[ASM] RASP: Command injection vulnerability implementation

[NachoEchevarria]

Summary of changes

This PR contains the implementation of the RASP command injection vulnerability. Previously, the shell injection vulnerability was implemented, which is similar but only occurs the flag UseShellExecute is set to false in method process.start().

The definition of this new vulnerability can be found here: https://docs.google.com/document/d/1DDWy3frMXDTAbk-BfnZ1FdRwuPx6Pl7AWyR4zjqRFZw/edit?tab=t.0#heading=h.giijrtyn1fdx

Reason for change

It's required for RASP.

Implementation details

Test coverage

Other details

[github-actions]

Snapshots difference summary

The following differences have been observed in committed snapshots. It is meant to help the reviewer.
The diff is simplistic, so please check some files anyway while we improve it.

8 occurrences of :

-      _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]},
+      _dd.appsec.json: {"triggers":[{"rule":{"id":"rasp-932-100","name":"Shell command injection exploit","tags":{"category":"vulnerability_trigger","type":"command_injection"}},"rule_matches":[{"operator":"shi_detector","operator_value":"","parameters":[{"address":null,"highlight":[";evilCommand"],"key_path":null,"value":null}]}],"span_id": XXX}]},

[datadog-ddstaging]

Datadog Report

Branch report: nacho/CommandInjection
Commit report: ae3b173
Test service: dd-trace-dotnet

✅ 0 Failed, 450014 Passed, 2715 Skipped, 19h 39m 40.99s Total Time

[andrewlock]

Execution-Time Benchmarks Report ⏱️

Execution-time results for samples comparing the following branches/commits:

• This PR (6323)
• master

Execution-time benchmarks measure the whole time it takes to execute a program. And are intended to measure the one-off costs. Cases where the execution time results for the PR are worse than latest master results are shown in red. The following thresholds were used for comparing the execution times:

• Welch test with statistical test for significance of 5%
• Only results indicating a difference greater than 5% and 5 ms are considered.

Note that these results are based on a single point-in-time result for each branch. For full results, see the dashboard.

Graphs show the p99 interval based on the mean and StdDev of the test run, as well as the mean value of the run (shown as a diamond below the graph).

gantt
    title Execution time (ms) FakeDbCommand (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6323) - mean (69ms)  : 67, 71
     .   : milestone, 69,
    master - mean (69ms)  : 66, 72
     .   : milestone, 69,

    section CallTarget+Inlining+NGEN
    This PR (6323) - mean (979ms)  : 950, 1007
     .   : milestone, 979,
    master - mean (981ms)  : 961, 1002
     .   : milestone, 981,

Loading

gantt
    title Execution time (ms) FakeDbCommand (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6323) - mean (108ms)  : 105, 110
     .   : milestone, 108,
    master - mean (108ms)  : 106, 109
     .   : milestone, 108,

    section CallTarget+Inlining+NGEN
    This PR (6323) - mean (677ms)  : 661, 692
     .   : milestone, 677,
    master - mean (680ms)  : 664, 697
     .   : milestone, 680,

Loading

gantt
    title Execution time (ms) FakeDbCommand (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6323) - mean (91ms)  : 89, 93
     .   : milestone, 91,
    master - mean (91ms)  : 90, 93
     .   : milestone, 91,

    section CallTarget+Inlining+NGEN
    This PR (6323) - mean (626ms)  : 609, 643
     .   : milestone, 626,
    master - mean (632ms)  : 619, 645
     .   : milestone, 632,

Loading

gantt
    title Execution time (ms) HttpMessageHandler (.NET Framework 4.6.2) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6323) - mean (191ms)  : 185, 196
     .   : milestone, 191,
    master - mean (191ms)  : 186, 195
     .   : milestone, 191,

    section CallTarget+Inlining+NGEN
    This PR (6323) - mean (1,088ms)  : 1061, 1115
     .   : milestone, 1088,
    master - mean (1,089ms)  : 1059, 1119
     .   : milestone, 1089,

