##### Continuous Integration Visibility - ✨ Support distributed traces in tests ([#8078](DataDog/dd-trace-java#8078) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Implement fail-fast tests ordering for JUnit 5 ([#8055](DataDog/dd-trace-java#8055) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Mark JUnit 5 setup and teardown action spans as failed if there is an error ([#8033](DataDog/dd-trace-java#8033) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add tracing of setup and teardown actions in JUnit 4 ([#8030](DataDog/dd-trace-java#8030) - [@daniel-mohedano](https://github.com/daniel-mohedano)) ##### Crash tracking - ✨ Improve crash tracking install logging ([#8045](DataDog/dd-trace-java#8045) - [@PerfectSlayer](https://github.com/PerfectSlayer)) ##### Data Streams Monitoring - 🐛 Add Data Streams support in AWS SQS without raw message delivery ([#8071](DataDog/dd-trace-java#8071) - [@piochelepiotr](https://github.com/piochelepiotr)) - ✨ Add new tag for enabled products / features to DSM checkpoints ([#8051](DataDog/dd-trace-java#8051) - [@kr-igor](https://github.com/kr-igor)) - 💡 Instrument self hosted Kafka connectors ([#7959](DataDog/dd-trace-java#7959) - [@piochelepiotr](https://github.com/piochelepiotr)) ##### Dynamic Instrumentation - ✨ Add Micronaut 4 support for code origin for spans ([#8039](DataDog/dd-trace-java#8039) - [@jpbempel](https://github.com/jpbempel)) - ✨ Refactor probe matching for methods ([#8021](DataDog/dd-trace-java#8021) - [@jpbempel](https://github.com/jpbempel)) - ✨ Update the CodeOriginProbe fingerprint to not rely on a stack walk ([#8016](DataDog/dd-trace-java#8016) - [@evanchooly](https://github.com/evanchooly)) - ✨ Implement code origin support for grpc server entry spans ([#7942](DataDog/dd-trace-java#7942) - [@evanchooly](https://github.com/evanchooly)) ##### GraalVM native-image - 🐛 Update Graal build-time instrumentation config for TracePropagationStyle ([#8065](DataDog/dd-trace-java#8065) - [@MattAlp](https://github.com/MattAlp)) - 🐛 Fix NoClassDefFoundError: Could not initialize class DDSpanLink$EncoderHolder in Graal native-image ([#8036](DataDog/dd-trace-java#8036) - [@mcculls](https://github.com/mcculls)) - 🐛🧹 Fix native-image generation of reactive applications ([#8012](DataDog/dd-trace-java#8012) - [@mcculls](https://github.com/mcculls)) ##### OpenTracing - 🧹 Custom ScopeManagers are deprecated and will be removed in a future release of dd-trace-ot ([#8058](DataDog/dd-trace-java#8058) - [@mcculls](https://github.com/mcculls)) ##### Tracer core - ✨🧪 Service naming: split by jee deployment ([#8064](DataDog/dd-trace-java#8064) - [@amarziali](https://github.com/amarziali)) - ✨ Exclude jboss mdb proxies from instrumenting ([#8061](DataDog/dd-trace-java#8061) - [@amarziali](https://github.com/amarziali)) - ✨ Add a built-in trace interceptor for keeping traces depending of their latency ([#8040](DataDog/dd-trace-java#8040) - [@cecile75](https://github.com/cecile75)) - 💡 Introduce marker mechanism for eagerly initializing helpers ([#8028](DataDog/dd-trace-java#8028) - [@mcculls](https://github.com/mcculls)) - 💡 Add JSON component ([#7973](DataDog/dd-trace-java#7973) - [@PerfectSlayer](https://github.com/PerfectSlayer)) - ✨⚠️ Remove support for X-Forwarded in client IP resolution ([#7946](DataDog/dd-trace-java#7946) - [@smola](https://github.com/smola)) ##### Instrumentations ##### Apache HttpComponents - ✨ Expand SSRF support in IAST to apache-httpclient-5 and apache-httpasyncclient-4 ([#7920](DataDog/dd-trace-java#7920) - [@Mariovido](https://github.com/Mariovido)) ##### gRPC instrumentation - 🐛 Use lower priorities for grpc server errors ([#8043](DataDog/dd-trace-java#8043) - [@amarziali](https://github.com/amarziali)) ##### JDBC instrumentation - ✨ Add trace injection for prepared statements in Postgres ([#7940](DataDog/dd-trace-java#7940) - [@nenadnoveljic](https://github.com/nenadnoveljic)) ##### JMS instrumentation - 🐛 Protect mdb from instrumenting multiple time the same event ([#8062](DataDog/dd-trace-java#8062) - [@amarziali](https://github.com/amarziali)) ##### Kafka instrumentation - 💡 Instrument self hosted Kafka connectors ([#7959](DataDog/dd-trace-java#7959) - [@piochelepiotr](https://github.com/piochelepiotr)) ##### OpenTelemetry instrumentation - 🐛 Support using OpenTelemetry Event API inside `@WithSpan` annotated method ([#8019](DataDog/dd-trace-java#8019) - [@mcculls](https://github.com/mcculls)) ##### Reactor instrumentation - 🐛🧹 Fix native-image generation of reactive applications ([#8012](DataDog/dd-trace-java#8012) - [@mcculls](https://github.com/mcculls)) ##### Spring instrumentation - 🐛 Avoid double instrumenting lambdas on latest spring scheduling ([#8005](DataDog/dd-trace-java#8005) - [@amarziali](https://github.com/amarziali)) ##### All other instrumentations - 🐛 Twilio: allow service name flattening ([#8025](DataDog/dd-trace-java#8025) - [@amarziali](https://github.com/amarziali)) - ✨ Instrument Mulesoft 4.5.0+ ([#7981](DataDog/dd-trace-java#7981) - [@amarziali](https://github.com/amarziali)) </details> <details> <summary>aws/aws-sdk-java (com.amazonaws:aws-java-sdk-sqs)</summary> ### [`v1.12.780`](https://github.com/aws/aws-sdk-java/blob/HEAD/CHANGELOG.md#112780-2024-12-11) [Compare Source](aws/aws-sdk-java@1.12.779...1.12.780) #### **Amazon Simple Storage Service** - ### Bugfixes - AWS SDK for Java 1.x now includes additional validation for Amazon S3 client APIs to handle scenarios where an empty string ('') is passed as the key argument to the following operations: PutObject, DeleteObject, ListObjects, GetObjectMetaData, ListObjectsV2, SetObjectTagging, GetObjectTagging, SetObjectAcl, GetObjectAcl, SetObjectLegalHold, GetObjectLegalHold, CopyObject, CopyPart, SelectObjectContent, SetObjectRetention, GetObjectRetention, AbortMultipartUpload, CompleteMultipartUpload, InitiateMultipartUpload, ListParts, UploadPart, RestoreObjectV2, and RestoreObject. The SDK will validate the key argument and throw an exception if it is an empty string, ensuring correct and expected behavior. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 69831bc62ea4d80cdcd42cef2aa9bd8eda28ae8c

