Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve application module performance and security bounds #6647

Merged
merged 1 commit into from
Feb 16, 2024
Merged

Improve application module performance and security bounds #6647

merged 1 commit into from
Feb 16, 2024
+253 −115

Conversation

manuel-alvarez-alvarez
Copy link
Member

What Does This Do

Uses the NIO file visitor API to traverse the folders in order to ensure proper performance and depth bounds for the traversal.

@manuel-alvarez-alvarez manuel-alvarez-alvarez added tag: performance Performance related changes comp: asm iast Application Security Management (IAST) labels Feb 8, 2024
@manuel-alvarez-alvarez manuel-alvarez-alvarez requested a review from a team as a code owner February 8, 2024 12:48
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-improve-app-module branch 4 times, most recently from 7e3143f to f8c22d9 Compare February 8, 2024 13:27
@pr-commenter
Copy link

pr-commenter bot commented Feb 8, 2024
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master malvarez/iast-improve-app-module
git_commit_date 1707860448 1707900592
git_commit_sha 3210501 5453c15
release_version 1.31.0-SNAPSHOT~3210501b95 1.31.0-SNAPSHOT~5453c158c7
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1707903785 1707903785
ci_job_id 433574894 433574894
ci_pipeline_id 28265852 28265852
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
module Agent Agent
parent None None
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 44 metrics, 10 unstable metrics.

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
end_time 2024-02-14T09:19:09 2024-02-14T09:38:03
git_branch master malvarez/iast-improve-app-module
git_commit_date 1707860448 1707900592
git_commit_sha 3210501 5453c15
release_version 1.31.0-SNAPSHOT~3210501b95 1.31.0-SNAPSHOT~5453c158c7
start_time 2024-02-14T09:18:56 2024-02-14T09:37:50
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1707903785 1707903785
ci_job_id 433574894 433574894
ci_pipeline_id 28265852 28265852
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
variant iast iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 16 unstable metrics.

Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.31.0-SNAPSHOT~5453c158c7, baseline=1.31.0-SNAPSHOT~3210501b95
    dateFormat X
    axisFormat %s
section baseline
no_agent (361.61 µs) : 342, 382
.   : milestone, 362,
iast (471.856 µs) : 451, 492
.   : milestone, 472,
iast_FULL (532.907 µs) : 512, 554
.   : milestone, 533,
iast_GLOBAL (489.737 µs) : 469, 511
.   : milestone, 490,
iast_HARDCODED_SECRET_DISABLED (470.547 µs) : 449, 492
.   : milestone, 471,
iast_INACTIVE (437.224 µs) : 417, 458
.   : milestone, 437,
iast_TELEMETRY_OFF (468.704 µs) : 448, 490
.   : milestone, 469,
tracing (444.644 µs) : 423, 466
.   : milestone, 445,
section candidate
no_agent (369.645 µs) : 350, 390
.   : milestone, 370,
iast (470.597 µs) : 450, 491
.   : milestone, 471,
iast_FULL (533.22 µs) : 513, 554
.   : milestone, 533,
iast_GLOBAL (485.506 µs) : 465, 506
.   : milestone, 486,
iast_HARDCODED_SECRET_DISABLED (472.996 µs) : 452, 494
.   : milestone, 473,
iast_INACTIVE (450.478 µs) : 429, 472
.   : milestone, 450,
iast_TELEMETRY_OFF (471.728 µs) : 450, 493
.   : milestone, 472,
tracing (432.081 µs) : 412, 452
.   : milestone, 432,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 361.61 µs [341.592 µs, 381.628 µs] -
iast 471.856 µs [451.415 µs, 492.298 µs] 110.247 µs (30.5%)
iast_FULL 532.907 µs [512.276 µs, 553.537 µs] 171.297 µs (47.4%)
iast_GLOBAL 489.737 µs [468.709 µs, 510.764 µs] 128.127 µs (35.4%)
iast_HARDCODED_SECRET_DISABLED 470.547 µs [449.069 µs, 492.026 µs] 108.937 µs (30.1%)
iast_INACTIVE 437.224 µs [416.747 µs, 457.701 µs] 75.614 µs (20.9%)
iast_TELEMETRY_OFF 468.704 µs [447.793 µs, 489.615 µs] 107.094 µs (29.6%)
tracing 444.644 µs [423.113 µs, 466.174 µs] 83.034 µs (23.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 369.645 µs [349.533 µs, 389.757 µs] -
iast 470.597 µs [449.744 µs, 491.45 µs] 100.952 µs (27.3%)
iast_FULL 533.22 µs [512.558 µs, 553.882 µs] 163.575 µs (44.3%)
iast_GLOBAL 485.506 µs [465.047 µs, 505.964 µs] 115.861 µs (31.3%)
iast_HARDCODED_SECRET_DISABLED 472.996 µs [451.762 µs, 494.23 µs] 103.351 µs (28.0%)
iast_INACTIVE 450.478 µs [429.187 µs, 471.769 µs] 80.833 µs (21.9%)
iast_TELEMETRY_OFF 471.728 µs [450.281 µs, 493.174 µs] 102.083 µs (27.6%)
tracing 432.081 µs [411.8 µs, 452.361 µs] 62.436 µs (16.9%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.31.0-SNAPSHOT~5453c158c7, baseline=1.31.0-SNAPSHOT~3210501b95
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.364 ms) : 1345, 1384
.   : milestone, 1364,
appsec (1.776 ms) : 1751, 1802
.   : milestone, 1776,
iast (1.517 ms) : 1493, 1542
.   : milestone, 1517,
profiling (1.523 ms) : 1498, 1547
.   : milestone, 1523,
tracing (1.496 ms) : 1470, 1521
.   : milestone, 1496,
section candidate
no_agent (1.355 ms) : 1336, 1374
.   : milestone, 1355,
appsec (1.767 ms) : 1742, 1793
.   : milestone, 1767,
iast (1.524 ms) : 1499, 1548
.   : milestone, 1524,
profiling (1.53 ms) : 1504, 1556
.   : milestone, 1530,
tracing (1.49 ms) : 1465, 1515
.   : milestone, 1490,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.364 ms [1.345 ms, 1.384 ms] -
appsec 1.776 ms [1.751 ms, 1.802 ms] 412.096 µs (30.2%)
iast 1.517 ms [1.493 ms, 1.542 ms] 152.898 µs (11.2%)
profiling 1.523 ms [1.498 ms, 1.547 ms] 158.269 µs (11.6%)
tracing 1.496 ms [1.47 ms, 1.521 ms] 131.545 µs (9.6%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.355 ms [1.336 ms, 1.374 ms] -
appsec 1.767 ms [1.742 ms, 1.793 ms] 412.228 µs (30.4%)
iast 1.524 ms [1.499 ms, 1.548 ms] 168.389 µs (12.4%)
profiling 1.53 ms [1.504 ms, 1.556 ms] 174.681 µs (12.9%)
tracing 1.49 ms [1.465 ms, 1.515 ms] 135.078 µs (10.0%)

@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-improve-app-module branch 3 times, most recently from a9ee87f to 5453c15 Compare February 14, 2024 08:50
@manuel-alvarez-alvarez manuel-alvarez-alvarez force-pushed the malvarez/iast-improve-app-module branch from 5453c15 to b058193 Compare February 16, 2024 08:44
@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit 167e8f7 into master Feb 16, 2024
78 of 79 checks passed
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/iast-improve-app-module branch February 16, 2024 11:11
@github-actions github-actions bot added this to the 1.31.0 milestone Feb 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jandro996 jandro996 jandro996 approved these changes

@anderruiz anderruiz Awaiting requested review from anderruiz anderruiz is a code owner automatically assigned from DataDog/asm-java

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST) tag: performance Performance related changes
Projects
None yet
Milestone
1.31.0
Development

Successfully merging this pull request may close these issues.
2 participants
@manuel-alvarez-alvarez @jandro996