Loading

gantt
    title Execution time (ms) HttpMessageHandler (.NET Core 3.1) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6323) - mean (277ms)  : 273, 281
     .   : milestone, 277,
    master - mean (275ms)  : 271, 278
     .   : milestone, 275,

    section CallTarget+Inlining+NGEN
    This PR (6323) - mean (870ms)  : 837, 903
     .   : milestone, 870,
    master - mean (869ms)  : 837, 901
     .   : milestone, 869,

Loading

gantt
    title Execution time (ms) HttpMessageHandler (.NET 6) 
    dateFormat  X
    axisFormat %s
    todayMarker off
    section Baseline
    This PR (6323) - mean (266ms)  : 260, 272
     .   : milestone, 266,
    master - mean (265ms)  : 261, 270
     .   : milestone, 265,

    section CallTarget+Inlining+NGEN
    This PR (6323) - mean (844ms)  : 809, 879
     .   : milestone, 844,
    master - mean (853ms)  : 824, 881
     .   : milestone, 853,

Loading

[andrewlock]

Benchmarks Report for tracer 🐌

Benchmarks for #6323 compared to master:

• 2 benchmarks are faster, with geometric mean 1.133
• 3 benchmarks are slower, with geometric mean 1.152
• 1 benchmarks have more allocations

The following thresholds were used for comparing the benchmark speeds:

• Mann–Whitney U test with statistical test for significance of 5%
• Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.ActivityBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	StartStopWithChild	net6.0	7.95μs	43ns	228ns	0.0238	0.00794	0	5.61 KB
master	StartStopWithChild	netcoreapp3.1	9.96μs	54.6ns	345ns	0.0202	0.0101	0	5.81 KB
master	StartStopWithChild	net472	16.2μs	49.5ns	192ns	1.04	0.305	0.0964	6.21 KB
#6323	StartStopWithChild	net6.0	8.18μs	46.2ns	333ns	0.016	0.00798	0	5.61 KB
#6323	StartStopWithChild	netcoreapp3.1	9.91μs	49.1ns	240ns	0.0197	0.00985	0	5.8 KB
#6323	StartStopWithChild	net472	16.3μs	56.9ns	220ns	1.03	0.292	0.0893	6.21 KB

Benchmarks.Trace.AgentWriterBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	WriteAndFlushEnrichedTraces	net6.0	489μs	519ns	2.01μs	0	0	0	2.7 KB
master	WriteAndFlushEnrichedTraces	netcoreapp3.1	660μs	300ns	1.12μs	0	0	0	2.7 KB
master	WriteAndFlushEnrichedTraces	net472	856μs	435ns	1.68μs	0.428	0	0	3.3 KB
#6323	WriteAndFlushEnrichedTraces	net6.0	489μs	398ns	1.54μs	0	0	0	2.7 KB
#6323	WriteAndFlushEnrichedTraces	netcoreapp3.1	683μs	426ns	1.6μs	0	0	0	2.7 KB
#6323	WriteAndFlushEnrichedTraces	net472	839μs	440ns	1.59μs	0.419	0	0	3.3 KB

Benchmarks.Trace.AspNetCoreBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	SendRequest	net6.0	149μs	905ns	9.01μs	0.14	0	0	14.47 KB
master	SendRequest	netcoreapp3.1	170μs	1.01μs	9.72μs	0.16	0	0	17.27 KB
master	SendRequest	net472	0.000648ns	0.000333ns	0.00129ns	0	0	0	0 b
#6323	SendRequest	net6.0	154μs	1.05μs	10.4μs	0.14	0	0	14.47 KB
#6323	SendRequest	netcoreapp3.1	174μs	1.25μs	12.1μs	0.138	0	0	17.27 KB
#6323	SendRequest	net472	0.000445ns	0.00023ns	0.000859ns	0	0	0	0 b

Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark - Same speed ✔️ More allocations ⚠️

More allocations ⚠️ in #6323

Benchmark	Base Allocated	Diff Allocated	Change	Change %
Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark.WriteAndFlushEnrichedTraces‑net6.0	41.56 KB	41.81 KB	254 B	0.61%