Mariovido added 2 commits November 27, 2024 14:38

Add support for stringbuilder subsequence

216bac7

Refactor tests

f617c28

Mariovido added type: enhancement comp: asm iast Application Security Management (IAST) labels Nov 27, 2024

Mariovido marked this pull request as ready for review November 27, 2024 14:45

Mariovido requested a review from a team as a code owner November 27, 2024 14:45

smola approved these changes Nov 28, 2024

View reviewed changes

jandro996 reviewed Nov 28, 2024

View reviewed changes

dd-java-agent/instrumentation/java-lang/src/test/java/foo/bar/TestStringBufferSuite.java Show resolved Hide resolved

jandro996 approved these changes Nov 28, 2024

View reviewed changes

Mariovido merged commit 9f01834 into master Nov 29, 2024
110 checks passed

Mariovido deleted the mario.vidal/taint_tracking_string_builder_subsequence branch November 29, 2024 10:40

github-actions bot added this to the 1.44.0 milestone Nov 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Increase IAST propagation to StringBuilder subSequence #8026

Increase IAST propagation to StringBuilder subSequence #8026

Mariovido commented Nov 27, 2024 •

edited

Loading

pr-commenter bot commented Nov 27, 2024 •

edited

Loading

Increase IAST propagation to StringBuilder subSequence #8026

Increase IAST propagation to StringBuilder subSequence #8026

Conversation

Mariovido commented Nov 27, 2024 • edited Loading

What Does This Do

Motivation

Additional Notes

Contributor Checklist

pr-commenter bot commented Nov 27, 2024 • edited Loading

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Mariovido commented Nov 27, 2024 •

edited

Loading

pr-commenter bot commented Nov 27, 2024 •

edited

Loading