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	WriteAndFlushEnrichedTraces	net6.0	573μs	3.21μs	20.8μs	0.563	0	0	41.56 KB
master	WriteAndFlushEnrichedTraces	netcoreapp3.1	687μs	3.4μs	14.4μs	0.331	0	0	41.85 KB
master	WriteAndFlushEnrichedTraces	net472	866μs	4.24μs	18.9μs	8.45	2.53	0.422	53.33 KB
#6323	WriteAndFlushEnrichedTraces	net6.0	570μs	2.47μs	9.58μs	0.573	0	0	41.81 KB
#6323	WriteAndFlushEnrichedTraces	netcoreapp3.1	680μs	2.84μs	10.6μs	0.34	0	0	41.81 KB
#6323	WriteAndFlushEnrichedTraces	net472	854μs	4.17μs	16.7μs	8.22	2.47	0.411	53.25 KB

Benchmarks.Trace.DbCommandBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	ExecuteNonQuery	net6.0	1.38μs	1.62ns	6.27ns	0.014	0	0	1.02 KB
master	ExecuteNonQuery	netcoreapp3.1	1.75μs	1.28ns	4.94ns	0.0141	0	0	1.02 KB
master	ExecuteNonQuery	net472	2.06μs	1.74ns	6.52ns	0.157	0.00103	0	987 B
#6323	ExecuteNonQuery	net6.0	1.32μs	0.973ns	3.64ns	0.0139	0	0	1.02 KB
#6323	ExecuteNonQuery	netcoreapp3.1	1.69μs	1.16ns	4.51ns	0.0136	0	0	1.02 KB
#6323	ExecuteNonQuery	net472	2.12μs	2.82ns	10.9ns	0.157	0.00106	0	987 B

Benchmarks.Trace.ElasticsearchBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #6323

Benchmark	diff/base	Base Median (ns)	Diff Median (ns)	Modality
Benchmarks.Trace.ElasticsearchBenchmark.CallElasticsearch‑net6.0	1.182	1,070.28	1,265.16

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	CallElasticsearch	net6.0	1.07μs	0.383ns	1.48ns	0.0139	0	0	976 B
master	CallElasticsearch	netcoreapp3.1	1.53μs	3.8ns	14.7ns	0.0127	0	0	976 B
master	CallElasticsearch	net472	2.53μs	1.78ns	6.91ns	0.158	0	0	995 B
master	CallElasticsearchAsync	net6.0	1.35μs	0.994ns	3.85ns	0.0129	0	0	952 B
master	CallElasticsearchAsync	netcoreapp3.1	1.62μs	0.928ns	3.47ns	0.0139	0	0	1.02 KB
master	CallElasticsearchAsync	net472	2.57μs	1.16ns	4.5ns	0.166	0	0	1.05 KB
#6323	CallElasticsearch	net6.0	1.27μs	0.524ns	1.89ns	0.0139	0	0	976 B
#6323	CallElasticsearch	netcoreapp3.1	1.52μs	0.966ns	3.61ns	0.013	0	0	976 B
#6323	CallElasticsearch	net472	2.56μs	1.92ns	7.43ns	0.157	0	0	995 B
#6323	CallElasticsearchAsync	net6.0	1.26μs	0.665ns	2.57ns	0.0133	0	0	952 B
#6323	CallElasticsearchAsync	netcoreapp3.1	1.62μs	0.59ns	2.21ns	0.0138	0	0	1.02 KB
#6323	CallElasticsearchAsync	net472	2.7μs	0.748ns	2.8ns	0.166	0	0	1.05 KB

Benchmarks.Trace.GraphQLBenchmark - Faster 🎉 Same allocations ✔️

Faster 🎉 in #6323

Benchmark	base/diff	Base Median (ns)	Diff Median (ns)	Modality
Benchmarks.Trace.GraphQLBenchmark.ExecuteAsync‑net6.0	1.122	1,361.30	1,212.96

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	ExecuteAsync	net6.0	1.36μs	0.59ns	2.28ns	0.0129	0	0	952 B
master	ExecuteAsync	netcoreapp3.1	1.71μs	1.26ns	4.73ns	0.0128	0	0	952 B
master	ExecuteAsync	net472	1.8μs	0.991ns	3.84ns	0.145	0	0	915 B
#6323	ExecuteAsync	net6.0	1.21μs	1.41ns	5.29ns	0.0133	0	0	952 B
#6323	ExecuteAsync	netcoreapp3.1	1.69μs	0.879ns	3.4ns	0.0126	0	0	952 B
#6323	ExecuteAsync	net472	1.84μs	0.533ns	2ns	0.145	0	0	915 B

Benchmarks.Trace.HttpClientBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	SendAsync	net6.0	4.39μs	0.787ns	2.84ns	0.0329	0	0	2.31 KB
master	SendAsync	netcoreapp3.1	5.3μs	1.78ns	6.65ns	0.0372	0	0	2.85 KB
master	SendAsync	net472	7.32μs	1.84ns	7.12ns	0.496	0	0	3.12 KB
#6323	SendAsync	net6.0	4.46μs	2.32ns	8.69ns	0.0331	0	0	2.31 KB
#6323	SendAsync	netcoreapp3.1	5.31μs	2.46ns	9.22ns	0.037	0	0	2.85 KB
#6323	SendAsync	net472	7.3μs	1.49ns	5.59ns	0.494	0	0	3.12 KB

Benchmarks.Trace.ILoggerBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	EnrichedLog	net6.0	1.44μs	0.902ns	3.25ns	0.0232	0	0	1.64 KB
master	EnrichedLog	netcoreapp3.1	2.2μs	1.08ns	4.02ns	0.0222	0	0	1.64 KB
master	EnrichedLog	net472	2.57μs	0.955ns	3.57ns	0.249	0	0	1.57 KB
#6323	EnrichedLog	net6.0	1.46μs	5.71ns	22.1ns	0.0232	0	0	1.64 KB
#6323	EnrichedLog	netcoreapp3.1	2.36μs	1.67ns	6.46ns	0.0224	0	0	1.64 KB
#6323	EnrichedLog	net472	2.54μs	1.72ns	6.68ns	0.25	0	0	1.57 KB

Benchmarks.Trace.Log4netBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	EnrichedLog	net6.0	119μs	167ns	648ns	0	0	0	4.28 KB
master	EnrichedLog	netcoreapp3.1	124μs	80.7ns	313ns	0	0	0	4.28 KB
master	EnrichedLog	net472	152μs	118ns	424ns	0.681	0.227	0	4.46 KB
#6323	EnrichedLog	net6.0	120μs	162ns	629ns	0.0604	0	0	4.28 KB
#6323	EnrichedLog	netcoreapp3.1	125μs	124ns	465ns	0	0	0	4.28 KB
#6323	EnrichedLog	net472	152μs	110ns	410ns	0.681	0.227	0	4.46 KB

Benchmarks.Trace.NLogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	EnrichedLog	net6.0	3.14μs	0.853ns	3.19ns	0.0299	0	0	2.2 KB
master	EnrichedLog	netcoreapp3.1	4.24μs	1.61ns	6.25ns	0.03	0	0	2.2 KB
master	EnrichedLog	net472	4.86μs	1.96ns	7.59ns	0.319	0	0	2.02 KB
#6323	EnrichedLog	net6.0	2.92μs	1.24ns	4.81ns	0.0305	0	0	2.2 KB
#6323	EnrichedLog	netcoreapp3.1	4.03μs	1.37ns	5.32ns	0.0284	0	0	2.2 KB
#6323	EnrichedLog	net472	4.8μs	1.45ns	5.43ns	0.32	0	0	2.02 KB

Benchmarks.Trace.RedisBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	SendReceive	net6.0	1.36μs	0.625ns	2.16ns	0.0164	0	0	1.14 KB
master	SendReceive	netcoreapp3.1	1.68μs	1.22ns	4.24ns	0.015	0	0	1.14 KB
master	SendReceive	net472	2.05μs	0.976ns	3.52ns	0.183	0	0	1.16 KB
#6323	SendReceive	net6.0	1.42μs	1.25ns	4.84ns	0.0162	0	0	1.14 KB
#6323	SendReceive	netcoreapp3.1	1.74μs	1.08ns	4.05ns	0.0156	0	0	1.14 KB
#6323	SendReceive	net472	2.13μs	0.724ns	2.61ns	0.184	0	0	1.16 KB

Benchmarks.Trace.SerilogBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	EnrichedLog	net6.0	2.75μs	0.938ns	3.51ns	0.0219	0	0	1.6 KB
master	EnrichedLog	netcoreapp3.1	3.95μs	1.67ns	6.48ns	0.0217	0	0	1.65 KB
master	EnrichedLog	net472	4.41μs	2.38ns	9.21ns	0.324	0	0	2.04 KB
#6323	EnrichedLog	net6.0	2.83μs	1.56ns	5.84ns	0.0226	0	0	1.6 KB
#6323	EnrichedLog	netcoreapp3.1	4.08μs	3.35ns	13ns	0.0224	0	0	1.65 KB
#6323	EnrichedLog	net472	4.4μs	1.2ns	4.32ns	0.323	0	0	2.04 KB

Benchmarks.Trace.SpanBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #6323

Benchmark	diff/base	Base Median (ns)	Diff Median (ns)	Modality
Benchmarks.Trace.SpanBenchmark.StartFinishSpan‑net6.0	1.126	395.67	445.71

Faster 🎉 in #6323

Benchmark	base/diff	Base Median (ns)	Diff Median (ns)	Modality
Benchmarks.Trace.SpanBenchmark.StartFinishSpan‑net472	1.143	722.52	632.19

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	StartFinishSpan	net6.0	395ns	0.512ns	1.84ns	0.00814	0	0	576 B
master	StartFinishSpan	netcoreapp3.1	556ns	2.07ns	8.01ns	0.00789	0	0	576 B
master	StartFinishSpan	net472	724ns	2.09ns	8.08ns	0.0915	0	0	578 B
master	StartFinishScope	net6.0	540ns	0.911ns	3.53ns	0.00984	0	0	696 B
master	StartFinishScope	netcoreapp3.1	775ns	1.25ns	4.85ns	0.00926	0	0	696 B
master	StartFinishScope	net472	934ns	1.22ns	4.73ns	0.104	0	0	658 B
#6323	StartFinishSpan	net6.0	446ns	0.623ns	2.41ns	0.00811	0	0	576 B
#6323	StartFinishSpan	netcoreapp3.1	576ns	1.25ns	4.83ns	0.00783	0	0	576 B
#6323	StartFinishSpan	net472	633ns	1.14ns	4.4ns	0.0917	0	0	578 B
#6323	StartFinishScope	net6.0	497ns	0.85ns	3.29ns	0.00969	0	0	696 B
#6323	StartFinishScope	netcoreapp3.1	763ns	3.75ns	15ns	0.00958	0	0	696 B
#6323	StartFinishScope	net472	879ns	1.69ns	6.56ns	0.104	0	0	658 B

Benchmarks.Trace.TraceAnnotationsBenchmark - Slower ⚠️ Same allocations ✔️

Slower ⚠️ in #6323

Benchmark	diff/base	Base Median (ns)	Diff Median (ns)	Modality
Benchmarks.Trace.TraceAnnotationsBenchmark.RunOnMethodBegin‑net6.0	1.148	576.21	661.59

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	RunOnMethodBegin	net6.0	576ns	0.608ns	2.35ns	0.00977	0	0	696 B
master	RunOnMethodBegin	netcoreapp3.1	913ns	1.52ns	5.9ns	0.00932	0	0	696 B
master	RunOnMethodBegin	net472	1.1μs	1.9ns	7.37ns	0.104	0	0	658 B
#6323	RunOnMethodBegin	net6.0	661ns	0.739ns	2.86ns	0.00983	0	0	696 B
#6323	RunOnMethodBegin	netcoreapp3.1	914ns	2.14ns	8.27ns	0.00926	0	0	696 B
#6323	RunOnMethodBegin	net472	1.13μs	2.07ns	8.02ns	0.104	0	0	658 B

[NachoEchevarria]

The values has been updated in the dd-go repo common_metrics file as well

[andrewlock]

Benchmarks Report for appsec 🐌

Benchmarks for #6323 compared to master:

• All benchmarks have the same speed
• 1 benchmarks have fewer allocations
• 1 benchmarks have more allocations

The following thresholds were used for comparing the benchmark speeds:

• Mann–Whitney U test with statistical test for significance of 5%
• Only results indicating a difference greater than 10% and 0.3 ns are considered.

Allocation changes below 0.5% are ignored.

Benchmark details

Benchmarks.Trace.Asm.AppSecBodyBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	AllCycleSimpleBody	net6.0	219μs	239ns	926ns	2.51	0	0	176.82 KB
master	AllCycleSimpleBody	netcoreapp3.1	320μs	258ns	1μs	2.42	0	0	184.26 KB
master	AllCycleSimpleBody	net472	283μs	300ns	1.16μs	33.3	2.54	0	210.04 KB
master	AllCycleMoreComplexBody	net6.0	226μs	251ns	938ns	2.48	0	0	180.33 KB
master	AllCycleMoreComplexBody	netcoreapp3.1	326μs	239ns	896ns	2.46	0	0	187.68 KB
master	AllCycleMoreComplexBody	net472	298μs	583ns	2.26μs	33.9	2.52	0	213.56 KB
master	ObjectExtractorSimpleBody	net6.0	142ns	0.146ns	0.564ns	0.00395	0	0	280 B
master	ObjectExtractorSimpleBody	netcoreapp3.1	211ns	0.182ns	0.681ns	0.00372	0	0	272 B
master	ObjectExtractorSimpleBody	net472	218ns	0.207ns	0.773ns	0.0446	0	0	281 B
master	ObjectExtractorMoreComplexBody	net6.0	3.08μs	1.41ns	5.07ns	0.0523	0	0	3.78 KB
master	ObjectExtractorMoreComplexBody	netcoreapp3.1	3.98μs	4.25ns	15.3ns	0.0489	0	0	3.69 KB
master	ObjectExtractorMoreComplexBody	net472	4.67μs	5.22ns	20.2ns	0.601	0.00472	0	3.8 KB
#6323	AllCycleSimpleBody	net6.0	215μs	88.1ns	330ns	2.48	0	0	176.82 KB
#6323	AllCycleSimpleBody	netcoreapp3.1	317μs	168ns	627ns	2.42	0	0	184.27 KB
#6323	AllCycleSimpleBody	net472	280μs	152ns	568ns	33.3	2.47	0	210.05 KB
#6323	AllCycleMoreComplexBody	net6.0	222μs	219ns	818ns	2.56	0	0	180.33 KB
#6323	AllCycleMoreComplexBody	netcoreapp3.1	327μs	192ns	693ns	2.47	0	0	187.68 KB
#6323	AllCycleMoreComplexBody	net472	288μs	115ns	447ns	33.8	2.58	0	213.56 KB
#6323	ObjectExtractorSimpleBody	net6.0	140ns	0.132ns	0.493ns	0.00396	0	0	280 B
#6323	ObjectExtractorSimpleBody	netcoreapp3.1	211ns	0.0952ns	0.343ns	0.00373	0	0	272 B
#6323	ObjectExtractorSimpleBody	net472	237ns	0.25ns	0.937ns	0.0446	0	0	281 B
#6323	ObjectExtractorMoreComplexBody	net6.0	3.1μs	1.2ns	4.5ns	0.0525	0	0	3.78 KB
#6323	ObjectExtractorMoreComplexBody	netcoreapp3.1	3.92μs	2.05ns	7.92ns	0.051	0	0	3.69 KB
#6323	ObjectExtractorMoreComplexBody	net472	4.75μs	2.62ns	9.8ns	0.601	0.00477	0	3.8 KB

Benchmarks.Trace.Asm.AppSecEncoderBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	EncodeArgs	net6.0	37.7μs	43.5ns	163ns	0.451	0	0	32.4 KB
master	EncodeArgs	netcoreapp3.1	54.4μs	16.1ns	60.2ns	0.431	0	0	32.4 KB
master	EncodeArgs	net472	67.6μs	40.6ns	157ns	5.16	0.0679	0	32.5 KB
master	EncodeLegacyArgs	net6.0	72.8μs	47.1ns	183ns	0	0	0	2.14 KB
master	EncodeLegacyArgs	netcoreapp3.1	105μs	196ns	757ns	0	0	0	2.14 KB
master	EncodeLegacyArgs	net472	159μs	75.7ns	293ns	0.321	0	0	2.15 KB
#6323	EncodeArgs	net6.0	37.5μs	15.8ns	61.2ns	0.448	0	0	32.4 KB
#6323	EncodeArgs	netcoreapp3.1	54.4μs	27.7ns	100ns	0.431	0	0	32.4 KB
#6323	EncodeArgs	net472	68μs	84.8ns	328ns	5.14	0.0681	0	32.5 KB
#6323	EncodeLegacyArgs	net6.0	74.7μs	34.5ns	134ns	0	0	0	2.14 KB
#6323	EncodeLegacyArgs	netcoreapp3.1	105μs	89.8ns	348ns	0	0	0	2.14 KB
#6323	EncodeLegacyArgs	net472	156μs	88ns	341ns	0.31	0	0	2.15 KB

Benchmarks.Trace.Asm.AppSecWafBenchmark - Same speed ✔️ Same allocations ✔️

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	RunWafRealisticBenchmark	net6.0	183μs	178ns	666ns	0	0	0	2.44 KB
master	RunWafRealisticBenchmark	netcoreapp3.1	194μs	198ns	767ns	0	0	0	2.39 KB
master	RunWafRealisticBenchmark	net472	207μs	242ns	937ns	0.31	0	0	2.46 KB
master	RunWafRealisticBenchmarkWithAttack	net6.0	122μs	133ns	499ns	0	0	0	1.47 KB
master	RunWafRealisticBenchmarkWithAttack	netcoreapp3.1	130μs	185ns	692ns	0	0	0	1.46 KB
master	RunWafRealisticBenchmarkWithAttack	net472	140μs	49.3ns	191ns	0.21	0	0	1.49 KB
#6323	RunWafRealisticBenchmark	net6.0	183μs	127ns	492ns	0	0	0	2.44 KB
#6323	RunWafRealisticBenchmark	netcoreapp3.1	200μs	153ns	594ns	0	0	0	2.39 KB
#6323	RunWafRealisticBenchmark	net472	210μs	80.2ns	311ns	0.315	0	0	2.46 KB
#6323	RunWafRealisticBenchmarkWithAttack	net6.0	123μs	46.8ns	181ns	0	0	0	1.47 KB
#6323	RunWafRealisticBenchmarkWithAttack	netcoreapp3.1	130μs	56.6ns	196ns	0	0	0	1.46 KB
#6323	RunWafRealisticBenchmarkWithAttack	net472	141μs	62.6ns	226ns	0.212	0	0	1.49 KB

Benchmarks.Trace.Iast.StringAspectsBenchmark - Same speed ✔️ More allocations ⚠️

More allocations ⚠️ in #6323

Benchmark	Base Allocated	Diff Allocated	Change	Change %
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark‑net6.0	254.67 KB	256.04 KB	1.37 KB	0.54%

Fewer allocations 🎉 in #6323

Benchmark	Base Allocated	Diff Allocated	Change	Change %
Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatBenchmark‑net472	60.86 KB	59.07 KB	-1.79 KB	-2.94%

Raw results

Branch	Method	Toolchain	Mean	StdError	StdDev	Gen 0	Gen 1	Gen 2	Allocated
master	StringConcatBenchmark	net6.0	60.1μs	756ns	7.44μs	0	0	0	43.44 KB
master	StringConcatBenchmark	netcoreapp3.1	53.4μs	240ns	896ns	0	0	0	42.64 KB
master	StringConcatBenchmark	net472	38.1μs	196ns	959ns	0	0	0	60.86 KB
master	StringConcatAspectBenchmark	net6.0	309μs	1.67μs	9.61μs	0	0	0	254.67 KB
master	StringConcatAspectBenchmark	netcoreapp3.1	346μs	1.99μs	16.4μs	0	0	0	252.61 KB
master	StringConcatAspectBenchmark	net472	293μs	6.54μs	63.4μs	0	0	0	278.53 KB
#6323	StringConcatBenchmark	net6.0	61.5μs	812ns	8.12μs	0	0	0	43.44 KB
#6323	StringConcatBenchmark	netcoreapp3.1	54.3μs	245ns	883ns	0	0	0	42.64 KB
#6323	StringConcatBenchmark	net472	37.8μs	68.6ns	257ns	0	0	0	59.07 KB
#6323	StringConcatAspectBenchmark	net6.0	334μs	1.73μs	8.82μs	0	0	0	256.04 KB
#6323	StringConcatAspectBenchmark	netcoreapp3.1	342μs	1.85μs	13.1μs	0	0	0	253.46 KB
#6323	StringConcatAspectBenchmark	net472	281μs	5.05μs	48.1μs	0	0	0	278.53 KB

[anna-git]

a few NITs but LGTM 🥳

[anna-git]

NIT maybe instead which would allow removing some duplicated codes, could be:

Suggested change

	while (enumerator.MoveNext())
	var canMoveNext = enumerator.MoveNext();
	while (canMoveNext)
	{
	if (enumerator.Current != null)
	{
	FormatArgsInternal(enumerator.Current, sb);
	canMoveNext = enumerator.MoveNext();
	if(canMoveNext)
	{
	sb.Append(", ");
	}
	}
	}

[anna-git]

also there's also a LegacyEncoder that's being used by default

[NachoEchevarria]

I have updated both. Thanks!

[andrewlock]

Throughput/Crank Report ⚡

Throughput results for AspNetCoreSimpleController comparing the following branches/commits:

• This PR (6323)
• master
• benchmarks/2.9.0

Cases where throughput results for the PR are worse than latest master (5% drop or greater), results are shown in red.

Note that these results are based on a single point-in-time result for each branch. For full results, see one of the many, many dashboards!

gantt
    title Throughput Linux x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (6323) (11.120M)   : 0, 11119527
    master (11.381M)   : 0, 11380797
    benchmarks/2.9.0 (11.033M)   : 0, 11032866

    section Automatic
    This PR (6323) (7.131M)   : 0, 7130903
    master (7.372M)   : 0, 7371851
    benchmarks/2.9.0 (7.786M)   : 0, 7785853

    section Trace stats
    master (7.651M)   : 0, 7651180

    section Manual
    master (11.409M)   : 0, 11409121

    section Manual + Automatic
    This PR (6323) (6.695M)   : 0, 6695276
    master (6.820M)   : 0, 6819669

    section DD_TRACE_ENABLED=0
    master (10.284M)   : 0, 10284096

Loading

gantt
    title Throughput Linux arm64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (6323) (8.622M)   : 0, 8622390
    master (9.528M)   : 0, 9528332
    benchmarks/2.9.0 (9.495M)   : 0, 9494821

    section Automatic
    This PR (6323) (6.335M)   : 0, 6334610
    master (6.301M)   : 0, 6300873

    section Trace stats
    master (6.689M)   : 0, 6689036

    section Manual
    master (9.357M)   : 0, 9356534

    section Manual + Automatic
    This PR (6323) (5.973M)   : 0, 5972769
    master (5.894M)   : 0, 5894490

    section DD_TRACE_ENABLED=0
    master (8.921M)   : 0, 8920806

Loading

gantt
    title Throughput Windows x64 (Total requests) 
    dateFormat  X
    axisFormat %s
    section Baseline
    This PR (6323) (9.580M)   : 0, 9580223
    master (9.919M)   : 0, 9919361
    benchmarks/2.9.0 (10.020M)   : 0, 10019592

    section Automatic
    This PR (6323) (6.343M)   : 0, 6343224
    master (6.191M)   : 0, 6191193
    benchmarks/2.9.0 (7.255M)   : 0, 7255257

    section Trace stats
    master (6.913M)   : 0, 6912642

    section Manual
    master (9.741M)   : 0, 9741372

    section Manual + Automatic
    This PR (6323) (5.813M)   : 0, 5813236
    master (5.793M)   : 0, 5793028

    section DD_TRACE_ENABLED=0
    master (9.131M)   : 0, 9130759

Loading